Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts.
2025/05/15 08:30:52 ignoring optional flag "sandboxArg"="0"
2025/05/15 08:30:52 ignoring optional flag "type"="gce"
2025/05/15 08:30:53 parsed 1 programs
2025/05/15 08:30:53 executed programs: 0
[ 45.906718][ T30] kauditd_printk_skb: 18 callbacks suppressed
[ 45.906784][ T30] audit: type=1400 audit(1747297853.154:92): avc: denied { unlink } for pid=321 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 45.946180][ T321] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.005290][ T328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.012764][ T328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.020429][ T328] device bridge_slave_0 entered promiscuous mode
[ 46.027719][ T328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.034851][ T328] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.042558][ T328] device bridge_slave_1 entered promiscuous mode
[ 46.090272][ T328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.097773][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.105817][ T328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.113186][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.133386][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.140944][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.149045][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.157361][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.167200][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 46.175792][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.183298][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.193153][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 46.202133][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.209354][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.221269][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 46.231498][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 46.247125][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 46.258901][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 46.267880][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 46.275831][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 46.284732][ T328] device veth0_vlan entered promiscuous mode
[ 46.295817][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 46.305736][ T328] device veth1_macvtap entered promiscuous mode
[ 46.315993][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 46.327135][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 46.348970][ T30] audit: type=1400 audit(1747297853.594:93): avc: denied { prog_load } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.369382][ T30] audit: type=1400 audit(1747297853.594:94): avc: denied { bpf } for pid=332 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 46.400747][ T30] audit: type=1400 audit(1747297853.644:95): avc: denied { map_create } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.420566][ T30] audit: type=1400 audit(1747297853.644:96): avc: denied { map_read map_write } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.580050][ T30] audit: type=1400 audit(1747297853.824:97): avc: denied { perfmon } for pid=332 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 46.602010][ T30] audit: type=1400 audit(1747297853.844:98): avc: denied { prog_run } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.631351][ T337] FAULT_INJECTION: forcing a failure.
[ 46.631351][ T337] name failslab, interval 1, probability 0, space 0, times 1
[ 46.644804][ T337] CPU: 1 PID: 337 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.655894][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.666473][ T337] Call Trace:
[ 46.669756][ T337]
[ 46.672688][ T337] __dump_stack+0x21/0x30
[ 46.677130][ T337] dump_stack_lvl+0xee/0x150
[ 46.681815][ T337] ? show_regs_print_info+0x20/0x20
[ 46.687162][ T337] dump_stack+0x15/0x20
[ 46.691580][ T337] should_fail+0x3c1/0x510
[ 46.696092][ T337] __should_failslab+0xa4/0xe0
[ 46.700950][ T337] should_failslab+0x9/0x20
[ 46.705785][ T337] slab_pre_alloc_hook+0x3b/0xe0
[ 46.711083][ T337] kmem_cache_alloc_trace+0x48/0x270
[ 46.717015][ T337] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 46.723172][ T337] ? migrate_disable+0x180/0x180
[ 46.728379][ T337] sk_psock_skb_ingress_self+0x5f/0x330
[ 46.734135][ T337] ? migrate_disable+0xd6/0x180
[ 46.739234][ T337] sk_psock_verdict_recv+0x636/0x800
[ 46.745200][ T337] unix_read_sock+0x10a/0x2c0
[ 46.749982][ T337] ? sk_psock_skb_redirect+0x440/0x440
[ 46.755733][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 46.761631][ T337] ? __kasan_check_write+0x14/0x20
[ 46.766929][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 46.773000][ T337] sk_psock_verdict_data_ready+0x115/0x170
[ 46.779021][ T337] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.784498][ T337] ? _raw_spin_lock+0x8e/0xe0
[ 46.789215][ T337] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 46.795309][ T337] ? skb_queue_tail+0xcb/0xf0
[ 46.800760][ T337] unix_dgram_sendmsg+0x11e6/0x1880
[ 46.806636][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 46.812450][ T337] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 46.818211][ T337] ? security_socket_sendmsg+0x82/0xa0
[ 46.824503][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 46.829753][ T337] ____sys_sendmsg+0x5a2/0x8c0
[ 46.834832][ T337] ? __sys_sendmsg_sock+0x40/0x40
[ 46.840173][ T337] ? import_iovec+0x7c/0xb0
[ 46.844708][ T337] ___sys_sendmsg+0x1f0/0x260
[ 46.849609][ T337] ? _kstrtoull+0x3c0/0x4d0
[ 46.854583][ T337] ? __sys_sendmsg+0x250/0x250
[ 46.859845][ T337] ? __fdget+0x1a1/0x230
[ 46.864516][ T337] __sys_sendmmsg+0x278/0x480
[ 46.869698][ T337] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 46.876069][ T337] ? __ia32_sys_read+0x90/0x90
[ 46.881340][ T337] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.887107][ T337] x64_sys_call+0x6c6/0x9a0
[ 46.892394][ T337] do_syscall_64+0x4c/0xa0
[ 46.897779][ T337] ? clear_bhb_loop+0x35/0x90
[ 46.902985][ T337] ? clear_bhb_loop+0x35/0x90
[ 46.907836][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.914015][ T337] RIP: 0033:0x7fafb3b4dae9
[ 46.918511][ T337] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.938351][ T337] RSP: 002b:00007fafb36d00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.947460][ T337] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4dae9
[ 46.955613][ T337] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.964019][ T337] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 46.972208][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.980206][ T337] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 46.988443][ T337]
[ 46.993570][ T336] ==================================================================
[ 47.002059][ T336] BUG: KASAN: use-after-free in consume_skb+0x3a/0x1f0
[ 47.008918][ T336] Read of size 4 at addr ffff888106f88c2c by task syz-executor.0/336
[ 47.017270][ T336]
[ 47.019615][ T336] CPU: 1 PID: 336 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 47.030287][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 47.040518][ T336] Call Trace:
[ 47.043791][ T336]
[ 47.046728][ T336] __dump_stack+0x21/0x30
[ 47.051173][ T336] dump_stack_lvl+0xee/0x150
[ 47.055935][ T336] ? show_regs_print_info+0x20/0x20
[ 47.061135][ T336] ? load_image+0x3a0/0x3a0
[ 47.065780][ T336] ? dequeue_task_fair+0x779/0x1e40
[ 47.071064][ T336] print_address_description+0x7f/0x2c0
[ 47.076627][ T336] ? consume_skb+0x3a/0x1f0
[ 47.081410][ T336] kasan_report+0xf1/0x140
[ 47.085831][ T336] ? consume_skb+0x3a/0x1f0
[ 47.090440][ T336] kasan_check_range+0x280/0x290
[ 47.095398][ T336] __kasan_check_read+0x11/0x20
[ 47.100530][ T336] consume_skb+0x3a/0x1f0
[ 47.104857][ T336] __sk_msg_free+0x4f4/0x560
[ 47.109609][ T336] ? _raw_spin_lock_bh+0x8e/0xe0
[ 47.114647][ T336] ? _raw_spin_lock_irq+0xe0/0xe0
[ 47.119775][ T336] ? skb_dequeue+0x125/0x160
[ 47.124570][ T336] sk_psock_stop+0x4c9/0x570
[ 47.129636][ T336] ? sock_no_sendpage_locked+0x130/0x130
[ 47.135579][ T336] sk_psock_drop+0x226/0x300
[ 47.140270][ T336] sock_map_unref+0x3c2/0x420
[ 47.145034][ T336] ? sk_psock_link_pop+0x154/0x170
[ 47.150373][ T336] sock_map_remove_links+0x3cd/0x600
[ 47.155997][ T336] ? sock_init_data+0xc0/0xc0
[ 47.161030][ T336] ? fput+0x1a/0x20
[ 47.165541][ T336] ? filp_close+0x105/0x150
[ 47.170157][ T336] ? close_fd+0x70/0x80
[ 47.174342][ T336] ? sock_map_unhash+0x130/0x130
[ 47.179305][ T336] sock_map_close+0x111/0x440
[ 47.184347][ T336] ? unix_peer_get+0xe0/0xe0
[ 47.189593][ T336] ? sock_map_remove_links+0x600/0x600
[ 47.195555][ T336] ? clear_nonspinnable+0x60/0x60
[ 47.201070][ T336] unix_release+0x82/0xc0
[ 47.205687][ T336] sock_close+0xe0/0x270
[ 47.210054][ T336] ? sock_mmap+0xa0/0xa0
[ 47.214400][ T336] __fput+0x20b/0x8b0
[ 47.218565][ T336] ____fput+0x15/0x20
[ 47.222936][ T336] task_work_run+0x127/0x190
[ 47.227534][ T336] exit_to_user_mode_loop+0xd0/0xe0
[ 47.233236][ T336] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.239103][ T336] syscall_exit_to_user_mode+0x1a/0x30
[ 47.244779][ T336] do_syscall_64+0x58/0xa0
[ 47.249291][ T336] ? clear_bhb_loop+0x35/0x90
[ 47.254142][ T336] ? clear_bhb_loop+0x35/0x90
[ 47.259316][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.265568][ T336] RIP: 0033:0x7fafb3b4c9da
[ 47.270181][ T336] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.291400][ T336] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.300279][ T336] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 47.308605][ T336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.316817][ T336] RBP: 00007fafb3c6e980 R08: 0000001b30360000 R09: 00362e564fe9f7f2
[ 47.325460][ T336] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b94c
[ 47.333875][ T336] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000b60b
[ 47.342384][ T336]
[ 47.345418][ T336]
[ 47.348484][ T336] Allocated by task 337:
[ 47.353301][ T336] __kasan_slab_alloc+0xbd/0xf0
[ 47.358788][ T336] slab_post_alloc_hook+0x4f/0x2b0
[ 47.364169][ T336] kmem_cache_alloc+0xf7/0x260
[ 47.369196][ T336] skb_clone+0x1cf/0x360
[ 47.373577][ T336] sk_psock_verdict_recv+0x53/0x800
[ 47.378811][ T336] unix_read_sock+0x10a/0x2c0
[ 47.383486][ T336] sk_psock_verdict_data_ready+0x115/0x170
[ 47.389653][ T336] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.395033][ T336] ____sys_sendmsg+0x5a2/0x8c0
[ 47.399932][ T336] ___sys_sendmsg+0x1f0/0x260
[ 47.404824][ T336] __sys_sendmmsg+0x278/0x480
[ 47.409812][ T336] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.415059][ T336] x64_sys_call+0x6c6/0x9a0
[ 47.419964][ T336] do_syscall_64+0x4c/0xa0
[ 47.424493][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.430564][ T336]
[ 47.433061][ T336] Freed by task 60:
[ 47.436960][ T336] kasan_set_track+0x4a/0x70
[ 47.441638][ T336] kasan_set_free_info+0x23/0x40
[ 47.446768][ T336] ____kasan_slab_free+0x125/0x160
[ 47.452646][ T336] __kasan_slab_free+0x11/0x20
[ 47.457512][ T336] slab_free_freelist_hook+0xc2/0x190
[ 47.463591][ T336] kmem_cache_free+0x100/0x320
[ 47.468633][ T336] kfree_skbmem+0x10c/0x180
[ 47.473138][ T336] kfree_skb+0xc1/0x2f0
[ 47.477361][ T336] sk_psock_backlog+0xa85/0xd80
[ 47.482421][ T336] process_one_work+0x6be/0xba0
[ 47.487437][ T336] worker_thread+0xa59/0x1200
[ 47.492293][ T336] kthread+0x411/0x500
[ 47.496462][ T336] ret_from_fork+0x1f/0x30
[ 47.501139][ T336]
[ 47.503456][ T336] The buggy address belongs to the object at ffff888106f88b40
[ 47.503456][ T336] which belongs to the cache skbuff_head_cache of size 248
[ 47.518332][ T336] The buggy address is located 236 bytes inside of
[ 47.518332][ T336] 248-byte region [ffff888106f88b40, ffff888106f88c38)
[ 47.531881][ T336] The buggy address belongs to the page:
[ 47.537700][ T336] page:ffffea00041be200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f88
[ 47.548117][ T336] flags: 0x4000000000000200(slab|zone=1)
[ 47.553775][ T336] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa600
[ 47.562757][ T336] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.571427][ T336] page dumped because: kasan: bad access detected
[ 47.577945][ T336] page_owner tracks the page as allocated
[ 47.583655][ T336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 6, ts 46601414028, free_ts 45774360645
[ 47.600888][ T336] post_alloc_hook+0x192/0x1b0
[ 47.605758][ T336] prep_new_page+0x1c/0x110
[ 47.610304][ T336] get_page_from_freelist+0x2cc5/0x2d50
[ 47.615855][ T336] __alloc_pages+0x18f/0x440
