Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
2024/09/06 21:29:14 ignoring optional flag "sandboxArg"="0"
2024/09/06 21:29:15 parsed 1 programs
2024/09/06 21:29:15 executed programs: 0
[ 44.150267][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 44.150282][ T30] audit: type=1400 audit(1725658155.164:95): avc: denied { unlink } for pid=346 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 44.188018][ T346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 44.242829][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.249922][ T352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.257067][ T352] device bridge_slave_0 entered promiscuous mode
[ 44.263853][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.270762][ T352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.277893][ T352] device bridge_slave_1 entered promiscuous mode
[ 44.324348][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.331314][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.338690][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.345521][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.365124][ T308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.372272][ T308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.379384][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 44.386938][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.400950][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.408955][ T307] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.415958][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.423106][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.431580][ T307] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.438409][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.445676][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 44.454981][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 44.468634][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 44.479387][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 44.487330][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 44.494645][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 44.502679][ T352] device veth0_vlan entered promiscuous mode
[ 44.513611][ T352] device veth1_macvtap entered promiscuous mode
[ 44.520633][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 44.534550][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 44.543041][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 44.563347][ T30] audit: type=1400 audit(1725658155.574:96): avc: denied { prog_load } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 44.583784][ T30] audit: type=1400 audit(1725658155.584:97): avc: denied { bpf } for pid=357 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 44.585246][ T358] FAULT_INJECTION: forcing a failure.
[ 44.585246][ T358] name failslab, interval 1, probability 0, space 0, times 1
[ 44.604543][ T30] audit: type=1400 audit(1725658155.584:98): avc: denied { perfmon } for pid=357 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 44.617271][ T358] CPU: 0 PID: 358 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 44.638498][ T30] audit: type=1400 audit(1725658155.594:99): avc: denied { prog_run } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 44.648058][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 44.648085][ T358] Call Trace:
[ 44.648091][ T358]
[ 44.648099][ T358] dump_stack_lvl+0x151/0x1c0
[ 44.667301][ T30] audit: type=1400 audit(1725658155.594:100): avc: denied { map_create } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 44.676901][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.676932][ T358] dump_stack+0x15/0x20
[ 44.680648][ T30] audit: type=1400 audit(1725658155.594:101): avc: denied { map_read map_write } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 44.682799][ T358] should_fail+0x3c6/0x510
[ 44.682826][ T358] __should_failslab+0xa4/0xe0
[ 44.745297][ T358] should_failslab+0x9/0x20
[ 44.749631][ T358] slab_pre_alloc_hook+0x37/0xd0
[ 44.754406][ T358] kmem_cache_alloc_trace+0x48/0x210
[ 44.759617][ T358] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.765167][ T358] ? migrate_disable+0x190/0x190
[ 44.770030][ T358] sk_psock_skb_ingress_self+0x60/0x330
[ 44.775409][ T358] sk_psock_verdict_recv+0x66d/0x840
[ 44.780539][ T358] unix_read_sock+0x132/0x370
[ 44.785044][ T358] ? sk_psock_skb_redirect+0x440/0x440
[ 44.790342][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 44.795892][ T358] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.801252][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 44.806780][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.812490][ T358] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.817737][ T358] ? _raw_spin_lock+0xa4/0x1b0
[ 44.822312][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.827959][ T358] ? skb_queue_tail+0xfb/0x120
[ 44.832551][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.837703][ T358] ? unix_dgram_poll+0x710/0x710
[ 44.842475][ T358] ? __kasan_check_write+0x14/0x20
[ 44.847424][ T358] ? __cpuidle_text_end+0x2/0x2
[ 44.852109][ T358] ? cgroup_rstat_updated+0xe5/0x370
[ 44.857233][ T358] ? security_socket_sendmsg+0x82/0xb0
[ 44.862527][ T358] ? unix_dgram_poll+0x710/0x710
[ 44.867307][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 44.871905][ T358] ? __sys_sendmsg_sock+0x40/0x40
[ 44.876761][ T358] ? import_iovec+0xe5/0x120
[ 44.881187][ T358] ___sys_sendmsg+0x252/0x2e0
[ 44.885788][ T358] ? __sys_sendmsg+0x260/0x260
[ 44.890398][ T358] ? __kasan_check_write+0x14/0x20
[ 44.895334][ T358] ? proc_fail_nth_write+0x20b/0x290
[ 44.900454][ T358] ? __fdget+0x1bc/0x240
[ 44.904535][ T358] __sys_sendmmsg+0x2bf/0x530
[ 44.909052][ T358] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.913913][ T358] ? mutex_unlock+0xb2/0x260
[ 44.918505][ T358] ? __kasan_check_write+0x14/0x20
[ 44.923404][ T358] ? __ia32_sys_read+0x90/0x90
[ 44.928004][ T358] ? debug_smp_processor_id+0x17/0x20
[ 44.933212][ T358] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.939113][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.943800][ T358] x64_sys_call+0x81d/0x9a0
[ 44.948138][ T358] do_syscall_64+0x3b/0xb0
[ 44.952478][ T358] ? clear_bhb_loop+0x35/0x90
[ 44.956991][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 44.962726][ T358] RIP: 0033:0x7f8ff98b5ae9
[ 44.966985][ T358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.987405][ T358] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.995637][ T358] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 45.003448][ T358] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.011380][ T358] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 45.019250][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.027061][ T358] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 45.034876][ T358]
[ 45.038747][ T30] audit: type=1400 audit(1725658156.044:102): avc: denied { read } for pid=82 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 45.042271][ T357] ==================================================================
[ 45.068529][ T357] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 45.075513][ T357] Read of size 4 at addr ffff88810c7870ec by task syz-executor.0/357
[ 45.083390][ T357]
[ 45.085559][ T357] CPU: 0 PID: 357 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 45.095713][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 45.105726][ T357] Call Trace:
[ 45.108846][ T357]
[ 45.111628][ T357] dump_stack_lvl+0x151/0x1c0
[ 45.116138][ T357] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.121613][ T357] ? panic+0x760/0x760
[ 45.125685][ T357] ? debug_smp_processor_id+0x17/0x20
[ 45.131339][ T357] print_address_description+0x87/0x3b0
[ 45.136882][ T357] kasan_report+0x179/0x1c0
[ 45.141220][ T357] ? consume_skb+0x3c/0x250
[ 45.145562][ T357] ? consume_skb+0x3c/0x250
[ 45.149905][ T357] kasan_check_range+0x293/0x2a0
[ 45.154673][ T357] __kasan_check_read+0x11/0x20
[ 45.159361][ T357] consume_skb+0x3c/0x250
[ 45.163530][ T357] __sk_msg_free+0x2dd/0x370
[ 45.168049][ T357] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.173689][ T357] sk_psock_stop+0x44c/0x4d0
[ 45.178120][ T357] ? unix_peer_get+0xe0/0xe0
[ 45.182548][ T357] sock_map_close+0x2b9/0x4c0
[ 45.187057][ T357] ? sock_map_remove_links+0x650/0x650
[ 45.192348][ T357] ? rwsem_mark_wake+0x770/0x770
[ 45.197125][ T357] unix_release+0x82/0xc0
[ 45.201289][ T357] sock_close+0xdf/0x270
[ 45.205368][ T357] ? sock_mmap+0xa0/0xa0
[ 45.209447][ T357] __fput+0x3fe/0x910
[ 45.213270][ T357] ____fput+0x15/0x20
[ 45.217100][ T357] task_work_run+0x129/0x190
[ 45.221526][ T357] exit_to_user_mode_loop+0xc4/0xe0
[ 45.226689][ T357] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.232233][ T357] syscall_exit_to_user_mode+0x26/0x160
[ 45.237734][ T357] do_syscall_64+0x47/0xb0
[ 45.241975][ T357] ? clear_bhb_loop+0x35/0x90
[ 45.246572][ T357] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.252388][ T357] RIP: 0033:0x7f8ff98b49da
[ 45.256647][ T357] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.276552][ T357] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.284795][ T357] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 45.292612][ T357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.300421][ T357] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 45.308405][ T357] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b13f
[ 45.316304][ T357] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000adfe
[ 45.324209][ T357]
[ 45.327155][ T357]
[ 45.329328][ T357] Allocated by task 358:
[ 45.333400][ T357] __kasan_slab_alloc+0xb1/0xe0
[ 45.338086][ T357] slab_post_alloc_hook+0x53/0x2c0
[ 45.343043][ T357] kmem_cache_alloc+0xf5/0x200
[ 45.347984][ T357] skb_clone+0x1d1/0x360
[ 45.352064][ T357] sk_psock_verdict_recv+0x53/0x840
[ 45.357181][ T357] unix_read_sock+0x132/0x370
[ 45.361892][ T357] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.367706][ T357] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.372822][ T357] ____sys_sendmsg+0x59e/0x8f0
[ 45.377430][ T357] ___sys_sendmsg+0x252/0x2e0
[ 45.382113][ T357] __sys_sendmmsg+0x2bf/0x530
[ 45.386623][ T357] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.391313][ T357] x64_sys_call+0x81d/0x9a0
[ 45.395651][ T357] do_syscall_64+0x3b/0xb0
[ 45.399939][ T357] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.405640][ T357]
[ 45.407800][ T357] Freed by task 307:
[ 45.411540][ T357] kasan_set_track+0x4b/0x70
[ 45.415972][ T357] kasan_set_free_info+0x23/0x40
[ 45.420832][ T357] ____kasan_slab_free+0x126/0x160
[ 45.425773][ T357] __kasan_slab_free+0x11/0x20
[ 45.430455][ T357] slab_free_freelist_hook+0xbd/0x190
[ 45.435766][ T357] kmem_cache_free+0x116/0x2e0
[ 45.440356][ T357] kfree_skbmem+0x104/0x170
[ 45.444697][ T357] kfree_skb+0xc2/0x360
[ 45.448691][ T357] sk_psock_backlog+0xc21/0xd90
[ 45.453379][ T357] process_one_work+0x6bb/0xc10
[ 45.458065][ T357] worker_thread+0xad5/0x12a0
[ 45.462585][ T357] kthread+0x421/0x510
[ 45.466590][ T357] ret_from_fork+0x1f/0x30
[ 45.470948][ T357]
[ 45.473120][ T357] The buggy address belongs to the object at ffff88810c787000
[ 45.473120][ T357] which belongs to the cache skbuff_head_cache of size 248
[ 45.487527][ T357] The buggy address is located 236 bytes inside of
[ 45.487527][ T357] 248-byte region [ffff88810c787000, ffff88810c7870f8)
[ 45.500633][ T357] The buggy address belongs to the page:
[ 45.506126][ T357] page:ffffea000431e1c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c787
[ 45.516172][ T357] flags: 0x4000000000000200(slab|zone=1)
[ 45.521645][ T357] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 45.530063][ T357] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 45.538595][ T357] page dumped because: kasan: bad access detected
[ 45.544850][ T357] page_owner tracks the page as allocated
[ 45.550391][ T357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 44561794733, free_ts 44556035591
[ 45.566378][ T357] post_alloc_hook+0x1a3/0x1b0
[ 45.570970][ T357] prep_new_page+0x1b/0x110
[ 45.575313][ T357] get_page_from_freelist+0x3550/0x35d0
[ 45.580695][ T357] __alloc_pages+0x27e/0x8f0
[ 45.585123][ T357] new_slab+0x9a/0x4e0
[ 45.589022][ T357] ___slab_alloc+0x39e/0x830
[ 45.593454][ T357] __slab_alloc+0x4a/0x90
[ 45.597627][ T357] kmem_cache_alloc+0x134/0x200
[ 45.602477][ T357] __alloc_skb+0xbe/0x550
[ 45.606648][ T357] alloc_uevent_skb+0x80/0x230
[ 45.611330][ T357] kobject_uevent_net_broadcast+0x311/0x590
[ 45.617088][ T357] kobject_uevent_env+0x525/0x700
[ 45.621927][ T357] kobject_synth_uevent+0x4eb/0xae0
[ 45.627048][ T357] uevent_store+0x25/0x60
[ 45.631479][ T357] dev_attr_store+0x5c/0x80
[ 45.635895][ T357] sysfs_kf_write+0x123/0x140
[ 45.640503][ T357] page last free stack trace:
[ 45.645007][ T357] free_unref_page_prepare+0x7c8/0x7d0
[ 45.650582][ T357] free_unref_page+0xe8/0x750
[ 45.655194][ T357] __free_pages+0x61/0xf0
[ 45.659346][ T357] free_pages+0x7c/0x90
[ 45.663379][ T357] selinux_genfs_get_sid+0x24d/0x2a0
[ 45.668461][ T357] inode_doinit_with_dentry+0x8d2/0x1070
[ 45.673931][ T357] sb_finish_set_opts+0x8b8/0xa90
[ 45.678789][ T357] selinux_set_mnt_opts+0x1622/0x20d0
[ 45.684085][ T357] security_sb_set_mnt_opts+0x74/0xe0
[ 45.689292][ T357] vfs_get_tree+0x156/0x290
[ 45.693980][ T357] do_new_mount+0x2ba/0xb30
[ 45.698339][ T357] path_mount+0x671/0x1070
[ 45.702688][ T357] __se_sys_mount+0x2c4/0x3b0
[ 45.707200][ T357] __x64_sys_mount+0xbf/0xd0
[ 45.711809][ T357] x64_sys_call+0x49d/0x9a0
