Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts.
2024/04/12 06:35:22 ignoring optional flag "sandboxArg"="0"
2024/04/12 06:35:22 parsed 1 programs
[ 39.735666][ T30] audit: type=1400 audit(1712903722.410:159): avc: denied { mounton } for pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 39.760774][ T30] audit: type=1400 audit(1712903722.410:160): avc: denied { mount } for pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2024/04/12 06:35:22 executed programs: 0
[ 39.841027][ T30] audit: type=1400 audit(1712903722.520:161): avc: denied { unlink } for pid=338 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 39.859373][ T338] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 39.910482][ T344] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.918508][ T344] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.925958][ T344] device bridge_slave_0 entered promiscuous mode
[ 39.932623][ T344] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.939473][ T344] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.946814][ T344] device bridge_slave_1 entered promiscuous mode
[ 39.979513][ T30] audit: type=1400 audit(1712903722.650:162): avc: denied { write } for pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 39.983767][ T344] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.001396][ T30] audit: type=1400 audit(1712903722.650:163): avc: denied { read } for pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.008161][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.036139][ T344] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.043331][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.059439][ T39] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.067536][ T39] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.075435][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 40.082947][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 40.101497][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.110116][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 40.118331][ T39] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.125196][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.132414][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 40.140575][ T39] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.147514][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.155319][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.163201][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.172480][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.180482][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 40.188037][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 40.196744][ T344] device veth0_vlan entered promiscuous mode
[ 40.206778][ T344] device veth1_macvtap entered promiscuous mode
[ 40.213712][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.224050][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.235074][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.247930][ T30] audit: type=1400 audit(1712903722.920:164): avc: denied { mounton } for pid=344 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 40.277063][ T30] audit: type=1400 audit(1712903722.950:165): avc: denied { prog_load } for pid=349 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 40.297094][ T30] audit: type=1400 audit(1712903722.950:166): avc: denied { bpf } for pid=349 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 40.319004][ T30] audit: type=1400 audit(1712903722.950:167): avc: denied { perfmon } for pid=349 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 40.340142][ T30] audit: type=1400 audit(1712903722.990:168): avc: denied { prog_run } for pid=349 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 40.341488][ T350] FAULT_INJECTION: forcing a failure.
[ 40.341488][ T350] name failslab, interval 1, probability 0, space 0, times 1
[ 40.372007][ T350] CPU: 0 PID: 350 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 40.382395][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 40.392556][ T350] Call Trace:
[ 40.395806][ T350]
[ 40.398584][ T350] dump_stack_lvl+0x151/0x1b7
[ 40.403187][ T350] ? io_uring_drop_tctx_refs+0x190/0x190
[ 40.408940][ T350] dump_stack+0x15/0x17
[ 40.413103][ T350] should_fail+0x3c6/0x510
[ 40.417566][ T350] __should_failslab+0xa4/0xe0
[ 40.422311][ T350] should_failslab+0x9/0x20
[ 40.426756][ T350] slab_pre_alloc_hook+0x37/0xd0
[ 40.432060][ T350] kmem_cache_alloc_trace+0x48/0x210
[ 40.437172][ T350] ? sk_psock_skb_ingress_self+0x60/0x330
[ 40.443192][ T350] ? migrate_disable+0x190/0x190
[ 40.448038][ T350] sk_psock_skb_ingress_self+0x60/0x330
[ 40.453709][ T350] sk_psock_verdict_recv+0x66d/0x840
[ 40.459270][ T350] unix_read_sock+0x132/0x370
[ 40.464129][ T350] ? sk_psock_skb_redirect+0x440/0x440
[ 40.470228][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 40.476103][ T350] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 40.481640][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 40.487439][ T350] sk_psock_verdict_data_ready+0x147/0x1a0
[ 40.493067][ T350] ? sk_psock_start_verdict+0xc0/0xc0
[ 40.498350][ T350] ? _raw_spin_lock+0xa4/0x1b0
[ 40.503085][ T350] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 40.509186][ T350] ? skb_queue_tail+0xfb/0x120
[ 40.514248][ T350] unix_dgram_sendmsg+0x15fa/0x2090
[ 40.519466][ T350] ? unix_dgram_poll+0x710/0x710
[ 40.524322][ T350] ? _raw_spin_trylock+0xcd/0x1a0
[ 40.529177][ T350] ? security_socket_sendmsg+0x82/0xb0
[ 40.534573][ T350] ? unix_dgram_poll+0x710/0x710
[ 40.539432][ T350] ____sys_sendmsg+0x59e/0x8f0
[ 40.544342][ T350] ? __sys_sendmsg_sock+0x40/0x40
[ 40.549704][ T350] ? import_iovec+0xe5/0x120
[ 40.555075][ T350] ___sys_sendmsg+0x252/0x2e0
[ 40.560027][ T350] ? __sys_sendmsg+0x260/0x260
[ 40.565035][ T350] ? do_handle_mm_fault+0x1949/0x2330
[ 40.570171][ T350] ? __kasan_check_write+0x14/0x20
[ 40.575375][ T350] ? proc_fail_nth_write+0x20b/0x290
[ 40.580507][ T350] ? __fdget+0x1bc/0x240
[ 40.584796][ T350] __sys_sendmmsg+0x2bf/0x530
[ 40.589268][ T350] ? __ia32_sys_sendmsg+0x90/0x90
[ 40.594211][ T350] ? mutex_unlock+0xb2/0x260
[ 40.598647][ T350] ? __kasan_check_write+0x14/0x20
[ 40.603671][ T350] ? debug_smp_processor_id+0x17/0x20
[ 40.609140][ T350] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 40.615488][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 40.620189][ T350] do_syscall_64+0x3d/0xb0
[ 40.624418][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.630313][ T350] RIP: 0033:0x7fd8d056ada9
[ 40.634571][ T350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 40.654460][ T350] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 40.662704][ T350] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 40.670916][ T350] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 40.678724][ T350] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 40.686661][ T350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 40.694707][ T350] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 40.702859][ T350]
[ 40.707872][ T349] ==================================================================
[ 40.715921][ T349] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 40.722926][ T349] Read of size 4 at addr ffff88811f3bed6c by task syz-executor.0/349
[ 40.731253][ T349]
[ 40.733419][ T349] CPU: 0 PID: 349 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 40.743758][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 40.753983][ T349] Call Trace:
[ 40.757099][ T349]
[ 40.759877][ T349] dump_stack_lvl+0x151/0x1b7
[ 40.764399][ T349] ? io_uring_drop_tctx_refs+0x190/0x190
[ 40.769945][ T349] ? panic+0x751/0x751
[ 40.773953][ T349] print_address_description+0x87/0x3b0
[ 40.779601][ T349] kasan_report+0x179/0x1c0
[ 40.784373][ T349] ? consume_skb+0x3c/0x250
[ 40.788715][ T349] ? consume_skb+0x3c/0x250
[ 40.793421][ T349] kasan_check_range+0x293/0x2a0
[ 40.798214][ T349] __kasan_check_read+0x11/0x20
[ 40.802880][ T349] consume_skb+0x3c/0x250
[ 40.807042][ T349] __sk_msg_free+0x2dd/0x370
[ 40.811556][ T349] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 40.817284][ T349] sk_psock_stop+0x44c/0x4d0
[ 40.821827][ T349] ? unix_peer_get+0xe0/0xe0
[ 40.826426][ T349] sock_map_close+0x2b9/0x4c0
[ 40.831025][ T349] ? sock_map_remove_links+0x570/0x570
[ 40.836632][ T349] ? rwsem_mark_wake+0x6b0/0x6b0
[ 40.842159][ T349] unix_release+0x82/0xc0
[ 40.846607][ T349] sock_close+0xdf/0x270
[ 40.850687][ T349] ? sock_mmap+0xa0/0xa0
[ 40.854870][ T349] __fput+0x3fe/0x910
[ 40.858759][ T349] ____fput+0x15/0x20
[ 40.862835][ T349] task_work_run+0x129/0x190
[ 40.867352][ T349] exit_to_user_mode_loop+0xc4/0xe0
[ 40.872479][ T349] exit_to_user_mode_prepare+0x5a/0xa0
[ 40.877862][ T349] syscall_exit_to_user_mode+0x26/0x160
[ 40.883412][ T349] do_syscall_64+0x49/0xb0
[ 40.887759][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.893473][ T349] RIP: 0033:0x7fd8d0569c9a
[ 40.897730][ T349] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 40.917266][ T349] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 40.925587][ T349] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 40.934179][ T349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 40.942266][ T349] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 40.950303][ T349] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a080
[ 40.958267][ T349] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 0000000000009d3f
[ 40.966508][ T349]
[ 40.969372][ T349]
[ 40.971544][ T349] Allocated by task 350:
[ 40.975631][ T349] __kasan_slab_alloc+0xb1/0xe0
[ 40.980582][ T349] slab_post_alloc_hook+0x53/0x2c0
[ 40.985689][ T349] kmem_cache_alloc+0xf5/0x200
[ 40.990635][ T349] skb_clone+0x1d1/0x360
[ 40.994727][ T349] sk_psock_verdict_recv+0x53/0x840
[ 40.999770][ T349] unix_read_sock+0x132/0x370
[ 41.004362][ T349] sk_psock_verdict_data_ready+0x147/0x1a0
[ 41.010002][ T349] unix_dgram_sendmsg+0x15fa/0x2090
[ 41.015123][ T349] ____sys_sendmsg+0x59e/0x8f0
[ 41.019900][ T349] ___sys_sendmsg+0x252/0x2e0
[ 41.024758][ T349] __sys_sendmmsg+0x2bf/0x530
[ 41.029980][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 41.034746][ T349] do_syscall_64+0x3d/0xb0
[ 41.039174][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.044912][ T349]
[ 41.047073][ T349] Freed by task 20:
[ 41.050749][ T349] kasan_set_track+0x4b/0x70
[ 41.055248][ T349] kasan_set_free_info+0x23/0x40
[ 41.060019][ T349] ____kasan_slab_free+0x126/0x160
[ 41.065081][ T349] __kasan_slab_free+0x11/0x20
[ 41.069756][ T349] slab_free_freelist_hook+0xbd/0x190
[ 41.074957][ T349] kmem_cache_free+0x116/0x2e0
[ 41.079545][ T349] kfree_skbmem+0x104/0x170
[ 41.083984][ T349] kfree_skb+0xc2/0x360
[ 41.087969][ T349] sk_psock_backlog+0xc21/0xd90
[ 41.092662][ T349] process_one_work+0x6bb/0xc10
[ 41.097343][ T349] worker_thread+0xad5/0x12a0
[ 41.102112][ T349] kthread+0x421/0x510
[ 41.106018][ T349] ret_from_fork+0x1f/0x30
[ 41.111067][ T349]
[ 41.113233][ T349] The buggy address belongs to the object at ffff88811f3bec80
[ 41.113233][ T349] which belongs to the cache skbuff_head_cache of size 248
[ 41.127918][ T349] The buggy address is located 236 bytes inside of
[ 41.127918][ T349] 248-byte region [ffff88811f3bec80, ffff88811f3bed78)
[ 41.141305][ T349] The buggy address belongs to the page:
[ 41.147199][ T349] page:ffffea00047cef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f3be
[ 41.157522][ T349] flags: 0x4000000000000200(slab|zone=1)
[ 41.163512][ T349] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 41.172184][ T349] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 41.180714][ T349] page dumped because: kasan: bad access detected
[ 41.186959][ T349] page_owner tracks the page as allocated
[ 41.192682][ T349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 63, ts 40271691070, free_ts 39723778352
[ 41.208395][ T349] post_alloc_hook+0x1a3/0x1b0
[ 41.213247][ T349] prep_new_page+0x1b/0x110
[ 41.217679][ T349] get_page_from_freelist+0x3550/0x35d0
[ 41.223052][ T349] __alloc_pages+0x27e/0x8f0
[ 41.227565][ T349] new_slab+0x9a/0x4e0
[ 41.231471][ T349] ___slab_alloc+0x39e/0x830
[ 41.235907][ T349] __slab_alloc+0x4a/0x90
[ 41.240116][ T349] kmem_cache_alloc+0x134/0x200
[ 41.245021][ T349] __alloc_skb+0xbe/0x550
[ 41.249449][ T349] alloc_skb_with_frags+0xa6/0x680
[ 41.254408][ T349] sock_alloc_send_pskb+0x915/0xa50
[ 41.259426][ T349] sock_alloc_send_skb+0x32/0x40
[ 41.264225][ T349] mld_newpack+0x1b4/0xa20
[ 41.268456][ T349] add_grec+0xdc8/0x13a0
[ 41.272525][ T349] mld_ifc_work+0x72e/0xbb0
[ 41.276867][ T349] process_one_work+0x6bb/0xc10
[ 41.281935][ T349] page last free stack trace:
[ 41.286659][ T349] free_unref_page_prepare+0x7c8/0x7d0
[ 41.292026][ T349] free_unref_page+0xe8/0x750
[ 41.296538][ T349] __free_pages+0x61/0xf0
[ 41.300708][ T349] __vunmap+0x7bc/0x8f0
[ 41.304695][ T349] vfree+0x7f/0xb0
[ 41.308365][ T349] kcov_mmap+0x93/0x130
[ 41.312371][ T349] mmap_region+0x138d/0x1b60
[ 41.316934][ T349] do_mmap+0x776/0xe50
[ 41.320927][ T349] vm_mmap_pgoff+0x1dd/0x450
[ 41.325538][ T349] ksys_mmap_pgoff+0x15d/0x1e0
[ 41.330126][ T349] __x64_sys_mmap+0x103/0x120