[ 47.620455][ T336] new_slab+0xa1/0x4d0
[ 47.624642][ T336] ___slab_alloc+0x381/0x810
[ 47.629237][ T336] __slab_alloc+0x49/0x90
[ 47.633742][ T336] kmem_cache_alloc+0x138/0x260
[ 47.638770][ T336] skb_clone+0x1cf/0x360
[ 47.647103][ T336] br_flood+0x387/0x420
[ 47.651551][ T336] br_handle_frame_finish+0xdae/0x1200
[ 47.657100][ T336] br_handle_frame+0x8fc/0xf50
[ 47.662079][ T336] __netif_receive_skb_core+0xe49/0x2f10
[ 47.668166][ T336] __netif_receive_skb+0x72/0x280
[ 47.673229][ T336] process_backlog+0x368/0x600
[ 47.678101][ T336] __napi_poll+0xbe/0x590
[ 47.682539][ T336] page last free stack trace:
[ 47.687301][ T336] free_unref_page_prepare+0x542/0x550
[ 47.692864][ T336] free_unref_page+0xa2/0x550
[ 47.697943][ T336] __free_pages+0x6c/0x100
[ 47.702471][ T336] __vunmap+0x84d/0x9e0
[ 47.706640][ T336] vfree+0x8b/0xc0
[ 47.710627][ T336] kcov_mmap+0x8f/0x130
[ 47.714807][ T336] mmap_file+0x60/0xb0
[ 47.718962][ T336] mmap_region+0xf94/0x1800
[ 47.723494][ T336] do_mmap+0x76c/0xe40
[ 47.727576][ T336] vm_mmap_pgoff+0x1ce/0x410
[ 47.732173][ T336] ksys_mmap_pgoff+0x161/0x1d0
[ 47.737348][ T336] __x64_sys_mmap+0xfa/0x110
[ 47.742111][ T336] x64_sys_call+0x83/0x9a0
[ 47.747196][ T336] do_syscall_64+0x4c/0xa0
[ 47.751757][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.757756][ T336]
[ 47.760248][ T336] Memory state around the buggy address:
[ 47.766136][ T336] ffff888106f88b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.774744][ T336] ffff888106f88b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.783285][ T336] >ffff888106f88c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.791607][ T336] ^
[ 47.797060][ T336] ffff888106f88c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.805479][ T336] ffff888106f88d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.814030][ T336] ==================================================================
[ 47.822280][ T336] Disabling lock debugging due to kernel taint
[ 47.828786][ T336] ==================================================================
[ 47.837133][ T336] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 47.837789][ T30] audit: type=1400 audit(1747297855.074:99): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.845782][ T336]
[ 47.845791][ T336] CPU: 1 PID: 336 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 47.845816][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 47.871626][ T30] audit: type=1400 audit(1747297855.074:100): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.882362][ T336] Call Trace:
[ 47.882372][ T336]
[ 47.882380][ T336] __dump_stack+0x21/0x30
[ 47.882412][ T336] dump_stack_lvl+0xee/0x150
[ 47.893254][ T30] audit: type=1400 audit(1747297855.074:101): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.914800][ T336] ? show_regs_print_info+0x20/0x20
[ 47.914836][ T336] ? load_image+0x3a0/0x3a0
[ 47.963647][ T336] print_address_description+0x7f/0x2c0
[ 47.969826][ T336] ? kmem_cache_free+0x100/0x320
[ 47.974873][ T336] kasan_report_invalid_free+0x58/0x90
[ 47.980438][ T336] ? kmem_cache_free+0x100/0x320
[ 47.985720][ T336] ____kasan_slab_free+0x13d/0x160
[ 47.991926][ T336] __kasan_slab_free+0x11/0x20
[ 47.997126][ T336] slab_free_freelist_hook+0xc2/0x190
[ 48.002779][ T336] ? kfree_skbmem+0x10c/0x180
[ 48.007460][ T336] kmem_cache_free+0x100/0x320
[ 48.012517][ T336] ? skb_release_data+0x94f/0xa10
[ 48.017951][ T336] kfree_skbmem+0x10c/0x180
[ 48.022827][ T336] consume_skb+0xb3/0x1f0
[ 48.027450][ T336] __sk_msg_free+0x4f4/0x560
[ 48.032282][ T336] ? _raw_spin_lock_bh+0x8e/0xe0
[ 48.037445][ T336] ? _raw_spin_lock_irq+0xe0/0xe0
[ 48.042558][ T336] ? skb_dequeue+0x125/0x160
[ 48.047142][ T336] sk_psock_stop+0x4c9/0x570
[ 48.051734][ T336] ? sock_no_sendpage_locked+0x130/0x130
[ 48.057485][ T336] sk_psock_drop+0x226/0x300
[ 48.062192][ T336] sock_map_unref+0x3c2/0x420
[ 48.066950][ T336] ? sk_psock_link_pop+0x154/0x170
[ 48.072256][ T336] sock_map_remove_links+0x3cd/0x600
[ 48.077873][ T336] ? sock_init_data+0xc0/0xc0
[ 48.082650][ T336] ? fput+0x1a/0x20
[ 48.086476][ T336] ? filp_close+0x105/0x150
[ 48.091172][ T336] ? close_fd+0x70/0x80
[ 48.095334][ T336] ? sock_map_unhash+0x130/0x130
[ 48.100376][ T336] sock_map_close+0x111/0x440
[ 48.105143][ T336] ? unix_peer_get+0xe0/0xe0
[ 48.109759][ T336] ? sock_map_remove_links+0x600/0x600
[ 48.115365][ T336] ? clear_nonspinnable+0x60/0x60
[ 48.120418][ T336] unix_release+0x82/0xc0
[ 48.124927][ T336] sock_close+0xe0/0x270
[ 48.129297][ T336] ? sock_mmap+0xa0/0xa0
[ 48.133817][ T336] __fput+0x20b/0x8b0
[ 48.138005][ T336] ____fput+0x15/0x20
[ 48.142128][ T336] task_work_run+0x127/0x190
[ 48.146942][ T336] exit_to_user_mode_loop+0xd0/0xe0
[ 48.152611][ T336] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.158687][ T336] syscall_exit_to_user_mode+0x1a/0x30
[ 48.164393][ T336] do_syscall_64+0x58/0xa0
[ 48.169053][ T336] ? clear_bhb_loop+0x35/0x90
[ 48.173731][ T336] ? clear_bhb_loop+0x35/0x90
[ 48.178613][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.184794][ T336] RIP: 0033:0x7fafb3b4c9da
[ 48.189215][ T336] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.209738][ T336] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.218444][ T336] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 48.226438][ T336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.234750][ T336] RBP: 00007fafb3c6e980 R08: 0000001b30360000 R09: 00362e564fe9f7f2
[ 48.242834][ T336] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b94c
[ 48.250999][ T336] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000b60b
[ 48.259245][ T336]
[ 48.262376][ T336]
[ 48.264804][ T336] Allocated by task 337:
[ 48.269310][ T336] __kasan_slab_alloc+0xbd/0xf0
[ 48.274344][ T336] slab_post_alloc_hook+0x4f/0x2b0
[ 48.279817][ T336] kmem_cache_alloc+0xf7/0x260
[ 48.284682][ T336] skb_clone+0x1cf/0x360
[ 48.289139][ T336] sk_psock_verdict_recv+0x53/0x800
[ 48.294557][ T336] unix_read_sock+0x10a/0x2c0
[ 48.299243][ T336] sk_psock_verdict_data_ready+0x115/0x170
[ 48.305313][ T336] unix_dgram_sendmsg+0x11e6/0x1880
[ 48.310621][ T336] ____sys_sendmsg+0x5a2/0x8c0
[ 48.315478][ T336] ___sys_sendmsg+0x1f0/0x260
[ 48.320335][ T336] __sys_sendmmsg+0x278/0x480
[ 48.325092][ T336] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.330116][ T336] x64_sys_call+0x6c6/0x9a0
[ 48.334977][ T336] do_syscall_64+0x4c/0xa0
[ 48.339863][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.346748][ T336]
[ 48.349098][ T336] Freed by task 60:
[ 48.353691][ T336] kasan_set_track+0x4a/0x70
[ 48.359141][ T336] kasan_set_free_info+0x23/0x40
[ 48.364352][ T336] ____kasan_slab_free+0x125/0x160
[ 48.369718][ T336] __kasan_slab_free+0x11/0x20
[ 48.374956][ T336] slab_free_freelist_hook+0xc2/0x190
[ 48.380624][ T336] kmem_cache_free+0x100/0x320
[ 48.385603][ T336] kfree_skbmem+0x10c/0x180
[ 48.390277][ T336] kfree_skb+0xc1/0x2f0
[ 48.394528][ T336] sk_psock_backlog+0xa85/0xd80
[ 48.399858][ T336] process_one_work+0x6be/0xba0
[ 48.404841][ T336] worker_thread+0xa59/0x1200
[ 48.409790][ T336] kthread+0x411/0x500
[ 48.414001][ T336] ret_from_fork+0x1f/0x30
[ 48.418527][ T336]
[ 48.421060][ T336] The buggy address belongs to the object at ffff888106f88b40
[ 48.421060][ T336] which belongs to the cache skbuff_head_cache of size 248
[ 48.437838][ T336] The buggy address is located 0 bytes inside of
[ 48.437838][ T336] 248-byte region [ffff888106f88b40, ffff888106f88c38)
[ 48.453190][ T336] The buggy address belongs to the page:
[ 48.459085][ T336] page:ffffea00041be200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f88
[ 48.470088][ T336] flags: 0x4000000000000200(slab|zone=1)
[ 48.475734][ T336] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa600
[ 48.484313][ T336] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.493153][ T336] page dumped because: kasan: bad access detected
[ 48.499714][ T336] page_owner tracks the page as allocated
[ 48.505628][ T336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 6, ts 46601414028, free_ts 45774360645
[ 48.523075][ T336] post_alloc_hook+0x192/0x1b0
[ 48.527926][ T336] prep_new_page+0x1c/0x110
[ 48.532563][ T336] get_page_from_freelist+0x2cc5/0x2d50
[ 48.538117][ T336] __alloc_pages+0x18f/0x440
[ 48.542716][ T336] new_slab+0xa1/0x4d0
[ 48.546798][ T336] ___slab_alloc+0x381/0x810
[ 48.551745][ T336] __slab_alloc+0x49/0x90
[ 48.556158][ T336] kmem_cache_alloc+0x138/0x260
[ 48.561141][ T336] skb_clone+0x1cf/0x360
[ 48.565378][ T336] br_flood+0x387/0x420
[ 48.569622][ T336] br_handle_frame_finish+0xdae/0x1200
[ 48.575370][ T336] br_handle_frame+0x8fc/0xf50
[ 48.580923][ T336] __netif_receive_skb_core+0xe49/0x2f10
[ 48.586690][ T336] __netif_receive_skb+0x72/0x280
[ 48.591727][ T336] process_backlog+0x368/0x600
[ 48.596671][ T336] __napi_poll+0xbe/0x590
[ 48.601010][ T336] page last free stack trace:
[ 48.605856][ T336] free_unref_page_prepare+0x542/0x550
[ 48.611578][ T336] free_unref_page+0xa2/0x550
[ 48.616282][ T336] __free_pages+0x6c/0x100
[ 48.621025][ T336] __vunmap+0x84d/0x9e0
[ 48.625174][ T336] vfree+0x8b/0xc0
[ 48.629015][ T336] kcov_mmap+0x8f/0x130
[ 48.633899][ T336] mmap_file+0x60/0xb0
[ 48.637970][ T336] mmap_region+0xf94/0x1800
[ 48.642646][ T336] do_mmap+0x76c/0xe40
[ 48.646816][ T336] vm_mmap_pgoff+0x1ce/0x410
[ 48.651526][ T336] ksys_mmap_pgoff+0x161/0x1d0
[ 48.656415][ T336] __x64_sys_mmap+0xfa/0x110
[ 48.661010][ T336] x64_sys_call+0x83/0x9a0
[ 48.665879][ T336] do_syscall_64+0x4c/0xa0
[ 48.670493][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.676758][ T336]
[ 48.679188][ T336] Memory state around the buggy address:
[ 48.684932][ T336] ffff888106f88a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.693321][ T336] ffff888106f88a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.701486][ T336] >ffff888106f88b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.710015][ T336] ^
[ 48.716340][ T336] ffff888106f88b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.724673][ T336] ffff888106f88c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.733027][ T336] ==================================================================
[ 48.758502][ T339] FAULT_INJECTION: forcing a failure.
[ 48.758502][ T339] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 48.774615][ T339] CPU: 1 PID: 339 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.787777][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.798043][ T339] Call Trace:
[ 48.801342][ T339]
[ 48.804350][ T339] __dump_stack+0x21/0x30
[ 48.809045][ T339] dump_stack_lvl+0xee/0x150
[ 48.813846][ T339] ? show_regs_print_info+0x20/0x20
[ 48.820606][ T339] dump_stack+0x15/0x20
[ 48.824940][ T339] should_fail+0x3c1/0x510
[ 48.829461][ T339] should_fail_usercopy+0x1a/0x20
[ 48.834509][ T339] _copy_to_user+0x20/0x90
[ 48.838943][ T339] simple_read_from_buffer+0xe9/0x160
[ 48.844427][ T339] proc_fail_nth_read+0x19a/0x210
[ 48.849660][ T339] ? proc_fault_inject_write+0x2f0/0x2f0
[ 48.855384][ T339] ? security_file_permission+0x83/0xa0
[ 48.860952][ T339] ? proc_fault_inject_write+0x2f0/0x2f0
[ 48.866687][ T339] vfs_read+0x282/0xbe0
[ 48.870982][ T339] ? kernel_read+0x1f0/0x1f0
[ 48.876042][ T339] ? __kasan_check_write+0x14/0x20
[ 48.881322][ T339] ? mutex_lock+0x95/0x1a0
[ 48.885933][ T339] ? wait_for_completion_killable_timeout+0x10/0x10
[ 48.892879][ T339] ? __fget_files+0x2c4/0x320
[ 48.898203][ T339] ? __fdget_pos+0x2d2/0x380
[ 48.903089][ T339] ? ksys_read+0x71/0x240
[ 48.907591][ T339] ksys_read+0x140/0x240
[ 48.912009][ T339] ? vfs_write+0xf70/0xf70
[ 48.916508][ T339] ? __kasan_check_write+0x14/0x20
[ 48.921610][ T339] ? switch_fpu_return+0x15d/0x2c0
[ 48.926820][ T339] __x64_sys_read+0x7b/0x90
[ 48.931593][ T339] x64_sys_call+0x96d/0x9a0
[ 48.936102][ T339] do_syscall_64+0x4c/0xa0
[ 48.940523][ T339] ? clear_bhb_loop+0x35/0x90
[ 48.945395][ T339] ? clear_bhb_loop+0x35/0x90
[ 48.950516][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.956502][ T339] RIP: 0033:0x7fafb3b4c78c
[ 48.961002][ T339] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 48.980895][ T339] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 48.989546][ T339] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 48.997727][ T339] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 49.005866][ T339] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 49.013859][ T339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.022263][ T339] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 49.030485][ T339]
[ 49.042802][ T341] FAULT_INJECTION: forcing a failure.