[ 45.716175][ T357] do_syscall_64+0x3b/0xb0
[ 45.720397][ T357]
[ 45.722563][ T357] Memory state around the buggy address:
[ 45.728040][ T357] ffff88810c786f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.735937][ T357] ffff88810c787000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.744009][ T357] >ffff88810c787080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.752513][ T357] ^
[ 45.759816][ T357] ffff88810c787100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.767707][ T357] ffff88810c787180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.775596][ T357] ==================================================================
[ 45.783497][ T357] Disabling lock debugging due to kernel taint
[ 45.789552][ T357] ==================================================================
[ 45.797387][ T357] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 45.805643][ T357]
[ 45.807797][ T357] CPU: 0 PID: 357 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 45.819343][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 45.829237][ T357] Call Trace:
[ 45.832359][ T357]
[ 45.835137][ T357] dump_stack_lvl+0x151/0x1c0
[ 45.839649][ T357] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.845127][ T357] ? __wake_up_klogd+0xd5/0x110
[ 45.849814][ T357] ? panic+0x760/0x760
[ 45.853710][ T357] ? kmem_cache_free+0x116/0x2e0
[ 45.858483][ T357] print_address_description+0x87/0x3b0
[ 45.863906][ T357] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 45.870044][ T357] ? kmem_cache_free+0x116/0x2e0
[ 45.874827][ T357] ? kmem_cache_free+0x116/0x2e0
[ 45.879591][ T357] kasan_report_invalid_free+0x6b/0xa0
[ 45.884892][ T357] ____kasan_slab_free+0x13e/0x160
[ 45.889835][ T357] __kasan_slab_free+0x11/0x20
[ 45.894462][ T357] slab_free_freelist_hook+0xbd/0x190
[ 45.899639][ T357] ? kfree_skbmem+0x104/0x170
[ 45.904151][ T357] kmem_cache_free+0x116/0x2e0
[ 45.908759][ T357] kfree_skbmem+0x104/0x170
[ 45.913093][ T357] consume_skb+0xb4/0x250
[ 45.917259][ T357] __sk_msg_free+0x2dd/0x370
[ 45.921686][ T357] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.927324][ T357] sk_psock_stop+0x44c/0x4d0
[ 45.931949][ T357] ? unix_peer_get+0xe0/0xe0
[ 45.936351][ T357] sock_map_close+0x2b9/0x4c0
[ 45.940951][ T357] ? sock_map_remove_links+0x650/0x650
[ 45.946340][ T357] ? rwsem_mark_wake+0x770/0x770
[ 45.951119][ T357] unix_release+0x82/0xc0
[ 45.955384][ T357] sock_close+0xdf/0x270
[ 45.959445][ T357] ? sock_mmap+0xa0/0xa0
[ 45.963613][ T357] __fput+0x3fe/0x910
[ 45.967440][ T357] ____fput+0x15/0x20
[ 45.971338][ T357] task_work_run+0x129/0x190
[ 45.975945][ T357] exit_to_user_mode_loop+0xc4/0xe0
[ 45.981022][ T357] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.986326][ T357] syscall_exit_to_user_mode+0x26/0x160
[ 45.991691][ T357] do_syscall_64+0x47/0xb0
[ 45.995940][ T357] ? clear_bhb_loop+0x35/0x90
[ 46.000457][ T357] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.006184][ T357] RIP: 0033:0x7f8ff98b49da
[ 46.010570][ T357] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.030099][ T357] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.038348][ T357] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 46.046152][ T357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.053965][ T357] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 46.061776][ T357] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b13f
[ 46.070071][ T357] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000adfe
[ 46.077887][ T357]
[ 46.080743][ T357]
[ 46.082912][ T357] Allocated by task 358:
[ 46.086996][ T357] __kasan_slab_alloc+0xb1/0xe0
[ 46.091677][ T357] slab_post_alloc_hook+0x53/0x2c0
[ 46.096749][ T357] kmem_cache_alloc+0xf5/0x200
[ 46.101350][ T357] skb_clone+0x1d1/0x360
[ 46.105425][ T357] sk_psock_verdict_recv+0x53/0x840
[ 46.110459][ T357] unix_read_sock+0x132/0x370
[ 46.114969][ T357] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.120711][ T357] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.126172][ T357] ____sys_sendmsg+0x59e/0x8f0
[ 46.130780][ T357] ___sys_sendmsg+0x252/0x2e0
[ 46.135281][ T357] __sys_sendmmsg+0x2bf/0x530
[ 46.139885][ T357] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.144569][ T357] x64_sys_call+0x81d/0x9a0
[ 46.148909][ T357] do_syscall_64+0x3b/0xb0
[ 46.153245][ T357] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.158984][ T357]
[ 46.161155][ T357] Freed by task 307:
[ 46.164884][ T357] kasan_set_track+0x4b/0x70
[ 46.169301][ T357] kasan_set_free_info+0x23/0x40
[ 46.174076][ T357] ____kasan_slab_free+0x126/0x160
[ 46.179022][ T357] __kasan_slab_free+0x11/0x20
[ 46.183628][ T357] slab_free_freelist_hook+0xbd/0x190
[ 46.188931][ T357] kmem_cache_free+0x116/0x2e0
[ 46.193529][ T357] kfree_skbmem+0x104/0x170
[ 46.197870][ T357] kfree_skb+0xc2/0x360
[ 46.201990][ T357] sk_psock_backlog+0xc21/0xd90
[ 46.206708][ T357] process_one_work+0x6bb/0xc10
[ 46.211378][ T357] worker_thread+0xad5/0x12a0
[ 46.215886][ T357] kthread+0x421/0x510
[ 46.219795][ T357] ret_from_fork+0x1f/0x30
[ 46.224236][ T357]
[ 46.226401][ T357] The buggy address belongs to the object at ffff88810c787000
[ 46.226401][ T357] which belongs to the cache skbuff_head_cache of size 248
[ 46.240990][ T357] The buggy address is located 0 bytes inside of
[ 46.240990][ T357] 248-byte region [ffff88810c787000, ffff88810c7870f8)
[ 46.254108][ T357] The buggy address belongs to the page:
[ 46.259576][ T357] page:ffffea000431e1c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c787
[ 46.269749][ T357] flags: 0x4000000000000200(slab|zone=1)
[ 46.275299][ T357] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 46.284101][ T357] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.292592][ T357] page dumped because: kasan: bad access detected
[ 46.298927][ T357] page_owner tracks the page as allocated
[ 46.304483][ T357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 44561794733, free_ts 44556035591
[ 46.320195][ T357] post_alloc_hook+0x1a3/0x1b0
[ 46.324796][ T357] prep_new_page+0x1b/0x110
[ 46.329220][ T357] get_page_from_freelist+0x3550/0x35d0
[ 46.334598][ T357] __alloc_pages+0x27e/0x8f0
[ 46.339026][ T357] new_slab+0x9a/0x4e0
[ 46.342934][ T357] ___slab_alloc+0x39e/0x830
[ 46.347460][ T357] __slab_alloc+0x4a/0x90
[ 46.351628][ T357] kmem_cache_alloc+0x134/0x200
[ 46.356477][ T357] __alloc_skb+0xbe/0x550
[ 46.360762][ T357] alloc_uevent_skb+0x80/0x230
[ 46.365360][ T357] kobject_uevent_net_broadcast+0x311/0x590
[ 46.371082][ T357] kobject_uevent_env+0x525/0x700
[ 46.375958][ T357] kobject_synth_uevent+0x4eb/0xae0
[ 46.380976][ T357] uevent_store+0x25/0x60
[ 46.385154][ T357] dev_attr_store+0x5c/0x80
[ 46.389482][ T357] sysfs_kf_write+0x123/0x140
[ 46.393996][ T357] page last free stack trace:
[ 46.398507][ T357] free_unref_page_prepare+0x7c8/0x7d0
[ 46.403799][ T357] free_unref_page+0xe8/0x750
[ 46.408311][ T357] __free_pages+0x61/0xf0
[ 46.412482][ T357] free_pages+0x7c/0x90
[ 46.416473][ T357] selinux_genfs_get_sid+0x24d/0x2a0
[ 46.421804][ T357] inode_doinit_with_dentry+0x8d2/0x1070
[ 46.427319][ T357] sb_finish_set_opts+0x8b8/0xa90
[ 46.432182][ T357] selinux_set_mnt_opts+0x1622/0x20d0
[ 46.437390][ T357] security_sb_set_mnt_opts+0x74/0xe0
[ 46.442600][ T357] vfs_get_tree+0x156/0x290
[ 46.446937][ T357] do_new_mount+0x2ba/0xb30
[ 46.451281][ T357] path_mount+0x671/0x1070
[ 46.455529][ T357] __se_sys_mount+0x2c4/0x3b0
[ 46.460050][ T357] __x64_sys_mount+0xbf/0xd0
[ 46.464467][ T357] x64_sys_call+0x49d/0x9a0
[ 46.468809][ T357] do_syscall_64+0x3b/0xb0
[ 46.473067][ T357]
[ 46.475236][ T357] Memory state around the buggy address:
[ 46.480712][ T357] ffff88810c786f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.488603][ T357] ffff88810c786f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.496500][ T357] >ffff88810c787000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.504394][ T357] ^
[ 46.508303][ T357] ffff88810c787080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.516202][ T357] ffff88810c787100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.524121][ T357] ==================================================================
[ 46.546270][ T362] FAULT_INJECTION: forcing a failure.
[ 46.546270][ T362] name failslab, interval 1, probability 0, space 0, times 0
[ 46.558784][ T362] CPU: 0 PID: 362 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 46.570333][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 46.580227][ T362] Call Trace:
[ 46.583352][ T362]
[ 46.586129][ T362] dump_stack_lvl+0x151/0x1c0
[ 46.590642][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.596118][ T362] dump_stack+0x15/0x20
[ 46.600108][ T362] should_fail+0x3c6/0x510
[ 46.604357][ T362] __should_failslab+0xa4/0xe0
[ 46.608955][ T362] should_failslab+0x9/0x20
[ 46.613295][ T362] slab_pre_alloc_hook+0x37/0xd0
[ 46.618069][ T362] kmem_cache_alloc_trace+0x48/0x210
[ 46.623188][ T362] ? sk_psock_skb_ingress_self+0x60/0x330
[ 46.628746][ T362] ? migrate_disable+0x190/0x190
[ 46.633516][ T362] sk_psock_skb_ingress_self+0x60/0x330
[ 46.638899][ T362] sk_psock_verdict_recv+0x66d/0x840
[ 46.644022][ T362] unix_read_sock+0x132/0x370
[ 46.648543][ T362] ? sk_psock_skb_redirect+0x440/0x440
[ 46.653827][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 46.659380][ T362] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.664676][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 46.670232][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.675879][ T362] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.681079][ T362] ? _raw_spin_lock+0xa4/0x1b0
[ 46.685683][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.691323][ T362] ? skb_queue_tail+0xfb/0x120
[ 46.695922][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.700959][ T362] ? unix_dgram_poll+0x710/0x710
[ 46.705729][ T362] ? security_socket_sendmsg+0x82/0xb0
[ 46.711023][ T362] ? unix_dgram_poll+0x710/0x710
[ 46.715799][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 46.720400][ T362] ? __sys_sendmsg_sock+0x40/0x40
[ 46.725257][ T362] ? import_iovec+0xe5/0x120
[ 46.729688][ T362] ___sys_sendmsg+0x252/0x2e0
[ 46.734202][ T362] ? __sys_sendmsg+0x260/0x260
[ 46.738801][ T362] ? __kasan_check_write+0x14/0x20
[ 46.743745][ T362] ? proc_fail_nth_write+0x20b/0x290
[ 46.748875][ T362] ? __fdget+0x1bc/0x240
[ 46.752946][ T362] __sys_sendmmsg+0x2bf/0x530
[ 46.757461][ T362] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.762323][ T362] ? mutex_unlock+0xb2/0x260
[ 46.766749][ T362] ? __kasan_check_write+0x14/0x20
[ 46.771703][ T362] ? __ia32_sys_read+0x90/0x90
[ 46.776556][ T362] ? debug_smp_processor_id+0x17/0x20
[ 46.781770][ T362] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.787669][ T362] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.792473][ T362] x64_sys_call+0x81d/0x9a0
[ 46.796786][ T362] do_syscall_64+0x3b/0xb0
[ 46.801078][ T362] ? clear_bhb_loop+0x35/0x90
[ 46.805615][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.811456][ T362] RIP: 0033:0x7f8ff98b5ae9
[ 46.815889][ T362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.835410][ T362] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.843671][ T362] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 46.851464][ T362] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.859274][ T362] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 46.867197][ T362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.875090][ T362] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 46.883015][ T362]
[ 46.886354][ T361] ==================================================================
[ 46.894314][ T361] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.902563][ T361]
[ 46.904736][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 46.916273][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 46.926254][ T361] Call Trace:
[ 46.929380][ T361]
[ 46.932155][ T361] dump_stack_lvl+0x151/0x1c0
[ 46.936762][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.942313][ T361] ? __wake_up_klogd+0xd5/0x110
[ 46.947085][ T361] ? panic+0x760/0x760
[ 46.951020][ T361] ? kmem_cache_free+0x116/0x2e0
[ 46.955764][ T361] print_address_description+0x87/0x3b0
[ 46.961142][ T361] ? kmem_cache_free+0x116/0x2e0
[ 46.965916][ T361] ? kmem_cache_free+0x116/0x2e0
[ 46.970694][ T361] kasan_report_invalid_free+0x6b/0xa0
[ 46.976001][ T361] ____kasan_slab_free+0x13e/0x160
[ 46.980938][ T361] __kasan_slab_free+0x11/0x20
[ 46.985759][ T361] slab_free_freelist_hook+0xbd/0x190
[ 46.990957][ T361] ? kfree_skbmem+0x104/0x170
[ 46.995467][ T361] kmem_cache_free+0x116/0x2e0
[ 47.000069][ T361] kfree_skbmem+0x104/0x170
[ 47.004415][ T361] consume_skb+0xb4/0x250
[ 47.008572][ T361] __sk_msg_free+0x2dd/0x370
[ 47.013000][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.018662][ T361] sk_psock_stop+0x44c/0x4d0
[ 47.023078][ T361] ? unix_peer_get+0xe0/0xe0
[ 47.027595][ T361] sock_map_close+0x2b9/0x4c0
[ 47.032113][ T361] ? sock_map_remove_links+0x650/0x650
[ 47.037496][ T361] ? rwsem_mark_wake+0x770/0x770
[ 47.042354][ T361] unix_release+0x82/0xc0
[ 47.046513][ T361] sock_close+0xdf/0x270
[ 47.050599][ T361] ? sock_mmap+0xa0/0xa0
[ 47.054678][ T361] __fput+0x3fe/0x910
[ 47.058677][ T361] ____fput+0x15/0x20
[ 47.062494][ T361] task_work_run+0x129/0x190
[ 47.066920][ T361] exit_to_user_mode_loop+0xc4/0xe0
[ 47.071946][ T361] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.077554][ T361] syscall_exit_to_user_mode+0x26/0x160
[ 47.082919][ T361] do_syscall_64+0x47/0xb0
[ 47.087161][ T361] ? clear_bhb_loop+0x35/0x90