[ 41.334654][ T349] do_syscall_64+0x3d/0xb0
[ 41.338903][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.344740][ T349]
[ 41.346881][ T349] Memory state around the buggy address:
[ 41.352484][ T349] ffff88811f3bec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 41.360494][ T349] ffff88811f3bec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.368377][ T349] >ffff88811f3bed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 41.376442][ T349] ^
[ 41.383923][ T349] ffff88811f3bed80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 41.392453][ T349] ffff88811f3bee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.400511][ T349] ==================================================================
[ 41.408406][ T349] Disabling lock debugging due to kernel taint
[ 41.414601][ T349] ==================================================================
[ 41.422491][ T349] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 41.430730][ T349]
[ 41.432900][ T349] CPU: 0 PID: 349 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 41.445141][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 41.455800][ T349] Call Trace:
[ 41.458907][ T349]
[ 41.461682][ T349] dump_stack_lvl+0x151/0x1b7
[ 41.466288][ T349] ? io_uring_drop_tctx_refs+0x190/0x190
[ 41.471857][ T349] ? __wake_up_klogd+0xd5/0x110
[ 41.476698][ T349] ? panic+0x751/0x751
[ 41.481413][ T349] ? kmem_cache_free+0x116/0x2e0
[ 41.486280][ T349] print_address_description+0x87/0x3b0
[ 41.491808][ T349] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.497849][ T349] ? kmem_cache_free+0x116/0x2e0
[ 41.502751][ T349] ? kmem_cache_free+0x116/0x2e0
[ 41.507603][ T349] kasan_report_invalid_free+0x6b/0xa0
[ 41.513173][ T349] ____kasan_slab_free+0x13e/0x160
[ 41.518285][ T349] __kasan_slab_free+0x11/0x20
[ 41.522966][ T349] slab_free_freelist_hook+0xbd/0x190
[ 41.528180][ T349] ? kfree_skbmem+0x104/0x170
[ 41.532781][ T349] kmem_cache_free+0x116/0x2e0
[ 41.537644][ T349] kfree_skbmem+0x104/0x170
[ 41.542687][ T349] consume_skb+0xb4/0x250
[ 41.547624][ T349] __sk_msg_free+0x2dd/0x370
[ 41.551998][ T349] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 41.558280][ T349] sk_psock_stop+0x44c/0x4d0
[ 41.562683][ T349] ? unix_peer_get+0xe0/0xe0
[ 41.567208][ T349] sock_map_close+0x2b9/0x4c0
[ 41.571713][ T349] ? sock_map_remove_links+0x570/0x570
[ 41.577146][ T349] ? rwsem_mark_wake+0x6b0/0x6b0
[ 41.581949][ T349] unix_release+0x82/0xc0
[ 41.586126][ T349] sock_close+0xdf/0x270
[ 41.590195][ T349] ? sock_mmap+0xa0/0xa0
[ 41.594273][ T349] __fput+0x3fe/0x910
[ 41.598098][ T349] ____fput+0x15/0x20
[ 41.601920][ T349] task_work_run+0x129/0x190
[ 41.606340][ T349] exit_to_user_mode_loop+0xc4/0xe0
[ 41.611371][ T349] exit_to_user_mode_prepare+0x5a/0xa0
[ 41.616665][ T349] syscall_exit_to_user_mode+0x26/0x160
[ 41.622047][ T349] do_syscall_64+0x49/0xb0
[ 41.626298][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.632115][ T349] RIP: 0033:0x7fd8d0569c9a
[ 41.636377][ T349] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 41.656054][ T349] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 41.664389][ T349] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 41.672720][ T349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 41.680529][ T349] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 41.688544][ T349] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a080
[ 41.696440][ T349] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 0000000000009d3f
[ 41.704331][ T349]
[ 41.707284][ T349]
[ 41.709454][ T349] Allocated by task 350:
[ 41.713550][ T349] __kasan_slab_alloc+0xb1/0xe0
[ 41.718220][ T349] slab_post_alloc_hook+0x53/0x2c0
[ 41.723172][ T349] kmem_cache_alloc+0xf5/0x200
[ 41.727861][ T349] skb_clone+0x1d1/0x360
[ 41.731954][ T349] sk_psock_verdict_recv+0x53/0x840
[ 41.736978][ T349] unix_read_sock+0x132/0x370
[ 41.741484][ T349] sk_psock_verdict_data_ready+0x147/0x1a0
[ 41.747121][ T349] unix_dgram_sendmsg+0x15fa/0x2090
[ 41.752156][ T349] ____sys_sendmsg+0x59e/0x8f0
[ 41.756766][ T349] ___sys_sendmsg+0x252/0x2e0
[ 41.761269][ T349] __sys_sendmmsg+0x2bf/0x530
[ 41.766045][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 41.770739][ T349] do_syscall_64+0x3d/0xb0
[ 41.774982][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.781009][ T349]
[ 41.783299][ T349] Freed by task 20:
[ 41.787126][ T349] kasan_set_track+0x4b/0x70
[ 41.791552][ T349] kasan_set_free_info+0x23/0x40
[ 41.796453][ T349] ____kasan_slab_free+0x126/0x160
[ 41.801629][ T349] __kasan_slab_free+0x11/0x20
[ 41.806211][ T349] slab_free_freelist_hook+0xbd/0x190
[ 41.811417][ T349] kmem_cache_free+0x116/0x2e0
[ 41.816161][ T349] kfree_skbmem+0x104/0x170
[ 41.820679][ T349] kfree_skb+0xc2/0x360
[ 41.824756][ T349] sk_psock_backlog+0xc21/0xd90
[ 41.829609][ T349] process_one_work+0x6bb/0xc10
[ 41.834502][ T349] worker_thread+0xad5/0x12a0
[ 41.839135][ T349] kthread+0x421/0x510
[ 41.843028][ T349] ret_from_fork+0x1f/0x30
[ 41.847531][ T349]
[ 41.849687][ T349] The buggy address belongs to the object at ffff88811f3bec80
[ 41.849687][ T349] which belongs to the cache skbuff_head_cache of size 248
[ 41.864912][ T349] The buggy address is located 0 bytes inside of
[ 41.864912][ T349] 248-byte region [ffff88811f3bec80, ffff88811f3bed78)
[ 41.878583][ T349] The buggy address belongs to the page:
[ 41.884317][ T349] page:ffffea00047cef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f3be
[ 41.894568][ T349] flags: 0x4000000000000200(slab|zone=1)
[ 41.900119][ T349] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 41.908705][ T349] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 41.917373][ T349] page dumped because: kasan: bad access detected
[ 41.923659][ T349] page_owner tracks the page as allocated
[ 41.929359][ T349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 63, ts 40271691070, free_ts 39723778352
[ 41.945155][ T349] post_alloc_hook+0x1a3/0x1b0
[ 41.949757][ T349] prep_new_page+0x1b/0x110
[ 41.954158][ T349] get_page_from_freelist+0x3550/0x35d0
[ 41.959564][ T349] __alloc_pages+0x27e/0x8f0
[ 41.964073][ T349] new_slab+0x9a/0x4e0
[ 41.968444][ T349] ___slab_alloc+0x39e/0x830
[ 41.973750][ T349] __slab_alloc+0x4a/0x90
[ 41.977906][ T349] kmem_cache_alloc+0x134/0x200
[ 41.983200][ T349] __alloc_skb+0xbe/0x550
[ 41.987376][ T349] alloc_skb_with_frags+0xa6/0x680
[ 41.992934][ T349] sock_alloc_send_pskb+0x915/0xa50
[ 41.997952][ T349] sock_alloc_send_skb+0x32/0x40
[ 42.002740][ T349] mld_newpack+0x1b4/0xa20
[ 42.006980][ T349] add_grec+0xdc8/0x13a0
[ 42.011261][ T349] mld_ifc_work+0x72e/0xbb0
[ 42.015597][ T349] process_one_work+0x6bb/0xc10
[ 42.020297][ T349] page last free stack trace:
[ 42.024894][ T349] free_unref_page_prepare+0x7c8/0x7d0
[ 42.030269][ T349] free_unref_page+0xe8/0x750
[ 42.035834][ T349] __free_pages+0x61/0xf0
[ 42.041140][ T349] __vunmap+0x7bc/0x8f0
[ 42.045390][ T349] vfree+0x7f/0xb0
[ 42.049033][ T349] kcov_mmap+0x93/0x130
[ 42.053028][ T349] mmap_region+0x138d/0x1b60
[ 42.057464][ T349] do_mmap+0x776/0xe50
[ 42.061358][ T349] vm_mmap_pgoff+0x1dd/0x450
[ 42.065915][ T349] ksys_mmap_pgoff+0x15d/0x1e0
[ 42.070499][ T349] __x64_sys_mmap+0x103/0x120
[ 42.075071][ T349] do_syscall_64+0x3d/0xb0
[ 42.079344][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.085336][ T349]
[ 42.087603][ T349] Memory state around the buggy address:
[ 42.093156][ T349] ffff88811f3beb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.101486][ T349] ffff88811f3bec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 42.109557][ T349] >ffff88811f3bec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.117894][ T349] ^
[ 42.121803][ T349] ffff88811f3bed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 42.130149][ T349] ffff88811f3bed80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 42.138210][ T349] ==================================================================
[ 42.162472][ T355] FAULT_INJECTION: forcing a failure.
[ 42.162472][ T355] name failslab, interval 1, probability 0, space 0, times 0
[ 42.176868][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.189160][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 42.199611][ T355] Call Trace:
[ 42.203029][ T355]
[ 42.205754][ T355] dump_stack_lvl+0x151/0x1b7
[ 42.210363][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.215821][ T355] dump_stack+0x15/0x17
[ 42.219913][ T355] should_fail+0x3c6/0x510
[ 42.224247][ T355] __should_failslab+0xa4/0xe0
[ 42.228837][ T355] should_failslab+0x9/0x20
[ 42.233266][ T355] slab_pre_alloc_hook+0x37/0xd0
[ 42.238126][ T355] kmem_cache_alloc_trace+0x48/0x210
[ 42.243439][ T355] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.248996][ T355] ? migrate_disable+0x190/0x190
[ 42.253845][ T355] sk_psock_skb_ingress_self+0x60/0x330
[ 42.259243][ T355] sk_psock_verdict_recv+0x66d/0x840
[ 42.264353][ T355] unix_read_sock+0x132/0x370
[ 42.269057][ T355] ? sk_psock_skb_redirect+0x440/0x440
[ 42.274360][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 42.279976][ T355] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.285455][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 42.291016][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.296826][ T355] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.302200][ T355] ? _raw_spin_lock+0xa4/0x1b0
[ 42.306800][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.312448][ T355] ? skb_queue_tail+0xfb/0x120
[ 42.317095][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.322264][ T355] ? unix_dgram_poll+0x710/0x710
[ 42.327766][ T355] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.332708][ T355] ? security_socket_sendmsg+0x82/0xb0
[ 42.338180][ T355] ? unix_dgram_poll+0x710/0x710
[ 42.342939][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 42.347637][ T355] ? __sys_sendmsg_sock+0x40/0x40
[ 42.352619][ T355] ? import_iovec+0xe5/0x120
[ 42.356998][ T355] ___sys_sendmsg+0x252/0x2e0
[ 42.361630][ T355] ? __sys_sendmsg+0x260/0x260
[ 42.366216][ T355] ? do_handle_mm_fault+0x1949/0x2330
[ 42.371408][ T355] ? __kasan_check_write+0x14/0x20
[ 42.376692][ T355] ? proc_fail_nth_write+0x20b/0x290
[ 42.381922][ T355] ? __fdget+0x1bc/0x240
[ 42.385985][ T355] __sys_sendmmsg+0x2bf/0x530
[ 42.390621][ T355] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.395759][ T355] ? mutex_unlock+0xb2/0x260
[ 42.400252][ T355] ? __kasan_check_write+0x14/0x20
[ 42.405486][ T355] ? debug_smp_processor_id+0x17/0x20
[ 42.410829][ T355] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.417161][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.422070][ T355] do_syscall_64+0x3d/0xb0
[ 42.426504][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.432535][ T355] RIP: 0033:0x7fd8d056ada9
[ 42.436791][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.457040][ T355] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.465832][ T355] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 42.473891][ T355] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 42.481696][ T355] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 42.489646][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.497456][ T355] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 42.505405][ T355]
[ 42.510266][ T354] ==================================================================
[ 42.518251][ T354] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 42.526554][ T354]
[ 42.528769][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.540789][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 42.551307][ T354] Call Trace:
[ 42.554587][ T354]
[ 42.557366][ T354] dump_stack_lvl+0x151/0x1b7
[ 42.562060][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.567619][ T354] ? __wake_up_klogd+0xd5/0x110
[ 42.572527][ T354] ? panic+0x751/0x751
[ 42.576427][ T354] ? kmem_cache_free+0x116/0x2e0
[ 42.581292][ T354] print_address_description+0x87/0x3b0
[ 42.586854][ T354] ? kmem_cache_free+0x116/0x2e0
[ 42.591724][ T354] ? kmem_cache_free+0x116/0x2e0
[ 42.596503][ T354] kasan_report_invalid_free+0x6b/0xa0
[ 42.601884][ T354] ____kasan_slab_free+0x13e/0x160
[ 42.607002][ T354] __kasan_slab_free+0x11/0x20
[ 42.611607][ T354] slab_free_freelist_hook+0xbd/0x190
[ 42.617042][ T354] ? kfree_skbmem+0x104/0x170
[ 42.621639][ T354] kmem_cache_free+0x116/0x2e0
[ 42.626342][ T354] kfree_skbmem+0x104/0x170
[ 42.630773][ T354] consume_skb+0xb4/0x250
[ 42.635106][ T354] __sk_msg_free+0x2dd/0x370
[ 42.639527][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.645434][ T354] sk_psock_stop+0x44c/0x4d0
[ 42.649962][ T354] ? unix_peer_get+0xe0/0xe0
[ 42.654469][ T354] sock_map_close+0x2b9/0x4c0
[ 42.658976][ T354] ? sock_map_remove_links+0x570/0x570
[ 42.664310][ T354] ? rwsem_mark_wake+0x6b0/0x6b0
[ 42.669046][ T354] unix_release+0x82/0xc0
[ 42.673211][ T354] sock_close+0xdf/0x270
[ 42.677291][ T354] ? sock_mmap+0xa0/0xa0
[ 42.681373][ T354] __fput+0x3fe/0x910
[ 42.685191][ T354] ____fput+0x15/0x20
[ 42.689011][ T354] task_work_run+0x129/0x190
[ 42.693433][ T354] exit_to_user_mode_loop+0xc4/0xe0
[ 42.698469][ T354] exit_to_user_mode_prepare+0x5a/0xa0