[ 49.042802][ T341] name failslab, interval 1, probability 0, space 0, times 0
[ 49.056090][ T341] CPU: 0 PID: 341 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 49.068098][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 49.079638][ T341] Call Trace:
[ 49.083008][ T341]
[ 49.086172][ T341] __dump_stack+0x21/0x30
[ 49.090825][ T341] dump_stack_lvl+0xee/0x150
[ 49.095520][ T341] ? show_regs_print_info+0x20/0x20
[ 49.101099][ T341] dump_stack+0x15/0x20
[ 49.105347][ T341] should_fail+0x3c1/0x510
[ 49.109894][ T341] __should_failslab+0xa4/0xe0
[ 49.114750][ T341] should_failslab+0x9/0x20
[ 49.119565][ T341] slab_pre_alloc_hook+0x3b/0xe0
[ 49.124782][ T341] kmem_cache_alloc_trace+0x48/0x270
[ 49.130272][ T341] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 49.136426][ T341] ? migrate_disable+0x180/0x180
[ 49.141381][ T341] sk_psock_skb_ingress_self+0x5f/0x330
[ 49.147365][ T341] ? migrate_disable+0xd6/0x180
[ 49.152488][ T341] sk_psock_verdict_recv+0x636/0x800
[ 49.157982][ T341] unix_read_sock+0x10a/0x2c0
[ 49.162854][ T341] ? sk_psock_skb_redirect+0x440/0x440
[ 49.169365][ T341] ? unix_stream_splice_actor+0x120/0x120
[ 49.175504][ T341] ? __kasan_check_write+0x14/0x20
[ 49.180892][ T341] ? unix_stream_splice_actor+0x120/0x120
[ 49.186899][ T341] sk_psock_verdict_data_ready+0x115/0x170
[ 49.192966][ T341] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.198458][ T341] ? _raw_spin_lock+0x8e/0xe0
[ 49.203308][ T341] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 49.209241][ T341] ? skb_queue_tail+0xcb/0xf0
[ 49.214224][ T341] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.220406][ T341] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.225447][ T341] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 49.231459][ T341] ? security_socket_sendmsg+0x82/0xa0
[ 49.237442][ T341] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.243263][ T341] ____sys_sendmsg+0x5a2/0x8c0
[ 49.249021][ T341] ? __sys_sendmsg_sock+0x40/0x40
[ 49.254408][ T341] ? import_iovec+0x7c/0xb0
[ 49.258926][ T341] ___sys_sendmsg+0x1f0/0x260
[ 49.263610][ T341] ? _kstrtoull+0x3c0/0x4d0
[ 49.268217][ T341] ? __sys_sendmsg+0x250/0x250
[ 49.273001][ T341] ? __fdget+0x1a1/0x230
[ 49.277479][ T341] __sys_sendmmsg+0x278/0x480
[ 49.282160][ T341] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 49.287441][ T341] ? __ia32_sys_read+0x90/0x90
[ 49.292303][ T341] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.297293][ T341] x64_sys_call+0x6c6/0x9a0
[ 49.301804][ T341] do_syscall_64+0x4c/0xa0
[ 49.306227][ T341] ? clear_bhb_loop+0x35/0x90
[ 49.310995][ T341] ? clear_bhb_loop+0x35/0x90
[ 49.315774][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.321910][ T341] RIP: 0033:0x7fafb3b4dae9
[ 49.326595][ T341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.346577][ T341] RSP: 002b:00007fafb36d00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.355346][ T341] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4dae9
[ 49.363533][ T341] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.371864][ T341] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 49.380056][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.388165][ T341] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 49.396413][ T341]
[ 49.400578][ T340] ==================================================================
[ 49.408713][ T340] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 49.417130][ T340]
[ 49.419452][ T340] CPU: 0 PID: 340 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 49.431801][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 49.442039][ T340] Call Trace:
[ 49.445514][ T340]
[ 49.448627][ T340] __dump_stack+0x21/0x30
[ 49.452962][ T340] dump_stack_lvl+0xee/0x150
[ 49.457598][ T340] ? show_regs_print_info+0x20/0x20
[ 49.462842][ T340] ? load_image+0x3a0/0x3a0
[ 49.467551][ T340] ? hrtimer_cancel+0x2d/0x60
[ 49.472331][ T340] print_address_description+0x7f/0x2c0
[ 49.477974][ T340] ? kmem_cache_free+0x100/0x320
[ 49.483118][ T340] kasan_report_invalid_free+0x58/0x90
[ 49.488756][ T340] ? kmem_cache_free+0x100/0x320
[ 49.493701][ T340] ____kasan_slab_free+0x13d/0x160
[ 49.498808][ T340] __kasan_slab_free+0x11/0x20
[ 49.503998][ T340] slab_free_freelist_hook+0xc2/0x190
[ 49.509527][ T340] ? kfree_skbmem+0x10c/0x180
[ 49.514486][ T340] kmem_cache_free+0x100/0x320
[ 49.519298][ T340] ? skb_release_data+0x94f/0xa10
[ 49.524695][ T340] kfree_skbmem+0x10c/0x180
[ 49.529208][ T340] consume_skb+0xb3/0x1f0
[ 49.533534][ T340] __sk_msg_free+0x4f4/0x560
[ 49.538126][ T340] ? _raw_spin_lock_bh+0x8e/0xe0
[ 49.543550][ T340] ? _raw_spin_lock_irq+0xe0/0xe0
[ 49.549098][ T340] ? skb_dequeue+0x125/0x160
[ 49.553878][ T340] sk_psock_stop+0x4c9/0x570
[ 49.558584][ T340] ? sock_no_sendpage_locked+0x130/0x130
[ 49.564305][ T340] sk_psock_drop+0x226/0x300
[ 49.568889][ T340] sock_map_unref+0x3c2/0x420
[ 49.573686][ T340] ? sk_psock_link_pop+0x154/0x170
[ 49.578906][ T340] sock_map_remove_links+0x3cd/0x600
[ 49.584396][ T340] ? sock_init_data+0xc0/0xc0
[ 49.589107][ T340] ? fput+0x1a/0x20
[ 49.592944][ T340] ? filp_close+0x105/0x150
[ 49.597447][ T340] ? close_fd+0x70/0x80
[ 49.602126][ T340] ? sock_map_unhash+0x130/0x130
[ 49.607248][ T340] sock_map_close+0x111/0x440
[ 49.612031][ T340] ? unix_peer_get+0xe0/0xe0
[ 49.619227][ T340] ? sock_map_remove_links+0x600/0x600
[ 49.628232][ T340] ? clear_nonspinnable+0x60/0x60
[ 49.633739][ T340] unix_release+0x82/0xc0
[ 49.638477][ T340] sock_close+0xe0/0x270
[ 49.642834][ T340] ? sock_mmap+0xa0/0xa0
[ 49.647184][ T340] __fput+0x20b/0x8b0
[ 49.651429][ T340] ____fput+0x15/0x20
[ 49.656035][ T340] task_work_run+0x127/0x190
[ 49.660838][ T340] exit_to_user_mode_loop+0xd0/0xe0
[ 49.666157][ T340] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.671614][ T340] syscall_exit_to_user_mode+0x1a/0x30
[ 49.677539][ T340] do_syscall_64+0x58/0xa0
[ 49.682618][ T340] ? clear_bhb_loop+0x35/0x90
[ 49.687762][ T340] ? clear_bhb_loop+0x35/0x90
[ 49.692653][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.698647][ T340] RIP: 0033:0x7fafb3b4c9da
[ 49.703277][ T340] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.723690][ T340] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.732324][ T340] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 49.740652][ T340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.750004][ T340] RBP: 0000000000000032 R08: 0000001b30360000 R09: 00007fafb3c6cf8c
[ 49.758314][ T340] R10: 00007ffdbf96d580 R11: 0000000000000293 R12: 00007fafb36d20d0
[ 49.767092][ T340] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000bf76
[ 49.775276][ T340]
[ 49.778411][ T340]
[ 49.781008][ T340] Allocated by task 341:
[ 49.785777][ T340] __kasan_slab_alloc+0xbd/0xf0
[ 49.791304][ T340] slab_post_alloc_hook+0x4f/0x2b0
[ 49.797077][ T340] kmem_cache_alloc+0xf7/0x260
[ 49.802146][ T340] skb_clone+0x1cf/0x360
[ 49.806504][ T340] sk_psock_verdict_recv+0x53/0x800
[ 49.811699][ T340] unix_read_sock+0x10a/0x2c0
[ 49.816593][ T340] sk_psock_verdict_data_ready+0x115/0x170
[ 49.822607][ T340] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.827836][ T340] ____sys_sendmsg+0x5a2/0x8c0
[ 49.833013][ T340] ___sys_sendmsg+0x1f0/0x260
[ 49.837881][ T340] __sys_sendmmsg+0x278/0x480
[ 49.842822][ T340] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.847868][ T340] x64_sys_call+0x6c6/0x9a0
[ 49.852573][ T340] do_syscall_64+0x4c/0xa0
[ 49.857099][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.863211][ T340]
[ 49.865625][ T340] Freed by task 6:
[ 49.869447][ T340] kasan_set_track+0x4a/0x70
[ 49.874221][ T340] kasan_set_free_info+0x23/0x40
[ 49.879291][ T340] ____kasan_slab_free+0x125/0x160
[ 49.886759][ T340] __kasan_slab_free+0x11/0x20
[ 49.891696][ T340] slab_free_freelist_hook+0xc2/0x190
[ 49.897167][ T340] kmem_cache_free+0x100/0x320
[ 49.901942][ T340] kfree_skbmem+0x10c/0x180
[ 49.906560][ T340] kfree_skb+0xc1/0x2f0
[ 49.910912][ T340] sk_psock_backlog+0xa85/0xd80
[ 49.916113][ T340] process_one_work+0x6be/0xba0
[ 49.920964][ T340] worker_thread+0xa59/0x1200
[ 49.926097][ T340] kthread+0x411/0x500
[ 49.930247][ T340] ret_from_fork+0x1f/0x30
[ 49.934750][ T340]
[ 49.937071][ T340] The buggy address belongs to the object at ffff8881071ee780
[ 49.937071][ T340] which belongs to the cache skbuff_head_cache of size 248
[ 49.952705][ T340] The buggy address is located 0 bytes inside of
[ 49.952705][ T340] 248-byte region [ffff8881071ee780, ffff8881071ee878)
[ 49.966767][ T340] The buggy address belongs to the page:
[ 49.972945][ T340] page:ffffea00041c7b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee
[ 49.983819][ T340] flags: 0x4000000000000200(slab|zone=1)
[ 49.989954][ T340] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa600
[ 49.998816][ T340] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.007451][ T340] page dumped because: kasan: bad access detected
[ 50.014019][ T340] page_owner tracks the page as allocated
[ 50.019930][ T340] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 49035252919, free_ts 46601698649
[ 50.036766][ T340] post_alloc_hook+0x192/0x1b0
[ 50.041724][ T340] prep_new_page+0x1c/0x110
[ 50.046220][ T340] get_page_from_freelist+0x2cc5/0x2d50
[ 50.051964][ T340] __alloc_pages+0x18f/0x440
[ 50.056759][ T340] new_slab+0xa1/0x4d0
[ 50.060825][ T340] ___slab_alloc+0x381/0x810
[ 50.065913][ T340] __slab_alloc+0x49/0x90
[ 50.070444][ T340] kmem_cache_alloc+0x138/0x260
[ 50.075991][ T340] __alloc_skb+0xe0/0x740
[ 50.080455][ T340] alloc_skb_with_frags+0xa8/0x620
[ 50.085911][ T340] sock_alloc_send_pskb+0x853/0x980
[ 50.091116][ T340] unix_dgram_sendmsg+0x5ea/0x1880
[ 50.096226][ T340] __sys_sendto+0x423/0x580
[ 50.100811][ T340] __x64_sys_sendto+0xe5/0x100
[ 50.105830][ T340] x64_sys_call+0x178/0x9a0
[ 50.110328][ T340] do_syscall_64+0x4c/0xa0
[ 50.115179][ T340] page last free stack trace:
[ 50.119933][ T340] free_unref_page_prepare+0x542/0x550
[ 50.125474][ T340] free_unref_page+0xa2/0x550
[ 50.130230][ T340] __free_pages+0x6c/0x100
[ 50.135315][ T340] free_pages+0x82/0x90
[ 50.140002][ T340] kasan_depopulate_vmalloc_pte+0x6b/0x90
[ 50.146079][ T340] __apply_to_page_range+0x8b0/0xbf0
[ 50.151654][ T340] apply_to_existing_page_range+0x38/0x50
[ 50.157499][ T340] kasan_release_vmalloc+0x97/0xb0
[ 50.162749][ T340] __purge_vmap_area_lazy+0xc05/0x1840
[ 50.168866][ T340] _vm_unmap_aliases+0x2fd/0x380
[ 50.174252][ T340] vm_unmap_aliases+0x19/0x20
[ 50.179188][ T340] change_page_attr_set_clr+0x311/0xc10
[ 50.185170][ T340] set_memory_ro+0x89/0xd0
[ 50.189580][ T340] bpf_int_jit_compile+0xc154/0xc910
[ 50.194968][ T340] bpf_prog_select_runtime+0x6f1/0x9f0
[ 50.200425][ T340] bpf_prog_load+0x106d/0x1550
[ 50.205189][ T340]
[ 50.207502][ T340] Memory state around the buggy address:
[ 50.213222][ T340] ffff8881071ee680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.221433][ T340] ffff8881071ee700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.229503][ T340] >ffff8881071ee780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.237818][ T340] ^
[ 50.242156][ T340] ffff8881071ee800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.251870][ T340] ffff8881071ee880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.260389][ T340] ==================================================================
[ 50.284302][ T343] FAULT_INJECTION: forcing a failure.
