Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts.
2024/12/12 13:13:00 ignoring optional flag "sandboxArg"="0"
2024/12/12 13:13:00 ignoring optional flag "type"="gce"
2024/12/12 13:13:00 parsed 1 programs
2024/12/12 13:13:00 executed programs: 0
[ 48.476674][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 48.476690][ T30] audit: type=1400 audit(1734009180.867:95): avc: denied { unlink } for pid=350 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 48.512829][ T350] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 48.572586][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.579652][ T356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.586941][ T356] device bridge_slave_0 entered promiscuous mode
[ 48.594111][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.601531][ T356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.608709][ T356] device bridge_slave_1 entered promiscuous mode
[ 48.657124][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.664253][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.671373][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.678379][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.698696][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.705990][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.713680][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 48.721142][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.729928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.738075][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.745057][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.753906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.762606][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.771032][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.784550][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.794123][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.808559][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.819718][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.827679][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.835224][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.845021][ T356] device veth0_vlan entered promiscuous mode
[ 48.857090][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.866909][ T356] device veth1_macvtap entered promiscuous mode
[ 48.877185][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.887152][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 48.909754][ T30] audit: type=1400 audit(1734009181.297:96): avc: denied { prog_load } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.929447][ T30] audit: type=1400 audit(1734009181.307:97): avc: denied { bpf } for pid=360 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 48.961533][ T364] FAULT_INJECTION: forcing a failure.
[ 48.961533][ T364] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 48.974809][ T30] audit: type=1400 audit(1734009181.347:98): avc: denied { map_create } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.994342][ T364] CPU: 0 PID: 364 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 48.994374][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.994396][ T364] Call Trace:
[ 49.004834][ T30] audit: type=1400 audit(1734009181.347:99): avc: denied { map_read map_write } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 49.014342][ T364]
[ 49.014353][ T364] dump_stack_lvl+0x151/0x1c0
[ 49.014399][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.014425][ T364] ? vsnprintf+0x1dd/0x1c70
[ 49.014446][ T364] dump_stack+0x15/0x20
[ 49.058622][ T364] should_fail+0x3c6/0x510
[ 49.062943][ T364] should_fail_usercopy+0x1a/0x20
[ 49.067893][ T364] _copy_from_user+0x20/0xd0
[ 49.072524][ T364] kstrtouint_from_user+0xca/0x2a0
[ 49.077513][ T364] ? kstrtol_from_user+0x310/0x310
[ 49.082401][ T364] ? snprintf+0xd6/0x120
[ 49.086478][ T364] ? check_stack_object+0x114/0x130
[ 49.091663][ T364] ? __kasan_check_read+0x11/0x20
[ 49.096683][ T364] ? _copy_to_user+0x78/0x90
[ 49.101099][ T364] proc_fail_nth_write+0xa6/0x290
[ 49.106051][ T364] ? selinux_file_permission+0x2c4/0x570
[ 49.111968][ T364] ? proc_fail_nth_read+0x210/0x210
[ 49.117104][ T364] ? fsnotify_perm+0x6a/0x5b0
[ 49.121830][ T364] ? security_file_permission+0x86/0xb0
[ 49.127293][ T364] ? proc_fail_nth_read+0x210/0x210
[ 49.132402][ T364] vfs_write+0x406/0x1110
[ 49.136666][ T364] ? file_end_write+0x1c0/0x1c0
[ 49.141342][ T364] ? __kasan_check_write+0x14/0x20
[ 49.146308][ T364] ? mutex_lock+0xb6/0x1e0
[ 49.150540][ T364] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.157050][ T364] ? __fdget_pos+0x2e7/0x3a0
[ 49.161517][ T364] ? ksys_write+0x77/0x2c0
[ 49.166143][ T364] ksys_write+0x199/0x2c0
[ 49.170394][ T364] ? __ia32_sys_read+0x90/0x90
[ 49.175069][ T364] ? debug_smp_processor_id+0x17/0x20
[ 49.180322][ T364] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.186520][ T364] __x64_sys_write+0x7b/0x90
[ 49.191624][ T364] x64_sys_call+0x2f/0x9a0
[ 49.197030][ T364] do_syscall_64+0x3b/0xb0
[ 49.201365][ T364] ? clear_bhb_loop+0x35/0x90
[ 49.205864][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.211594][ T364] RIP: 0033:0x7f23fa66782f
[ 49.216317][ T364] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[ 49.238418][ T364] RSP: 002b:00007f23fa1ca0c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 49.246847][ T364] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f23fa66782f
[ 49.254846][ T364] RDX: 0000000000000001 RSI: 00007f23fa1ca130 RDI: 0000000000000005
[ 49.264279][ T364] RBP: 00007f23fa1ca120 R08: 0000000000000000 R09: 0000000000000000
[ 49.272570][ T364] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 49.280669][ T364] R13: 000000000000006e R14: 00007f23fa788050 R15: 00007ffe06ba14a8
[ 49.288631][ T364]
[ 49.378399][ T30] audit: type=1400 audit(1734009181.767:100): avc: denied { perfmon } for pid=360 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 49.407310][ T30] audit: type=1400 audit(1734009181.797:101): avc: denied { prog_run } for pid=365 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 49.407359][ T366] FAULT_INJECTION: forcing a failure.