[ 42.703761][ T354] syscall_exit_to_user_mode+0x26/0x160
[ 42.709144][ T354] do_syscall_64+0x49/0xb0
[ 42.713505][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.719249][ T354] RIP: 0033:0x7fd8d0569c9a
[ 42.723641][ T354] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.743879][ T354] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.752561][ T354] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 42.760661][ T354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.768729][ T354] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 42.777071][ T354] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a7db
[ 42.784942][ T354] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000a49a
[ 42.792854][ T354]
[ 42.795714][ T354]
[ 42.797883][ T354] Allocated by task 355:
[ 42.801966][ T354] __kasan_slab_alloc+0xb1/0xe0
[ 42.806763][ T354] slab_post_alloc_hook+0x53/0x2c0
[ 42.811705][ T354] kmem_cache_alloc+0xf5/0x200
[ 42.816535][ T354] skb_clone+0x1d1/0x360
[ 42.820778][ T354] sk_psock_verdict_recv+0x53/0x840
[ 42.826089][ T354] unix_read_sock+0x132/0x370
[ 42.830618][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.836854][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.842486][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 42.847280][ T354] ___sys_sendmsg+0x252/0x2e0
[ 42.852090][ T354] __sys_sendmmsg+0x2bf/0x530
[ 42.856649][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.861337][ T354] do_syscall_64+0x3d/0xb0
[ 42.865678][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.871602][ T354]
[ 42.874072][ T354] Freed by task 20:
[ 42.877938][ T354] kasan_set_track+0x4b/0x70
[ 42.882622][ T354] kasan_set_free_info+0x23/0x40
[ 42.887505][ T354] ____kasan_slab_free+0x126/0x160
[ 42.892532][ T354] __kasan_slab_free+0x11/0x20
[ 42.897136][ T354] slab_free_freelist_hook+0xbd/0x190
[ 42.902699][ T354] kmem_cache_free+0x116/0x2e0
[ 42.907297][ T354] kfree_skbmem+0x104/0x170
[ 42.911633][ T354] kfree_skb+0xc2/0x360
[ 42.915931][ T354] sk_psock_backlog+0xc21/0xd90
[ 42.920928][ T354] process_one_work+0x6bb/0xc10
[ 42.925619][ T354] worker_thread+0xad5/0x12a0
[ 42.930399][ T354] kthread+0x421/0x510
[ 42.934408][ T354] ret_from_fork+0x1f/0x30
[ 42.938649][ T354]
[ 42.940803][ T354] The buggy address belongs to the object at ffff88811f257640
[ 42.940803][ T354] which belongs to the cache skbuff_head_cache of size 248
[ 42.956295][ T354] The buggy address is located 0 bytes inside of
[ 42.956295][ T354] 248-byte region [ffff88811f257640, ffff88811f257738)
[ 42.969872][ T354] The buggy address belongs to the page:
[ 42.976048][ T354] page:ffffea00047c95c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f257
[ 42.986414][ T354] flags: 0x4000000000000200(slab|zone=1)
[ 42.992064][ T354] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 43.000583][ T354] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.009247][ T354] page dumped because: kasan: bad access detected
[ 43.015872][ T354] page_owner tracks the page as allocated
[ 43.021651][ T354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 20, ts 42150850544, free_ts 40318572528
[ 43.040954][ T354] post_alloc_hook+0x1a3/0x1b0
[ 43.046086][ T354] prep_new_page+0x1b/0x110
[ 43.050769][ T354] get_page_from_freelist+0x3550/0x35d0
[ 43.056306][ T354] __alloc_pages+0x27e/0x8f0
[ 43.060744][ T354] new_slab+0x9a/0x4e0
[ 43.064644][ T354] ___slab_alloc+0x39e/0x830
[ 43.069072][ T354] __slab_alloc+0x4a/0x90
[ 43.073239][ T354] kmem_cache_alloc+0x134/0x200
[ 43.078054][ T354] __alloc_skb+0xbe/0x550
[ 43.082219][ T354] ndisc_alloc_skb+0xf3/0x2d0
[ 43.086981][ T354] ndisc_send_rs+0x26c/0x6a0
[ 43.091507][ T354] addrconf_dad_completed+0x8bf/0xd80
[ 43.096992][ T354] addrconf_dad_work+0xdc1/0x1710
[ 43.101916][ T354] process_one_work+0x6bb/0xc10
[ 43.108269][ T354] worker_thread+0xad5/0x12a0
[ 43.112866][ T354] kthread+0x421/0x510
[ 43.117114][ T354] page last free stack trace:
[ 43.122099][ T354] free_unref_page_prepare+0x7c8/0x7d0
[ 43.127568][ T354] free_unref_page+0xe8/0x750
[ 43.132248][ T354] __free_pages+0x61/0xf0
[ 43.136513][ T354] free_pages+0x7c/0x90
[ 43.140490][ T354] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 43.146069][ T354] __apply_to_page_range+0x8dd/0xbe0
[ 43.151189][ T354] apply_to_existing_page_range+0x38/0x50
[ 43.156741][ T354] kasan_release_vmalloc+0x9a/0xb0
[ 43.161759][ T354] __purge_vmap_area_lazy+0x154a/0x1690
[ 43.167512][ T354] _vm_unmap_aliases+0x339/0x3b0
[ 43.172452][ T354] vm_unmap_aliases+0x19/0x20
[ 43.177045][ T354] change_page_attr_set_clr+0x308/0x1050
[ 43.182824][ T354] set_memory_ro+0xa1/0xe0
[ 43.187323][ T354] bpf_int_jit_compile+0xbf42/0xc6d0
[ 43.192618][ T354] bpf_prog_select_runtime+0x706/0x9e0
[ 43.198000][ T354] bpf_prog_load+0x1315/0x1b50
[ 43.202770][ T354]
[ 43.205069][ T354] Memory state around the buggy address:
[ 43.210618][ T354] ffff88811f257500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.219228][ T354] ffff88811f257580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.227626][ T354] >ffff88811f257600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.235563][ T354] ^
[ 43.241554][ T354] ffff88811f257680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.249452][ T354] ffff88811f257700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.257546][ T354] ==================================================================
[ 43.276921][ T358] FAULT_INJECTION: forcing a failure.
[ 43.276921][ T358] name failslab, interval 1, probability 0, space 0, times 0
[ 43.290084][ T358] CPU: 0 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.301697][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 43.312200][ T358] Call Trace:
[ 43.315841][ T358]
[ 43.318721][ T358] dump_stack_lvl+0x151/0x1b7
[ 43.323504][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.329080][ T358] dump_stack+0x15/0x17
[ 43.333068][ T358] should_fail+0x3c6/0x510
[ 43.337407][ T358] __should_failslab+0xa4/0xe0
[ 43.342005][ T358] should_failslab+0x9/0x20
[ 43.346549][ T358] slab_pre_alloc_hook+0x37/0xd0
[ 43.351264][ T358] kmem_cache_alloc_trace+0x48/0x210
[ 43.356795][ T358] ? sk_psock_skb_ingress_self+0x60/0x330
[ 43.362901][ T358] ? migrate_disable+0x190/0x190
[ 43.368057][ T358] sk_psock_skb_ingress_self+0x60/0x330
[ 43.373533][ T358] sk_psock_verdict_recv+0x66d/0x840
[ 43.378857][ T358] unix_read_sock+0x132/0x370
[ 43.383811][ T358] ? sk_psock_skb_redirect+0x440/0x440
[ 43.389198][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 43.394766][ T358] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 43.400036][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 43.405815][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.411528][ T358] ? sk_psock_start_verdict+0xc0/0xc0
[ 43.417253][ T358] ? _raw_spin_lock+0xa4/0x1b0
[ 43.422177][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.428192][ T358] ? skb_queue_tail+0xfb/0x120
[ 43.433637][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.438671][ T358] ? unix_dgram_poll+0x710/0x710
[ 43.444226][ T358] ? _raw_spin_trylock+0xcd/0x1a0
[ 43.449338][ T358] ? security_socket_sendmsg+0x82/0xb0
[ 43.454972][ T358] ? unix_dgram_poll+0x710/0x710
[ 43.460554][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 43.466153][ T358] ? __sys_sendmsg_sock+0x40/0x40
[ 43.471943][ T358] ? import_iovec+0xe5/0x120
[ 43.476609][ T358] ___sys_sendmsg+0x252/0x2e0
[ 43.481609][ T358] ? __sys_sendmsg+0x260/0x260
[ 43.487081][ T358] ? do_handle_mm_fault+0x1949/0x2330
[ 43.492403][ T358] ? __kasan_check_write+0x14/0x20
[ 43.497349][ T358] ? proc_fail_nth_write+0x20b/0x290
[ 43.503173][ T358] ? __fdget+0x1bc/0x240
[ 43.507263][ T358] __sys_sendmmsg+0x2bf/0x530
[ 43.511858][ T358] ? __ia32_sys_sendmsg+0x90/0x90
[ 43.516716][ T358] ? mutex_unlock+0xb2/0x260
[ 43.521229][ T358] ? __kasan_check_write+0x14/0x20
[ 43.526711][ T358] ? debug_smp_processor_id+0x17/0x20
[ 43.532092][ T358] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 43.538099][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.543513][ T358] do_syscall_64+0x3d/0xb0
[ 43.547843][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.553849][ T358] RIP: 0033:0x7fd8d056ada9
[ 43.558535][ T358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 43.578515][ T358] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 43.587507][ T358] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 43.595653][ T358] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 43.603652][ T358] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 43.611673][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 43.619644][ T358] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 43.627541][ T358]
[ 43.633235][ T357] ==================================================================
[ 43.641372][ T357] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 43.649704][ T357]
[ 43.651958][ T357] CPU: 1 PID: 357 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.663598][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 43.674180][ T357] Call Trace:
[ 43.677302][ T357]
[ 43.680082][ T357] dump_stack_lvl+0x151/0x1b7
[ 43.685134][ T357] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.690683][ T357] ? __wake_up_klogd+0xd5/0x110
[ 43.695361][ T357] ? panic+0x751/0x751
[ 43.699456][ T357] ? kmem_cache_free+0x116/0x2e0
[ 43.704586][ T357] print_address_description+0x87/0x3b0
[ 43.710009][ T357] ? kmem_cache_free+0x116/0x2e0
[ 43.715443][ T357] ? kmem_cache_free+0x116/0x2e0
[ 43.720331][ T357] kasan_report_invalid_free+0x6b/0xa0
[ 43.725707][ T357] ____kasan_slab_free+0x13e/0x160
[ 43.730647][ T357] __kasan_slab_free+0x11/0x20
[ 43.735260][ T357] slab_free_freelist_hook+0xbd/0x190
[ 43.740462][ T357] ? kfree_skbmem+0x104/0x170
[ 43.745062][ T357] kmem_cache_free+0x116/0x2e0
[ 43.749698][ T357] kfree_skbmem+0x104/0x170
[ 43.754077][ T357] consume_skb+0xb4/0x250
[ 43.758606][ T357] __sk_msg_free+0x2dd/0x370
[ 43.763316][ T357] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.769048][ T357] sk_psock_stop+0x44c/0x4d0
[ 43.773463][ T357] ? unix_peer_get+0xe0/0xe0
[ 43.777882][ T357] sock_map_close+0x2b9/0x4c0
[ 43.782417][ T357] ? sock_map_remove_links+0x570/0x570
[ 43.787975][ T357] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.792822][ T357] unix_release+0x82/0xc0
[ 43.796989][ T357] sock_close+0xdf/0x270
[ 43.801071][ T357] ? sock_mmap+0xa0/0xa0
[ 43.805159][ T357] __fput+0x3fe/0x910
[ 43.808964][ T357] ____fput+0x15/0x20
[ 43.812889][ T357] task_work_run+0x129/0x190
[ 43.817299][ T357] exit_to_user_mode_loop+0xc4/0xe0
[ 43.822525][ T357] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.827808][ T357] syscall_exit_to_user_mode+0x26/0x160
[ 43.833181][ T357] do_syscall_64+0x49/0xb0
[ 43.837431][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.843511][ T357] RIP: 0033:0x7fd8d0569c9a
[ 43.847841][ T357] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.867984][ T357] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.877271][ T357] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 43.885846][ T357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.893731][ T357] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 43.901629][ T357] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000ac38
[ 43.909443][ T357] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000a8f7
[ 43.917448][ T357]
[ 43.920421][ T357]
[ 43.922597][ T357] Allocated by task 358:
[ 43.926748][ T357] __kasan_slab_alloc+0xb1/0xe0
[ 43.931703][ T357] slab_post_alloc_hook+0x53/0x2c0
[ 43.936937][ T357] kmem_cache_alloc+0xf5/0x200
[ 43.941417][ T357] skb_clone+0x1d1/0x360
[ 43.945590][ T357] sk_psock_verdict_recv+0x53/0x840
[ 43.950738][ T357] unix_read_sock+0x132/0x370
[ 43.955396][ T357] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.961386][ T357] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.966868][ T357] ____sys_sendmsg+0x59e/0x8f0
[ 43.971638][ T357] ___sys_sendmsg+0x252/0x2e0
[ 43.976595][ T357] __sys_sendmmsg+0x2bf/0x530
[ 43.981629][ T357] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.986484][ T357] do_syscall_64+0x3d/0xb0
[ 43.990816][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.996714][ T357]
[ 43.999043][ T357] Freed by task 39:
[ 44.002767][ T357] kasan_set_track+0x4b/0x70
[ 44.007385][ T357] kasan_set_free_info+0x23/0x40
[ 44.012142][ T357] ____kasan_slab_free+0x126/0x160
[ 44.017140][ T357] __kasan_slab_free+0x11/0x20
[ 44.021782][ T357] slab_free_freelist_hook+0xbd/0x190
[ 44.027007][ T357] kmem_cache_free+0x116/0x2e0
[ 44.031693][ T357] kfree_skbmem+0x104/0x170
[ 44.036031][ T357] kfree_skb+0xc2/0x360
[ 44.040210][ T357] sk_psock_backlog+0xc21/0xd90
[ 44.044892][ T357] process_one_work+0x6bb/0xc10
[ 44.049856][ T357] worker_thread+0xad5/0x12a0
[ 44.054485][ T357] kthread+0x421/0x510
[ 44.058451][ T357] ret_from_fork+0x1f/0x30
[ 44.062712][ T357]
[ 44.064876][ T357] The buggy address belongs to the object at ffff88811f2773c0
[ 44.064876][ T357] which belongs to the cache skbuff_head_cache of size 248
[ 44.079606][ T357] The buggy address is located 0 bytes inside of
[ 44.079606][ T357] 248-byte region [ffff88811f2773c0, ffff88811f2774b8)