[ 47.091684][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.097403][ T361] RIP: 0033:0x7f8ff98b49da
[ 47.101661][ T361] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.121096][ T361] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.129568][ T361] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 47.137375][ T361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.145304][ T361] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 47.153114][ T361] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b8fd
[ 47.161015][ T361] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000b5bc
[ 47.168920][ T361]
[ 47.171781][ T361]
[ 47.173946][ T361] Allocated by task 362:
[ 47.178222][ T361] __kasan_slab_alloc+0xb1/0xe0
[ 47.182905][ T361] slab_post_alloc_hook+0x53/0x2c0
[ 47.187851][ T361] kmem_cache_alloc+0xf5/0x200
[ 47.192449][ T361] skb_clone+0x1d1/0x360
[ 47.196530][ T361] sk_psock_verdict_recv+0x53/0x840
[ 47.201670][ T361] unix_read_sock+0x132/0x370
[ 47.206264][ T361] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.211994][ T361] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.217033][ T361] ____sys_sendmsg+0x59e/0x8f0
[ 47.221630][ T361] ___sys_sendmsg+0x252/0x2e0
[ 47.226240][ T361] __sys_sendmmsg+0x2bf/0x530
[ 47.230828][ T361] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.235806][ T361] x64_sys_call+0x81d/0x9a0
[ 47.240480][ T361] do_syscall_64+0x3b/0xb0
[ 47.244733][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.250476][ T361]
[ 47.252784][ T361] Freed by task 20:
[ 47.256375][ T361] kasan_set_track+0x4b/0x70
[ 47.260804][ T361] kasan_set_free_info+0x23/0x40
[ 47.265575][ T361] ____kasan_slab_free+0x126/0x160
[ 47.270524][ T361] __kasan_slab_free+0x11/0x20
[ 47.275124][ T361] slab_free_freelist_hook+0xbd/0x190
[ 47.280332][ T361] kmem_cache_free+0x116/0x2e0
[ 47.284928][ T361] kfree_skbmem+0x104/0x170
[ 47.289270][ T361] kfree_skb+0xc2/0x360
[ 47.293270][ T361] sk_psock_backlog+0xc21/0xd90
[ 47.297949][ T361] process_one_work+0x6bb/0xc10
[ 47.302638][ T361] worker_thread+0xad5/0x12a0
[ 47.307151][ T361] kthread+0x421/0x510
[ 47.311056][ T361] ret_from_fork+0x1f/0x30
[ 47.315395][ T361]
[ 47.317566][ T361] The buggy address belongs to the object at ffff88810c7a53c0
[ 47.317566][ T361] which belongs to the cache skbuff_head_cache of size 248
[ 47.332070][ T361] The buggy address is located 0 bytes inside of
[ 47.332070][ T361] 248-byte region [ffff88810c7a53c0, ffff88810c7a54b8)
[ 47.344998][ T361] The buggy address belongs to the page:
[ 47.350465][ T361] page:ffffea000431e940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c7a5
[ 47.360624][ T361] flags: 0x4000000000000200(slab|zone=1)
[ 47.366102][ T361] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 47.374521][ T361] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.382940][ T361] page dumped because: kasan: bad access detected
[ 47.389179][ T361] page_owner tracks the page as allocated
[ 47.394733][ T361] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 46539378436, free_ts 46440551131
[ 47.410359][ T361] post_alloc_hook+0x1a3/0x1b0
[ 47.414964][ T361] prep_new_page+0x1b/0x110
[ 47.419297][ T361] get_page_from_freelist+0x3550/0x35d0
[ 47.424681][ T361] __alloc_pages+0x27e/0x8f0
[ 47.429103][ T361] new_slab+0x9a/0x4e0
[ 47.433009][ T361] ___slab_alloc+0x39e/0x830
[ 47.437521][ T361] __slab_alloc+0x4a/0x90
[ 47.441687][ T361] kmem_cache_alloc+0x134/0x200
[ 47.446374][ T361] __alloc_skb+0xbe/0x550
[ 47.450544][ T361] alloc_skb_with_frags+0xa6/0x680
[ 47.455495][ T361] sock_alloc_send_pskb+0x915/0xa50
[ 47.460607][ T361] unix_dgram_sendmsg+0x6fd/0x2090
[ 47.465554][ T361] __sys_sendto+0x564/0x720
[ 47.469895][ T361] __x64_sys_sendto+0xe5/0x100
[ 47.474495][ T361] x64_sys_call+0x15c/0x9a0
[ 47.478840][ T361] do_syscall_64+0x3b/0xb0
[ 47.483088][ T361] page last free stack trace:
[ 47.487600][ T361] free_unref_page_prepare+0x7c8/0x7d0
[ 47.492895][ T361] free_unref_page+0xe8/0x750
[ 47.497417][ T361] __free_pages+0x61/0xf0
[ 47.501716][ T361] __free_slab+0xec/0x1d0
[ 47.505857][ T361] discard_slab+0x29/0x40
[ 47.510198][ T361] __slab_free+0x205/0x290
[ 47.514448][ T361] ___cache_free+0x109/0x120
[ 47.518960][ T361] qlink_free+0x4d/0x90
[ 47.522951][ T361] qlist_free_all+0x44/0xb0
[ 47.527292][ T361] kasan_quarantine_reduce+0x15a/0x180
[ 47.532585][ T361] __kasan_slab_alloc+0x2f/0xe0
[ 47.537331][ T361] slab_post_alloc_hook+0x53/0x2c0
[ 47.542306][ T361] kmem_cache_alloc+0xf5/0x200
[ 47.546912][ T361] __alloc_skb+0xbe/0x550
[ 47.551076][ T361] alloc_skb_with_frags+0xa6/0x680
[ 47.556022][ T361] sock_alloc_send_pskb+0x915/0xa50
[ 47.561054][ T361]
[ 47.563223][ T361] Memory state around the buggy address:
[ 47.568696][ T361] ffff88810c7a5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.576594][ T361] ffff88810c7a5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.584497][ T361] >ffff88810c7a5380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.592481][ T361] ^
[ 47.598467][ T361] ffff88810c7a5400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.606366][ T361] ffff88810c7a5480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.614257][ T361] ==================================================================
[ 47.635620][ T365] FAULT_INJECTION: forcing a failure.
[ 47.635620][ T365] name failslab, interval 1, probability 0, space 0, times 0
[ 47.648203][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 47.659832][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 47.669822][ T365] Call Trace:
[ 47.673021][ T365]
[ 47.675802][ T365] dump_stack_lvl+0x151/0x1c0
[ 47.680324][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.685782][ T365] dump_stack+0x15/0x20
[ 47.689782][ T365] should_fail+0x3c6/0x510
[ 47.694024][ T365] __should_failslab+0xa4/0xe0
[ 47.698637][ T365] should_failslab+0x9/0x20
[ 47.702966][ T365] slab_pre_alloc_hook+0x37/0xd0
[ 47.708180][ T365] kmem_cache_alloc_trace+0x48/0x210
[ 47.713291][ T365] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.718853][ T365] ? migrate_disable+0x190/0x190
[ 47.723704][ T365] sk_psock_skb_ingress_self+0x60/0x330
[ 47.729019][ T365] sk_psock_verdict_recv+0x66d/0x840
[ 47.734211][ T365] unix_read_sock+0x132/0x370
[ 47.738821][ T365] ? sk_psock_skb_redirect+0x440/0x440
[ 47.744199][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 47.749767][ T365] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.755052][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 47.760657][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.766505][ T365] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.771713][ T365] ? _raw_spin_lock+0xa4/0x1b0
[ 47.776312][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.781959][ T365] ? skb_queue_tail+0xfb/0x120
[ 47.786570][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.791595][ T365] ? unix_dgram_poll+0x710/0x710
[ 47.796500][ T365] ? __kasan_check_write+0x14/0x20
[ 47.801541][ T365] ? __cpuidle_text_end+0x2/0x2
[ 47.806218][ T365] ? cgroup_rstat_updated+0xe5/0x370
[ 47.811337][ T365] ? security_socket_sendmsg+0x82/0xb0
[ 47.816643][ T365] ? unix_dgram_poll+0x710/0x710
[ 47.821414][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 47.826092][ T365] ? __sys_sendmsg_sock+0x40/0x40
[ 47.831044][ T365] ? import_iovec+0xe5/0x120
[ 47.835463][ T365] ___sys_sendmsg+0x252/0x2e0
[ 47.839977][ T365] ? __sys_sendmsg+0x260/0x260
[ 47.844579][ T365] ? __kasan_check_write+0x14/0x20
[ 47.849626][ T365] ? proc_fail_nth_write+0x20b/0x290
[ 47.855254][ T365] ? __fdget+0x1bc/0x240
[ 47.859333][ T365] __sys_sendmmsg+0x2bf/0x530
[ 47.863931][ T365] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.868794][ T365] ? mutex_unlock+0xb2/0x260
[ 47.873308][ T365] ? __kasan_check_write+0x14/0x20
[ 47.878266][ T365] ? __ia32_sys_read+0x90/0x90
[ 47.882853][ T365] ? debug_smp_processor_id+0x17/0x20
[ 47.888060][ T365] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.893966][ T365] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.898652][ T365] x64_sys_call+0x81d/0x9a0
[ 47.902987][ T365] do_syscall_64+0x3b/0xb0
[ 47.907242][ T365] ? clear_bhb_loop+0x35/0x90
[ 47.911755][ T365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.917525][ T365] RIP: 0033:0x7f8ff98b5ae9
[ 47.921758][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.941184][ T365] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.949426][ T365] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 47.957256][ T365] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.965063][ T365] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 47.973030][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.980929][ T365] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 47.988745][ T365]
[ 47.996462][ T364] ==================================================================
[ 48.004349][ T364] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.012733][ T364]
[ 48.014851][ T364] CPU: 0 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.026570][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.036786][ T364] Call Trace:
[ 48.039844][ T364]
[ 48.042642][ T364] dump_stack_lvl+0x151/0x1c0
[ 48.047378][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.052813][ T364] ? __wake_up_klogd+0xd5/0x110
[ 48.057587][ T364] ? panic+0x760/0x760
[ 48.061491][ T364] ? kmem_cache_free+0x116/0x2e0
[ 48.066265][ T364] print_address_description+0x87/0x3b0
[ 48.071826][ T364] ? kmem_cache_free+0x116/0x2e0
[ 48.076625][ T364] ? kmem_cache_free+0x116/0x2e0
[ 48.081458][ T364] kasan_report_invalid_free+0x6b/0xa0
[ 48.086757][ T364] ____kasan_slab_free+0x13e/0x160
[ 48.091698][ T364] __kasan_slab_free+0x11/0x20
[ 48.096415][ T364] slab_free_freelist_hook+0xbd/0x190
[ 48.101677][ T364] ? kfree_skbmem+0x104/0x170
[ 48.106193][ T364] kmem_cache_free+0x116/0x2e0
[ 48.110906][ T364] kfree_skbmem+0x104/0x170
[ 48.115245][ T364] consume_skb+0xb4/0x250
[ 48.119441][ T364] __sk_msg_free+0x2dd/0x370
[ 48.123837][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.129486][ T364] sk_psock_stop+0x44c/0x4d0
[ 48.133909][ T364] ? unix_peer_get+0xe0/0xe0
[ 48.138413][ T364] sock_map_close+0x2b9/0x4c0
[ 48.142927][ T364] ? sock_map_remove_links+0x650/0x650
[ 48.148222][ T364] ? rwsem_mark_wake+0x770/0x770
[ 48.152998][ T364] unix_release+0x82/0xc0
[ 48.157161][ T364] sock_close+0xdf/0x270
[ 48.161241][ T364] ? sock_mmap+0xa0/0xa0
[ 48.165331][ T364] __fput+0x3fe/0x910
[ 48.169140][ T364] ____fput+0x15/0x20
[ 48.172959][ T364] task_work_run+0x129/0x190
[ 48.177394][ T364] exit_to_user_mode_loop+0xc4/0xe0
[ 48.182418][ T364] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.187722][ T364] syscall_exit_to_user_mode+0x26/0x160
[ 48.193196][ T364] do_syscall_64+0x47/0xb0
[ 48.197447][ T364] ? clear_bhb_loop+0x35/0x90
[ 48.201962][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.207688][ T364] RIP: 0033:0x7f8ff98b49da
[ 48.211942][ T364] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.231682][ T364] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.240009][ T364] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 48.247819][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.255634][ T364] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 48.263615][ T364] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bd3f
[ 48.271465][ T364] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000b9fe
[ 48.279419][ T364]
[ 48.282275][ T364]
[ 48.284448][ T364] Allocated by task 365:
[ 48.288584][ T364] __kasan_slab_alloc+0xb1/0xe0
[ 48.293299][ T364] slab_post_alloc_hook+0x53/0x2c0
[ 48.298246][ T364] kmem_cache_alloc+0xf5/0x200
[ 48.302846][ T364] skb_clone+0x1d1/0x360
[ 48.306930][ T364] sk_psock_verdict_recv+0x53/0x840
[ 48.312053][ T364] unix_read_sock+0x132/0x370
[ 48.316654][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.322293][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.327321][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 48.331942][ T364] ___sys_sendmsg+0x252/0x2e0
[ 48.336535][ T364] __sys_sendmmsg+0x2bf/0x530
[ 48.341208][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.346329][ T364] x64_sys_call+0x81d/0x9a0
[ 48.350752][ T364] do_syscall_64+0x3b/0xb0
[ 48.355092][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.360818][ T364]
[ 48.362989][ T364] Freed by task 308:
[ 48.366810][ T364] kasan_set_track+0x4b/0x70
[ 48.371244][ T364] kasan_set_free_info+0x23/0x40
[ 48.376009][ T364] ____kasan_slab_free+0x126/0x160
[ 48.381041][ T364] __kasan_slab_free+0x11/0x20
[ 48.385650][ T364] slab_free_freelist_hook+0xbd/0x190
[ 48.390871][ T364] kmem_cache_free+0x116/0x2e0
[ 48.395570][ T364] kfree_skbmem+0x104/0x170
[ 48.399910][ T364] kfree_skb+0xc2/0x360
[ 48.403900][ T364] sk_psock_backlog+0xc21/0xd90
[ 48.408598][ T364] process_one_work+0x6bb/0xc10
[ 48.413370][ T364] worker_thread+0xad5/0x12a0
[ 48.417878][ T364] kthread+0x421/0x510
[ 48.421783][ T364] ret_from_fork+0x1f/0x30
[ 48.426034][ T364]
[ 48.428201][ T364] The buggy address belongs to the object at ffff88810ca5a500
[ 48.428201][ T364] which belongs to the cache skbuff_head_cache of size 248
[ 48.442882][ T364] The buggy address is located 0 bytes inside of
[ 48.442882][ T364] 248-byte region [ffff88810ca5a500, ffff88810ca5a5f8)
[ 48.455903][ T364] The buggy address belongs to the page:
[ 48.461368][ T364] page:ffffea0004329680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ca5a
[ 48.471438][ T364] flags: 0x4000000000000200(slab|zone=1)
[ 48.477035][ T364] raw: 4000000000000200 ffffea0004329700 0000000500000005 ffff8881081b3500