[ 49.407359][ T366] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 49.440102][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.450259][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.460449][ T366] Call Trace:
[ 49.463543][ T366]
[ 49.466322][ T366] dump_stack_lvl+0x151/0x1c0
[ 49.471111][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.476665][ T366] dump_stack+0x15/0x20
[ 49.480661][ T366] should_fail+0x3c6/0x510
[ 49.485002][ T366] should_fail_alloc_page+0x5a/0x80
[ 49.490035][ T366] prepare_alloc_pages+0x15c/0x700
[ 49.494984][ T366] ? __alloc_pages_bulk+0xe40/0xe40
[ 49.500033][ T366] ? stack_trace_save+0x1c0/0x1c0
[ 49.505374][ T366] __alloc_pages+0x18c/0x8f0
[ 49.509891][ T366] ? prep_new_page+0x110/0x110
[ 49.514483][ T366] ? stack_trace_save+0x113/0x1c0
[ 49.519345][ T366] ? unwind_get_return_address+0x4d/0x90
[ 49.524900][ T366] ? stack_trace_snprint+0xf0/0xf0
[ 49.530105][ T366] ? arch_stack_walk+0xf3/0x140
[ 49.535197][ T366] __stack_depot_save+0x38d/0x470
[ 49.540053][ T366] __kasan_slab_alloc+0xc3/0xe0
[ 49.544828][ T366] ? __kasan_slab_alloc+0xb1/0xe0
[ 49.549816][ T366] ? slab_post_alloc_hook+0x53/0x2c0
[ 49.554941][ T366] ? kmem_cache_alloc+0xf5/0x200
[ 49.559723][ T366] ? skb_clone+0x1d1/0x360
[ 49.563965][ T366] ? sk_psock_verdict_recv+0x53/0x840
[ 49.569187][ T366] ? unix_read_sock+0x132/0x370
[ 49.574170][ T366] ? sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.580306][ T366] ? unix_dgram_sendmsg+0x15fa/0x2090
[ 49.585520][ T366] ? ____sys_sendmsg+0x59e/0x8f0
[ 49.590375][ T366] ? ___sys_sendmsg+0x252/0x2e0
[ 49.595143][ T366] ? __sys_sendmmsg+0x2bf/0x530
[ 49.599939][ T366] ? __x64_sys_sendmmsg+0xa0/0xb0
[ 49.604910][ T366] ? x64_sys_call+0x81d/0x9a0
[ 49.609527][ T366] ? do_syscall_64+0x3b/0xb0
[ 49.614128][ T366] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.620048][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 49.625518][ T366] ? skb_clone+0x1d1/0x360
[ 49.629783][ T366] ? skb_clone+0x1d1/0x360
[ 49.634028][ T366] kmem_cache_alloc+0xf5/0x200
[ 49.638716][ T366] skb_clone+0x1d1/0x360
[ 49.642796][ T366] sk_psock_verdict_recv+0x53/0x840
[ 49.648018][ T366] ? avc_has_perm_noaudit+0x430/0x430
[ 49.653213][ T366] ? mntput_no_expire+0xfc/0x6b0
[ 49.657994][ T366] unix_read_sock+0x132/0x370
[ 49.662512][ T366] ? sk_psock_skb_redirect+0x440/0x440
[ 49.667809][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 49.673528][ T366] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.678841][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 49.684464][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.690108][ T366] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.695402][ T366] ? _raw_spin_lock+0xa4/0x1b0
[ 49.700007][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.705977][ T366] ? skb_queue_tail+0xfb/0x120
[ 49.710577][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.715623][ T366] ? unix_dgram_poll+0x690/0x690
[ 49.720653][ T366] ? security_socket_sendmsg+0x82/0xb0
[ 49.726113][ T366] ? unix_dgram_poll+0x690/0x690
[ 49.730888][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 49.735680][ T366] ? __sys_sendmsg_sock+0x40/0x40
[ 49.740536][ T366] ? import_iovec+0xe5/0x120
[ 49.744954][ T366] ___sys_sendmsg+0x252/0x2e0
[ 49.749462][ T366] ? __sys_sendmsg+0x260/0x260
[ 49.754150][ T366] ? __kasan_check_write+0x14/0x20
[ 49.759102][ T366] ? proc_fail_nth_write+0x20b/0x290
[ 49.764364][ T366] ? __fdget+0x1bc/0x240
[ 49.768421][ T366] __sys_sendmmsg+0x2bf/0x530
[ 49.773020][ T366] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.777983][ T366] ? mutex_unlock+0xb2/0x260
[ 49.782435][ T366] ? __kasan_check_write+0x14/0x20
[ 49.787380][ T366] ? __ia32_sys_read+0x90/0x90
[ 49.791970][ T366] ? debug_smp_processor_id+0x17/0x20
[ 49.797292][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.803647][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.808554][ T366] x64_sys_call+0x81d/0x9a0
[ 49.812890][ T366] do_syscall_64+0x3b/0xb0
[ 49.817271][ T366] ? clear_bhb_loop+0x35/0x90
[ 49.822004][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.827975][ T366] RIP: 0033:0x7f23fa668ae9