[ 44.092712][ T357] The buggy address belongs to the page:
[ 44.098170][ T357] page:ffffea00047c9dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f277
[ 44.108231][ T357] flags: 0x4000000000000200(slab|zone=1)
[ 44.113732][ T357] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 44.122232][ T357] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 44.130664][ T357] page dumped because: kasan: bad access detected
[ 44.136888][ T357] page_owner tracks the page as allocated
[ 44.142430][ T357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 43272156341, free_ts 43268479579
[ 44.158921][ T357] post_alloc_hook+0x1a3/0x1b0
[ 44.163604][ T357] prep_new_page+0x1b/0x110
[ 44.168214][ T357] get_page_from_freelist+0x3550/0x35d0
[ 44.173597][ T357] __alloc_pages+0x27e/0x8f0
[ 44.178013][ T357] new_slab+0x9a/0x4e0
[ 44.181918][ T357] ___slab_alloc+0x39e/0x830
[ 44.186343][ T357] __slab_alloc+0x4a/0x90
[ 44.190511][ T357] kmem_cache_alloc+0x134/0x200
[ 44.195199][ T357] __alloc_skb+0xbe/0x550
[ 44.199454][ T357] alloc_skb_with_frags+0xa6/0x680
[ 44.204671][ T357] sock_alloc_send_pskb+0x915/0xa50
[ 44.209690][ T357] unix_dgram_sendmsg+0x6fd/0x2090
[ 44.214818][ T357] __sys_sendto+0x564/0x720
[ 44.219155][ T357] __x64_sys_sendto+0xe5/0x100
[ 44.223837][ T357] do_syscall_64+0x3d/0xb0
[ 44.228092][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.233914][ T357] page last free stack trace:
[ 44.238506][ T357] free_unref_page_prepare+0x7c8/0x7d0
[ 44.243986][ T357] free_unref_page+0xe8/0x750
[ 44.248487][ T357] __free_pages+0x61/0xf0
[ 44.252664][ T357] __vunmap+0x7bc/0x8f0
[ 44.256648][ T357] free_work+0x5b/0x80
[ 44.260553][ T357] process_one_work+0x6bb/0xc10
[ 44.265241][ T357] worker_thread+0xad5/0x12a0
[ 44.269752][ T357] kthread+0x421/0x510
[ 44.273747][ T357] ret_from_fork+0x1f/0x30
[ 44.277998][ T357]
[ 44.280167][ T357] Memory state around the buggy address:
[ 44.285735][ T357] ffff88811f277280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.293823][ T357] ffff88811f277300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.301719][ T357] >ffff88811f277380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 44.310037][ T357] ^
[ 44.316388][ T357] ffff88811f277400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.324450][ T357] ffff88811f277480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 44.332342][ T357] ==================================================================
[ 44.352586][ T361] FAULT_INJECTION: forcing a failure.
[ 44.352586][ T361] name failslab, interval 1, probability 0, space 0, times 0
[ 44.366128][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.378605][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 44.388899][ T361] Call Trace:
[ 44.392091][ T361]
[ 44.394866][ T361] dump_stack_lvl+0x151/0x1b7
[ 44.399369][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.405403][ T361] dump_stack+0x15/0x17
[ 44.409823][ T361] should_fail+0x3c6/0x510
[ 44.414369][ T361] __should_failslab+0xa4/0xe0
[ 44.419303][ T361] should_failslab+0x9/0x20
[ 44.424316][ T361] slab_pre_alloc_hook+0x37/0xd0
[ 44.429842][ T361] kmem_cache_alloc_trace+0x48/0x210
[ 44.435898][ T361] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.444368][ T361] ? migrate_disable+0x190/0x190
[ 44.449402][ T361] sk_psock_skb_ingress_self+0x60/0x330
[ 44.455473][ T361] sk_psock_verdict_recv+0x66d/0x840
[ 44.460914][ T361] unix_read_sock+0x132/0x370
[ 44.465550][ T361] ? sk_psock_skb_redirect+0x440/0x440
[ 44.472043][ T361] ? unix_stream_splice_actor+0x120/0x120
[ 44.477671][ T361] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.483441][ T361] ? unix_stream_splice_actor+0x120/0x120
[ 44.489596][ T361] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.495321][ T361] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.500714][ T361] ? _raw_spin_lock+0xa4/0x1b0
[ 44.505311][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.511219][ T361] ? skb_queue_tail+0xfb/0x120
[ 44.515988][ T361] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.521547][ T361] ? unix_dgram_poll+0x710/0x710
[ 44.526316][ T361] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.531270][ T361] ? security_socket_sendmsg+0x82/0xb0
[ 44.536567][ T361] ? unix_dgram_poll+0x710/0x710
[ 44.541330][ T361] ____sys_sendmsg+0x59e/0x8f0
[ 44.545934][ T361] ? __sys_sendmsg_sock+0x40/0x40
[ 44.550884][ T361] ? import_iovec+0xe5/0x120
[ 44.555564][ T361] ___sys_sendmsg+0x252/0x2e0
[ 44.560171][ T361] ? __sys_sendmsg+0x260/0x260
[ 44.565041][ T361] ? do_handle_mm_fault+0x1949/0x2330
[ 44.570459][ T361] ? __kasan_check_write+0x14/0x20
[ 44.575471][ T361] ? proc_fail_nth_write+0x20b/0x290
[ 44.580682][ T361] ? __fdget+0x1bc/0x240
[ 44.584961][ T361] __sys_sendmmsg+0x2bf/0x530
[ 44.589468][ T361] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.594356][ T361] ? mutex_unlock+0xb2/0x260
[ 44.598837][ T361] ? __kasan_check_write+0x14/0x20
[ 44.603793][ T361] ? debug_smp_processor_id+0x17/0x20
[ 44.608990][ T361] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.615785][ T361] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.620447][ T361] do_syscall_64+0x3d/0xb0
[ 44.624707][ T361] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.630436][ T361] RIP: 0033:0x7fd8d056ada9
[ 44.634854][ T361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.654385][ T361] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.662801][ T361] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 44.670706][ T361] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 44.678515][ T361] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 44.686329][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.694135][ T361] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 44.701960][ T361]
[ 44.706474][ T360] ==================================================================
[ 44.714653][ T360] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.722820][ T360]
[ 44.725078][ T360] CPU: 0 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.736881][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 44.747212][ T360] Call Trace:
[ 44.750416][ T360]
[ 44.753281][ T360] dump_stack_lvl+0x151/0x1b7
[ 44.757793][ T360] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.763343][ T360] ? __wake_up_klogd+0xd5/0x110
[ 44.768630][ T360] ? panic+0x751/0x751
[ 44.772629][ T360] ? kmem_cache_free+0x116/0x2e0
[ 44.777402][ T360] print_address_description+0x87/0x3b0
[ 44.782777][ T360] ? kmem_cache_free+0x116/0x2e0
[ 44.787725][ T360] ? kmem_cache_free+0x116/0x2e0
[ 44.792599][ T360] kasan_report_invalid_free+0x6b/0xa0
[ 44.797893][ T360] ____kasan_slab_free+0x13e/0x160
[ 44.802845][ T360] __kasan_slab_free+0x11/0x20
[ 44.807546][ T360] slab_free_freelist_hook+0xbd/0x190
[ 44.812837][ T360] ? kfree_skbmem+0x104/0x170
[ 44.817562][ T360] kmem_cache_free+0x116/0x2e0
[ 44.823120][ T360] kfree_skbmem+0x104/0x170
[ 44.827606][ T360] consume_skb+0xb4/0x250
[ 44.831854][ T360] __sk_msg_free+0x2dd/0x370
[ 44.836516][ T360] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.842745][ T360] sk_psock_stop+0x44c/0x4d0
[ 44.848261][ T360] ? unix_peer_get+0xe0/0xe0
[ 44.852775][ T360] sock_map_close+0x2b9/0x4c0
[ 44.857376][ T360] ? sock_map_remove_links+0x570/0x570
[ 44.862744][ T360] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.867514][ T360] unix_release+0x82/0xc0
[ 44.871690][ T360] sock_close+0xdf/0x270
[ 44.875769][ T360] ? sock_mmap+0xa0/0xa0
[ 44.879850][ T360] __fput+0x3fe/0x910
[ 44.883776][ T360] ____fput+0x15/0x20
[ 44.887655][ T360] task_work_run+0x129/0x190
[ 44.892167][ T360] exit_to_user_mode_loop+0xc4/0xe0
[ 44.897198][ T360] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.902618][ T360] syscall_exit_to_user_mode+0x26/0x160
[ 44.908161][ T360] do_syscall_64+0x49/0xb0
[ 44.912588][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.918318][ T360] RIP: 0033:0x7fd8d0569c9a
[ 44.922657][ T360] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.942280][ T360] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.950523][ T360] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 44.958350][ T360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.966331][ T360] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 44.974212][ T360] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b06b
[ 44.982194][ T360] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000ad2a
[ 44.990013][ T360]
[ 44.992968][ T360]
[ 44.995131][ T360] Allocated by task 361:
[ 44.999556][ T360] __kasan_slab_alloc+0xb1/0xe0
[ 45.004239][ T360] slab_post_alloc_hook+0x53/0x2c0
[ 45.009197][ T360] kmem_cache_alloc+0xf5/0x200
[ 45.013975][ T360] skb_clone+0x1d1/0x360
[ 45.018041][ T360] sk_psock_verdict_recv+0x53/0x840
[ 45.023168][ T360] unix_read_sock+0x132/0x370
[ 45.027683][ T360] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.033325][ T360] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.038383][ T360] ____sys_sendmsg+0x59e/0x8f0
[ 45.043209][ T360] ___sys_sendmsg+0x252/0x2e0
[ 45.047817][ T360] __sys_sendmmsg+0x2bf/0x530
[ 45.052413][ T360] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.057107][ T360] do_syscall_64+0x3d/0xb0
[ 45.061369][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.067168][ T360]
[ 45.069338][ T360] Freed by task 26:
[ 45.073001][ T360] kasan_set_track+0x4b/0x70
[ 45.077413][ T360] kasan_set_free_info+0x23/0x40
[ 45.082185][ T360] ____kasan_slab_free+0x126/0x160
[ 45.087310][ T360] __kasan_slab_free+0x11/0x20
[ 45.091876][ T360] slab_free_freelist_hook+0xbd/0x190
[ 45.097254][ T360] kmem_cache_free+0x116/0x2e0
[ 45.101937][ T360] kfree_skbmem+0x104/0x170
[ 45.106292][ T360] kfree_skb+0xc2/0x360
[ 45.110289][ T360] sk_psock_backlog+0xc21/0xd90
[ 45.114977][ T360] process_one_work+0x6bb/0xc10
[ 45.119644][ T360] worker_thread+0xad5/0x12a0
[ 45.124156][ T360] kthread+0x421/0x510
[ 45.128060][ T360] ret_from_fork+0x1f/0x30
[ 45.132489][ T360]
[ 45.134667][ T360] The buggy address belongs to the object at ffff88810c9d6c80
[ 45.134667][ T360] which belongs to the cache skbuff_head_cache of size 248
[ 45.149361][ T360] The buggy address is located 0 bytes inside of
[ 45.149361][ T360] 248-byte region [ffff88810c9d6c80, ffff88810c9d6d78)
[ 45.162623][ T360] The buggy address belongs to the page:
[ 45.168539][ T360] page:ffffea0004327580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c9d6
[ 45.178605][ T360] flags: 0x4000000000000200(slab|zone=1)
[ 45.184086][ T360] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 45.192494][ T360] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 45.201003][ T360] page dumped because: kasan: bad access detected
[ 45.207246][ T360] page_owner tracks the page as allocated
[ 45.212832][ T360] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 44342100290, free_ts 43274996804
[ 45.228431][ T360] post_alloc_hook+0x1a3/0x1b0
[ 45.233113][ T360] prep_new_page+0x1b/0x110
[ 45.237455][ T360] get_page_from_freelist+0x3550/0x35d0
[ 45.243070][ T360] __alloc_pages+0x27e/0x8f0
[ 45.247453][ T360] new_slab+0x9a/0x4e0
[ 45.251623][ T360] ___slab_alloc+0x39e/0x830
[ 45.256061][ T360] __slab_alloc+0x4a/0x90
[ 45.260234][ T360] kmem_cache_alloc+0x134/0x200
[ 45.264916][ T360] __alloc_skb+0xbe/0x550
[ 45.269201][ T360] alloc_skb_with_frags+0xa6/0x680
[ 45.274381][ T360] sock_alloc_send_pskb+0x915/0xa50
[ 45.279884][ T360] unix_dgram_sendmsg+0x6fd/0x2090
[ 45.284969][ T360] __sys_sendto+0x564/0x720
[ 45.289317][ T360] __x64_sys_sendto+0xe5/0x100
[ 45.294030][ T360] do_syscall_64+0x3d/0xb0
[ 45.298248][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.303976][ T360] page last free stack trace:
[ 45.308518][ T360] free_unref_page_prepare+0x7c8/0x7d0
[ 45.314047][ T360] free_unref_page+0xe8/0x750
[ 45.319016][ T360] __free_pages+0x61/0xf0
[ 45.323442][ T360] __free_slab+0xec/0x1d0
[ 45.327688][ T360] __unfreeze_partials+0x165/0x1a0
[ 45.333358][ T360] put_cpu_partial+0xc4/0x120
[ 45.338704][ T360] __slab_free+0x1c8/0x290
[ 45.343739][ T360] ___cache_free+0x109/0x120
[ 45.348340][ T360] qlink_free+0x4d/0x90
[ 45.352410][ T360] qlist_free_all+0x44/0xb0
[ 45.356847][ T360] kasan_quarantine_reduce+0x15a/0x180
[ 45.362586][ T360] __kasan_slab_alloc+0x2f/0xe0
[ 45.367716][ T360] slab_post_alloc_hook+0x53/0x2c0
[ 45.373017][ T360] kmem_cache_alloc+0xf5/0x200
[ 45.378058][ T360] getname_flags+0xba/0x520
[ 45.382740][ T360] user_path_at_empty+0x2d/0x1a0
[ 45.387599][ T360]
[ 45.389769][ T360] Memory state around the buggy address:
[ 45.395441][ T360] ffff88810c9d6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/04/12 06:35:28 executed programs: 4
[ 45.403513][ T360] ffff88810c9d6c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.411778][ T360] >ffff88810c9d6c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.419835][ T360] ^
[ 45.423928][ T360] ffff88810c9d6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.431996][ T360] ffff88810c9d6d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.441052][ T360] ==================================================================
[ 45.503500][ T364] FAULT_INJECTION: forcing a failure.