[ 48.485449][ T364] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 48.493984][ T364] page dumped because: kasan: bad access detected
[ 48.500244][ T364] page_owner tracks the page as allocated
[ 48.505874][ T364] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 3858565649, free_ts 3845711088
[ 48.521422][ T364] post_alloc_hook+0x1a3/0x1b0
[ 48.526007][ T364] prep_new_page+0x1b/0x110
[ 48.530344][ T364] get_page_from_freelist+0x3550/0x35d0
[ 48.535736][ T364] __alloc_pages+0x27e/0x8f0
[ 48.540173][ T364] new_slab+0x9a/0x4e0
[ 48.544145][ T364] ___slab_alloc+0x39e/0x830
[ 48.548581][ T364] __slab_alloc+0x4a/0x90
[ 48.552828][ T364] kmem_cache_alloc+0x134/0x200
[ 48.557511][ T364] __alloc_skb+0xbe/0x550
[ 48.561678][ T364] alloc_skb_with_frags+0xa6/0x680
[ 48.566625][ T364] sock_alloc_send_pskb+0x915/0xa50
[ 48.571748][ T364] unix_dgram_sendmsg+0x6fd/0x2090
[ 48.576697][ T364] __sys_sendto+0x564/0x720
[ 48.581295][ T364] __x64_sys_sendto+0xe5/0x100
[ 48.585892][ T364] x64_sys_call+0x15c/0x9a0
[ 48.590236][ T364] do_syscall_64+0x3b/0xb0
[ 48.594487][ T364] page last free stack trace:
[ 48.598998][ T364] free_unref_page_prepare+0x7c8/0x7d0
[ 48.604296][ T364] free_unref_page_list+0x14b/0xa60
[ 48.609359][ T364] release_pages+0x1310/0x1370
[ 48.614015][ T364] free_pages_and_swap_cache+0x8a/0xa0
[ 48.619317][ T364] tlb_finish_mmu+0x177/0x320
[ 48.623831][ T364] exit_mmap+0x40d/0x940
[ 48.628134][ T364] __mmput+0x95/0x310
[ 48.631949][ T364] mmput+0x5b/0x170
[ 48.635711][ T364] do_exit+0xb9c/0x2ca0
[ 48.639711][ T364] do_group_exit+0x141/0x310
[ 48.644129][ T364] __x64_sys_exit_group+0x3f/0x40
[ 48.649198][ T364] x64_sys_call+0x610/0x9a0
[ 48.653513][ T364] do_syscall_64+0x3b/0xb0
[ 48.657763][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.663490][ T364]
[ 48.665744][ T364] Memory state around the buggy address:
[ 48.671223][ T364] ffff88810ca5a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.679116][ T364] ffff88810ca5a480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.687012][ T364] >ffff88810ca5a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.694912][ T364] ^
[ 48.698825][ T364] ffff88810ca5a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.706718][ T364] ffff88810ca5a600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.714613][ T364] ==================================================================
[ 48.735624][ T368] FAULT_INJECTION: forcing a failure.
[ 48.735624][ T368] name failslab, interval 1, probability 0, space 0, times 0
[ 48.748317][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.759779][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.769673][ T368] Call Trace:
[ 48.772835][ T368]
[ 48.775703][ T368] dump_stack_lvl+0x151/0x1c0
[ 48.780402][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.785942][ T368] dump_stack+0x15/0x20
[ 48.789935][ T368] should_fail+0x3c6/0x510
[ 48.794190][ T368] __should_failslab+0xa4/0xe0
[ 48.798787][ T368] should_failslab+0x9/0x20
[ 48.803125][ T368] slab_pre_alloc_hook+0x37/0xd0
[ 48.807986][ T368] kmem_cache_alloc_trace+0x48/0x210
[ 48.813278][ T368] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.818978][ T368] ? migrate_disable+0x190/0x190
[ 48.823749][ T368] sk_psock_skb_ingress_self+0x60/0x330
[ 48.829153][ T368] sk_psock_verdict_recv+0x66d/0x840
[ 48.834253][ T368] unix_read_sock+0x132/0x370
[ 48.838766][ T368] ? sk_psock_skb_redirect+0x440/0x440
[ 48.844056][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 48.849612][ T368] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.855096][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 48.861417][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.867145][ T368] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.872436][ T368] ? _raw_spin_lock+0xa4/0x1b0
[ 48.877036][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.882678][ T368] ? skb_queue_tail+0xfb/0x120
[ 48.887374][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.892403][ T368] ? unix_dgram_poll+0x710/0x710
[ 48.897261][ T368] ? __kasan_check_write+0x14/0x20
[ 48.902207][ T368] ? __cpuidle_text_end+0x2/0x2
[ 48.906902][ T368] ? cgroup_rstat_updated+0xe5/0x370
[ 48.912026][ T368] ? security_socket_sendmsg+0x82/0xb0
[ 48.917313][ T368] ? unix_dgram_poll+0x710/0x710
[ 48.922084][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 48.926784][ T368] ? __sys_sendmsg_sock+0x40/0x40
[ 48.931799][ T368] ? import_iovec+0xe5/0x120
[ 48.936315][ T368] ___sys_sendmsg+0x252/0x2e0
[ 48.940832][ T368] ? __sys_sendmsg+0x260/0x260
[ 48.945525][ T368] ? __kasan_check_write+0x14/0x20
[ 48.950454][ T368] ? proc_fail_nth_write+0x20b/0x290
[ 48.955589][ T368] ? __fdget+0x1bc/0x240
[ 48.959663][ T368] __sys_sendmmsg+0x2bf/0x530
[ 48.964172][ T368] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.969028][ T368] ? mutex_unlock+0xb2/0x260
[ 48.973543][ T368] ? __kasan_check_write+0x14/0x20
[ 48.978580][ T368] ? __ia32_sys_read+0x90/0x90
[ 48.983178][ T368] ? debug_smp_processor_id+0x17/0x20
[ 48.988618][ T368] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.994513][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.999460][ T368] x64_sys_call+0x81d/0x9a0
[ 49.003800][ T368] do_syscall_64+0x3b/0xb0
[ 49.008136][ T368] ? clear_bhb_loop+0x35/0x90
[ 49.012652][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.018380][ T368] RIP: 0033:0x7f8ff98b5ae9
[ 49.022632][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.042666][ T368] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.051248][ T368] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 49.059060][ T368] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.066868][ T368] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 49.074776][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.082588][ T368] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 49.090748][ T368]
[ 49.094018][ T367] ==================================================================
[ 49.101893][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.110225][ T367]
[ 49.112390][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.124049][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.133937][ T367] Call Trace:
[ 49.137063][ T367]
[ 49.139840][ T367] dump_stack_lvl+0x151/0x1c0
[ 49.144354][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.150009][ T367] ? __wake_up_klogd+0xd5/0x110
[ 49.154781][ T367] ? panic+0x760/0x760
[ 49.158679][ T367] ? kmem_cache_free+0x116/0x2e0
[ 49.163451][ T367] print_address_description+0x87/0x3b0
[ 49.168919][ T367] ? kmem_cache_free+0x116/0x2e0
[ 49.173691][ T367] ? kmem_cache_free+0x116/0x2e0
[ 49.178462][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 49.183764][ T367] ____kasan_slab_free+0x13e/0x160
[ 49.188882][ T367] __kasan_slab_free+0x11/0x20
[ 49.193500][ T367] slab_free_freelist_hook+0xbd/0x190
[ 49.198688][ T367] ? kfree_skbmem+0x104/0x170
[ 49.203199][ T367] kmem_cache_free+0x116/0x2e0
[ 49.208004][ T367] kfree_skbmem+0x104/0x170
[ 49.212398][ T367] consume_skb+0xb4/0x250
[ 49.216569][ T367] __sk_msg_free+0x2dd/0x370
[ 49.220990][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.226633][ T367] sk_psock_stop+0x44c/0x4d0
[ 49.231068][ T367] ? unix_peer_get+0xe0/0xe0
[ 49.235747][ T367] sock_map_close+0x2b9/0x4c0
[ 49.240317][ T367] ? sock_map_remove_links+0x650/0x650
[ 49.245641][ T367] ? rwsem_mark_wake+0x770/0x770
[ 49.250514][ T367] unix_release+0x82/0xc0
[ 49.254668][ T367] sock_close+0xdf/0x270
[ 49.258745][ T367] ? sock_mmap+0xa0/0xa0
[ 49.262834][ T367] __fput+0x3fe/0x910
[ 49.266741][ T367] ____fput+0x15/0x20
[ 49.270550][ T367] task_work_run+0x129/0x190
[ 49.274988][ T367] exit_to_user_mode_loop+0xc4/0xe0
[ 49.280097][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.285416][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 49.290785][ T367] do_syscall_64+0x47/0xb0
[ 49.295024][ T367] ? clear_bhb_loop+0x35/0x90
[ 49.299652][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.305362][ T367] RIP: 0033:0x7f8ff98b49da
[ 49.309612][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.329653][ T367] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.337903][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 49.345728][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.353516][ T367] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 49.361321][ T367] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c18b
[ 49.369218][ T367] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000be4a
[ 49.377035][ T367]
[ 49.379917][ T367]
[ 49.382153][ T367] Allocated by task 368:
[ 49.386236][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 49.390919][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 49.395866][ T367] kmem_cache_alloc+0xf5/0x200
[ 49.400464][ T367] skb_clone+0x1d1/0x360
[ 49.404548][ T367] sk_psock_verdict_recv+0x53/0x840
[ 49.409666][ T367] unix_read_sock+0x132/0x370
[ 49.414265][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.419918][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.425025][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 49.429713][ T367] ___sys_sendmsg+0x252/0x2e0
[ 49.434225][ T367] __sys_sendmmsg+0x2bf/0x530
[ 49.438740][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.443514][ T367] x64_sys_call+0x81d/0x9a0
[ 49.447852][ T367] do_syscall_64+0x3b/0xb0
[ 49.452104][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.457920][ T367]
[ 49.460098][ T367] Freed by task 39:
[ 49.463737][ T367] kasan_set_track+0x4b/0x70
[ 49.468166][ T367] kasan_set_free_info+0x23/0x40
[ 49.473026][ T367] ____kasan_slab_free+0x126/0x160
[ 49.478059][ T367] __kasan_slab_free+0x11/0x20
[ 49.482658][ T367] slab_free_freelist_hook+0xbd/0x190
[ 49.487865][ T367] kmem_cache_free+0x116/0x2e0
[ 49.492466][ T367] kfree_skbmem+0x104/0x170
[ 49.496805][ T367] kfree_skb+0xc2/0x360
[ 49.500797][ T367] sk_psock_backlog+0xc21/0xd90
[ 49.505580][ T367] process_one_work+0x6bb/0xc10
[ 49.510257][ T367] worker_thread+0xad5/0x12a0
[ 49.514768][ T367] kthread+0x421/0x510
[ 49.518682][ T367] ret_from_fork+0x1f/0x30
[ 49.522940][ T367]
[ 49.525104][ T367] The buggy address belongs to the object at ffff88810cd3d500
[ 49.525104][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 49.539508][ T367] The buggy address is located 0 bytes inside of
[ 49.539508][ T367] 248-byte region [ffff88810cd3d500, ffff88810cd3d5f8)
[ 49.552441][ T367] The buggy address belongs to the page:
[ 49.558350][ T367] page:ffffea0004334f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cd3d
[ 49.568412][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 49.573894][ T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 49.582586][ T367] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 49.590992][ T367] page dumped because: kasan: bad access detected
[ 49.597334][ T367] page_owner tracks the page as allocated
[ 49.602883][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 48726802610, free_ts 47993938594
[ 49.618610][ T367] post_alloc_hook+0x1a3/0x1b0
[ 49.623220][ T367] prep_new_page+0x1b/0x110
[ 49.627547][ T367] get_page_from_freelist+0x3550/0x35d0
[ 49.632937][ T367] __alloc_pages+0x27e/0x8f0
[ 49.637355][ T367] new_slab+0x9a/0x4e0
[ 49.641262][ T367] ___slab_alloc+0x39e/0x830
[ 49.645694][ T367] __slab_alloc+0x4a/0x90
[ 49.649941][ T367] kmem_cache_alloc+0x134/0x200
[ 49.654642][ T367] __alloc_skb+0xbe/0x550
[ 49.658794][ T367] alloc_skb_with_frags+0xa6/0x680
[ 49.663741][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 49.668866][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 49.673813][ T367] __sys_sendto+0x564/0x720
[ 49.678158][ T367] __x64_sys_sendto+0xe5/0x100
[ 49.682786][ T367] x64_sys_call+0x15c/0x9a0
[ 49.687087][ T367] do_syscall_64+0x3b/0xb0
[ 49.691343][ T367] page last free stack trace:
[ 49.695854][ T367] free_unref_page_prepare+0x7c8/0x7d0
[ 49.701237][ T367] free_unref_page+0xe8/0x750
[ 49.705749][ T367] __free_pages+0x61/0xf0
[ 49.709919][ T367] __free_slab+0xec/0x1d0
[ 49.714079][ T367] __unfreeze_partials+0x165/0x1a0
[ 49.719204][ T367] put_cpu_partial+0xc4/0x120
[ 49.723715][ T367] __slab_free+0x1c8/0x290
[ 49.727967][ T367] ___cache_free+0x109/0x120
[ 49.732534][ T367] qlink_free+0x4d/0x90
[ 49.736476][ T367] qlist_free_all+0x44/0xb0
[ 49.740832][ T367] kasan_quarantine_reduce+0x15a/0x180
[ 49.746107][ T367] __kasan_slab_alloc+0x2f/0xe0
[ 49.750792][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 49.755739][ T367] __kmalloc_track_caller+0x11d/0x260
[ 49.760950][ T367] __alloc_skb+0x10c/0x550
[ 49.765204][ T367] alloc_skb_with_frags+0xa6/0x680
[ 49.770149][ T367]
[ 49.772320][ T367] Memory state around the buggy address:
[ 49.777788][ T367] ffff88810cd3d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.785689][ T367] ffff88810cd3d480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.793584][ T367] >ffff88810cd3d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.801483][ T367] ^
2024/09/06 21:29:20 executed programs: 4
[ 49.805392][ T367] ffff88810cd3d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.813286][ T367] ffff88810cd3d600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.821185][ T367] ==================================================================
[ 49.836235][ T30] audit: type=1400 audit(1725658160.844:103): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 49.858419][ T30] audit: type=1400 audit(1725658160.844:104): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 49.886760][ T371] FAULT_INJECTION: forcing a failure.