[ 49.832231][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.852052][ T366] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.860294][ T366] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 49.868184][ T366] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.876177][ T366] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 49.884169][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.892099][ T366] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 49.899867][ T366]
[ 49.905724][ T30] audit: type=1400 audit(1734009182.297:102): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 49.935502][ T368] FAULT_INJECTION: forcing a failure.
[ 49.935502][ T368] name failslab, interval 1, probability 0, space 0, times 1
[ 49.947970][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.958201][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.968181][ T368] Call Trace:
[ 49.971306][ T368]
[ 49.974080][ T368] dump_stack_lvl+0x151/0x1c0
[ 49.978883][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.984547][ T368] dump_stack+0x15/0x20
[ 49.988529][ T368] should_fail+0x3c6/0x510
[ 49.992845][ T368] __should_failslab+0xa4/0xe0
[ 49.997453][ T368] should_failslab+0x9/0x20
[ 50.002076][ T368] slab_pre_alloc_hook+0x37/0xd0
[ 50.007002][ T368] kmem_cache_alloc_trace+0x48/0x210
[ 50.012301][ T368] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.017904][ T368] ? migrate_disable+0x190/0x190
[ 50.022791][ T368] sk_psock_skb_ingress_self+0x60/0x330
[ 50.028174][ T368] sk_psock_verdict_recv+0x66d/0x840
[ 50.033295][ T368] unix_read_sock+0x132/0x370
[ 50.037901][ T368] ? sk_psock_skb_redirect+0x440/0x440
[ 50.043184][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 50.048826][ T368] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.054141][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 50.059793][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.065651][ T368] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.070853][ T368] ? _raw_spin_lock+0xa4/0x1b0
[ 50.075533][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.081175][ T368] ? skb_queue_tail+0xfb/0x120
[ 50.085779][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.090934][ T368] ? unix_dgram_poll+0x690/0x690
[ 50.095870][ T368] ? __kasan_check_write+0x14/0x20
[ 50.100892][ T368] ? __cpuidle_text_end+0x2/0x2
[ 50.105595][ T368] ? cgroup_rstat_updated+0xe5/0x370
[ 50.110900][ T368] ? security_socket_sendmsg+0x82/0xb0
[ 50.116308][ T368] ? unix_dgram_poll+0x690/0x690
[ 50.121422][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 50.125996][ T368] ? __sys_sendmsg_sock+0x40/0x40
[ 50.130849][ T368] ? import_iovec+0xe5/0x120
[ 50.135443][ T368] ___sys_sendmsg+0x252/0x2e0
[ 50.139966][ T368] ? __sys_sendmsg+0x260/0x260
[ 50.144648][ T368] ? __kasan_check_write+0x14/0x20
[ 50.149811][ T368] ? proc_fail_nth_write+0x20b/0x290
[ 50.155139][ T368] ? __fdget+0x1bc/0x240
[ 50.159203][ T368] __sys_sendmmsg+0x2bf/0x530
[ 50.163838][ T368] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.168775][ T368] ? mutex_unlock+0xb2/0x260
[ 50.173205][ T368] ? __kasan_check_write+0x14/0x20
[ 50.178153][ T368] ? __ia32_sys_read+0x90/0x90
[ 50.182757][ T368] ? debug_smp_processor_id+0x17/0x20
[ 50.187968][ T368] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.193995][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.198635][ T368] x64_sys_call+0x81d/0x9a0
[ 50.203028][ T368] do_syscall_64+0x3b/0xb0
[ 50.207320][ T368] ? clear_bhb_loop+0x35/0x90
[ 50.211824][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.217904][ T368] RIP: 0033:0x7f23fa668ae9
[ 50.222159][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.241957][ T368] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.250219][ T368] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 50.258186][ T368] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.266390][ T368] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 50.274354][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.282164][ T368] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 50.289995][ T368]