[ 45.503500][ T364] name failslab, interval 1, probability 0, space 0, times 0
[ 45.516467][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.528227][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 45.538672][ T364] Call Trace:
[ 45.542060][ T364]
[ 45.544837][ T364] dump_stack_lvl+0x151/0x1b7
[ 45.550062][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.557349][ T364] dump_stack+0x15/0x17
[ 45.561928][ T364] should_fail+0x3c6/0x510
[ 45.566358][ T364] __should_failslab+0xa4/0xe0
[ 45.571069][ T364] should_failslab+0x9/0x20
[ 45.575498][ T364] slab_pre_alloc_hook+0x37/0xd0
[ 45.580304][ T364] kmem_cache_alloc_trace+0x48/0x210
[ 45.585620][ T364] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.591593][ T364] ? migrate_disable+0x190/0x190
[ 45.596360][ T364] sk_psock_skb_ingress_self+0x60/0x330
[ 45.601836][ T364] sk_psock_verdict_recv+0x66d/0x840
[ 45.607055][ T364] unix_read_sock+0x132/0x370
[ 45.611557][ T364] ? sk_psock_skb_redirect+0x440/0x440
[ 45.616943][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 45.622695][ T364] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.628072][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 45.633631][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.639472][ T364] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.644662][ T364] ? _raw_spin_lock+0xa4/0x1b0
[ 45.649344][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.654978][ T364] ? skb_queue_tail+0xfb/0x120
[ 45.659609][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.664985][ T364] ? unix_dgram_poll+0x710/0x710
[ 45.670023][ T364] ? _raw_spin_trylock+0xcd/0x1a0
[ 45.674970][ T364] ? security_socket_sendmsg+0x82/0xb0
[ 45.680263][ T364] ? unix_dgram_poll+0x710/0x710
[ 45.685151][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 45.689754][ T364] ? __sys_sendmsg_sock+0x40/0x40
[ 45.694608][ T364] ? import_iovec+0xe5/0x120
[ 45.699041][ T364] ___sys_sendmsg+0x252/0x2e0
[ 45.703707][ T364] ? __sys_sendmsg+0x260/0x260
[ 45.708311][ T364] ? do_handle_mm_fault+0x1949/0x2330
[ 45.713611][ T364] ? __kasan_check_write+0x14/0x20
[ 45.718726][ T364] ? proc_fail_nth_write+0x20b/0x290
[ 45.724111][ T364] ? __fdget+0x1bc/0x240
[ 45.728381][ T364] __sys_sendmmsg+0x2bf/0x530
[ 45.733099][ T364] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.737971][ T364] ? mutex_unlock+0xb2/0x260
[ 45.742674][ T364] ? __kasan_check_write+0x14/0x20
[ 45.747738][ T364] ? debug_smp_processor_id+0x17/0x20
[ 45.753661][ T364] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.759894][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.765283][ T364] do_syscall_64+0x3d/0xb0
[ 45.769619][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.775526][ T364] RIP: 0033:0x7fd8d056ada9
[ 45.779790][ T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.799825][ T364] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.808155][ T364] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 45.816237][ T364] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 45.824040][ T364] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 45.832208][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.840351][ T364] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 45.848664][ T364]
[ 45.852035][ T363] ==================================================================
[ 45.854713][ T30] kauditd_printk_skb: 2 callbacks suppressed
[ 45.854727][ T30] audit: type=1400 audit(1712903728.530:171): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 45.860014][ T363] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 45.866202][ T30] audit: type=1400 audit(1712903728.530:172): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.888236][ T363]
[ 45.888245][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.888263][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 45.888270][ T363] Call Trace:
[ 45.888275][ T363]
[ 45.888282][ T363] dump_stack_lvl+0x151/0x1b7
[ 45.888301][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.896959][ T30] audit: type=1400 audit(1712903728.530:173): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.918340][ T363] ? __wake_up_klogd+0xd5/0x110
[ 45.918371][ T363] ? panic+0x751/0x751
[ 45.918383][ T363] ? kmem_cache_free+0x116/0x2e0
[ 45.918399][ T363] print_address_description+0x87/0x3b0
[ 45.918414][ T363] ? kmem_cache_free+0x116/0x2e0
[ 45.918427][ T363] ? kmem_cache_free+0x116/0x2e0
[ 46.009129][ T363] kasan_report_invalid_free+0x6b/0xa0
[ 46.014424][ T363] ____kasan_slab_free+0x13e/0x160
[ 46.019455][ T363] __kasan_slab_free+0x11/0x20
[ 46.024143][ T363] slab_free_freelist_hook+0xbd/0x190
[ 46.029351][ T363] ? kfree_skbmem+0x104/0x170
[ 46.033964][ T363] kmem_cache_free+0x116/0x2e0
[ 46.038654][ T363] kfree_skbmem+0x104/0x170
[ 46.043252][ T363] consume_skb+0xb4/0x250
[ 46.047744][ T363] __sk_msg_free+0x2dd/0x370
[ 46.052195][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.058097][ T363] sk_psock_stop+0x44c/0x4d0
[ 46.062522][ T363] ? unix_peer_get+0xe0/0xe0
[ 46.067130][ T363] sock_map_close+0x2b9/0x4c0
[ 46.071709][ T363] ? sock_map_remove_links+0x570/0x570
[ 46.077091][ T363] ? rwsem_mark_wake+0x6b0/0x6b0
[ 46.081977][ T363] unix_release+0x82/0xc0
[ 46.086117][ T363] sock_close+0xdf/0x270
[ 46.090197][ T363] ? sock_mmap+0xa0/0xa0
[ 46.094292][ T363] __fput+0x3fe/0x910
[ 46.098089][ T363] ____fput+0x15/0x20
[ 46.102070][ T363] task_work_run+0x129/0x190
[ 46.106490][ T363] exit_to_user_mode_loop+0xc4/0xe0
[ 46.111533][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.116978][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 46.122472][ T363] do_syscall_64+0x49/0xb0
[ 46.126917][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.132840][ T363] RIP: 0033:0x7fd8d0569c9a
[ 46.137199][ T363] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.157753][ T363] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.166544][ T363] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 46.175086][ T363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.182994][ T363] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 46.191111][ T363] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b4ea
[ 46.198915][ T363] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000b1a9
[ 46.207005][ T363]
[ 46.210191][ T363]
[ 46.212358][ T363] Allocated by task 364:
[ 46.216441][ T363] __kasan_slab_alloc+0xb1/0xe0
[ 46.221508][ T363] slab_post_alloc_hook+0x53/0x2c0
[ 46.226461][ T363] kmem_cache_alloc+0xf5/0x200
[ 46.231055][ T363] skb_clone+0x1d1/0x360
[ 46.235131][ T363] sk_psock_verdict_recv+0x53/0x840
[ 46.240214][ T363] unix_read_sock+0x132/0x370
[ 46.244789][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.250439][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.255465][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 46.260313][ T363] ___sys_sendmsg+0x252/0x2e0
[ 46.264934][ T363] __sys_sendmmsg+0x2bf/0x530
[ 46.269442][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.274242][ T363] do_syscall_64+0x3d/0xb0
[ 46.278609][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.285460][ T363]
[ 46.287833][ T363] Freed by task 39:
[ 46.291451][ T363] kasan_set_track+0x4b/0x70
[ 46.295978][ T363] kasan_set_free_info+0x23/0x40
[ 46.300774][ T363] ____kasan_slab_free+0x126/0x160
[ 46.306520][ T363] __kasan_slab_free+0x11/0x20
[ 46.311112][ T363] slab_free_freelist_hook+0xbd/0x190
[ 46.316664][ T363] kmem_cache_free+0x116/0x2e0
[ 46.321715][ T363] kfree_skbmem+0x104/0x170
[ 46.326662][ T363] kfree_skb+0xc2/0x360
[ 46.330649][ T363] sk_psock_backlog+0xc21/0xd90
[ 46.336145][ T363] process_one_work+0x6bb/0xc10
[ 46.341507][ T363] worker_thread+0xad5/0x12a0
[ 46.346107][ T363] kthread+0x421/0x510
[ 46.350006][ T363] ret_from_fork+0x1f/0x30
[ 46.354354][ T363]
[ 46.356529][ T363] The buggy address belongs to the object at ffff88811f0adc80
[ 46.356529][ T363] which belongs to the cache skbuff_head_cache of size 248
[ 46.372232][ T363] The buggy address is located 0 bytes inside of
[ 46.372232][ T363] 248-byte region [ffff88811f0adc80, ffff88811f0add78)
[ 46.385657][ T363] The buggy address belongs to the page:
[ 46.391488][ T363] page:ffffea00047c2b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f0ad
[ 46.402158][ T363] flags: 0x4000000000000200(slab|zone=1)
[ 46.409321][ T363] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 46.418244][ T363] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.427650][ T363] page dumped because: kasan: bad access detected
[ 46.434707][ T363] page_owner tracks the page as allocated
[ 46.440343][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 8, ts 45410570988, free_ts 32093056007
[ 46.457741][ T363] post_alloc_hook+0x1a3/0x1b0
[ 46.462442][ T363] prep_new_page+0x1b/0x110
[ 46.466734][ T363] get_page_from_freelist+0x3550/0x35d0
[ 46.472608][ T363] __alloc_pages+0x27e/0x8f0
[ 46.477284][ T363] new_slab+0x9a/0x4e0
[ 46.481186][ T363] ___slab_alloc+0x39e/0x830
[ 46.485619][ T363] __slab_alloc+0x4a/0x90
[ 46.489984][ T363] kmem_cache_alloc+0x134/0x200
[ 46.494660][ T363] __alloc_skb+0xbe/0x550
[ 46.498832][ T363] ndisc_alloc_skb+0xf3/0x2d0
[ 46.503527][ T363] ndisc_send_rs+0x26c/0x6a0
[ 46.508224][ T363] addrconf_rs_timer+0x2d1/0x600
[ 46.512989][ T363] call_timer_fn+0x3b/0x2d0
[ 46.517329][ T363] __run_timers+0x72a/0xa10
[ 46.521665][ T363] run_timer_softirq+0x69/0xf0
[ 46.526273][ T363] __do_softirq+0x26d/0x5bf
[ 46.530626][ T363] page last free stack trace:
[ 46.535122][ T363] free_unref_page_prepare+0x7c8/0x7d0
[ 46.540599][ T363] free_unref_page+0xe8/0x750
[ 46.545306][ T363] __free_pages+0x61/0xf0
[ 46.549668][ T363] free_pages+0x7c/0x90
[ 46.553780][ T363] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 46.559329][ T363] __apply_to_page_range+0x8dd/0xbe0
[ 46.564560][ T363] apply_to_existing_page_range+0x38/0x50
[ 46.570091][ T363] kasan_release_vmalloc+0x9a/0xb0
[ 46.575157][ T363] __purge_vmap_area_lazy+0x154a/0x1690
[ 46.580716][ T363] _vm_unmap_aliases+0x339/0x3b0
[ 46.585481][ T363] vm_unmap_aliases+0x19/0x20
[ 46.590216][ T363] change_page_attr_set_clr+0x308/0x1050
[ 46.595944][ T363] set_memory_ro+0xa1/0xe0
[ 46.600195][ T363] bpf_int_jit_compile+0xbf42/0xc6d0
[ 46.606276][ T363] bpf_prog_select_runtime+0x706/0x9e0
[ 46.611945][ T363] bpf_prepare_filter+0x10d0/0x13d0
[ 46.617338][ T363]
[ 46.619830][ T363] Memory state around the buggy address:
[ 46.625431][ T363] ffff88811f0adb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.633776][ T363] ffff88811f0adc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.641698][ T363] >ffff88811f0adc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.649752][ T363] ^
[ 46.653660][ T363] ffff88811f0add00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.661784][ T363] ffff88811f0add80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.669856][ T363] ==================================================================
[ 46.686171][ T367] FAULT_INJECTION: forcing a failure.