[ 49.886760][ T371] name failslab, interval 1, probability 0, space 0, times 0
[ 49.899325][ T371] CPU: 1 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.910789][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.920797][ T371] Call Trace:
[ 49.923920][ T371]
[ 49.926695][ T371] dump_stack_lvl+0x151/0x1c0
[ 49.931329][ T371] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.936796][ T371] dump_stack+0x15/0x20
[ 49.940786][ T371] should_fail+0x3c6/0x510
[ 49.945041][ T371] __should_failslab+0xa4/0xe0
[ 49.949637][ T371] should_failslab+0x9/0x20
[ 49.954065][ T371] slab_pre_alloc_hook+0x37/0xd0
[ 49.958850][ T371] kmem_cache_alloc_trace+0x48/0x210
[ 49.963969][ T371] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.969693][ T371] ? migrate_disable+0x190/0x190
[ 49.974565][ T371] sk_psock_skb_ingress_self+0x60/0x330
[ 49.979953][ T371] sk_psock_verdict_recv+0x66d/0x840
[ 49.985151][ T371] unix_read_sock+0x132/0x370
[ 49.989654][ T371] ? sk_psock_skb_redirect+0x440/0x440
[ 49.994949][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 50.000506][ T371] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.005799][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 50.011440][ T371] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.017082][ T371] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.022286][ T371] ? _raw_spin_lock+0xa4/0x1b0
[ 50.026888][ T371] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.032627][ T371] ? skb_queue_tail+0xfb/0x120
[ 50.037427][ T371] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.042447][ T371] ? unix_dgram_poll+0x710/0x710
[ 50.047210][ T371] ? __kasan_check_write+0x14/0x20
[ 50.052498][ T371] ? __cpuidle_text_end+0x2/0x2
[ 50.057172][ T371] ? cgroup_rstat_updated+0xe5/0x370
[ 50.062301][ T371] ? security_socket_sendmsg+0x82/0xb0
[ 50.067702][ T371] ? unix_dgram_poll+0x710/0x710
[ 50.072665][ T371] ____sys_sendmsg+0x59e/0x8f0
[ 50.077349][ T371] ? __sys_sendmsg_sock+0x40/0x40
[ 50.082209][ T371] ? import_iovec+0xe5/0x120
[ 50.086633][ T371] ___sys_sendmsg+0x252/0x2e0
[ 50.091149][ T371] ? __sys_sendmsg+0x260/0x260
[ 50.095766][ T371] ? __kasan_check_write+0x14/0x20
[ 50.100691][ T371] ? proc_fail_nth_write+0x20b/0x290
[ 50.105817][ T371] ? __fdget+0x1bc/0x240
[ 50.109892][ T371] __sys_sendmmsg+0x2bf/0x530
[ 50.114498][ T371] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.119361][ T371] ? mutex_unlock+0xb2/0x260
[ 50.123788][ T371] ? __kasan_check_write+0x14/0x20
[ 50.128758][ T371] ? __ia32_sys_read+0x90/0x90
[ 50.133329][ T371] ? debug_smp_processor_id+0x17/0x20
[ 50.138532][ T371] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.144436][ T371] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.149123][ T371] x64_sys_call+0x81d/0x9a0
[ 50.153463][ T371] do_syscall_64+0x3b/0xb0
[ 50.157811][ T371] ? clear_bhb_loop+0x35/0x90
[ 50.162402][ T371] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.168130][ T371] RIP: 0033:0x7f8ff98b5ae9
[ 50.172386][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.191973][ T371] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.200157][ T371] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 50.207993][ T371] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.215779][ T371] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 50.223620][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.231405][ T371] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 50.239307][ T371]
[ 50.244397][ T370] ==================================================================
[ 50.252460][ T370] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.260809][ T370]
[ 50.262949][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 50.274666][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 50.284568][ T370] Call Trace:
[ 50.287686][ T370]
[ 50.290466][ T370] dump_stack_lvl+0x151/0x1c0
[ 50.294975][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.300702][ T370] ? __wake_up_klogd+0xd5/0x110
[ 50.305394][ T370] ? panic+0x760/0x760
[ 50.309295][ T370] ? kmem_cache_free+0x116/0x2e0
[ 50.314100][ T370] print_address_description+0x87/0x3b0
[ 50.319537][ T370] ? kmem_cache_free+0x116/0x2e0
[ 50.324310][ T370] ? kmem_cache_free+0x116/0x2e0
[ 50.329083][ T370] kasan_report_invalid_free+0x6b/0xa0
[ 50.334556][ T370] ____kasan_slab_free+0x13e/0x160
[ 50.339501][ T370] __kasan_slab_free+0x11/0x20
[ 50.344103][ T370] slab_free_freelist_hook+0xbd/0x190
[ 50.349561][ T370] ? kfree_skbmem+0x104/0x170
[ 50.354053][ T370] kmem_cache_free+0x116/0x2e0
[ 50.358788][ T370] kfree_skbmem+0x104/0x170
[ 50.363118][ T370] consume_skb+0xb4/0x250
[ 50.367412][ T370] __sk_msg_free+0x2dd/0x370
[ 50.371827][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.377482][ T370] sk_psock_stop+0x44c/0x4d0
[ 50.381896][ T370] ? unix_peer_get+0xe0/0xe0
[ 50.386317][ T370] sock_map_close+0x2b9/0x4c0
[ 50.390841][ T370] ? sock_map_remove_links+0x650/0x650
[ 50.396647][ T370] ? rwsem_mark_wake+0x770/0x770
[ 50.401511][ T370] unix_release+0x82/0xc0
[ 50.405677][ T370] sock_close+0xdf/0x270
[ 50.409847][ T370] ? sock_mmap+0xa0/0xa0
[ 50.413926][ T370] __fput+0x3fe/0x910
[ 50.417749][ T370] ____fput+0x15/0x20
[ 50.421642][ T370] task_work_run+0x129/0x190
[ 50.426342][ T370] exit_to_user_mode_loop+0xc4/0xe0
[ 50.431405][ T370] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.436667][ T370] syscall_exit_to_user_mode+0x26/0x160
[ 50.442039][ T370] do_syscall_64+0x47/0xb0
[ 50.446294][ T370] ? clear_bhb_loop+0x35/0x90
[ 50.450813][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.456534][ T370] RIP: 0033:0x7f8ff98b49da
[ 50.460789][ T370] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.480241][ T370] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.488475][ T370] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 50.496380][ T370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.504183][ T370] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 50.512166][ T370] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c60a
[ 50.520068][ T370] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000c2c9
[ 50.528080][ T370]
[ 50.530943][ T370]
[ 50.533121][ T370] Allocated by task 371:
[ 50.537293][ T370] __kasan_slab_alloc+0xb1/0xe0
[ 50.542083][ T370] slab_post_alloc_hook+0x53/0x2c0
[ 50.547031][ T370] kmem_cache_alloc+0xf5/0x200
[ 50.551648][ T370] skb_clone+0x1d1/0x360
[ 50.555712][ T370] sk_psock_verdict_recv+0x53/0x840
[ 50.560744][ T370] unix_read_sock+0x132/0x370
[ 50.565432][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.571163][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.576193][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 50.580793][ T370] ___sys_sendmsg+0x252/0x2e0
[ 50.585339][ T370] __sys_sendmmsg+0x2bf/0x530
[ 50.589822][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.594537][ T370] x64_sys_call+0x81d/0x9a0
[ 50.598845][ T370] do_syscall_64+0x3b/0xb0
[ 50.603099][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.608826][ T370]
[ 50.610998][ T370] Freed by task 308:
[ 50.614731][ T370] kasan_set_track+0x4b/0x70
[ 50.619158][ T370] kasan_set_free_info+0x23/0x40
[ 50.623934][ T370] ____kasan_slab_free+0x126/0x160
[ 50.629054][ T370] __kasan_slab_free+0x11/0x20
[ 50.633975][ T370] slab_free_freelist_hook+0xbd/0x190
[ 50.639169][ T370] kmem_cache_free+0x116/0x2e0
[ 50.643772][ T370] kfree_skbmem+0x104/0x170
[ 50.648114][ T370] kfree_skb+0xc2/0x360
[ 50.652099][ T370] sk_psock_backlog+0xc21/0xd90
[ 50.656788][ T370] process_one_work+0x6bb/0xc10
[ 50.661474][ T370] worker_thread+0xad5/0x12a0
[ 50.665985][ T370] kthread+0x421/0x510
[ 50.669892][ T370] ret_from_fork+0x1f/0x30
[ 50.674157][ T370]
[ 50.676532][ T370] The buggy address belongs to the object at ffff88810c9ae780
[ 50.676532][ T370] which belongs to the cache skbuff_head_cache of size 248
[ 50.690997][ T370] The buggy address is located 0 bytes inside of
[ 50.690997][ T370] 248-byte region [ffff88810c9ae780, ffff88810c9ae878)
[ 50.703916][ T370] The buggy address belongs to the page:
[ 50.709573][ T370] page:ffffea0004326b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c9ae
[ 50.720067][ T370] flags: 0x4000000000000200(slab|zone=1)
[ 50.725657][ T370] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 50.734072][ T370] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.742658][ T370] page dumped because: kasan: bad access detected
[ 50.749003][ T370] page_owner tracks the page as allocated
[ 50.754557][ T370] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 49834307644, free_ts 49830469405
[ 50.770296][ T370] post_alloc_hook+0x1a3/0x1b0
[ 50.774895][ T370] prep_new_page+0x1b/0x110
[ 50.779238][ T370] get_page_from_freelist+0x3550/0x35d0
[ 50.784704][ T370] __alloc_pages+0x27e/0x8f0
[ 50.789221][ T370] new_slab+0x9a/0x4e0
[ 50.793120][ T370] ___slab_alloc+0x39e/0x830
[ 50.797982][ T370] __slab_alloc+0x4a/0x90
[ 50.802148][ T370] kmem_cache_alloc+0x134/0x200
[ 50.806833][ T370] __alloc_skb+0xbe/0x550
[ 50.811086][ T370] alloc_skb_with_frags+0xa6/0x680
[ 50.816035][ T370] sock_alloc_send_pskb+0x915/0xa50
[ 50.821590][ T370] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.826545][ T370] __sys_sendto+0x564/0x720
[ 50.830875][ T370] __x64_sys_sendto+0xe5/0x100
[ 50.835476][ T370] x64_sys_call+0x15c/0x9a0
[ 50.839824][ T370] do_syscall_64+0x3b/0xb0
[ 50.844068][ T370] page last free stack trace:
[ 50.848588][ T370] free_unref_page_prepare+0x7c8/0x7d0
[ 50.853884][ T370] free_unref_page+0xe8/0x750
[ 50.858389][ T370] __free_pages+0x61/0xf0
[ 50.862572][ T370] __free_slab+0xec/0x1d0
[ 50.866726][ T370] __unfreeze_partials+0x165/0x1a0
[ 50.871670][ T370] put_cpu_partial+0xc4/0x120
[ 50.876183][ T370] __slab_free+0x1c8/0x290
[ 50.880436][ T370] ___cache_free+0x109/0x120
[ 50.884862][ T370] qlink_free+0x4d/0x90
[ 50.888862][ T370] qlist_free_all+0x44/0xb0
[ 50.893205][ T370] kasan_quarantine_reduce+0x15a/0x180
[ 50.898488][ T370] __kasan_slab_alloc+0x2f/0xe0
[ 50.903186][ T370] slab_post_alloc_hook+0x53/0x2c0
[ 50.908121][ T370] kmem_cache_alloc+0xf5/0x200
[ 50.912722][ T370] __alloc_skb+0xbe/0x550
[ 50.916887][ T370] alloc_skb_with_frags+0xa6/0x680
[ 50.921838][ T370]
[ 50.924005][ T370] Memory state around the buggy address:
[ 50.929483][ T370] ffff88810c9ae680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.937392][ T370] ffff88810c9ae700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.945674][ T370] >ffff88810c9ae780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.953557][ T370] ^
[ 50.957462][ T370] ffff88810c9ae800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.965369][ T370] ffff88810c9ae880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.973254][ T370] ==================================================================
[ 50.994224][ T374] FAULT_INJECTION: forcing a failure.