[ 50.284302][ T343] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 50.297633][ T343] CPU: 1 PID: 343 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.309706][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.319778][ T343] Call Trace:
[ 50.323159][ T343]
[ 50.326349][ T343] __dump_stack+0x21/0x30
[ 50.330732][ T343] dump_stack_lvl+0xee/0x150
[ 50.335439][ T343] ? show_regs_print_info+0x20/0x20
[ 50.340980][ T343] dump_stack+0x15/0x20
[ 50.345158][ T343] should_fail+0x3c1/0x510
[ 50.350039][ T343] should_fail_usercopy+0x1a/0x20
[ 50.355594][ T343] _copy_to_user+0x20/0x90
[ 50.360318][ T343] simple_read_from_buffer+0xe9/0x160
[ 50.365961][ T343] proc_fail_nth_read+0x19a/0x210
[ 50.371428][ T343] ? proc_fault_inject_write+0x2f0/0x2f0
[ 50.377383][ T343] ? security_file_permission+0x83/0xa0
[ 50.383414][ T343] ? proc_fault_inject_write+0x2f0/0x2f0
[ 50.389139][ T343] vfs_read+0x282/0xbe0
[ 50.393510][ T343] ? kernel_read+0x1f0/0x1f0
[ 50.398106][ T343] ? __kasan_check_write+0x14/0x20
[ 50.403661][ T343] ? mutex_lock+0x95/0x1a0
[ 50.408181][ T343] ? wait_for_completion_killable_timeout+0x10/0x10
[ 50.414783][ T343] ? __fget_files+0x2c4/0x320
[ 50.419462][ T343] ? __fdget_pos+0x2d2/0x380
[ 50.424347][ T343] ? ksys_read+0x71/0x240
[ 50.428777][ T343] ksys_read+0x140/0x240
[ 50.433605][ T343] ? vfs_write+0xf70/0xf70
[ 50.438261][ T343] ? __kasan_check_write+0x14/0x20
[ 50.443762][ T343] ? switch_fpu_return+0x15d/0x2c0
[ 50.448945][ T343] __x64_sys_read+0x7b/0x90
[ 50.453477][ T343] x64_sys_call+0x96d/0x9a0
[ 50.458079][ T343] do_syscall_64+0x4c/0xa0
[ 50.462619][ T343] ? clear_bhb_loop+0x35/0x90
[ 50.467598][ T343] ? clear_bhb_loop+0x35/0x90
[ 50.472609][ T343] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.478611][ T343] RIP: 0033:0x7fafb3b4c78c
[ 50.483323][ T343] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 50.504400][ T343] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 50.513338][ T343] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 50.521530][ T343] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 50.529590][ T343] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 50.537657][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.545746][ T343] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 50.554163][ T343]
[ 50.567383][ T345] FAULT_INJECTION: forcing a failure.
[ 50.567383][ T345] name failslab, interval 1, probability 0, space 0, times 0
[ 50.580593][ T345] CPU: 1 PID: 345 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.592608][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.602964][ T345] Call Trace:
[ 50.606437][ T345]
[ 50.609884][ T345] __dump_stack+0x21/0x30
[ 50.614513][ T345] dump_stack_lvl+0xee/0x150
[ 50.619421][ T345] ? show_regs_print_info+0x20/0x20
[ 50.624957][ T345] dump_stack+0x15/0x20
[ 50.629135][ T345] should_fail+0x3c1/0x510
[ 50.633570][ T345] __should_failslab+0xa4/0xe0
[ 50.638561][ T345] should_failslab+0x9/0x20
[ 50.643692][ T345] slab_pre_alloc_hook+0x3b/0xe0
[ 50.649005][ T345] kmem_cache_alloc_trace+0x48/0x270
[ 50.654506][ T345] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 50.660351][ T345] ? migrate_disable+0x180/0x180
[ 50.665557][ T345] sk_psock_skb_ingress_self+0x5f/0x330
[ 50.671206][ T345] ? migrate_disable+0xd6/0x180
[ 50.676199][ T345] sk_psock_verdict_recv+0x636/0x800
[ 50.681774][ T345] unix_read_sock+0x10a/0x2c0
[ 50.686469][ T345] ? sk_psock_skb_redirect+0x440/0x440
[ 50.692135][ T345] ? unix_stream_splice_actor+0x120/0x120
[ 50.698306][ T345] ? __kasan_check_write+0x14/0x20
[ 50.703602][ T345] ? unix_stream_splice_actor+0x120/0x120
[ 50.709616][ T345] sk_psock_verdict_data_ready+0x115/0x170
[ 50.715527][ T345] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.721045][ T345] ? _raw_spin_lock+0x8e/0xe0
[ 50.726097][ T345] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 50.732164][ T345] ? skb_queue_tail+0xcb/0xf0
[ 50.737041][ T345] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.742423][ T345] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.748165][ T345] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 50.753987][ T345] ? security_socket_sendmsg+0x82/0xa0
[ 50.759801][ T345] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.765588][ T345] ____sys_sendmsg+0x5a2/0x8c0
[ 50.770904][ T345] ? __sys_sendmsg_sock+0x40/0x40
[ 50.776726][ T345] ? import_iovec+0x7c/0xb0
[ 50.782530][ T345] ___sys_sendmsg+0x1f0/0x260
[ 50.787463][ T345] ? _kstrtoull+0x3c0/0x4d0
[ 50.792678][ T345] ? __sys_sendmsg+0x250/0x250
[ 50.798595][ T345] ? __fdget+0x1a1/0x230
[ 50.803126][ T345] __sys_sendmmsg+0x278/0x480
[ 50.808022][ T345] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 50.813239][ T345] ? __ia32_sys_read+0x90/0x90
[ 50.818349][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.823576][ T345] x64_sys_call+0x6c6/0x9a0
[ 50.828387][ T345] do_syscall_64+0x4c/0xa0
[ 50.833061][ T345] ? clear_bhb_loop+0x35/0x90
[ 50.837823][ T345] ? clear_bhb_loop+0x35/0x90
[ 50.842773][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.848837][ T345] RIP: 0033:0x7fafb3b4dae9
[ 50.853613][ T345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.873750][ T345] RSP: 002b:00007fafb36d00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.882375][ T345] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4dae9
[ 50.890543][ T345] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.898510][ T345] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 50.906490][ T345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.914482][ T345] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 50.922631][ T345]
[ 50.926975][ T344] ==================================================================
[ 50.936181][ T344] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 50.944799][ T344]
[ 50.947130][ T344] CPU: 0 PID: 344 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.959274][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.969700][ T344] Call Trace:
[ 50.973155][ T344]
[ 50.976170][ T344] __dump_stack+0x21/0x30
[ 50.980769][ T344] dump_stack_lvl+0xee/0x150
[ 50.985567][ T344] ? show_regs_print_info+0x20/0x20
[ 50.991040][ T344] ? load_image+0x3a0/0x3a0
[ 50.995903][ T344] ? update_load_avg+0x410/0x1110
[ 51.001019][ T344] print_address_description+0x7f/0x2c0
[ 51.006846][ T344] ? kmem_cache_free+0x100/0x320
[ 51.011875][ T344] kasan_report_invalid_free+0x58/0x90
[ 51.018026][ T344] ? kmem_cache_free+0x100/0x320
[ 51.022959][ T344] ____kasan_slab_free+0x13d/0x160
[ 51.028443][ T344] __kasan_slab_free+0x11/0x20
[ 51.033222][ T344] slab_free_freelist_hook+0xc2/0x190
[ 51.038715][ T344] ? kfree_skbmem+0x10c/0x180
[ 51.043486][ T344] kmem_cache_free+0x100/0x320
[ 51.048510][ T344] ? skb_release_data+0x94f/0xa10
[ 51.053668][ T344] kfree_skbmem+0x10c/0x180
[ 51.058363][ T344] consume_skb+0xb3/0x1f0
[ 51.062802][ T344] __sk_msg_free+0x4f4/0x560
[ 51.067646][ T344] ? _raw_spin_lock_bh+0x8e/0xe0
[ 51.072770][ T344] ? _raw_spin_lock_irq+0xe0/0xe0
[ 51.077802][ T344] ? skb_dequeue+0x125/0x160
[ 51.082494][ T344] sk_psock_stop+0x4c9/0x570
[ 51.087253][ T344] ? sock_no_sendpage_locked+0x130/0x130
[ 51.093114][ T344] sk_psock_drop+0x226/0x300
[ 51.097897][ T344] sock_map_unref+0x3c2/0x420
[ 51.102569][ T344] ? sk_psock_link_pop+0x154/0x170
[ 51.107674][ T344] sock_map_remove_links+0x3cd/0x600
[ 51.113127][ T344] ? sock_init_data+0xc0/0xc0
[ 51.118362][ T344] ? fput+0x1a/0x20
[ 51.122175][ T344] ? filp_close+0x105/0x150
[ 51.126677][ T344] ? close_fd+0x70/0x80
[ 51.130836][ T344] ? sock_map_unhash+0x130/0x130
[ 51.135858][ T344] sock_map_close+0x111/0x440
[ 51.140628][ T344] ? unix_peer_get+0xe0/0xe0
[ 51.145400][ T344] ? sock_map_remove_links+0x600/0x600
[ 51.151577][ T344] ? clear_nonspinnable+0x60/0x60
[ 51.156971][ T344] unix_release+0x82/0xc0
[ 51.161945][ T344] sock_close+0xe0/0x270
[ 51.166409][ T344] ? sock_mmap+0xa0/0xa0
[ 51.170668][ T344] __fput+0x20b/0x8b0
[ 51.174742][ T344] ____fput+0x15/0x20
[ 51.179066][ T344] task_work_run+0x127/0x190
[ 51.183760][ T344] exit_to_user_mode_loop+0xd0/0xe0
[ 51.189219][ T344] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.195022][ T344] syscall_exit_to_user_mode+0x1a/0x30
[ 51.200572][ T344] do_syscall_64+0x58/0xa0
[ 51.205202][ T344] ? clear_bhb_loop+0x35/0x90
[ 51.209984][ T344] ? clear_bhb_loop+0x35/0x90
[ 51.214658][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.220810][ T344] RIP: 0033:0x7fafb3b4c9da
[ 51.225419][ T344] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.250167][ T344] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.261327][ T344] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 51.270523][ T344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.279740][ T344] RBP: 00007fafb3c6e980 R08: 0000001b30360000 R09: 0034fd29999715c6
[ 51.288227][ T344] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c8ab
[ 51.296384][ T344] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000c56a
[ 51.304503][ T344]
[ 51.307565][ T344]
[ 51.310279][ T344] Allocated by task 345:
[ 51.314597][ T344] __kasan_slab_alloc+0xbd/0xf0
[ 51.319919][ T344] slab_post_alloc_hook+0x4f/0x2b0
[ 51.325396][ T344] kmem_cache_alloc+0xf7/0x260
[ 51.330452][ T344] skb_clone+0x1cf/0x360
[ 51.334793][ T344] sk_psock_verdict_recv+0x53/0x800
[ 51.340189][ T344] unix_read_sock+0x10a/0x2c0
[ 51.344865][ T344] sk_psock_verdict_data_ready+0x115/0x170
[ 51.351286][ T344] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.357201][ T344] ____sys_sendmsg+0x5a2/0x8c0
[ 51.362341][ T344] ___sys_sendmsg+0x1f0/0x260
[ 51.367390][ T344] __sys_sendmmsg+0x278/0x480
[ 51.372874][ T344] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.378962][ T344] x64_sys_call+0x6c6/0x9a0
[ 51.383480][ T344] do_syscall_64+0x4c/0xa0
[ 51.388461][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.394474][ T344]
[ 51.396880][ T344] Freed by task 39:
[ 51.400689][ T344] kasan_set_track+0x4a/0x70
[ 51.405373][ T344] kasan_set_free_info+0x23/0x40
[ 51.410320][ T344] ____kasan_slab_free+0x125/0x160
[ 51.415810][ T344] __kasan_slab_free+0x11/0x20
[ 51.420911][ T344] slab_free_freelist_hook+0xc2/0x190
[ 51.427037][ T344] kmem_cache_free+0x100/0x320
[ 51.431999][ T344] kfree_skbmem+0x10c/0x180
[ 51.437212][ T344] kfree_skb+0xc1/0x2f0
[ 51.442075][ T344] sk_psock_backlog+0xa85/0xd80
[ 51.447279][ T344] process_one_work+0x6be/0xba0
[ 51.452344][ T344] worker_thread+0xa59/0x1200
[ 51.457452][ T344] kthread+0x411/0x500
[ 51.462145][ T344] ret_from_fork+0x1f/0x30
[ 51.466914][ T344]
[ 51.469578][ T344] The buggy address belongs to the object at ffff8881071f9dc0
[ 51.469578][ T344] which belongs to the cache skbuff_head_cache of size 248
[ 51.484496][ T344] The buggy address is located 0 bytes inside of
[ 51.484496][ T344] 248-byte region [ffff8881071f9dc0, ffff8881071f9eb8)
[ 51.498381][ T344] The buggy address belongs to the page:
[ 51.504188][ T344] page:ffffea00041c7e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071f9
[ 51.515394][ T344] flags: 0x4000000000000200(slab|zone=1)
[ 51.522034][ T344] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa600
[ 51.531095][ T344] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.539944][ T344] page dumped because: kasan: bad access detected
[ 51.546355][ T344] page_owner tracks the page as allocated
[ 51.552084][ T344] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 50558918656, free_ts 50270260408
[ 51.568164][ T344] post_alloc_hook+0x192/0x1b0
[ 51.572955][ T344] prep_new_page+0x1c/0x110
[ 51.577733][ T344] get_page_from_freelist+0x2cc5/0x2d50
[ 51.583449][ T344] __alloc_pages+0x18f/0x440
[ 51.588034][ T344] new_slab+0xa1/0x4d0
[ 51.592198][ T344] ___slab_alloc+0x381/0x810
[ 51.597089][ T344] __slab_alloc+0x49/0x90
[ 51.601598][ T344] kmem_cache_alloc+0x138/0x260
[ 51.606623][ T344] __alloc_skb+0xe0/0x740
[ 51.610951][ T344] alloc_skb_with_frags+0xa8/0x620
[ 51.616347][ T344] sock_alloc_send_pskb+0x853/0x980
[ 51.621561][ T344] unix_dgram_sendmsg+0x5ea/0x1880
[ 51.626704][ T344] __sys_sendto+0x423/0x580
[ 51.631469][ T344] __x64_sys_sendto+0xe5/0x100
[ 51.636331][ T344] x64_sys_call+0x178/0x9a0
[ 51.641027][ T344] do_syscall_64+0x4c/0xa0
[ 51.645455][ T344] page last free stack trace:
[ 51.650124][ T344] free_unref_page_prepare+0x542/0x550
[ 51.655669][ T344] free_unref_page_list+0x134/0x9d0
[ 51.660954][ T344] release_pages+0x1076/0x10d0
[ 51.665911][ T344] free_pages_and_swap_cache+0x86/0xa0
[ 51.671711][ T344] tlb_finish_mmu+0x175/0x300
[ 51.676570][ T344] exit_mmap+0x40f/0x860
[ 51.681101][ T344] __mmput+0x93/0x320
[ 51.685684][ T344] mmput+0x50/0x150
[ 51.689665][ T344] do_exit+0x9ca/0x27a0
[ 51.693907][ T344] do_group_exit+0x141/0x310
[ 51.698584][ T344] __x64_sys_exit_group+0x3f/0x40
[ 51.704107][ T344] x64_sys_call+0x832/0x9a0
[ 51.708798][ T344] do_syscall_64+0x4c/0xa0
[ 51.713239][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.719286][ T344]
[ 51.721610][ T344] Memory state around the buggy address:
[ 51.727503][ T344] ffff8881071f9c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.735667][ T344] ffff8881071f9d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.748338][ T344] >ffff8881071f9d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
2025/05/15 08:30:59 executed programs: 6
[ 51.756672][ T344] ^
[ 51.763339][ T344] ffff8881071f9e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.771774][ T344] ffff8881071f9e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.780023][ T344] ==================================================================
[ 51.801454][ T348] FAULT_INJECTION: forcing a failure.