[ 46.686171][ T367] name failslab, interval 1, probability 0, space 0, times 0
[ 46.699159][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.710970][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 46.721638][ T367] Call Trace:
[ 46.724764][ T367]
[ 46.728759][ T367] dump_stack_lvl+0x151/0x1b7
[ 46.733267][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.738905][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.744593][ T367] ? __skb_try_recv_datagram+0x495/0x6a0
[ 46.750274][ T367] dump_stack+0x15/0x17
[ 46.754443][ T367] should_fail+0x3c6/0x510
[ 46.758692][ T367] __should_failslab+0xa4/0xe0
[ 46.763771][ T367] ? skb_clone+0x1d1/0x360
[ 46.767929][ T367] should_failslab+0x9/0x20
[ 46.772310][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 46.777304][ T367] ? skb_clone+0x1d1/0x360
[ 46.783032][ T367] kmem_cache_alloc+0x44/0x200
[ 46.787810][ T367] skb_clone+0x1d1/0x360
[ 46.792072][ T367] sk_psock_verdict_recv+0x53/0x840
[ 46.797092][ T367] ? avc_has_perm_noaudit+0x430/0x430
[ 46.802824][ T367] ? mntput_no_expire+0xfc/0x6b0
[ 46.807768][ T367] unix_read_sock+0x132/0x370
[ 46.813325][ T367] ? sk_psock_skb_redirect+0x440/0x440
[ 46.818939][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 46.824473][ T367] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.829769][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 46.835506][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.841767][ T367] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.847359][ T367] ? _raw_spin_lock+0xa4/0x1b0
[ 46.852100][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.857938][ T367] ? skb_queue_tail+0xfb/0x120
[ 46.862534][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.868014][ T367] ? unix_dgram_poll+0x710/0x710
[ 46.872777][ T367] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.877680][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 46.882961][ T367] ? unix_dgram_poll+0x710/0x710
[ 46.887986][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 46.892964][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 46.897818][ T367] ? import_iovec+0xe5/0x120
[ 46.902245][ T367] ___sys_sendmsg+0x252/0x2e0
[ 46.906770][ T367] ? __sys_sendmsg+0x260/0x260
[ 46.911446][ T367] ? do_handle_mm_fault+0x1949/0x2330
[ 46.916931][ T367] ? __kasan_check_write+0x14/0x20
[ 46.921976][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 46.927612][ T367] ? __fdget+0x1bc/0x240
[ 46.931766][ T367] __sys_sendmmsg+0x2bf/0x530
[ 46.936365][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.941413][ T367] ? mutex_unlock+0xb2/0x260
[ 46.945918][ T367] ? __kasan_check_write+0x14/0x20
[ 46.950952][ T367] ? debug_smp_processor_id+0x17/0x20
[ 46.956157][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.962233][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.967115][ T367] do_syscall_64+0x3d/0xb0
[ 46.971742][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.977613][ T367] RIP: 0033:0x7fd8d056ada9
[ 46.981888][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.002026][ T367] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.011149][ T367] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 47.019137][ T367] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 47.027285][ T367] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 47.035728][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.044526][ T367] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 47.056814][ T367]
[ 47.073575][ T369] FAULT_INJECTION: forcing a failure.
[ 47.073575][ T369] name failslab, interval 1, probability 0, space 0, times 0
[ 47.086497][ T369] CPU: 1 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.098381][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 47.108458][ T369] Call Trace:
[ 47.111576][ T369]
[ 47.114347][ T369] dump_stack_lvl+0x151/0x1b7
[ 47.118909][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.124339][ T369] dump_stack+0x15/0x17
[ 47.128413][ T369] should_fail+0x3c6/0x510
[ 47.133544][ T369] __should_failslab+0xa4/0xe0
[ 47.138226][ T369] should_failslab+0x9/0x20
[ 47.142652][ T369] slab_pre_alloc_hook+0x37/0xd0
[ 47.147418][ T369] kmem_cache_alloc_trace+0x48/0x210
[ 47.152539][ T369] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.158091][ T369] ? migrate_disable+0x190/0x190
[ 47.162985][ T369] sk_psock_skb_ingress_self+0x60/0x330
[ 47.168880][ T369] sk_psock_verdict_recv+0x66d/0x840
[ 47.174557][ T369] unix_read_sock+0x132/0x370
[ 47.179285][ T369] ? sk_psock_skb_redirect+0x440/0x440
[ 47.185008][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 47.190867][ T369] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.196713][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 47.203005][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.209849][ T369] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.215095][ T369] ? _raw_spin_lock+0xa4/0x1b0
[ 47.219780][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.225510][ T369] ? skb_queue_tail+0xfb/0x120
[ 47.230111][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.235146][ T369] ? unix_dgram_poll+0x710/0x710
[ 47.240181][ T369] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.245075][ T369] ? security_socket_sendmsg+0x82/0xb0
[ 47.250336][ T369] ? unix_dgram_poll+0x710/0x710
[ 47.255103][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 47.259706][ T369] ? __sys_sendmsg_sock+0x40/0x40
[ 47.264706][ T369] ? import_iovec+0xe5/0x120
[ 47.269140][ T369] ___sys_sendmsg+0x252/0x2e0
[ 47.273600][ T369] ? __sys_sendmsg+0x260/0x260
[ 47.278192][ T369] ? do_handle_mm_fault+0x1949/0x2330
[ 47.283400][ T369] ? __kasan_check_write+0x14/0x20
[ 47.288435][ T369] ? proc_fail_nth_write+0x20b/0x290
[ 47.293910][ T369] ? __fdget+0x1bc/0x240
[ 47.297978][ T369] __sys_sendmmsg+0x2bf/0x530
[ 47.302590][ T369] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.307438][ T369] ? mutex_unlock+0xb2/0x260
[ 47.311869][ T369] ? __kasan_check_write+0x14/0x20
[ 47.317036][ T369] ? debug_smp_processor_id+0x17/0x20
[ 47.323056][ T369] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.329329][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.334169][ T369] do_syscall_64+0x3d/0xb0
[ 47.338423][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.344247][ T369] RIP: 0033:0x7fd8d056ada9
[ 47.348483][ T369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.369199][ T369] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.378582][ T369] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 47.386636][ T369] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 47.394880][ T369] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 47.404161][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.412970][ T369] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 47.421518][ T369]
[ 47.427193][ T368] ==================================================================
[ 47.435358][ T368] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 47.444122][ T368]
[ 47.446937][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.458713][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 47.469000][ T368] Call Trace:
[ 47.472185][ T368]
[ 47.475077][ T368] dump_stack_lvl+0x151/0x1b7
[ 47.480117][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.485577][ T368] ? __wake_up_klogd+0xd5/0x110
[ 47.490525][ T368] ? panic+0x751/0x751
[ 47.494801][ T368] ? kmem_cache_free+0x116/0x2e0
[ 47.499665][ T368] print_address_description+0x87/0x3b0
[ 47.505460][ T368] ? kmem_cache_free+0x116/0x2e0
[ 47.510221][ T368] ? kmem_cache_free+0x116/0x2e0
[ 47.514996][ T368] kasan_report_invalid_free+0x6b/0xa0
[ 47.520508][ T368] ____kasan_slab_free+0x13e/0x160
[ 47.525757][ T368] __kasan_slab_free+0x11/0x20
[ 47.530435][ T368] slab_free_freelist_hook+0xbd/0x190
[ 47.535850][ T368] ? kfree_skbmem+0x104/0x170
[ 47.540434][ T368] kmem_cache_free+0x116/0x2e0
[ 47.545116][ T368] kfree_skbmem+0x104/0x170
[ 47.549509][ T368] consume_skb+0xb4/0x250
[ 47.553899][ T368] __sk_msg_free+0x2dd/0x370
[ 47.558399][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.564166][ T368] sk_psock_stop+0x44c/0x4d0
[ 47.568603][ T368] ? unix_peer_get+0xe0/0xe0
[ 47.573014][ T368] sock_map_close+0x2b9/0x4c0
[ 47.577517][ T368] ? sock_map_remove_links+0x570/0x570
[ 47.583249][ T368] ? rwsem_mark_wake+0x6b0/0x6b0
[ 47.588193][ T368] unix_release+0x82/0xc0
[ 47.592359][ T368] sock_close+0xdf/0x270
[ 47.596526][ T368] ? sock_mmap+0xa0/0xa0
[ 47.600608][ T368] __fput+0x3fe/0x910
[ 47.604428][ T368] ____fput+0x15/0x20
[ 47.608251][ T368] task_work_run+0x129/0x190
[ 47.612670][ T368] exit_to_user_mode_loop+0xc4/0xe0
[ 47.617792][ T368] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.623087][ T368] syscall_exit_to_user_mode+0x26/0x160
[ 47.628467][ T368] do_syscall_64+0x49/0xb0
[ 47.632842][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.638669][ T368] RIP: 0033:0x7fd8d0569c9a
[ 47.643224][ T368] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.663010][ T368] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.671262][ T368] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 47.679163][ T368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.687075][ T368] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 47.694978][ T368] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bb0c
[ 47.702864][ T368] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000b7cb
[ 47.710853][ T368]
[ 47.713817][ T368]
[ 47.716067][ T368] Allocated by task 369:
[ 47.720183][ T368] __kasan_slab_alloc+0xb1/0xe0
[ 47.724843][ T368] slab_post_alloc_hook+0x53/0x2c0
[ 47.729783][ T368] kmem_cache_alloc+0xf5/0x200
[ 47.734380][ T368] skb_clone+0x1d1/0x360
[ 47.738503][ T368] sk_psock_verdict_recv+0x53/0x840
[ 47.743930][ T368] unix_read_sock+0x132/0x370
[ 47.748593][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.754476][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.759607][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 47.764464][ T368] ___sys_sendmsg+0x252/0x2e0
[ 47.768968][ T368] __sys_sendmmsg+0x2bf/0x530
[ 47.773601][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.778362][ T368] do_syscall_64+0x3d/0xb0
[ 47.782595][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.788329][ T368]
[ 47.790493][ T368] Freed by task 26:
[ 47.794230][ T368] kasan_set_track+0x4b/0x70
[ 47.798659][ T368] kasan_set_free_info+0x23/0x40
[ 47.803429][ T368] ____kasan_slab_free+0x126/0x160
[ 47.808467][ T368] __kasan_slab_free+0x11/0x20
[ 47.813060][ T368] slab_free_freelist_hook+0xbd/0x190
[ 47.818272][ T368] kmem_cache_free+0x116/0x2e0
[ 47.822953][ T368] kfree_skbmem+0x104/0x170
[ 47.827381][ T368] kfree_skb+0xc2/0x360
[ 47.831480][ T368] sk_psock_backlog+0xc21/0xd90
[ 47.836168][ T368] process_one_work+0x6bb/0xc10
[ 47.840962][ T368] worker_thread+0xad5/0x12a0
[ 47.845554][ T368] kthread+0x421/0x510
[ 47.849449][ T368] ret_from_fork+0x1f/0x30
[ 47.853786][ T368]
[ 47.856042][ T368] The buggy address belongs to the object at ffff88810cd9b8c0
[ 47.856042][ T368] which belongs to the cache skbuff_head_cache of size 248
[ 47.871087][ T368] The buggy address is located 0 bytes inside of
[ 47.871087][ T368] 248-byte region [ffff88810cd9b8c0, ffff88810cd9b9b8)
[ 47.884290][ T368] The buggy address belongs to the page:
[ 47.889756][ T368] page:ffffea00043366c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cd9b
[ 47.899823][ T368] flags: 0x4000000000000200(slab|zone=1)
[ 47.905304][ T368] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350a80
[ 47.913907][ T368] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.922835][ T368] page dumped because: kasan: bad access detected
[ 47.929410][ T368] page_owner tracks the page as allocated
[ 47.934912][ T368] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 363, ts 46678726075, free_ts 45451789666
[ 47.953221][ T368] post_alloc_hook+0x1a3/0x1b0
[ 47.957908][ T368] prep_new_page+0x1b/0x110
[ 47.963222][ T368] get_page_from_freelist+0x3550/0x35d0
[ 47.968869][ T368] __alloc_pages+0x27e/0x8f0
[ 47.973374][ T368] new_slab+0x9a/0x4e0
[ 47.977361][ T368] ___slab_alloc+0x39e/0x830
[ 47.981798][ T368] __slab_alloc+0x4a/0x90
[ 47.985949][ T368] kmem_cache_alloc+0x134/0x200
[ 47.990823][ T368] __alloc_skb+0xbe/0x550
[ 47.994990][ T368] wg_packet_send_keepalive+0x60/0x1c0
[ 48.000365][ T368] wg_expired_send_persistent_keepalive+0x53/0x80
[ 48.006611][ T368] call_timer_fn+0x3b/0x2d0
[ 48.010968][ T368] __run_timers+0x72a/0xa10
[ 48.015296][ T368] run_timer_softirq+0x69/0xf0
[ 48.020145][ T368] __do_softirq+0x26d/0x5bf
[ 48.024488][ T368] page last free stack trace:
[ 48.029249][ T368] free_unref_page_prepare+0x7c8/0x7d0
[ 48.034542][ T368] free_unref_page+0xe8/0x750
[ 48.039059][ T368] __free_pages+0x61/0xf0
[ 48.043477][ T368] __vunmap+0x7bc/0x8f0
[ 48.047481][ T368] free_work+0x5b/0x80
[ 48.051372][ T368] process_one_work+0x6bb/0xc10
[ 48.056072][ T368] worker_thread+0xad5/0x12a0
[ 48.060707][ T368] kthread+0x421/0x510
[ 48.064601][ T368] ret_from_fork+0x1f/0x30
[ 48.068949][ T368]
[ 48.071190][ T368] Memory state around the buggy address:
[ 48.076810][ T368] ffff88810cd9b780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.084658][ T368] ffff88810cd9b800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.092633][ T368] >ffff88810cd9b880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.100747][ T368] ^
[ 48.106754][ T368] ffff88810cd9b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.114652][ T368] ffff88810cd9b980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.122622][ T368] ==================================================================
[ 48.141280][ T372] FAULT_INJECTION: forcing a failure.