[ 50.994224][ T374] name failslab, interval 1, probability 0, space 0, times 0
[ 51.006860][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 51.018409][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 51.028389][ T374] Call Trace:
[ 51.031523][ T374]
[ 51.034288][ T374] dump_stack_lvl+0x151/0x1c0
[ 51.039204][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.044678][ T374] dump_stack+0x15/0x20
[ 51.048660][ T374] should_fail+0x3c6/0x510
[ 51.053008][ T374] __should_failslab+0xa4/0xe0
[ 51.057598][ T374] should_failslab+0x9/0x20
[ 51.061939][ T374] slab_pre_alloc_hook+0x37/0xd0
[ 51.066724][ T374] kmem_cache_alloc_trace+0x48/0x210
[ 51.071833][ T374] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.077396][ T374] ? migrate_disable+0x190/0x190
[ 51.082162][ T374] sk_psock_skb_ingress_self+0x60/0x330
[ 51.087546][ T374] sk_psock_verdict_recv+0x66d/0x840
[ 51.092758][ T374] unix_read_sock+0x132/0x370
[ 51.097278][ T374] ? sk_psock_skb_redirect+0x440/0x440
[ 51.102557][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 51.108113][ T374] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.113409][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 51.118961][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.124605][ T374] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.129913][ T374] ? _raw_spin_lock+0xa4/0x1b0
[ 51.134505][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.140151][ T374] ? skb_queue_tail+0xfb/0x120
[ 51.144761][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.149824][ T374] ? unix_dgram_poll+0x710/0x710
[ 51.154590][ T374] ? __kasan_check_write+0x14/0x20
[ 51.159505][ T374] ? __cpuidle_text_end+0x2/0x2
[ 51.164189][ T374] ? cgroup_rstat_updated+0xe5/0x370
[ 51.169404][ T374] ? security_socket_sendmsg+0x82/0xb0
[ 51.174717][ T374] ? unix_dgram_poll+0x710/0x710
[ 51.179472][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 51.184071][ T374] ? __sys_sendmsg_sock+0x40/0x40
[ 51.189014][ T374] ? import_iovec+0xe5/0x120
[ 51.193656][ T374] ___sys_sendmsg+0x252/0x2e0
[ 51.198250][ T374] ? __sys_sendmsg+0x260/0x260
[ 51.202853][ T374] ? __kasan_check_write+0x14/0x20
[ 51.208308][ T374] ? proc_fail_nth_write+0x20b/0x290
[ 51.213436][ T374] ? __fdget+0x1bc/0x240
[ 51.217512][ T374] __sys_sendmmsg+0x2bf/0x530
[ 51.222024][ T374] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.226986][ T374] ? mutex_unlock+0xb2/0x260
[ 51.231483][ T374] ? __kasan_check_write+0x14/0x20
[ 51.236362][ T374] ? __ia32_sys_read+0x90/0x90
[ 51.240969][ T374] ? debug_smp_processor_id+0x17/0x20
[ 51.246167][ T374] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.252071][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.256761][ T374] x64_sys_call+0x81d/0x9a0
[ 51.261183][ T374] do_syscall_64+0x3b/0xb0
[ 51.265442][ T374] ? clear_bhb_loop+0x35/0x90
[ 51.269952][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.275676][ T374] RIP: 0033:0x7f8ff98b5ae9
[ 51.279930][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.299375][ T374] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.307616][ T374] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 51.315512][ T374] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.323248][ T374] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 51.331167][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.338967][ T374] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 51.346786][ T374]
[ 51.350075][ T373] ==================================================================
[ 51.357959][ T373] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.366195][ T373]
[ 51.368365][ T373] CPU: 1 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 51.379918][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 51.389817][ T373] Call Trace:
[ 51.392929][ T373]
[ 51.395715][ T373] dump_stack_lvl+0x151/0x1c0
[ 51.400219][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.405857][ T373] ? __wake_up_klogd+0xd5/0x110
[ 51.410546][ T373] ? panic+0x760/0x760
[ 51.414450][ T373] ? kmem_cache_free+0x116/0x2e0
[ 51.419316][ T373] print_address_description+0x87/0x3b0
[ 51.424692][ T373] ? kmem_cache_free+0x116/0x2e0
[ 51.429466][ T373] ? kmem_cache_free+0x116/0x2e0
[ 51.434339][ T373] kasan_report_invalid_free+0x6b/0xa0
[ 51.439635][ T373] ____kasan_slab_free+0x13e/0x160
[ 51.444573][ T373] __kasan_slab_free+0x11/0x20
[ 51.449257][ T373] slab_free_freelist_hook+0xbd/0x190
[ 51.454599][ T373] ? kfree_skbmem+0x104/0x170
[ 51.459099][ T373] kmem_cache_free+0x116/0x2e0
[ 51.463703][ T373] kfree_skbmem+0x104/0x170
[ 51.468037][ T373] consume_skb+0xb4/0x250
[ 51.472206][ T373] __sk_msg_free+0x2dd/0x370
[ 51.476805][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.482543][ T373] sk_psock_stop+0x44c/0x4d0
[ 51.486956][ T373] ? unix_peer_get+0xe0/0xe0
[ 51.491477][ T373] sock_map_close+0x2b9/0x4c0
[ 51.495985][ T373] ? sock_map_remove_links+0x650/0x650
[ 51.501289][ T373] ? rwsem_mark_wake+0x770/0x770
[ 51.506062][ T373] unix_release+0x82/0xc0
[ 51.510219][ T373] sock_close+0xdf/0x270
[ 51.514308][ T373] ? sock_mmap+0xa0/0xa0
[ 51.518375][ T373] __fput+0x3fe/0x910
[ 51.522199][ T373] ____fput+0x15/0x20
[ 51.526015][ T373] task_work_run+0x129/0x190
[ 51.530483][ T373] exit_to_user_mode_loop+0xc4/0xe0
[ 51.535478][ T373] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.540776][ T373] syscall_exit_to_user_mode+0x26/0x160
[ 51.546159][ T373] do_syscall_64+0x47/0xb0
[ 51.550401][ T373] ? clear_bhb_loop+0x35/0x90
[ 51.554916][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.560644][ T373] RIP: 0033:0x7f8ff98b49da
[ 51.564898][ T373] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.584521][ T373] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.592766][ T373] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 51.600578][ T373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.608474][ T373] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 51.616287][ T373] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000ca5d
[ 51.624280][ T373] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000c71c
[ 51.632188][ T373]
[ 51.635064][ T373]
[ 51.637485][ T373] Allocated by task 374:
[ 51.641559][ T373] __kasan_slab_alloc+0xb1/0xe0
[ 51.646332][ T373] slab_post_alloc_hook+0x53/0x2c0
[ 51.651277][ T373] kmem_cache_alloc+0xf5/0x200
[ 51.655965][ T373] skb_clone+0x1d1/0x360
[ 51.660158][ T373] sk_psock_verdict_recv+0x53/0x840
[ 51.665188][ T373] unix_read_sock+0x132/0x370
[ 51.669703][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.675342][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.680392][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 51.685065][ T373] ___sys_sendmsg+0x252/0x2e0
[ 51.689672][ T373] __sys_sendmmsg+0x2bf/0x530
[ 51.694269][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.698950][ T373] x64_sys_call+0x81d/0x9a0
[ 51.703301][ T373] do_syscall_64+0x3b/0xb0
[ 51.707547][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.713275][ T373]
[ 51.715442][ T373] Freed by task 308:
[ 51.719177][ T373] kasan_set_track+0x4b/0x70
[ 51.723641][ T373] kasan_set_free_info+0x23/0x40
[ 51.728374][ T373] ____kasan_slab_free+0x126/0x160
[ 51.733558][ T373] __kasan_slab_free+0x11/0x20
[ 51.738127][ T373] slab_free_freelist_hook+0xbd/0x190
[ 51.743510][ T373] kmem_cache_free+0x116/0x2e0
[ 51.748116][ T373] kfree_skbmem+0x104/0x170
[ 51.752451][ T373] kfree_skb+0xc2/0x360
[ 51.756440][ T373] sk_psock_backlog+0xc21/0xd90
[ 51.761137][ T373] process_one_work+0x6bb/0xc10
[ 51.765902][ T373] worker_thread+0xad5/0x12a0
[ 51.770416][ T373] kthread+0x421/0x510
[ 51.774321][ T373] ret_from_fork+0x1f/0x30
[ 51.778661][ T373]
[ 51.780927][ T373] The buggy address belongs to the object at ffff888122228c80
[ 51.780927][ T373] which belongs to the cache skbuff_head_cache of size 248
[ 51.795382][ T373] The buggy address is located 0 bytes inside of
[ 51.795382][ T373] 248-byte region [ffff888122228c80, ffff888122228d78)
[ 51.808267][ T373] The buggy address belongs to the page:
[ 51.813738][ T373] page:ffffea0004888a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122228
[ 51.823806][ T373] flags: 0x4000000000000200(slab|zone=1)
[ 51.829279][ T373] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 51.837697][ T373] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.846195][ T373] page dumped because: kasan: bad access detected
[ 51.852447][ T373] page_owner tracks the page as allocated
[ 51.857998][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 50988354208, free_ts 47625965601
[ 51.873797][ T373] post_alloc_hook+0x1a3/0x1b0
[ 51.878480][ T373] prep_new_page+0x1b/0x110
[ 51.882911][ T373] get_page_from_freelist+0x3550/0x35d0
[ 51.888290][ T373] __alloc_pages+0x27e/0x8f0
[ 51.892714][ T373] new_slab+0x9a/0x4e0
[ 51.896622][ T373] ___slab_alloc+0x39e/0x830
[ 51.901090][ T373] __slab_alloc+0x4a/0x90
[ 51.905215][ T373] kmem_cache_alloc+0x134/0x200
[ 51.909903][ T373] __alloc_skb+0xbe/0x550
[ 51.914078][ T373] alloc_skb_with_frags+0xa6/0x680
[ 51.919034][ T373] sock_alloc_send_pskb+0x915/0xa50
[ 51.924050][ T373] unix_dgram_sendmsg+0x6fd/0x2090
[ 51.929254][ T373] __sys_sendto+0x564/0x720
[ 51.933596][ T373] __x64_sys_sendto+0xe5/0x100
[ 51.938193][ T373] x64_sys_call+0x15c/0x9a0
[ 51.942537][ T373] do_syscall_64+0x3b/0xb0
[ 51.946788][ T373] page last free stack trace:
[ 51.951303][ T373] free_unref_page_prepare+0x7c8/0x7d0
[ 51.956691][ T373] free_unref_page_list+0x14b/0xa60
[ 51.961722][ T373] release_pages+0x1310/0x1370
[ 51.966436][ T373] free_pages_and_swap_cache+0x8a/0xa0
[ 51.971718][ T373] tlb_finish_mmu+0x177/0x320
[ 51.976230][ T373] exit_mmap+0x40d/0x940
[ 51.980310][ T373] __mmput+0x95/0x310
[ 51.984149][ T373] mmput+0x5b/0x170
[ 51.987778][ T373] do_exit+0xb9c/0x2ca0
[ 51.991767][ T373] do_group_exit+0x141/0x310
[ 51.996453][ T373] __x64_sys_exit_group+0x3f/0x40
[ 52.001500][ T373] x64_sys_call+0x610/0x9a0
[ 52.005829][ T373] do_syscall_64+0x3b/0xb0
[ 52.010081][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.015983][ T373]
[ 52.018238][ T373] Memory state around the buggy address:
[ 52.023894][ T373] ffff888122228b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.032140][ T373] ffff888122228c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.040029][ T373] >ffff888122228c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.047922][ T373] ^
[ 52.051830][ T373] ffff888122228d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.059738][ T373] ffff888122228d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.067623][ T373] ==================================================================
[ 52.090013][ T378] FAULT_INJECTION: forcing a failure.