[ 51.801454][ T348] name failslab, interval 1, probability 0, space 0, times 0
[ 51.814921][ T348] CPU: 0 PID: 348 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.827144][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.837689][ T348] Call Trace:
[ 51.841183][ T348]
[ 51.844112][ T348] __dump_stack+0x21/0x30
[ 51.848924][ T348] dump_stack_lvl+0xee/0x150
[ 51.853632][ T348] ? show_regs_print_info+0x20/0x20
[ 51.858942][ T348] dump_stack+0x15/0x20
[ 51.863456][ T348] should_fail+0x3c1/0x510
[ 51.867967][ T348] __should_failslab+0xa4/0xe0
[ 51.873050][ T348] should_failslab+0x9/0x20
[ 51.877560][ T348] slab_pre_alloc_hook+0x3b/0xe0
[ 51.882504][ T348] kmem_cache_alloc_trace+0x48/0x270
[ 51.887892][ T348] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 51.893621][ T348] ? migrate_disable+0x180/0x180
[ 51.898660][ T348] sk_psock_skb_ingress_self+0x5f/0x330
[ 51.904638][ T348] ? migrate_disable+0xd6/0x180
[ 51.909795][ T348] sk_psock_verdict_recv+0x636/0x800
[ 51.915197][ T348] unix_read_sock+0x10a/0x2c0
[ 51.920011][ T348] ? sk_psock_skb_redirect+0x440/0x440
[ 51.925747][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 51.931913][ T348] ? __kasan_check_write+0x14/0x20
[ 51.937071][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 51.943055][ T348] sk_psock_verdict_data_ready+0x115/0x170
[ 51.948866][ T348] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.954413][ T348] ? _raw_spin_lock+0x8e/0xe0
[ 51.959457][ T348] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 51.965325][ T348] ? skb_queue_tail+0xcb/0xf0
[ 51.970094][ T348] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.975468][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.980411][ T348] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 51.986242][ T348] ? security_socket_sendmsg+0x82/0xa0
[ 51.992006][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.997243][ T348] ____sys_sendmsg+0x5a2/0x8c0
[ 52.002111][ T348] ? __sys_sendmsg_sock+0x40/0x40
[ 52.007329][ T348] ? import_iovec+0x7c/0xb0
[ 52.011921][ T348] ___sys_sendmsg+0x1f0/0x260
[ 52.016659][ T348] ? _kstrtoull+0x3c0/0x4d0
[ 52.021163][ T348] ? __sys_sendmsg+0x250/0x250
[ 52.026222][ T348] ? __fdget+0x1a1/0x230
[ 52.030613][ T348] __sys_sendmmsg+0x278/0x480
[ 52.035377][ T348] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 52.040839][ T348] ? __ia32_sys_read+0x90/0x90
[ 52.046144][ T348] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.051315][ T348] x64_sys_call+0x6c6/0x9a0
[ 52.055996][ T348] do_syscall_64+0x4c/0xa0
[ 52.060544][ T348] ? clear_bhb_loop+0x35/0x90
[ 52.065315][ T348] ? clear_bhb_loop+0x35/0x90
[ 52.070139][ T348] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.076319][ T348] RIP: 0033:0x7fafb3b4dae9
[ 52.080735][ T348] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.100865][ T348] RSP: 002b:00007fafb36d00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.109735][ T348] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4dae9
[ 52.118045][ T348] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.126507][ T348] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 52.134850][ T348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.144295][ T348] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 52.152538][ T348]
[ 52.156306][ T347] ==================================================================
[ 52.164585][ T347] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 52.174297][ T347]
[ 52.176978][ T347] CPU: 1 PID: 347 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.189397][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.199897][ T347] Call Trace:
[ 52.203233][ T347]
[ 52.206172][ T347] __dump_stack+0x21/0x30
[ 52.210612][ T347] dump_stack_lvl+0xee/0x150
[ 52.215493][ T347] ? show_regs_print_info+0x20/0x20
[ 52.220890][ T347] ? load_image+0x3a0/0x3a0
[ 52.225503][ T347] ? hrtimer_cancel+0x2d/0x60
[ 52.230412][ T347] print_address_description+0x7f/0x2c0
[ 52.236525][ T347] ? kmem_cache_free+0x100/0x320
[ 52.242070][ T347] kasan_report_invalid_free+0x58/0x90
[ 52.249370][ T347] ? kmem_cache_free+0x100/0x320
[ 52.254583][ T347] ____kasan_slab_free+0x13d/0x160
[ 52.260589][ T347] __kasan_slab_free+0x11/0x20
[ 52.266070][ T347] slab_free_freelist_hook+0xc2/0x190
[ 52.271819][ T347] ? kfree_skbmem+0x10c/0x180
[ 52.276677][ T347] kmem_cache_free+0x100/0x320
[ 52.281585][ T347] ? skb_release_data+0x94f/0xa10
[ 52.287082][ T347] kfree_skbmem+0x10c/0x180
[ 52.291890][ T347] consume_skb+0xb3/0x1f0
[ 52.296393][ T347] __sk_msg_free+0x4f4/0x560
[ 52.301092][ T347] ? _raw_spin_lock_bh+0x8e/0xe0
[ 52.306039][ T347] ? _raw_spin_lock_irq+0xe0/0xe0
[ 52.311064][ T347] ? skb_dequeue+0x125/0x160
[ 52.315743][ T347] sk_psock_stop+0x4c9/0x570
[ 52.320418][ T347] ? sock_no_sendpage_locked+0x130/0x130
[ 52.326324][ T347] sk_psock_drop+0x226/0x300
[ 52.331037][ T347] sock_map_unref+0x3c2/0x420
[ 52.335732][ T347] ? sk_psock_link_pop+0x154/0x170
[ 52.341148][ T347] sock_map_remove_links+0x3cd/0x600
[ 52.346642][ T347] ? sock_init_data+0xc0/0xc0
[ 52.351700][ T347] ? fput+0x1a/0x20
[ 52.355886][ T347] ? filp_close+0x105/0x150
[ 52.360410][ T347] ? close_fd+0x70/0x80
[ 52.364832][ T347] ? sock_map_unhash+0x130/0x130
[ 52.370035][ T347] sock_map_close+0x111/0x440
[ 52.375037][ T347] ? unix_peer_get+0xe0/0xe0
[ 52.379742][ T347] ? sock_map_remove_links+0x600/0x600
[ 52.385427][ T347] ? clear_nonspinnable+0x60/0x60
[ 52.390560][ T347] unix_release+0x82/0xc0
[ 52.395046][ T347] sock_close+0xe0/0x270
[ 52.399575][ T347] ? sock_mmap+0xa0/0xa0
[ 52.403903][ T347] __fput+0x20b/0x8b0
[ 52.407971][ T347] ____fput+0x15/0x20
[ 52.411960][ T347] task_work_run+0x127/0x190
[ 52.417175][ T347] exit_to_user_mode_loop+0xd0/0xe0
[ 52.422482][ T347] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.428555][ T347] syscall_exit_to_user_mode+0x1a/0x30
[ 52.434236][ T347] do_syscall_64+0x58/0xa0
[ 52.439236][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.444376][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.449484][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.455418][ T347] RIP: 0033:0x7fafb3b4c9da
[ 52.460091][ T347] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.480992][ T347] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.489593][ T347] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 52.497979][ T347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.506139][ T347] RBP: 0000000000000032 R08: 0000001b30360000 R09: 00007fafb3c6cf8c
[ 52.514144][ T347] R10: 00007ffdbf96d580 R11: 0000000000000293 R12: 00007fafb36d20d0
[ 52.522402][ T347] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000ca3d
[ 52.530605][ T347]
[ 52.533631][ T347]
[ 52.535963][ T347] Allocated by task 348:
[ 52.540194][ T347] __kasan_slab_alloc+0xbd/0xf0
[ 52.545059][ T347] slab_post_alloc_hook+0x4f/0x2b0
[ 52.550192][ T347] kmem_cache_alloc+0xf7/0x260
[ 52.555045][ T347] skb_clone+0x1cf/0x360
[ 52.559369][ T347] sk_psock_verdict_recv+0x53/0x800
[ 52.564932][ T347] unix_read_sock+0x10a/0x2c0
[ 52.569691][ T347] sk_psock_verdict_data_ready+0x115/0x170
[ 52.575582][ T347] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.580776][ T347] ____sys_sendmsg+0x5a2/0x8c0
[ 52.585539][ T347] ___sys_sendmsg+0x1f0/0x260
[ 52.590207][ T347] __sys_sendmmsg+0x278/0x480
[ 52.594996][ T347] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.600003][ T347] x64_sys_call+0x6c6/0x9a0
[ 52.604599][ T347] do_syscall_64+0x4c/0xa0
[ 52.609020][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.615085][ T347]
[ 52.617417][ T347] Freed by task 60:
[ 52.621211][ T347] kasan_set_track+0x4a/0x70
[ 52.625996][ T347] kasan_set_free_info+0x23/0x40
[ 52.631275][ T347] ____kasan_slab_free+0x125/0x160
[ 52.636492][ T347] __kasan_slab_free+0x11/0x20
[ 52.641715][ T347] slab_free_freelist_hook+0xc2/0x190
[ 52.647264][ T347] kmem_cache_free+0x100/0x320
[ 52.652184][ T347] kfree_skbmem+0x10c/0x180
[ 52.656680][ T347] kfree_skb+0xc1/0x2f0
[ 52.660827][ T347] sk_psock_backlog+0xa85/0xd80
[ 52.665673][ T347] process_one_work+0x6be/0xba0
[ 52.670529][ T347] worker_thread+0xa59/0x1200
[ 52.675300][ T347] kthread+0x411/0x500
[ 52.679625][ T347] ret_from_fork+0x1f/0x30
[ 52.684135][ T347]
[ 52.686455][ T347] The buggy address belongs to the object at ffff88810ee64640
[ 52.686455][ T347] which belongs to the cache skbuff_head_cache of size 248
[ 52.701455][ T347] The buggy address is located 0 bytes inside of
[ 52.701455][ T347] 248-byte region [ffff88810ee64640, ffff88810ee64738)
[ 52.715595][ T347] The buggy address belongs to the page:
[ 52.721921][ T347] page:ffffea00043b9900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ee64
[ 52.732275][ T347] flags: 0x4000000000000200(slab|zone=1)
[ 52.738005][ T347] raw: 4000000000000200 0000000000000000 0000000c00000001 ffff8881081aa600
[ 52.746668][ T347] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.755243][ T347] page dumped because: kasan: bad access detected
[ 52.761735][ T347] page_owner tracks the page as allocated
[ 52.767714][ T347] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 5533558769, free_ts 0
[ 52.783367][ T347] post_alloc_hook+0x192/0x1b0
[ 52.788308][ T347] prep_new_page+0x1c/0x110
[ 52.793165][ T347] get_page_from_freelist+0x2cc5/0x2d50
[ 52.799711][ T347] __alloc_pages+0x18f/0x440
[ 52.804341][ T347] new_slab+0xa1/0x4d0
[ 52.808682][ T347] ___slab_alloc+0x381/0x810
[ 52.813657][ T347] __slab_alloc+0x49/0x90
[ 52.818172][ T347] kmem_cache_alloc+0x138/0x260
[ 52.823395][ T347] __alloc_skb+0xe0/0x740
[ 52.827761][ T347] netlink_sendmsg+0x602/0xb70
[ 52.833070][ T347] ____sys_sendmsg+0x5a2/0x8c0
[ 52.837906][ T347] ___sys_sendmsg+0x1f0/0x260
[ 52.842579][ T347] __x64_sys_sendmsg+0x1e2/0x2a0
[ 52.847919][ T347] x64_sys_call+0x4b/0x9a0
[ 52.852519][ T347] do_syscall_64+0x4c/0xa0
[ 52.857154][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.863501][ T347] page_owner free stack trace missing
[ 52.869125][ T347]
[ 52.871564][ T347] Memory state around the buggy address:
[ 52.877366][ T347] ffff88810ee64500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.885681][ T347] ffff88810ee64580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.894117][ T347] >ffff88810ee64600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.902452][ T347] ^
[ 52.908770][ T347] ffff88810ee64680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.916997][ T347] ffff88810ee64700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.925045][ T347] ==================================================================
[ 52.944148][ T350] FAULT_INJECTION: forcing a failure.