[ 48.141280][ T372] name failslab, interval 1, probability 0, space 0, times 0
[ 48.155084][ T372] CPU: 1 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.166790][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 48.176980][ T372] Call Trace:
[ 48.180101][ T372]
[ 48.182969][ T372] dump_stack_lvl+0x151/0x1b7
[ 48.187483][ T372] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.193045][ T372] dump_stack+0x15/0x17
[ 48.197026][ T372] should_fail+0x3c6/0x510
[ 48.201284][ T372] __should_failslab+0xa4/0xe0
[ 48.205878][ T372] should_failslab+0x9/0x20
[ 48.210305][ T372] slab_pre_alloc_hook+0x37/0xd0
[ 48.215094][ T372] kmem_cache_alloc_trace+0x48/0x210
[ 48.220288][ T372] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.225927][ T372] ? migrate_disable+0x190/0x190
[ 48.230703][ T372] sk_psock_skb_ingress_self+0x60/0x330
[ 48.236083][ T372] sk_psock_verdict_recv+0x66d/0x840
[ 48.241398][ T372] unix_read_sock+0x132/0x370
[ 48.246005][ T372] ? sk_psock_skb_redirect+0x440/0x440
[ 48.251290][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 48.256865][ T372] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.262148][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 48.267704][ T372] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.273420][ T372] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.278655][ T372] ? _raw_spin_lock+0xa4/0x1b0
[ 48.283235][ T372] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.288975][ T372] ? skb_queue_tail+0xfb/0x120
[ 48.293567][ T372] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.298711][ T372] ? unix_dgram_poll+0x710/0x710
[ 48.303559][ T372] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.308429][ T372] ? security_socket_sendmsg+0x82/0xb0
[ 48.314153][ T372] ? unix_dgram_poll+0x710/0x710
[ 48.319019][ T372] ____sys_sendmsg+0x59e/0x8f0
[ 48.323607][ T372] ? __sys_sendmsg_sock+0x40/0x40
[ 48.328640][ T372] ? import_iovec+0xe5/0x120
[ 48.333121][ T372] ___sys_sendmsg+0x252/0x2e0
[ 48.337598][ T372] ? __sys_sendmsg+0x260/0x260
[ 48.342269][ T372] ? do_handle_mm_fault+0x1949/0x2330
[ 48.347772][ T372] ? __kasan_check_write+0x14/0x20
[ 48.352793][ T372] ? proc_fail_nth_write+0x20b/0x290
[ 48.357911][ T372] ? __fdget+0x1bc/0x240
[ 48.361988][ T372] __sys_sendmmsg+0x2bf/0x530
[ 48.366865][ T372] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.371916][ T372] ? mutex_unlock+0xb2/0x260
[ 48.376330][ T372] ? __kasan_check_write+0x14/0x20
[ 48.381298][ T372] ? debug_smp_processor_id+0x17/0x20
[ 48.386480][ T372] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.393168][ T372] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.397809][ T372] do_syscall_64+0x3d/0xb0
[ 48.402167][ T372] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.407892][ T372] RIP: 0033:0x7fd8d056ada9
[ 48.412652][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.432277][ T372] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.440782][ T372] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 48.449538][ T372] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 48.457719][ T372] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 48.466050][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.474041][ T372] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 48.482128][ T372]
[ 48.487062][ T371] ==================================================================
[ 48.494941][ T371] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.503270][ T371]
[ 48.505433][ T371] CPU: 0 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.517321][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 48.527834][ T371] Call Trace:
[ 48.530950][ T371]
[ 48.533737][ T371] dump_stack_lvl+0x151/0x1b7
[ 48.538432][ T371] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.544271][ T371] ? __wake_up_klogd+0xd5/0x110
[ 48.548928][ T371] ? panic+0x751/0x751
[ 48.553418][ T371] ? kmem_cache_free+0x116/0x2e0
[ 48.558655][ T371] print_address_description+0x87/0x3b0
[ 48.564001][ T371] ? kmem_cache_free+0x116/0x2e0
[ 48.568764][ T371] ? kmem_cache_free+0x116/0x2e0
[ 48.573538][ T371] kasan_report_invalid_free+0x6b/0xa0
[ 48.578826][ T371] ____kasan_slab_free+0x13e/0x160
[ 48.583871][ T371] __kasan_slab_free+0x11/0x20
[ 48.588458][ T371] slab_free_freelist_hook+0xbd/0x190
[ 48.594383][ T371] ? kfree_skbmem+0x104/0x170
[ 48.598880][ T371] kmem_cache_free+0x116/0x2e0
[ 48.603459][ T371] kfree_skbmem+0x104/0x170
[ 48.608677][ T371] consume_skb+0xb4/0x250
[ 48.613021][ T371] __sk_msg_free+0x2dd/0x370
[ 48.617572][ T371] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.623207][ T371] sk_psock_stop+0x44c/0x4d0
[ 48.628168][ T371] ? unix_peer_get+0xe0/0xe0
[ 48.633730][ T371] sock_map_close+0x2b9/0x4c0
[ 48.638335][ T371] ? sock_map_remove_links+0x570/0x570
[ 48.643807][ T371] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.649283][ T371] unix_release+0x82/0xc0
[ 48.653428][ T371] sock_close+0xdf/0x270
[ 48.657591][ T371] ? sock_mmap+0xa0/0xa0
[ 48.661673][ T371] __fput+0x3fe/0x910
[ 48.665593][ T371] ____fput+0x15/0x20
[ 48.669564][ T371] task_work_run+0x129/0x190
[ 48.674083][ T371] exit_to_user_mode_loop+0xc4/0xe0
[ 48.679333][ T371] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.684585][ T371] syscall_exit_to_user_mode+0x26/0x160
[ 48.690231][ T371] do_syscall_64+0x49/0xb0
[ 48.694595][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.700380][ T371] RIP: 0033:0x7fd8d0569c9a
[ 48.704670][ T371] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.724431][ T371] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.732957][ T371] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 48.741442][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.749555][ T371] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 48.757626][ T371] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bf38
[ 48.765540][ T371] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000bbf7
[ 48.773427][ T371]
[ 48.776278][ T371]
[ 48.778481][ T371] Allocated by task 372:
[ 48.782556][ T371] __kasan_slab_alloc+0xb1/0xe0
[ 48.787580][ T371] slab_post_alloc_hook+0x53/0x2c0
[ 48.792782][ T371] kmem_cache_alloc+0xf5/0x200
[ 48.797545][ T371] skb_clone+0x1d1/0x360
[ 48.801714][ T371] sk_psock_verdict_recv+0x53/0x840
[ 48.806830][ T371] unix_read_sock+0x132/0x370
[ 48.811444][ T371] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.817593][ T371] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.822626][ T371] ____sys_sendmsg+0x59e/0x8f0
[ 48.827225][ T371] ___sys_sendmsg+0x252/0x2e0
[ 48.831747][ T371] __sys_sendmmsg+0x2bf/0x530
[ 48.836605][ T371] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.841743][ T371] do_syscall_64+0x3d/0xb0
[ 48.846061][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.851969][ T371]
[ 48.854218][ T371] Freed by task 20:
[ 48.858463][ T371] kasan_set_track+0x4b/0x70
[ 48.862905][ T371] kasan_set_free_info+0x23/0x40
[ 48.868286][ T371] ____kasan_slab_free+0x126/0x160
[ 48.873529][ T371] __kasan_slab_free+0x11/0x20
[ 48.878936][ T371] slab_free_freelist_hook+0xbd/0x190
[ 48.884424][ T371] kmem_cache_free+0x116/0x2e0
[ 48.889187][ T371] kfree_skbmem+0x104/0x170
[ 48.893847][ T371] kfree_skb+0xc2/0x360
[ 48.897867][ T371] sk_psock_backlog+0xc21/0xd90
[ 48.902561][ T371] process_one_work+0x6bb/0xc10
[ 48.907269][ T371] worker_thread+0xad5/0x12a0
[ 48.911753][ T371] kthread+0x421/0x510
[ 48.915659][ T371] ret_from_fork+0x1f/0x30
[ 48.919913][ T371]
[ 48.922081][ T371] The buggy address belongs to the object at ffff88810d676500
[ 48.922081][ T371] which belongs to the cache skbuff_head_cache of size 248
[ 48.937285][ T371] The buggy address is located 0 bytes inside of
[ 48.937285][ T371] 248-byte region [ffff88810d676500, ffff88810d6765f8)
[ 48.951261][ T371] The buggy address belongs to the page:
[ 48.956983][ T371] page:ffffea0004359d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d676
[ 48.967578][ T371] flags: 0x4000000000000200(slab|zone=1)
[ 48.973310][ T371] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100350a80
[ 48.981821][ T371] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.990882][ T371] page dumped because: kasan: bad access detected
[ 48.997332][ T371] page_owner tracks the page as allocated
[ 49.003309][ T371] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4028128815, free_ts 4028060176
[ 49.019116][ T371] post_alloc_hook+0x1a3/0x1b0
[ 49.023794][ T371] prep_new_page+0x1b/0x110
[ 49.028312][ T371] get_page_from_freelist+0x3550/0x35d0
[ 49.033694][ T371] __alloc_pages+0x27e/0x8f0
[ 49.038115][ T371] new_slab+0x9a/0x4e0
[ 49.042107][ T371] ___slab_alloc+0x39e/0x830
[ 49.046716][ T371] __slab_alloc+0x4a/0x90
[ 49.051077][ T371] kmem_cache_alloc+0x134/0x200
[ 49.055855][ T371] skb_clone+0x1d1/0x360
[ 49.060279][ T371] netlink_broadcast_filtered+0x692/0x1220
[ 49.066099][ T371] netlink_broadcast+0x3a/0x50
[ 49.071567][ T371] kobject_uevent_net_broadcast+0x3a1/0x590
[ 49.078565][ T371] kobject_uevent_env+0x525/0x700
[ 49.085314][ T371] kobject_synth_uevent+0x4eb/0xae0
[ 49.091288][ T371] uevent_store+0x4b/0x70
[ 49.095749][ T371] drv_attr_store+0x78/0xa0
[ 49.100714][ T371] page last free stack trace:
[ 49.105224][ T371] free_unref_page_prepare+0x7c8/0x7d0
[ 49.110852][ T371] free_unref_page+0xe8/0x750
[ 49.115599][ T371] __free_pages+0x61/0xf0
[ 49.119827][ T371] free_pages+0x7c/0x90
[ 49.123877][ T371] selinux_genfs_get_sid+0x24d/0x2a0
[ 49.129081][ T371] inode_doinit_with_dentry+0x8d2/0x1070
[ 49.134813][ T371] selinux_d_instantiate+0x27/0x40
[ 49.139923][ T371] security_d_instantiate+0x9f/0x100
[ 49.145333][ T371] d_splice_alias+0x6d/0x390
[ 49.149769][ T371] kernfs_iop_lookup+0x29e/0x2f0
[ 49.154822][ T371] path_openat+0x1194/0x2f40
[ 49.159305][ T371] do_filp_open+0x21c/0x460
[ 49.163626][ T371] do_sys_openat2+0x13f/0x830
[ 49.168119][ T371] __x64_sys_openat+0x243/0x290
[ 49.172790][ T371] do_syscall_64+0x3d/0xb0
[ 49.177302][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.183064][ T371]
[ 49.185201][ T371] Memory state around the buggy address:
[ 49.190761][ T371] ffff88810d676400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.198673][ T371] ffff88810d676480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.206728][ T371] >ffff88810d676500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.214977][ T371] ^
[ 49.219368][ T371] ffff88810d676580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.227311][ T371] ffff88810d676600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.235280][ T371] ==================================================================
[ 49.255993][ T375] FAULT_INJECTION: forcing a failure.