[ 52.090013][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 52.103025][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.114495][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.124472][ T378] Call Trace:
[ 52.127593][ T378]
[ 52.130372][ T378] dump_stack_lvl+0x151/0x1c0
[ 52.135087][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.140650][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.146374][ T378] ? __skb_try_recv_datagram+0x495/0x6a0
[ 52.151842][ T378] dump_stack+0x15/0x20
[ 52.155945][ T378] should_fail+0x3c6/0x510
[ 52.160193][ T378] __should_failslab+0xa4/0xe0
[ 52.164794][ T378] ? skb_clone+0x1d1/0x360
[ 52.169052][ T378] should_failslab+0x9/0x20
[ 52.173390][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 52.178155][ T378] ? skb_clone+0x1d1/0x360
[ 52.182455][ T378] kmem_cache_alloc+0x44/0x200
[ 52.187014][ T378] skb_clone+0x1d1/0x360
[ 52.191091][ T378] sk_psock_verdict_recv+0x53/0x840
[ 52.196129][ T378] ? avc_has_perm_noaudit+0x430/0x430
[ 52.201329][ T378] ? mntput_no_expire+0xfc/0x6b0
[ 52.206106][ T378] unix_read_sock+0x132/0x370
[ 52.210623][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 52.215929][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 52.221469][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.226770][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 52.232321][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.237960][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.243178][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 52.247854][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.253501][ T378] ? skb_queue_tail+0xfb/0x120
[ 52.258096][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.263224][ T378] ? unix_dgram_poll+0x710/0x710
[ 52.267990][ T378] ? __kasan_check_write+0x14/0x20
[ 52.272935][ T378] ? __cpuidle_text_end+0x2/0x2
[ 52.277623][ T378] ? cgroup_rstat_updated+0xe5/0x370
[ 52.282745][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 52.288212][ T378] ? unix_dgram_poll+0x710/0x710
[ 52.292989][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 52.297595][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 52.302446][ T378] ? import_iovec+0xe5/0x120
[ 52.306960][ T378] ___sys_sendmsg+0x252/0x2e0
[ 52.311496][ T378] ? __sys_sendmsg+0x260/0x260
[ 52.316380][ T378] ? __kasan_check_write+0x14/0x20
[ 52.321318][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 52.326527][ T378] ? __fdget+0x1bc/0x240
[ 52.330692][ T378] __sys_sendmmsg+0x2bf/0x530
[ 52.335212][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.340061][ T378] ? mutex_unlock+0xb2/0x260
[ 52.344498][ T378] ? __kasan_check_write+0x14/0x20
[ 52.349546][ T378] ? __ia32_sys_read+0x90/0x90
[ 52.354253][ T378] ? debug_smp_processor_id+0x17/0x20
[ 52.359450][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.365338][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.370021][ T378] x64_sys_call+0x81d/0x9a0
[ 52.374403][ T378] do_syscall_64+0x3b/0xb0
[ 52.378612][ T378] ? clear_bhb_loop+0x35/0x90
[ 52.383211][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.388945][ T378] RIP: 0033:0x7f8ff98b5ae9
[ 52.393199][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.412637][ T378] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.420890][ T378] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 52.428697][ T378] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.436768][ T378] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 52.444669][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.452477][ T378] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 52.460292][ T378]
[ 52.472690][ T380] FAULT_INJECTION: forcing a failure.
[ 52.472690][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 52.485267][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.496739][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.506626][ T380] Call Trace:
[ 52.509765][ T380]
[ 52.512538][ T380] dump_stack_lvl+0x151/0x1c0
[ 52.517049][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.522511][ T380] dump_stack+0x15/0x20
[ 52.526520][ T380] should_fail+0x3c6/0x510
[ 52.530764][ T380] __should_failslab+0xa4/0xe0
[ 52.535449][ T380] should_failslab+0x9/0x20
[ 52.539788][ T380] slab_pre_alloc_hook+0x37/0xd0
[ 52.544556][ T380] kmem_cache_alloc_trace+0x48/0x210
[ 52.549769][ T380] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.555318][ T380] ? migrate_disable+0x190/0x190
[ 52.560090][ T380] sk_psock_skb_ingress_self+0x60/0x330
[ 52.565570][ T380] sk_psock_verdict_recv+0x66d/0x840
[ 52.570682][ T380] unix_read_sock+0x132/0x370
[ 52.575197][ T380] ? sk_psock_skb_redirect+0x440/0x440
[ 52.580509][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 52.586302][ T380] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.591683][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 52.597236][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.602887][ T380] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.608175][ T380] ? _raw_spin_lock+0xa4/0x1b0
[ 52.612772][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.618416][ T380] ? skb_queue_tail+0xfb/0x120
[ 52.623019][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.628090][ T380] ? unix_dgram_poll+0x710/0x710
[ 52.632823][ T380] ? __kasan_check_write+0x14/0x20
[ 52.637773][ T380] ? __cpuidle_text_end+0x2/0x2
[ 52.642462][ T380] ? cgroup_rstat_updated+0xe5/0x370
[ 52.647581][ T380] ? security_socket_sendmsg+0x82/0xb0
[ 52.652960][ T380] ? unix_dgram_poll+0x710/0x710
[ 52.657735][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 52.662333][ T380] ? __sys_sendmsg_sock+0x40/0x40
[ 52.667305][ T380] ? import_iovec+0xe5/0x120
[ 52.671730][ T380] ___sys_sendmsg+0x252/0x2e0
[ 52.676242][ T380] ? __sys_sendmsg+0x260/0x260
[ 52.680843][ T380] ? __kasan_check_write+0x14/0x20
[ 52.685883][ T380] ? proc_fail_nth_write+0x20b/0x290
[ 52.691004][ T380] ? __fdget+0x1bc/0x240
[ 52.695090][ T380] __sys_sendmmsg+0x2bf/0x530
[ 52.699596][ T380] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.704472][ T380] ? mutex_unlock+0xb2/0x260
[ 52.708981][ T380] ? __kasan_check_write+0x14/0x20
[ 52.713919][ T380] ? __ia32_sys_read+0x90/0x90
[ 52.718518][ T380] ? debug_smp_processor_id+0x17/0x20
[ 52.723727][ T380] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.729747][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.734425][ T380] x64_sys_call+0x81d/0x9a0
[ 52.738964][ T380] do_syscall_64+0x3b/0xb0
[ 52.743217][ T380] ? clear_bhb_loop+0x35/0x90
[ 52.747813][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.753545][ T380] RIP: 0033:0x7f8ff98b5ae9
[ 52.757805][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.777760][ T380] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.786015][ T380] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 52.793828][ T380] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.801822][ T380] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 52.809641][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.817628][ T380] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 52.825519][ T380]
[ 52.828716][ T379] ==================================================================
[ 52.836676][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.845012][ T379]
[ 52.847310][ T379] CPU: 0 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.858934][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.869115][ T379] Call Trace:
[ 52.872233][ T379]
[ 52.875009][ T379] dump_stack_lvl+0x151/0x1c0
[ 52.879606][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.885074][ T379] ? __wake_up_klogd+0xd5/0x110
[ 52.889762][ T379] ? panic+0x760/0x760
[ 52.893752][ T379] ? kmem_cache_free+0x116/0x2e0
[ 52.898525][ T379] print_address_description+0x87/0x3b0
[ 52.903912][ T379] ? kmem_cache_free+0x116/0x2e0
[ 52.908680][ T379] ? kmem_cache_free+0x116/0x2e0
[ 52.913455][ T379] kasan_report_invalid_free+0x6b/0xa0
[ 52.918868][ T379] ____kasan_slab_free+0x13e/0x160
[ 52.923807][ T379] __kasan_slab_free+0x11/0x20
[ 52.928404][ T379] slab_free_freelist_hook+0xbd/0x190
[ 52.933870][ T379] ? kfree_skbmem+0x104/0x170
[ 52.938469][ T379] kmem_cache_free+0x116/0x2e0
[ 52.943077][ T379] kfree_skbmem+0x104/0x170
[ 52.947533][ T379] consume_skb+0xb4/0x250
[ 52.951700][ T379] __sk_msg_free+0x2dd/0x370
[ 52.956123][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.961764][ T379] sk_psock_stop+0x44c/0x4d0
[ 52.966192][ T379] ? unix_peer_get+0xe0/0xe0
[ 52.970618][ T379] sock_map_close+0x2b9/0x4c0
[ 52.975130][ T379] ? sock_map_remove_links+0x650/0x650
[ 52.980434][ T379] ? rwsem_mark_wake+0x770/0x770
[ 52.985286][ T379] unix_release+0x82/0xc0
[ 52.989452][ T379] sock_close+0xdf/0x270
[ 52.993531][ T379] ? sock_mmap+0xa0/0xa0
[ 52.997695][ T379] __fput+0x3fe/0x910
[ 53.001519][ T379] ____fput+0x15/0x20
[ 53.005340][ T379] task_work_run+0x129/0x190
[ 53.009762][ T379] exit_to_user_mode_loop+0xc4/0xe0
[ 53.014798][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.020091][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 53.025475][ T379] do_syscall_64+0x47/0xb0
[ 53.029731][ T379] ? clear_bhb_loop+0x35/0x90
[ 53.034357][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.040142][ T379] RIP: 0033:0x7f8ff98b49da
[ 53.044400][ T379] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.063841][ T379] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.072077][ T379] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 53.079933][ T379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.087702][ T379] RBP: 0000000000000032 R08: 0000001b31b60000 R09: 00007f8ff99d4f8c
[ 53.095514][ T379] R10: 00007fff1ef383f0 R11: 0000000000000293 R12: 00007f8ff943a0d0
[ 53.103437][ T379] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000cce3
[ 53.111281][ T379]
[ 53.115998][ T379]
[ 53.118166][ T379] Allocated by task 380:
[ 53.122264][ T379] __kasan_slab_alloc+0xb1/0xe0
[ 53.126948][ T379] slab_post_alloc_hook+0x53/0x2c0
[ 53.131881][ T379] kmem_cache_alloc+0xf5/0x200
[ 53.136479][ T379] skb_clone+0x1d1/0x360
[ 53.140572][ T379] sk_psock_verdict_recv+0x53/0x840
[ 53.145766][ T379] unix_read_sock+0x132/0x370
[ 53.150279][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.155934][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.160953][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 53.165560][ T379] ___sys_sendmsg+0x252/0x2e0
[ 53.170067][ T379] __sys_sendmmsg+0x2bf/0x530
[ 53.174580][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.179273][ T379] x64_sys_call+0x81d/0x9a0
[ 53.183608][ T379] do_syscall_64+0x3b/0xb0
[ 53.187955][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.193763][ T379]
[ 53.195934][ T379] Freed by task 20:
[ 53.199579][ T379] kasan_set_track+0x4b/0x70
[ 53.204006][ T379] kasan_set_free_info+0x23/0x40
[ 53.208797][ T379] ____kasan_slab_free+0x126/0x160
[ 53.213819][ T379] __kasan_slab_free+0x11/0x20
[ 53.218413][ T379] slab_free_freelist_hook+0xbd/0x190
[ 53.223620][ T379] kmem_cache_free+0x116/0x2e0
[ 53.228232][ T379] kfree_skbmem+0x104/0x170
[ 53.232731][ T379] kfree_skb+0xc2/0x360
[ 53.236724][ T379] sk_psock_backlog+0xc21/0xd90
[ 53.241673][ T379] process_one_work+0x6bb/0xc10
[ 53.246447][ T379] worker_thread+0xad5/0x12a0
[ 53.250958][ T379] kthread+0x421/0x510
[ 53.254862][ T379] ret_from_fork+0x1f/0x30
[ 53.259122][ T379]
[ 53.261289][ T379] The buggy address belongs to the object at ffff8881222303c0
[ 53.261289][ T379] which belongs to the cache skbuff_head_cache of size 248
[ 53.275701][ T379] The buggy address is located 0 bytes inside of
[ 53.275701][ T379] 248-byte region [ffff8881222303c0, ffff8881222304b8)
[ 53.288626][ T379] The buggy address belongs to the page:
[ 53.294184][ T379] page:ffffea0004888c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122230
[ 53.304256][ T379] flags: 0x4000000000000200(slab|zone=1)
[ 53.309728][ T379] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 53.318143][ T379] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.326645][ T379] page dumped because: kasan: bad access detected
[ 53.332895][ T379] page_owner tracks the page as allocated
[ 53.338530][ T379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 52086625210, free_ts 52078083927
[ 53.354240][ T379] post_alloc_hook+0x1a3/0x1b0
[ 53.358842][ T379] prep_new_page+0x1b/0x110
[ 53.363184][ T379] get_page_from_freelist+0x3550/0x35d0
[ 53.368563][ T379] __alloc_pages+0x27e/0x8f0
[ 53.372988][ T379] new_slab+0x9a/0x4e0
[ 53.376897][ T379] ___slab_alloc+0x39e/0x830
[ 53.381323][ T379] __slab_alloc+0x4a/0x90
[ 53.385486][ T379] kmem_cache_alloc+0x134/0x200
[ 53.390175][ T379] __alloc_skb+0xbe/0x550
[ 53.394342][ T379] alloc_skb_with_frags+0xa6/0x680
[ 53.399287][ T379] sock_alloc_send_pskb+0x915/0xa50
[ 53.404330][ T379] unix_dgram_sendmsg+0x6fd/0x2090
[ 53.409272][ T379] __sys_sendto+0x564/0x720
[ 53.413608][ T379] __x64_sys_sendto+0xe5/0x100
[ 53.418219][ T379] x64_sys_call+0x15c/0x9a0
[ 53.422550][ T379] do_syscall_64+0x3b/0xb0
[ 53.426803][ T379] page last free stack trace:
[ 53.431314][ T379] free_unref_page_prepare+0x7c8/0x7d0
[ 53.436612][ T379] free_unref_page_list+0x14b/0xa60
[ 53.441642][ T379] release_pages+0x1310/0x1370
[ 53.446246][ T379] free_pages_and_swap_cache+0x8a/0xa0
[ 53.451536][ T379] tlb_finish_mmu+0x177/0x320
[ 53.456050][ T379] exit_mmap+0x40d/0x940
[ 53.460131][ T379] __mmput+0x95/0x310
[ 53.463947][ T379] mmput+0x5b/0x170
[ 53.467592][ T379] do_exit+0xb9c/0x2ca0
[ 53.471589][ T379] do_group_exit+0x141/0x310
[ 53.476011][ T379] get_signal+0x7a3/0x1630
[ 53.480271][ T379] arch_do_signal_or_restart+0xbd/0x1680
[ 53.485733][ T379] exit_to_user_mode_loop+0xa0/0xe0
[ 53.490769][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.496083][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 53.501444][ T379] do_syscall_64+0x47/0xb0
[ 53.505701][ T379]
[ 53.507870][ T379] Memory state around the buggy address:
[ 53.513337][ T379] ffff888122230280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.521239][ T379] ffff888122230300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.529142][ T379] >ffff888122230380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.537033][ T379] ^
[ 53.543020][ T379] ffff888122230400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.551003][ T379] ffff888122230480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.558989][ T379] ==================================================================
[ 53.589875][ T384] FAULT_INJECTION: forcing a failure.