[ 52.944148][ T350] name failslab, interval 1, probability 0, space 0, times 0
[ 52.956998][ T350] CPU: 0 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.969365][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.979984][ T350] Call Trace:
[ 52.983275][ T350]
[ 52.986298][ T350] __dump_stack+0x21/0x30
[ 52.990856][ T350] dump_stack_lvl+0xee/0x150
[ 52.995854][ T350] ? show_regs_print_info+0x20/0x20
[ 53.001270][ T350] dump_stack+0x15/0x20
[ 53.005437][ T350] should_fail+0x3c1/0x510
[ 53.010590][ T350] __should_failslab+0xa4/0xe0
[ 53.015649][ T350] should_failslab+0x9/0x20
[ 53.020593][ T350] slab_pre_alloc_hook+0x3b/0xe0
[ 53.025546][ T350] kmem_cache_alloc_trace+0x48/0x270
[ 53.031460][ T350] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 53.037492][ T350] ? migrate_disable+0x180/0x180
[ 53.042767][ T350] sk_psock_skb_ingress_self+0x5f/0x330
[ 53.048603][ T350] ? migrate_disable+0xd6/0x180
[ 53.053699][ T350] sk_psock_verdict_recv+0x636/0x800
[ 53.059194][ T350] unix_read_sock+0x10a/0x2c0
[ 53.064498][ T350] ? sk_psock_skb_redirect+0x440/0x440
[ 53.070437][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 53.076994][ T350] ? __kasan_check_write+0x14/0x20
[ 53.082433][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 53.088375][ T350] sk_psock_verdict_data_ready+0x115/0x170
[ 53.094623][ T350] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.100007][ T350] ? _raw_spin_lock+0x8e/0xe0
[ 53.104925][ T350] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 53.110831][ T350] ? skb_queue_tail+0xcb/0xf0
[ 53.115602][ T350] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.121579][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 53.126937][ T350] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 53.132673][ T350] ? security_socket_sendmsg+0x82/0xa0
[ 53.138235][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 53.143605][ T350] ____sys_sendmsg+0x5a2/0x8c0
[ 53.148945][ T350] ? __sys_sendmsg_sock+0x40/0x40
[ 53.154071][ T350] ? import_iovec+0x7c/0xb0
[ 53.158806][ T350] ___sys_sendmsg+0x1f0/0x260
[ 53.163623][ T350] ? _kstrtoull+0x3c0/0x4d0
[ 53.168416][ T350] ? __sys_sendmsg+0x250/0x250
[ 53.173964][ T350] ? __fdget+0x1a1/0x230
[ 53.179216][ T350] __sys_sendmmsg+0x278/0x480
[ 53.184081][ T350] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 53.189645][ T350] ? __ia32_sys_read+0x90/0x90
[ 53.194413][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.199406][ T350] x64_sys_call+0x6c6/0x9a0
[ 53.204166][ T350] do_syscall_64+0x4c/0xa0
[ 53.208961][ T350] ? clear_bhb_loop+0x35/0x90
[ 53.214002][ T350] ? clear_bhb_loop+0x35/0x90
[ 53.218919][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.224921][ T350] RIP: 0033:0x7fafb3b4dae9
[ 53.229448][ T350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.250829][ T350] RSP: 002b:00007fafb36d00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.259424][ T350] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4dae9
[ 53.267678][ T350] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.276018][ T350] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 53.284492][ T350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.292896][ T350] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 53.301050][ T350]
[ 53.305768][ T349] ==================================================================
[ 53.314240][ T349] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 53.322871][ T349]
[ 53.325296][ T349] CPU: 0 PID: 349 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.337433][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.347752][ T349] Call Trace:
[ 53.351031][ T349]
[ 53.354067][ T349] __dump_stack+0x21/0x30
[ 53.358588][ T349] dump_stack_lvl+0xee/0x150
[ 53.363388][ T349] ? show_regs_print_info+0x20/0x20
[ 53.368782][ T349] ? load_image+0x3a0/0x3a0
[ 53.373305][ T349] print_address_description+0x7f/0x2c0
[ 53.379213][ T349] ? kmem_cache_free+0x100/0x320
[ 53.384273][ T349] kasan_report_invalid_free+0x58/0x90
[ 53.389813][ T349] ? kmem_cache_free+0x100/0x320
[ 53.394761][ T349] ____kasan_slab_free+0x13d/0x160
[ 53.399995][ T349] __kasan_slab_free+0x11/0x20
[ 53.404951][ T349] slab_free_freelist_hook+0xc2/0x190
[ 53.410412][ T349] ? kfree_skbmem+0x10c/0x180
[ 53.415085][ T349] kmem_cache_free+0x100/0x320
[ 53.420019][ T349] ? skb_release_data+0x94f/0xa10
[ 53.425140][ T349] kfree_skbmem+0x10c/0x180
[ 53.429901][ T349] consume_skb+0xb3/0x1f0
[ 53.434342][ T349] __sk_msg_free+0x4f4/0x560
[ 53.438935][ T349] ? _raw_spin_lock_bh+0x8e/0xe0
[ 53.443873][ T349] ? _raw_spin_lock_irq+0xe0/0xe0
[ 53.448987][ T349] ? skb_dequeue+0x125/0x160
[ 53.453573][ T349] sk_psock_stop+0x4c9/0x570
[ 53.458161][ T349] ? sock_no_sendpage_locked+0x130/0x130
[ 53.463797][ T349] sk_psock_drop+0x226/0x300
[ 53.468411][ T349] sock_map_unref+0x3c2/0x420
[ 53.473186][ T349] ? sk_psock_link_pop+0x154/0x170
[ 53.478294][ T349] sock_map_remove_links+0x3cd/0x600
[ 53.483576][ T349] ? sock_init_data+0xc0/0xc0
[ 53.488428][ T349] ? fput+0x1a/0x20
[ 53.492318][ T349] ? filp_close+0x105/0x150
[ 53.496819][ T349] ? close_fd+0x70/0x80
[ 53.500971][ T349] ? sock_map_unhash+0x130/0x130
[ 53.506453][ T349] sock_map_close+0x111/0x440
[ 53.511276][ T349] ? unix_peer_get+0xe0/0xe0
[ 53.515949][ T349] ? sock_map_remove_links+0x600/0x600
[ 53.521499][ T349] ? clear_nonspinnable+0x60/0x60
[ 53.526612][ T349] unix_release+0x82/0xc0
[ 53.531193][ T349] sock_close+0xe0/0x270
[ 53.535466][ T349] ? sock_mmap+0xa0/0xa0
[ 53.539893][ T349] __fput+0x20b/0x8b0
[ 53.543976][ T349] ____fput+0x15/0x20
[ 53.548138][ T349] task_work_run+0x127/0x190
[ 53.552722][ T349] exit_to_user_mode_loop+0xd0/0xe0
[ 53.558161][ T349] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.563618][ T349] syscall_exit_to_user_mode+0x1a/0x30
[ 53.569162][ T349] do_syscall_64+0x58/0xa0
[ 53.573666][ T349] ? clear_bhb_loop+0x35/0x90
[ 53.578427][ T349] ? clear_bhb_loop+0x35/0x90
[ 53.583102][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.589322][ T349] RIP: 0033:0x7fafb3b4c9da
[ 53.593932][ T349] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.613800][ T349] RSP: 002b:00007ffdbf96d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.622419][ T349] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fafb3b4c9da
[ 53.630928][ T349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.639128][ T349] RBP: 00007fafb3c6e980 R08: 0000001b30360000 R09: 001008b6c5a5d7da
[ 53.647309][ T349] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d1f5
[ 53.655849][ T349] R13: ffffffffffffffff R14: 00007fafb36d1000 R15: 000000000000ceb4
[ 53.664003][ T349]
[ 53.667037][ T349]
[ 53.669447][ T349] Allocated by task 350:
[ 53.673778][ T349] __kasan_slab_alloc+0xbd/0xf0
[ 53.678953][ T349] slab_post_alloc_hook+0x4f/0x2b0
[ 53.684206][ T349] kmem_cache_alloc+0xf7/0x260
[ 53.689169][ T349] skb_clone+0x1cf/0x360
[ 53.693623][ T349] sk_psock_verdict_recv+0x53/0x800
[ 53.699006][ T349] unix_read_sock+0x10a/0x2c0
[ 53.703987][ T349] sk_psock_verdict_data_ready+0x115/0x170
[ 53.709800][ T349] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.715100][ T349] ____sys_sendmsg+0x5a2/0x8c0
[ 53.719959][ T349] ___sys_sendmsg+0x1f0/0x260
[ 53.724644][ T349] __sys_sendmmsg+0x278/0x480
[ 53.729429][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.734376][ T349] x64_sys_call+0x6c6/0x9a0
[ 53.738960][ T349] do_syscall_64+0x4c/0xa0
[ 53.743496][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.749757][ T349]
[ 53.752089][ T349] Freed by task 297:
[ 53.756090][ T349] kasan_set_track+0x4a/0x70
[ 53.760675][ T349] kasan_set_free_info+0x23/0x40
[ 53.765789][ T349] ____kasan_slab_free+0x125/0x160
[ 53.771082][ T349] __kasan_slab_free+0x11/0x20
[ 53.776120][ T349] slab_free_freelist_hook+0xc2/0x190
[ 53.781778][ T349] kmem_cache_free+0x100/0x320
[ 53.786902][ T349] kfree_skbmem+0x10c/0x180
[ 53.791412][ T349] kfree_skb+0xc1/0x2f0
[ 53.795654][ T349] sk_psock_backlog+0xa85/0xd80
[ 53.800672][ T349] process_one_work+0x6be/0xba0
[ 53.806587][ T349] worker_thread+0xa59/0x1200
[ 53.811472][ T349] kthread+0x411/0x500
[ 53.815907][ T349] ret_from_fork+0x1f/0x30
[ 53.820473][ T349]
[ 53.822888][ T349] The buggy address belongs to the object at ffff88811b4b8c80
[ 53.822888][ T349] which belongs to the cache skbuff_head_cache of size 248
[ 53.838220][ T349] The buggy address is located 0 bytes inside of
[ 53.838220][ T349] 248-byte region [ffff88811b4b8c80, ffff88811b4b8d78)
[ 53.851768][ T349] The buggy address belongs to the page:
[ 53.857769][ T349] page:ffffea00046d2e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b4b8
[ 53.868182][ T349] flags: 0x4000000000000200(slab|zone=1)
[ 53.874175][ T349] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa600
[ 53.883017][ T349] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.891698][ T349] page dumped because: kasan: bad access detected
[ 53.898217][ T349] page_owner tracks the page as allocated
[ 53.903917][ T349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 350, ts 52944103155, free_ts 52943353537
[ 53.921308][ T349] post_alloc_hook+0x192/0x1b0
[ 53.926344][ T349] prep_new_page+0x1c/0x110
[ 53.930884][ T349] get_page_from_freelist+0x2cc5/0x2d50
[ 53.936535][ T349] __alloc_pages+0x18f/0x440
[ 53.941251][ T349] new_slab+0xa1/0x4d0
[ 53.945542][ T349] ___slab_alloc+0x381/0x810
[ 53.950297][ T349] __slab_alloc+0x49/0x90
[ 53.954648][ T349] kmem_cache_alloc+0x138/0x260
[ 53.959684][ T349] skb_clone+0x1cf/0x360
[ 53.964202][ T349] sk_psock_verdict_recv+0x53/0x800
[ 53.969533][ T349] unix_read_sock+0x10a/0x2c0
[ 53.974341][ T349] sk_psock_verdict_data_ready+0x115/0x170
[ 53.980609][ T349] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.985918][ T349] ____sys_sendmsg+0x5a2/0x8c0
[ 53.991075][ T349] ___sys_sendmsg+0x1f0/0x260
[ 53.995754][ T349] __sys_sendmmsg+0x278/0x480
[ 54.000540][ T349] page last free stack trace:
[ 54.005288][ T349] free_unref_page_prepare+0x542/0x550
[ 54.010742][ T349] free_unref_page+0xa2/0x550
[ 54.015429][ T349] __free_pages+0x6c/0x100
[ 54.019887][ T349] __vunmap+0x84d/0x9e0
[ 54.024054][ T349] vfree+0x8b/0xc0
[ 54.027951][ T349] bpf_patch_insn_data+0x83f/0xe40
[ 54.033584][ T349] bpf_check+0x623d/0xf330
[ 54.038082][ T349] bpf_prog_load+0x1042/0x1550
[ 54.043020][ T349] __sys_bpf+0x4c3/0x730
[ 54.047452][ T349] __x64_sys_bpf+0x7c/0x90
[ 54.051973][ T349] x64_sys_call+0x4b9/0x9a0
[ 54.056587][ T349] do_syscall_64+0x4c/0xa0
[ 54.060997][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.066890][ T349]
[ 54.069292][ T349] Memory state around the buggy address:
[ 54.075101][ T349] ffff88811b4b8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.083307][ T349] ffff88811b4b8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.091496][ T349] >ffff88811b4b8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.099919][ T349] ^
[ 54.103987][ T349] ffff88811b4b8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.112055][ T349] ffff88811b4b8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.120414][ T349] ==================================================================
[ 54.147990][ T352] FAULT_INJECTION: forcing a failure.