[ 49.255993][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 49.269000][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.280537][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 49.290522][ T375] Call Trace:
[ 49.293633][ T375]
[ 49.296541][ T375] dump_stack_lvl+0x151/0x1b7
[ 49.301053][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.306689][ T375] dump_stack+0x15/0x17
[ 49.311116][ T375] should_fail+0x3c6/0x510
[ 49.315638][ T375] __should_failslab+0xa4/0xe0
[ 49.320222][ T375] should_failslab+0x9/0x20
[ 49.325266][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 49.330048][ T375] kmem_cache_alloc_trace+0x48/0x210
[ 49.335144][ T375] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.340734][ T375] ? migrate_disable+0x190/0x190
[ 49.345580][ T375] sk_psock_skb_ingress_self+0x60/0x330
[ 49.350987][ T375] sk_psock_verdict_recv+0x66d/0x840
[ 49.356079][ T375] unix_read_sock+0x132/0x370
[ 49.360597][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 49.366441][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 49.372089][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.377737][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 49.383513][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.389454][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.394814][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 49.399615][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.405344][ T375] ? skb_queue_tail+0xfb/0x120
[ 49.410055][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.415187][ T375] ? unix_dgram_poll+0x710/0x710
[ 49.420055][ T375] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.425130][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 49.430620][ T375] ? unix_dgram_poll+0x710/0x710
[ 49.435466][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 49.440493][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 49.445817][ T375] ? import_iovec+0xe5/0x120
[ 49.450380][ T375] ___sys_sendmsg+0x252/0x2e0
[ 49.455082][ T375] ? __sys_sendmsg+0x260/0x260
[ 49.459674][ T375] ? do_handle_mm_fault+0x1949/0x2330
[ 49.464891][ T375] ? __kasan_check_write+0x14/0x20
[ 49.469910][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 49.475274][ T375] ? __fdget+0x1bc/0x240
[ 49.479676][ T375] __sys_sendmmsg+0x2bf/0x530
[ 49.484329][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.489349][ T375] ? mutex_unlock+0xb2/0x260
[ 49.493886][ T375] ? __kasan_check_write+0x14/0x20
[ 49.498819][ T375] ? debug_smp_processor_id+0x17/0x20
[ 49.504316][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.510652][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.515340][ T375] do_syscall_64+0x3d/0xb0
[ 49.520078][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.525787][ T375] RIP: 0033:0x7fd8d056ada9
[ 49.530246][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.550407][ T375] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.558922][ T375] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 49.566719][ T375] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 49.575144][ T375] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 49.582961][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.591032][ T375] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 49.599414][ T375]
[ 49.604021][ T374] ==================================================================
[ 49.612225][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.620461][ T374]
[ 49.622636][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.634592][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 49.645466][ T374] Call Trace:
[ 49.648588][ T374]
[ 49.651449][ T374] dump_stack_lvl+0x151/0x1b7
[ 49.655967][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.661552][ T374] ? __wake_up_klogd+0xd5/0x110
[ 49.666239][ T374] ? panic+0x751/0x751
[ 49.670334][ T374] ? kmem_cache_free+0x116/0x2e0
[ 49.675240][ T374] print_address_description+0x87/0x3b0
[ 49.680578][ T374] ? kmem_cache_free+0x116/0x2e0
[ 49.685437][ T374] ? kmem_cache_free+0x116/0x2e0
[ 49.690559][ T374] kasan_report_invalid_free+0x6b/0xa0
[ 49.695937][ T374] ____kasan_slab_free+0x13e/0x160
[ 49.700983][ T374] __kasan_slab_free+0x11/0x20
[ 49.705597][ T374] slab_free_freelist_hook+0xbd/0x190
[ 49.710783][ T374] ? kfree_skbmem+0x104/0x170
[ 49.715307][ T374] kmem_cache_free+0x116/0x2e0
[ 49.720159][ T374] kfree_skbmem+0x104/0x170
[ 49.724494][ T374] consume_skb+0xb4/0x250
[ 49.728658][ T374] __sk_msg_free+0x2dd/0x370
[ 49.733180][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.738820][ T374] sk_psock_stop+0x44c/0x4d0
[ 49.743250][ T374] ? unix_peer_get+0xe0/0xe0
[ 49.747766][ T374] sock_map_close+0x2b9/0x4c0
[ 49.752395][ T374] ? sock_map_remove_links+0x570/0x570
[ 49.757694][ T374] ? rwsem_mark_wake+0x6b0/0x6b0
[ 49.762581][ T374] unix_release+0x82/0xc0
[ 49.766742][ T374] sock_close+0xdf/0x270
[ 49.770830][ T374] ? sock_mmap+0xa0/0xa0
[ 49.774897][ T374] __fput+0x3fe/0x910
[ 49.778714][ T374] ____fput+0x15/0x20
[ 49.782534][ T374] task_work_run+0x129/0x190
[ 49.787066][ T374] exit_to_user_mode_loop+0xc4/0xe0
[ 49.792098][ T374] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.797395][ T374] syscall_exit_to_user_mode+0x26/0x160
[ 49.802775][ T374] do_syscall_64+0x49/0xb0
[ 49.807323][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.813115][ T374] RIP: 0033:0x7fd8d0569c9a
[ 49.817369][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.836992][ T374] RSP: 002b:00007ffe590d9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.845239][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fd8d0569c9a
[ 49.853238][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.861248][ T374] RBP: 00007fd8d069b980 R08: 0000001b31360000 R09: 00007ffe591b30b0
[ 49.869054][ T374] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c393
[ 49.876852][ T374] R13: ffffffffffffffff R14: 00007fd8d00ee000 R15: 000000000000c052
[ 49.885291][ T374]
[ 49.888230][ T374]
[ 49.890756][ T374] Allocated by task 375:
[ 49.894961][ T374] __kasan_slab_alloc+0xb1/0xe0
[ 49.899774][ T374] slab_post_alloc_hook+0x53/0x2c0
[ 49.904724][ T374] kmem_cache_alloc+0xf5/0x200
[ 49.909407][ T374] skb_clone+0x1d1/0x360
[ 49.913482][ T374] sk_psock_verdict_recv+0x53/0x840
[ 49.918637][ T374] unix_read_sock+0x132/0x370
[ 49.923247][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.928966][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.934483][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 49.939211][ T374] ___sys_sendmsg+0x252/0x2e0
[ 49.944343][ T374] __sys_sendmmsg+0x2bf/0x530
[ 49.949162][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.955246][ T374] do_syscall_64+0x3d/0xb0
[ 49.959751][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.965573][ T374]
[ 49.968388][ T374] Freed by task 20:
[ 49.972113][ T374] kasan_set_track+0x4b/0x70
[ 49.976559][ T374] kasan_set_free_info+0x23/0x40
[ 49.981409][ T374] ____kasan_slab_free+0x126/0x160
[ 49.986432][ T374] __kasan_slab_free+0x11/0x20
[ 49.991631][ T374] slab_free_freelist_hook+0xbd/0x190
[ 49.997114][ T374] kmem_cache_free+0x116/0x2e0
[ 50.001917][ T374] kfree_skbmem+0x104/0x170
[ 50.006237][ T374] kfree_skb+0xc2/0x360
[ 50.010330][ T374] sk_psock_backlog+0xc21/0xd90
[ 50.015128][ T374] process_one_work+0x6bb/0xc10
[ 50.019885][ T374] worker_thread+0xad5/0x12a0
[ 50.024697][ T374] kthread+0x421/0x510
[ 50.028614][ T374] ret_from_fork+0x1f/0x30
[ 50.032843][ T374]
[ 50.035019][ T374] The buggy address belongs to the object at ffff88810cd97a00
[ 50.035019][ T374] which belongs to the cache skbuff_head_cache of size 248
[ 50.049704][ T374] The buggy address is located 0 bytes inside of
[ 50.049704][ T374] 248-byte region [ffff88810cd97a00, ffff88810cd97af8)
[ 50.062622][ T374] The buggy address belongs to the page:
[ 50.068086][ T374] page:ffffea00043365c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cd97
[ 50.078303][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 50.083743][ T374] raw: 4000000000000200 0000000000000000 0000000a00000001 ffff888100350a80
[ 50.092249][ T374] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.100747][ T374] page dumped because: kasan: bad access detected
[ 50.106999][ T374] page_owner tracks the page as allocated
[ 50.112563][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 97, ts 3728642747, free_ts 3701967806
[ 50.128172][ T374] post_alloc_hook+0x1a3/0x1b0
[ 50.132765][ T374] prep_new_page+0x1b/0x110
[ 50.137113][ T374] get_page_from_freelist+0x3550/0x35d0
[ 50.142663][ T374] __alloc_pages+0x27e/0x8f0
[ 50.147075][ T374] new_slab+0x9a/0x4e0
[ 50.151273][ T374] ___slab_alloc+0x39e/0x830
[ 50.155699][ T374] __slab_alloc+0x4a/0x90
[ 50.160214][ T374] kmem_cache_alloc+0x134/0x200
[ 50.164919][ T374] __alloc_skb+0xbe/0x550
[ 50.169056][ T374] sock_wmalloc+0xb2/0x130
[ 50.173577][ T374] unix_stream_connect+0x457/0x1510
[ 50.178787][ T374] __sys_connect+0x38b/0x410
[ 50.183227][ T374] __x64_sys_connect+0x7a/0x90
[ 50.188158][ T374] do_syscall_64+0x3d/0xb0
[ 50.192506][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.198485][ T374] page last free stack trace:
[ 50.203244][ T374] free_unref_page_prepare+0x7c8/0x7d0
[ 50.208680][ T374] free_unref_page_list+0x14b/0xa60
[ 50.213826][ T374] release_pages+0x1310/0x1370
[ 50.218407][ T374] free_pages_and_swap_cache+0x8a/0xa0
[ 50.223787][ T374] tlb_finish_mmu+0x177/0x320
[ 50.228570][ T374] exit_mmap+0x3ef/0x6f0
[ 50.232987][ T374] __mmput+0x95/0x310
[ 50.237064][ T374] mmput+0x5b/0x170
[ 50.240715][ T374] do_exit+0xb9c/0x2ca0
[ 50.244877][ T374] do_group_exit+0x141/0x310
[ 50.249389][ T374] __x64_sys_exit_group+0x3f/0x40
[ 50.254511][ T374] do_syscall_64+0x3d/0xb0
[ 50.258773][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.264990][ T374]
[ 50.267097][ T374] Memory state around the buggy address:
[ 50.272872][ T374] ffff88810cd97900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.280876][ T374] ffff88810cd97980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.288771][ T374] >ffff88810cd97a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.296661][ T374] ^
[ 50.300655][ T374] ffff88810cd97a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.309053][ T374] ffff88810cd97b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.317343][ T374] ==================================================================
[ 50.334409][ T378] FAULT_INJECTION: forcing a failure.
[ 50.334409][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 50.347191][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 50.358626][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 50.368861][ T378] Call Trace:
[ 50.372252][ T378]
[ 50.375212][ T378] dump_stack_lvl+0x151/0x1b7
[ 50.380063][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.385537][ T378] dump_stack+0x15/0x17
[ 50.389617][ T378] should_fail+0x3c6/0x510
[ 50.393863][ T378] __should_failslab+0xa4/0xe0
[ 50.398486][ T378] should_failslab+0x9/0x20
[ 50.402806][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 50.407586][ T378] kmem_cache_alloc_trace+0x48/0x210
[ 50.412775][ T378] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.418344][ T378] ? migrate_disable+0x190/0x190
[ 50.423113][ T378] sk_psock_skb_ingress_self+0x60/0x330
[ 50.428528][ T378] sk_psock_verdict_recv+0x66d/0x840
[ 50.433708][ T378] unix_read_sock+0x132/0x370
[ 50.438452][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 50.443831][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 50.449784][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.455464][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 50.461054][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.466913][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.472262][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 50.477096][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.482798][ T378] ? skb_queue_tail+0xfb/0x120
[ 50.487622][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.492814][ T378] ? unix_dgram_poll+0x710/0x710
[ 50.497579][ T378] ? __pagevec_lru_add+0xcde/0xd70
[ 50.502526][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 50.508210][ T378] ? unix_dgram_poll+0x710/0x710
[ 50.513285][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 50.518036][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 50.522986][ T378] ? import_iovec+0xe5/0x120
[ 50.527494][ T378] ___sys_sendmsg+0x252/0x2e0
[ 50.532000][ T378] ? __sys_sendmsg+0x260/0x260
[ 50.536612][ T378] ? do_handle_mm_fault+0x1949/0x2330
[ 50.541810][ T378] ? __kasan_check_write+0x14/0x20
[ 50.547503][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 50.552710][ T378] ? __fdget+0x1bc/0x240
[ 50.556778][ T378] __sys_sendmmsg+0x2bf/0x530
[ 50.561383][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.566346][ T378] ? mutex_unlock+0xb2/0x260
[ 50.571057][ T378] ? __kasan_check_write+0x14/0x20
[ 50.576088][ T378] ? debug_smp_processor_id+0x17/0x20
[ 50.582449][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.588328][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.593383][ T378] do_syscall_64+0x3d/0xb0
[ 50.597949][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.603788][ T378] RIP: 0033:0x7fd8d056ada9
[ 50.608013][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.627911][ T378] RSP: 002b:00007fd8d00ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.636355][ T378] RAX: ffffffffffffffda RBX: 00007fd8d0699f80 RCX: 00007fd8d056ada9
[ 50.644167][ T378] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.652157][ T378] RBP: 00007fd8d00ed120 R08: 0000000000000000 R09: 0000000000000000
[ 50.659952][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.668013][ T378] R13: 000000000000000b R14: 00007fd8d0699f80 R15: 00007ffe590d8f58
[ 50.675828][ T378]
[ 50.680055][ T377] ==================================================================