[ 53.589875][ T384] name failslab, interval 1, probability 0, space 0, times 0
[ 53.602573][ T384] CPU: 1 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 53.614113][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 53.624097][ T384] Call Trace:
[ 53.627224][ T384]
[ 53.630000][ T384] dump_stack_lvl+0x151/0x1c0
[ 53.634597][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.640281][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.646120][ T384] ? __skb_try_recv_datagram+0x495/0x6a0
[ 53.651596][ T384] dump_stack+0x15/0x20
[ 53.655583][ T384] should_fail+0x3c6/0x510
[ 53.659844][ T384] __should_failslab+0xa4/0xe0
[ 53.664434][ T384] ? skb_clone+0x1d1/0x360
[ 53.668690][ T384] should_failslab+0x9/0x20
[ 53.673035][ T384] slab_pre_alloc_hook+0x37/0xd0
[ 53.677890][ T384] ? skb_clone+0x1d1/0x360
[ 53.682147][ T384] kmem_cache_alloc+0x44/0x200
[ 53.686923][ T384] skb_clone+0x1d1/0x360
[ 53.690988][ T384] sk_psock_verdict_recv+0x53/0x840
[ 53.696019][ T384] ? avc_has_perm_noaudit+0x430/0x430
[ 53.701230][ T384] ? mntput_no_expire+0xfc/0x6b0
[ 53.706004][ T384] unix_read_sock+0x132/0x370
[ 53.710603][ T384] ? sk_psock_skb_redirect+0x440/0x440
[ 53.715903][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 53.721453][ T384] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.726838][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 53.732475][ T384] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.738212][ T384] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.743421][ T384] ? _raw_spin_lock+0xa4/0x1b0
[ 53.748020][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.753775][ T384] ? skb_queue_tail+0xfb/0x120
[ 53.758526][ T384] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.763732][ T384] ? unix_dgram_poll+0x710/0x710
[ 53.768501][ T384] ? __kasan_check_write+0x14/0x20
[ 53.773459][ T384] ? __cpuidle_text_end+0x2/0x2
[ 53.778142][ T384] ? cgroup_rstat_updated+0xe5/0x370
[ 53.783261][ T384] ? security_socket_sendmsg+0x82/0xb0
[ 53.788552][ T384] ? unix_dgram_poll+0x710/0x710
[ 53.793325][ T384] ____sys_sendmsg+0x59e/0x8f0
[ 53.797926][ T384] ? __sys_sendmsg_sock+0x40/0x40
[ 53.802787][ T384] ? import_iovec+0xe5/0x120
[ 53.807214][ T384] ___sys_sendmsg+0x252/0x2e0
[ 53.811737][ T384] ? __sys_sendmsg+0x260/0x260
[ 53.816329][ T384] ? __kasan_check_write+0x14/0x20
[ 53.821282][ T384] ? proc_fail_nth_write+0x20b/0x290
[ 53.826414][ T384] ? __fdget+0x1bc/0x240
[ 53.830499][ T384] __sys_sendmmsg+0x2bf/0x530
[ 53.834992][ T384] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.839858][ T384] ? mutex_unlock+0xb2/0x260
[ 53.844622][ T384] ? __kasan_check_write+0x14/0x20
[ 53.849569][ T384] ? __ia32_sys_read+0x90/0x90
[ 53.854168][ T384] ? debug_smp_processor_id+0x17/0x20
[ 53.859462][ T384] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.865370][ T384] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.870063][ T384] x64_sys_call+0x81d/0x9a0
[ 53.874390][ T384] do_syscall_64+0x3b/0xb0
[ 53.878643][ T384] ? clear_bhb_loop+0x35/0x90
[ 53.883169][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.889145][ T384] RIP: 0033:0x7f8ff98b5ae9
[ 53.893398][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.913014][ T384] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.921343][ T384] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 53.929160][ T384] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.937065][ T384] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 53.944872][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.952770][ T384] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 53.960675][ T384]
[ 53.987902][ T386] FAULT_INJECTION: forcing a failure.
[ 53.987902][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 54.000503][ T386] CPU: 0 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.012045][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.022048][ T386] Call Trace:
[ 54.025278][ T386]
[ 54.028029][ T386] dump_stack_lvl+0x151/0x1c0
[ 54.032541][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.038090][ T386] dump_stack+0x15/0x20
[ 54.042080][ T386] should_fail+0x3c6/0x510
[ 54.046341][ T386] __should_failslab+0xa4/0xe0
[ 54.050937][ T386] should_failslab+0x9/0x20
[ 54.055283][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 54.060652][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 54.065870][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.071426][ T386] ? migrate_disable+0x190/0x190
[ 54.076205][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 54.081610][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 54.086705][ T386] unix_read_sock+0x132/0x370
[ 54.091301][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 54.096592][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 54.102142][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.107456][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 54.112995][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.118633][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.123841][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 54.128550][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.134217][ T386] ? skb_queue_tail+0xfb/0x120
[ 54.139032][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.144064][ T386] ? unix_dgram_poll+0x710/0x710
[ 54.148835][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 54.154218][ T386] ? unix_dgram_poll+0x710/0x710
[ 54.158986][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 54.163590][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 54.168454][ T386] ? import_iovec+0xe5/0x120
[ 54.172881][ T386] ___sys_sendmsg+0x252/0x2e0
[ 54.177388][ T386] ? __sys_sendmsg+0x260/0x260
[ 54.181991][ T386] ? __kasan_check_write+0x14/0x20
[ 54.187025][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 54.192148][ T386] ? __fdget+0x1bc/0x240
[ 54.196235][ T386] __sys_sendmmsg+0x2bf/0x530
[ 54.200823][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.205690][ T386] ? mutex_unlock+0xb2/0x260
[ 54.210126][ T386] ? __kasan_check_write+0x14/0x20
[ 54.215063][ T386] ? __ia32_sys_read+0x90/0x90
[ 54.219865][ T386] ? debug_smp_processor_id+0x17/0x20
[ 54.225038][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.230943][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.235711][ T386] x64_sys_call+0x81d/0x9a0
[ 54.240051][ T386] do_syscall_64+0x3b/0xb0
[ 54.244304][ T386] ? clear_bhb_loop+0x35/0x90
[ 54.248815][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.254590][ T386] RIP: 0033:0x7f8ff98b5ae9
[ 54.258801][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.278243][ T386] RSP: 002b:00007f8ff94380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.286744][ T386] RAX: ffffffffffffffda RBX: 00007f8ff99d4f80 RCX: 00007f8ff98b5ae9
[ 54.294559][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.302367][ T386] RBP: 00007f8ff9438120 R08: 0000000000000000 R09: 0000000000000000
[ 54.310440][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.318339][ T386] R13: 000000000000000b R14: 00007f8ff99d4f80 R15: 00007fff1ef381d8
[ 54.326163][ T386]
[ 54.331372][ T385] ==================================================================
[ 54.339365][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.348043][ T385]
[ 54.350218][ T385] CPU: 1 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.361843][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.371740][ T385] Call Trace:
[ 54.374880][ T385]
[ 54.377644][ T385] dump_stack_lvl+0x151/0x1c0
[ 54.382165][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.387619][ T385] ? __wake_up_klogd+0xd5/0x110
[ 54.392309][ T385] ? panic+0x760/0x760
[ 54.396218][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.401098][ T385] print_address_description+0x87/0x3b0
[ 54.406480][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.411250][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.416114][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 54.421408][ T385] ____kasan_slab_free+0x13e/0x160
[ 54.426364][ T385] __kasan_slab_free+0x11/0x20
[ 54.430960][ T385] slab_free_freelist_hook+0xbd/0x190
[ 54.436165][ T385] ? kfree_skbmem+0x104/0x170
[ 54.440674][ T385] kmem_cache_free+0x116/0x2e0
[ 54.445279][ T385] kfree_skbmem+0x104/0x170
[ 54.449704][ T385] consume_skb+0xb4/0x250
[ 54.453868][ T385] __sk_msg_free+0x2dd/0x370
[ 54.458294][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.463935][ T385] sk_psock_stop+0x44c/0x4d0
[ 54.468364][ T385] ? unix_peer_get+0xe0/0xe0
[ 54.472878][ T385] sock_map_close+0x2b9/0x4c0
[ 54.477391][ T385] ? sock_map_remove_links+0x650/0x650
[ 54.482965][ T385] ? rwsem_mark_wake+0x770/0x770
[ 54.487741][ T385] unix_release+0x82/0xc0
[ 54.491907][ T385] sock_close+0xdf/0x270
[ 54.495983][ T385] ? sock_mmap+0xa0/0xa0
[ 54.500063][ T385] __fput+0x3fe/0x910
[ 54.503884][ T385] ____fput+0x15/0x20
[ 54.507698][ T385] task_work_run+0x129/0x190
[ 54.512127][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 54.517262][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.522612][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 54.527923][ T385] do_syscall_64+0x47/0xb0
[ 54.532187][ T385] ? clear_bhb_loop+0x35/0x90
[ 54.536694][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.542419][ T385] RIP: 0033:0x7f8ff98b49da
[ 54.546675][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.566285][ T385] RSP: 002b:00007fff1ef382a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.574531][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8ff98b49da
[ 54.582720][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.590530][ T385] RBP: 00007f8ff99d6980 R08: 0000001b31b60000 R09: 00007fff1ef680b0
[ 54.598342][ T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d60f
[ 54.606246][ T385] R13: ffffffffffffffff R14: 00007f8ff9439000 R15: 000000000000d2ce
[ 54.614056][ T385]
[ 54.616916][ T385]
[ 54.619087][ T385] Allocated by task 386:
[ 54.623164][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 54.627850][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 54.632884][ T385] kmem_cache_alloc+0xf5/0x200
[ 54.637483][ T385] skb_clone+0x1d1/0x360
[ 54.641561][ T385] sk_psock_verdict_recv+0x53/0x840
[ 54.646595][ T385] unix_read_sock+0x132/0x370
[ 54.651111][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.656754][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.661787][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 54.666383][ T385] ___sys_sendmsg+0x252/0x2e0
[ 54.670901][ T385] __sys_sendmmsg+0x2bf/0x530
[ 54.675411][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.680228][ T385] x64_sys_call+0x81d/0x9a0
[ 54.684557][ T385] do_syscall_64+0x3b/0xb0
[ 54.688808][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.694540][ T385]
[ 54.696708][ T385] Freed by task 20:
[ 54.700355][ T385] kasan_set_track+0x4b/0x70
[ 54.705041][ T385] kasan_set_free_info+0x23/0x40
[ 54.709819][ T385] ____kasan_slab_free+0x126/0x160
[ 54.714762][ T385] __kasan_slab_free+0x11/0x20
[ 54.719364][ T385] slab_free_freelist_hook+0xbd/0x190
[ 54.724580][ T385] kmem_cache_free+0x116/0x2e0
[ 54.729168][ T385] kfree_skbmem+0x104/0x170
[ 54.733598][ T385] kfree_skb+0xc2/0x360
[ 54.737589][ T385] sk_psock_backlog+0xc21/0xd90
[ 54.742277][ T385] process_one_work+0x6bb/0xc10
[ 54.746961][ T385] worker_thread+0xad5/0x12a0
[ 54.751475][ T385] kthread+0x421/0x510
[ 54.755391][ T385] ret_from_fork+0x1f/0x30
[ 54.759634][ T385]
[ 54.761831][ T385] The buggy address belongs to the object at ffff88810c62e500
[ 54.761831][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 54.776211][ T385] The buggy address is located 0 bytes inside of
[ 54.776211][ T385] 248-byte region [ffff88810c62e500, ffff88810c62e5f8)
[ 54.789143][ T385] The buggy address belongs to the page:
[ 54.794634][ T385] page:ffffea0004318b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c62e
[ 54.805029][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 54.810506][ T385] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3500
[ 54.818920][ T385] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.827334][ T385] page dumped because: kasan: bad access detected
[ 54.833586][ T385] page_owner tracks the page as allocated
[ 54.839138][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 359, ts 53587252814, free_ts 53580997475
[ 54.854851][ T385] post_alloc_hook+0x1a3/0x1b0
[ 54.859444][ T385] prep_new_page+0x1b/0x110
[ 54.863784][ T385] get_page_from_freelist+0x3550/0x35d0
[ 54.869169][ T385] __alloc_pages+0x27e/0x8f0
[ 54.873594][ T385] new_slab+0x9a/0x4e0
[ 54.877499][ T385] ___slab_alloc+0x39e/0x830
[ 54.881923][ T385] __slab_alloc+0x4a/0x90
[ 54.886090][ T385] kmem_cache_alloc+0x134/0x200
[ 54.890778][ T385] skb_clone+0x1d1/0x360
[ 54.894857][ T385] netlink_broadcast_filtered+0x692/0x1220
[ 54.900499][ T385] netlink_sendmsg+0x990/0xd20
[ 54.905115][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 54.909699][ T385] ___sys_sendmsg+0x252/0x2e0
[ 54.914213][ T385] __se_sys_sendmsg+0x19a/0x260
[ 54.918898][ T385] __x64_sys_sendmsg+0x7b/0x90
[ 54.923594][ T385] x64_sys_call+0x16a/0x9a0
[ 54.927925][ T385] page last free stack trace:
[ 54.932447][ T385] free_unref_page_prepare+0x7c8/0x7d0
[ 54.937733][ T385] free_unref_page+0xe8/0x750
[ 54.942249][ T385] __free_pages+0x61/0xf0
[ 54.946586][ T385] __vunmap+0x7bc/0x8f0
[ 54.950751][ T385] free_work+0x5b/0x80
[ 54.954656][ T385] process_one_work+0x6bb/0xc10
[ 54.959778][ T385] worker_thread+0xad5/0x12a0
[ 54.964296][ T385] kthread+0x421/0x510
[ 54.968197][ T385] ret_from_fork+0x1f/0x30
[ 54.972541][ T385]
[ 54.974714][ T385] Memory state around the buggy address:
[ 54.980186][ T385] ffff88810c62e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/09/06 21:29:26 executed programs: 10
[ 54.988250][ T385] ffff88810c62e480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.996136][ T385] >ffff88810c62e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.004112][ T385] ^
[ 55.008138][ T385] ffff88810c62e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.016129][ T385] ffff88810c62e600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.024018][ T385] ==================================================================