[ 54.147990][ T352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.162053][ T352] CPU: 0 PID: 352 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.174479][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.185657][ T352] Call Trace:
[ 54.189137][ T352]
[ 54.192382][ T352] __dump_stack+0x21/0x30
[ 54.196910][ T352] dump_stack_lvl+0xee/0x150
[ 54.201528][ T352] ? show_regs_print_info+0x20/0x20
[ 54.206735][ T352] dump_stack+0x15/0x20
[ 54.211111][ T352] should_fail+0x3c1/0x510
[ 54.216443][ T352] should_fail_usercopy+0x1a/0x20
[ 54.221542][ T352] _copy_to_user+0x20/0x90
[ 54.226268][ T352] simple_read_from_buffer+0xe9/0x160
[ 54.232508][ T352] proc_fail_nth_read+0x19a/0x210
[ 54.237931][ T352] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.244399][ T352] ? security_file_permission+0x83/0xa0
[ 54.250418][ T352] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.256251][ T352] vfs_read+0x282/0xbe0
[ 54.260778][ T352] ? kernel_read+0x1f0/0x1f0
[ 54.265838][ T352] ? __kasan_check_write+0x14/0x20
[ 54.271406][ T352] ? mutex_lock+0x95/0x1a0
[ 54.276148][ T352] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.282747][ T352] ? __fget_files+0x2c4/0x320
[ 54.287437][ T352] ? __fdget_pos+0x2d2/0x380
[ 54.292723][ T352] ? ksys_read+0x71/0x240
[ 54.297166][ T352] ksys_read+0x140/0x240
[ 54.301409][ T352] ? vfs_write+0xf70/0xf70
[ 54.305819][ T352] ? __kasan_check_write+0x14/0x20
[ 54.311035][ T352] ? switch_fpu_return+0x15d/0x2c0
[ 54.316184][ T352] __x64_sys_read+0x7b/0x90
[ 54.320968][ T352] x64_sys_call+0x96d/0x9a0
[ 54.325702][ T352] do_syscall_64+0x4c/0xa0
[ 54.330767][ T352] ? clear_bhb_loop+0x35/0x90
[ 54.336975][ T352] ? clear_bhb_loop+0x35/0x90
[ 54.342072][ T352] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.348462][ T352] RIP: 0033:0x7fafb3b4c78c
[ 54.353372][ T352] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 54.374618][ T352] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 54.383577][ T352] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 54.392153][ T352] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 54.400129][ T352] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 54.408183][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.416349][ T352] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 54.424496][ T352]
[ 54.435370][ T354] FAULT_INJECTION: forcing a failure.
[ 54.435370][ T354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.449811][ T354] CPU: 1 PID: 354 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.462073][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.472213][ T354] Call Trace:
[ 54.475578][ T354]
[ 54.478817][ T354] __dump_stack+0x21/0x30
[ 54.483244][ T354] dump_stack_lvl+0xee/0x150
[ 54.488020][ T354] ? show_regs_print_info+0x20/0x20
[ 54.493434][ T354] dump_stack+0x15/0x20
[ 54.497671][ T354] should_fail+0x3c1/0x510
[ 54.502139][ T354] should_fail_usercopy+0x1a/0x20
[ 54.507158][ T354] _copy_to_user+0x20/0x90
[ 54.511750][ T354] simple_read_from_buffer+0xe9/0x160
[ 54.517212][ T354] proc_fail_nth_read+0x19a/0x210
[ 54.522473][ T354] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.528552][ T354] ? security_file_permission+0x83/0xa0
[ 54.534112][ T354] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.539852][ T354] vfs_read+0x282/0xbe0
[ 54.544228][ T354] ? kernel_read+0x1f0/0x1f0
[ 54.548929][ T354] ? __kasan_check_write+0x14/0x20
[ 54.554158][ T354] ? mutex_lock+0x95/0x1a0
[ 54.558753][ T354] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.565415][ T354] ? __fget_files+0x2c4/0x320
[ 54.570161][ T354] ? __fdget_pos+0x2d2/0x380
[ 54.574969][ T354] ? ksys_read+0x71/0x240
[ 54.579337][ T354] ksys_read+0x140/0x240
[ 54.583775][ T354] ? vfs_write+0xf70/0xf70
[ 54.588326][ T354] ? __kasan_check_write+0x14/0x20
[ 54.593560][ T354] ? switch_fpu_return+0x15d/0x2c0
[ 54.599394][ T354] __x64_sys_read+0x7b/0x90
[ 54.603906][ T354] x64_sys_call+0x96d/0x9a0
[ 54.608498][ T354] do_syscall_64+0x4c/0xa0
[ 54.613175][ T354] ? clear_bhb_loop+0x35/0x90
[ 54.617861][ T354] ? clear_bhb_loop+0x35/0x90
[ 54.622710][ T354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.628880][ T354] RIP: 0033:0x7fafb3b4c78c
[ 54.633884][ T354] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 54.654810][ T354] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 54.663492][ T354] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 54.671714][ T354] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 54.680010][ T354] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 54.688334][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.696653][ T354] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 54.704724][ T354]
[ 54.715315][ T356] FAULT_INJECTION: forcing a failure.
[ 54.715315][ T356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.729072][ T356] CPU: 1 PID: 356 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.741315][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.752067][ T356] Call Trace:
[ 54.755366][ T356]
[ 54.758384][ T356] __dump_stack+0x21/0x30
[ 54.762724][ T356] dump_stack_lvl+0xee/0x150
[ 54.767444][ T356] ? show_regs_print_info+0x20/0x20
[ 54.772738][ T356] dump_stack+0x15/0x20
[ 54.777000][ T356] should_fail+0x3c1/0x510
[ 54.781602][ T356] should_fail_usercopy+0x1a/0x20
[ 54.786645][ T356] _copy_to_user+0x20/0x90
[ 54.791056][ T356] simple_read_from_buffer+0xe9/0x160
[ 54.796640][ T356] proc_fail_nth_read+0x19a/0x210
[ 54.801671][ T356] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.807555][ T356] ? security_file_permission+0x83/0xa0
[ 54.813193][ T356] ? proc_fault_inject_write+0x2f0/0x2f0
[ 54.818828][ T356] vfs_read+0x282/0xbe0
[ 54.822979][ T356] ? kernel_read+0x1f0/0x1f0
[ 54.827674][ T356] ? __kasan_check_write+0x14/0x20
[ 54.832980][ T356] ? mutex_lock+0x95/0x1a0
[ 54.837500][ T356] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.844172][ T356] ? __fget_files+0x2c4/0x320
[ 54.849075][ T356] ? __fdget_pos+0x2d2/0x380
[ 54.853679][ T356] ? ksys_read+0x71/0x240
[ 54.858205][ T356] ksys_read+0x140/0x240
[ 54.862620][ T356] ? vfs_write+0xf70/0xf70
[ 54.867123][ T356] ? __kasan_check_write+0x14/0x20
[ 54.872369][ T356] ? switch_fpu_return+0x15d/0x2c0
[ 54.877696][ T356] __x64_sys_read+0x7b/0x90
[ 54.882205][ T356] x64_sys_call+0x96d/0x9a0
[ 54.886696][ T356] do_syscall_64+0x4c/0xa0
[ 54.891124][ T356] ? clear_bhb_loop+0x35/0x90
[ 54.895897][ T356] ? clear_bhb_loop+0x35/0x90
[ 54.900589][ T356] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.906570][ T356] RIP: 0033:0x7fafb3b4c78c
[ 54.911083][ T356] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 54.930950][ T356] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 54.939556][ T356] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 54.947601][ T356] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 54.955744][ T356] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 54.963946][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.972121][ T356] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 54.980274][ T356]
[ 54.991608][ T358] FAULT_INJECTION: forcing a failure.
[ 54.991608][ T358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.005087][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.017366][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.027419][ T358] Call Trace:
[ 55.030918][ T358]
[ 55.033957][ T358] __dump_stack+0x21/0x30
[ 55.038397][ T358] dump_stack_lvl+0xee/0x150
[ 55.043017][ T358] ? show_regs_print_info+0x20/0x20
[ 55.048310][ T358] dump_stack+0x15/0x20
[ 55.052703][ T358] should_fail+0x3c1/0x510
[ 55.057233][ T358] should_fail_usercopy+0x1a/0x20
[ 55.062276][ T358] _copy_to_user+0x20/0x90
[ 55.066708][ T358] simple_read_from_buffer+0xe9/0x160
[ 55.072078][ T358] proc_fail_nth_read+0x19a/0x210
[ 55.077134][ T358] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.082964][ T358] ? security_file_permission+0x83/0xa0
[ 55.088515][ T358] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.094287][ T358] vfs_read+0x282/0xbe0
[ 55.098628][ T358] ? kernel_read+0x1f0/0x1f0
[ 55.103416][ T358] ? __kasan_check_write+0x14/0x20
[ 55.108531][ T358] ? mutex_lock+0x95/0x1a0
[ 55.112955][ T358] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.119808][ T358] ? __fget_files+0x2c4/0x320
[ 55.124642][ T358] ? __fdget_pos+0x2d2/0x380
[ 55.129307][ T358] ? ksys_read+0x71/0x240
[ 55.133759][ T358] ksys_read+0x140/0x240
[ 55.138245][ T358] ? vfs_write+0xf70/0xf70
[ 55.142772][ T358] ? __kasan_check_write+0x14/0x20
[ 55.148223][ T358] ? switch_fpu_return+0x15d/0x2c0
[ 55.153534][ T358] __x64_sys_read+0x7b/0x90
[ 55.158226][ T358] x64_sys_call+0x96d/0x9a0
[ 55.162778][ T358] do_syscall_64+0x4c/0xa0
[ 55.167197][ T358] ? clear_bhb_loop+0x35/0x90
[ 55.171890][ T358] ? clear_bhb_loop+0x35/0x90
[ 55.176660][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.182561][ T358] RIP: 0033:0x7fafb3b4c78c
[ 55.187593][ T358] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 55.207468][ T358] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 55.216076][ T358] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 55.224066][ T358] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 55.232122][ T358] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 55.240274][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.248340][ T358] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 55.256421][ T358]
[ 55.270616][ T360] FAULT_INJECTION: forcing a failure.
[ 55.270616][ T360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.284075][ T360] CPU: 1 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.295911][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.306145][ T360] Call Trace:
[ 55.309428][ T360]
[ 55.312363][ T360] __dump_stack+0x21/0x30
[ 55.316841][ T360] dump_stack_lvl+0xee/0x150
[ 55.321454][ T360] ? show_regs_print_info+0x20/0x20
[ 55.326898][ T360] dump_stack+0x15/0x20
[ 55.331208][ T360] should_fail+0x3c1/0x510
[ 55.335659][ T360] should_fail_usercopy+0x1a/0x20
[ 55.340778][ T360] _copy_to_user+0x20/0x90
[ 55.345208][ T360] simple_read_from_buffer+0xe9/0x160
[ 55.350680][ T360] proc_fail_nth_read+0x19a/0x210
[ 55.355720][ T360] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.361351][ T360] ? security_file_permission+0x83/0xa0
[ 55.366991][ T360] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.372872][ T360] vfs_read+0x282/0xbe0
[ 55.377139][ T360] ? kernel_read+0x1f0/0x1f0
[ 55.381997][ T360] ? __kasan_check_write+0x14/0x20
[ 55.387480][ T360] ? mutex_lock+0x95/0x1a0
[ 55.391894][ T360] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.398571][ T360] ? __fget_files+0x2c4/0x320
[ 55.403248][ T360] ? __fdget_pos+0x2d2/0x380
[ 55.407983][ T360] ? ksys_read+0x71/0x240
[ 55.412305][ T360] ksys_read+0x140/0x240
[ 55.416628][ T360] ? vfs_write+0xf70/0xf70
[ 55.421051][ T360] ? __kasan_check_write+0x14/0x20
[ 55.426431][ T360] ? switch_fpu_return+0x15d/0x2c0
[ 55.431598][ T360] __x64_sys_read+0x7b/0x90
[ 55.436271][ T360] x64_sys_call+0x96d/0x9a0
[ 55.440867][ T360] do_syscall_64+0x4c/0xa0
[ 55.445526][ T360] ? clear_bhb_loop+0x35/0x90
[ 55.450511][ T360] ? clear_bhb_loop+0x35/0x90
[ 55.455217][ T360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.461141][ T360] RIP: 0033:0x7fafb3b4c78c
[ 55.465947][ T360] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 55.486515][ T360] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 55.495253][ T360] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 55.503835][ T360] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 55.512038][ T360] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 55.520181][ T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.528411][ T360] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 55.536590][ T360]
[ 55.549030][ T362] FAULT_INJECTION: forcing a failure.
[ 55.549030][ T362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.562754][ T362] CPU: 1 PID: 362 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.574626][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.584695][ T362] Call Trace:
[ 55.588232][ T362]
[ 55.591164][ T362] __dump_stack+0x21/0x30
[ 55.595603][ T362] dump_stack_lvl+0xee/0x150
[ 55.600296][ T362] ? show_regs_print_info+0x20/0x20
[ 55.605693][ T362] dump_stack+0x15/0x20
[ 55.609934][ T362] should_fail+0x3c1/0x510
[ 55.614344][ T362] should_fail_usercopy+0x1a/0x20
[ 55.619461][ T362] _copy_to_user+0x20/0x90
[ 55.624157][ T362] simple_read_from_buffer+0xe9/0x160
[ 55.629797][ T362] proc_fail_nth_read+0x19a/0x210
[ 55.634852][ T362] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.640698][ T362] ? security_file_permission+0x83/0xa0
[ 55.646341][ T362] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.652153][ T362] vfs_read+0x282/0xbe0
[ 55.656306][ T362] ? kernel_read+0x1f0/0x1f0
[ 55.660894][ T362] ? __kasan_check_write+0x14/0x20
[ 55.666196][ T362] ? mutex_lock+0x95/0x1a0
[ 55.670613][ T362] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.677312][ T362] ? __fget_files+0x2c4/0x320
[ 55.682190][ T362] ? __fdget_pos+0x2d2/0x380
[ 55.686776][ T362] ? ksys_read+0x71/0x240
[ 55.691132][ T362] ksys_read+0x140/0x240
[ 55.695376][ T362] ? vfs_write+0xf70/0xf70
[ 55.699813][ T362] ? __kasan_check_write+0x14/0x20
[ 55.705129][ T362] ? switch_fpu_return+0x15d/0x2c0
[ 55.710250][ T362] __x64_sys_read+0x7b/0x90
[ 55.714746][ T362] x64_sys_call+0x96d/0x9a0
[ 55.719258][ T362] do_syscall_64+0x4c/0xa0
[ 55.723778][ T362] ? clear_bhb_loop+0x35/0x90
[ 55.728457][ T362] ? clear_bhb_loop+0x35/0x90
[ 55.733321][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.739372][ T362] RIP: 0033:0x7fafb3b4c78c
[ 55.744052][ T362] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 55.764307][ T362] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 55.773000][ T362] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 55.781620][ T362] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 55.789741][ T362] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 55.798169][ T362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.806729][ T362] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 55.815148][ T362]
[ 55.825938][ T364] FAULT_INJECTION: forcing a failure.
[ 55.825938][ T364] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.839715][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.852071][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.862396][ T364] Call Trace:
[ 55.865856][ T364]
[ 55.868868][ T364] __dump_stack+0x21/0x30
[ 55.873195][ T364] dump_stack_lvl+0xee/0x150
[ 55.878422][ T364] ? show_regs_print_info+0x20/0x20
[ 55.883844][ T364] dump_stack+0x15/0x20
[ 55.888205][ T364] should_fail+0x3c1/0x510
[ 55.892696][ T364] should_fail_usercopy+0x1a/0x20
[ 55.897819][ T364] _copy_to_user+0x20/0x90
[ 55.902401][ T364] simple_read_from_buffer+0xe9/0x160
[ 55.907890][ T364] proc_fail_nth_read+0x19a/0x210
[ 55.913026][ T364] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.918661][ T364] ? security_file_permission+0x83/0xa0
[ 55.924381][ T364] ? proc_fault_inject_write+0x2f0/0x2f0
[ 55.930195][ T364] vfs_read+0x282/0xbe0
[ 55.934448][ T364] ? kernel_read+0x1f0/0x1f0
[ 55.939046][ T364] ? __kasan_check_write+0x14/0x20
[ 55.944249][ T364] ? mutex_lock+0x95/0x1a0
[ 55.948846][ T364] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.955696][ T364] ? __fget_files+0x2c4/0x320
[ 55.960482][ T364] ? __fdget_pos+0x2d2/0x380
[ 55.965073][ T364] ? ksys_read+0x71/0x240
[ 55.969505][ T364] ksys_read+0x140/0x240
[ 55.973926][ T364] ? vfs_write+0xf70/0xf70
[ 55.978424][ T364] ? debug_smp_processor_id+0x17/0x20
[ 55.983968][ T364] __x64_sys_read+0x7b/0x90
[ 55.988857][ T364] x64_sys_call+0x96d/0x9a0
[ 55.993487][ T364] do_syscall_64+0x4c/0xa0
[ 55.997930][ T364] ? clear_bhb_loop+0x35/0x90
[ 56.002860][ T364] ? clear_bhb_loop+0x35/0x90
[ 56.007757][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.013663][ T364] RIP: 0033:0x7fafb3b4c78c
[ 56.018079][ T364] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.038025][ T364] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.046529][ T364] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 56.055132][ T364] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 56.063493][ T364] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 56.071455][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.079549][ T364] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 56.087583][ T364]
[ 56.100373][ T366] FAULT_INJECTION: forcing a failure.
[ 56.100373][ T366] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 56.113785][ T366] CPU: 1 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.125714][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.135888][ T366] Call Trace:
[ 56.139159][ T366]
[ 56.142255][ T366] __dump_stack+0x21/0x30
[ 56.146920][ T366] dump_stack_lvl+0xee/0x150
[ 56.151708][ T366] ? show_regs_print_info+0x20/0x20
[ 56.157203][ T366] dump_stack+0x15/0x20
[ 56.161664][ T366] should_fail+0x3c1/0x510
[ 56.166270][ T366] should_fail_usercopy+0x1a/0x20
[ 56.171982][ T366] _copy_to_user+0x20/0x90
[ 56.176943][ T366] simple_read_from_buffer+0xe9/0x160
[ 56.182665][ T366] proc_fail_nth_read+0x19a/0x210
[ 56.187957][ T366] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.193746][ T366] ? security_file_permission+0x83/0xa0
[ 56.199395][ T366] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.205132][ T366] vfs_read+0x282/0xbe0
[ 56.209291][ T366] ? kernel_read+0x1f0/0x1f0
[ 56.213905][ T366] ? __kasan_check_write+0x14/0x20
[ 56.219191][ T366] ? mutex_lock+0x95/0x1a0
[ 56.223698][ T366] ? wait_for_completion_killable_timeout+0x10/0x10
[ 56.231010][ T366] ? __fget_files+0x2c4/0x320
[ 56.236071][ T366] ? __fdget_pos+0x2d2/0x380
[ 56.241022][ T366] ? ksys_read+0x71/0x240
[ 56.245358][ T366] ksys_read+0x140/0x240
[ 56.249788][ T366] ? vfs_write+0xf70/0xf70
[ 56.254378][ T366] ? __kasan_check_write+0x14/0x20
[ 56.259707][ T366] ? switch_fpu_return+0x15d/0x2c0
[ 56.265016][ T366] __x64_sys_read+0x7b/0x90
[ 56.269531][ T366] x64_sys_call+0x96d/0x9a0
[ 56.274037][ T366] do_syscall_64+0x4c/0xa0
[ 56.278474][ T366] ? clear_bhb_loop+0x35/0x90
[ 56.283270][ T366] ? clear_bhb_loop+0x35/0x90
[ 56.288157][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.294489][ T366] RIP: 0033:0x7fafb3b4c78c
[ 56.298995][ T366] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.318607][ T366] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.327207][ T366] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 56.335290][ T366] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 56.343884][ T366] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 56.352234][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.360357][ T366] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 56.368362][ T366]
[ 56.380988][ T368] FAULT_INJECTION: forcing a failure.
[ 56.380988][ T368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 56.394321][ T368] CPU: 0 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.406769][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.417085][ T368] Call Trace:
[ 56.420479][ T368]
[ 56.423598][ T368] __dump_stack+0x21/0x30
[ 56.428022][ T368] dump_stack_lvl+0xee/0x150
[ 56.432612][ T368] ? show_regs_print_info+0x20/0x20
[ 56.437903][ T368] dump_stack+0x15/0x20
[ 56.442648][ T368] should_fail+0x3c1/0x510
[ 56.447098][ T368] should_fail_usercopy+0x1a/0x20
[ 56.452218][ T368] _copy_to_user+0x20/0x90
[ 56.456746][ T368] simple_read_from_buffer+0xe9/0x160
[ 56.462116][ T368] proc_fail_nth_read+0x19a/0x210
[ 56.467237][ T368] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.473007][ T368] ? security_file_permission+0x83/0xa0
[ 56.478666][ T368] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.484303][ T368] vfs_read+0x282/0xbe0
[ 56.488455][ T368] ? kernel_read+0x1f0/0x1f0
[ 56.493038][ T368] ? __kasan_check_write+0x14/0x20
[ 56.498148][ T368] ? mutex_lock+0x95/0x1a0
[ 56.502647][ T368] ? wait_for_completion_killable_timeout+0x10/0x10
[ 56.509424][ T368] ? __fget_files+0x2c4/0x320
[ 56.514298][ T368] ? __fdget_pos+0x2d2/0x380
[ 56.518897][ T368] ? ksys_read+0x71/0x240
[ 56.523221][ T368] ksys_read+0x140/0x240
[ 56.527745][ T368] ? vfs_write+0xf70/0xf70
[ 56.532251][ T368] ? __kasan_check_write+0x14/0x20
[ 56.537449][ T368] ? switch_fpu_return+0x15d/0x2c0
[ 56.542692][ T368] __x64_sys_read+0x7b/0x90
[ 56.547198][ T368] x64_sys_call+0x96d/0x9a0
[ 56.551791][ T368] do_syscall_64+0x4c/0xa0
[ 56.556226][ T368] ? clear_bhb_loop+0x35/0x90
[ 56.560988][ T368] ? clear_bhb_loop+0x35/0x90
[ 56.565678][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.571576][ T368] RIP: 0033:0x7fafb3b4c78c
[ 56.576077][ T368] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.595956][ T368] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.604367][ T368] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 56.612422][ T368] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 56.620404][ T368] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 56.628549][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.636737][ T368] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 56.644994][ T368]
[ 56.655827][ T370] FAULT_INJECTION: forcing a failure.
[ 56.655827][ T370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 56.669479][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.681567][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.691814][ T370] Call Trace:
[ 56.695120][ T370]
[ 56.698145][ T370] __dump_stack+0x21/0x30
[ 56.702474][ T370] dump_stack_lvl+0xee/0x150
[ 56.707070][ T370] ? show_regs_print_info+0x20/0x20
[ 56.712563][ T370] dump_stack+0x15/0x20
[ 56.717139][ T370] should_fail+0x3c1/0x510
[ 56.721656][ T370] should_fail_usercopy+0x1a/0x20
[ 56.727029][ T370] _copy_to_user+0x20/0x90
[ 56.731461][ T370] simple_read_from_buffer+0xe9/0x160
[ 56.736869][ T370] proc_fail_nth_read+0x19a/0x210
[ 56.742157][ T370] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.747969][ T370] ? security_file_permission+0x83/0xa0
[ 56.753716][ T370] ? proc_fault_inject_write+0x2f0/0x2f0
[ 56.759358][ T370] vfs_read+0x282/0xbe0
[ 56.763919][ T370] ? kernel_read+0x1f0/0x1f0
[ 56.768926][ T370] ? __kasan_check_write+0x14/0x20
[ 56.774226][ T370] ? mutex_lock+0x95/0x1a0
[ 56.778659][ T370] ? wait_for_completion_killable_timeout+0x10/0x10
[ 56.785429][ T370] ? __fget_files+0x2c4/0x320
[ 56.790200][ T370] ? __fdget_pos+0x2d2/0x380
[ 56.795010][ T370] ? ksys_read+0x71/0x240
[ 56.799349][ T370] ksys_read+0x140/0x240
[ 56.803605][ T370] ? vfs_write+0xf70/0xf70
[ 56.808202][ T370] ? __kasan_check_write+0x14/0x20
[ 56.813536][ T370] ? switch_fpu_return+0x15d/0x2c0
[ 56.818704][ T370] __x64_sys_read+0x7b/0x90
[ 56.823213][ T370] x64_sys_call+0x96d/0x9a0
[ 56.827988][ T370] do_syscall_64+0x4c/0xa0
[ 56.832407][ T370] ? clear_bhb_loop+0x35/0x90
[ 56.837092][ T370] ? clear_bhb_loop+0x35/0x90
[ 56.841759][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.847892][ T370] RIP: 0033:0x7fafb3b4c78c
[ 56.852465][ T370] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.872713][ T370] RSP: 002b:00007fafb36d00c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
2025/05/15 08:31:04 executed programs: 18
[ 56.881600][ T370] RAX: ffffffffffffffda RBX: 00007fafb3c6cf80 RCX: 00007fafb3b4c78c
[ 56.890006][ T370] RDX: 000000000000000f RSI: 00007fafb36d0130 RDI: 0000000000000006
[ 56.898061][ T370] RBP: 00007fafb36d0120 R08: 0000000000000000 R09: 0000000000000000
[ 56.906316][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.914300][ T370] R13: 000000000000000b R14: 00007fafb3c6cf80 R15: 00007ffdbf96d368
[ 56.922390][ T370]
[ 56.951588][ T372] FAULT_INJECTION: forcing a failure.
[ 56.951588][ T372] name failslab, interval 1, probability 0, space 0, times 0
[ 56.964687][ T372] CPU: 0 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.976624][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.987197][ T372] Call Trace:
[ 56.990581][ T372]
[ 56.993664][ T372] __dump_stack+0x21/0x30