[ 50.294568][ T367] ==================================================================
[ 50.302445][ T367] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 50.309129][ T367] Read of size 4 at addr ffff88810f4b936c by task syz-executor.0/367
[ 50.317027][ T367]
[ 50.319215][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.329354][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.339253][ T367] Call Trace:
[ 50.342379][ T367]
[ 50.345151][ T367] dump_stack_lvl+0x151/0x1c0
[ 50.349664][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.355294][ T367] ? panic+0x760/0x760
[ 50.359185][ T367] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 50.364813][ T367] print_address_description+0x87/0x3b0
[ 50.370329][ T367] kasan_report+0x179/0x1c0
[ 50.374753][ T367] ? consume_skb+0x3c/0x250
[ 50.379121][ T367] ? consume_skb+0x3c/0x250
[ 50.383520][ T367] kasan_check_range+0x293/0x2a0
[ 50.388377][ T367] __kasan_check_read+0x11/0x20
[ 50.393055][ T367] consume_skb+0x3c/0x250
[ 50.397222][ T367] __sk_msg_free+0x2dd/0x370
[ 50.401646][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.407289][ T367] sk_psock_stop+0x44c/0x4d0
[ 50.411715][ T367] sk_psock_drop+0x219/0x310
[ 50.416152][ T367] sock_map_unref+0x48f/0x4d0
[ 50.420662][ T367] ? __local_bh_enable_ip+0x58/0x80
[ 50.425724][ T367] ? _raw_spin_unlock_bh+0x51/0x60
[ 50.430762][ T367] sock_map_remove_links+0x41c/0x650
[ 50.435880][ T367] ? __kasan_record_aux_stack+0xd3/0xf0
[ 50.441258][ T367] ? kasan_record_aux_stack+0xe/0x10
[ 50.446485][ T367] ? task_work_add+0x27/0x1d0
[ 50.451000][ T367] ? sock_map_unhash+0x120/0x120
[ 50.455802][ T367] ? x64_sys_call+0x3d/0x9a0
[ 50.460214][ T367] ? locks_remove_posix+0x610/0x610
[ 50.465231][ T367] sock_map_close+0x114/0x530
[ 50.469745][ T367] ? unix_peer_get+0xe0/0xe0
[ 50.474258][ T367] ? sock_map_remove_links+0x650/0x650
[ 50.479637][ T367] ? rwsem_mark_wake+0x770/0x770
[ 50.484451][ T367] unix_release+0x82/0xc0
[ 50.488777][ T367] sock_close+0xdf/0x270
[ 50.492994][ T367] ? sock_mmap+0xa0/0xa0
[ 50.497011][ T367] __fput+0x228/0x8c0
[ 50.500856][ T367] ____fput+0x15/0x20
[ 50.504782][ T367] task_work_run+0x129/0x190
[ 50.509828][ T367] exit_to_user_mode_loop+0xc4/0xe0
[ 50.515012][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.520304][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 50.525724][ T367] do_syscall_64+0x47/0xb0
[ 50.530043][ T367] ? clear_bhb_loop+0x35/0x90
[ 50.534669][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.540414][ T367] RIP: 0033:0x7f23fa6679da
[ 50.544660][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.564211][ T367] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.572455][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 50.580354][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.588162][ T367] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 50.596076][ T367] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c634
[ 50.603924][ T367] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000c2f3
[ 50.611830][ T367]
[ 50.614694][ T367]
[ 50.616983][ T367] Allocated by task 368:
[ 50.621141][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 50.625828][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 50.630794][ T367] kmem_cache_alloc+0xf5/0x200
[ 50.635473][ T367] skb_clone+0x1d1/0x360
[ 50.639634][ T367] sk_psock_verdict_recv+0x53/0x840
[ 50.644669][ T367] unix_read_sock+0x132/0x370
[ 50.649339][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.655086][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.660152][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 50.664751][ T367] ___sys_sendmsg+0x252/0x2e0
[ 50.669412][ T367] __sys_sendmmsg+0x2bf/0x530
[ 50.673921][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.678936][ T367] x64_sys_call+0x81d/0x9a0
[ 50.683211][ T367] do_syscall_64+0x3b/0xb0
[ 50.687476][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.693190][ T367]
[ 50.695372][ T367] Freed by task 311:
[ 50.699101][ T367] kasan_set_track+0x4b/0x70
[ 50.703520][ T367] kasan_set_free_info+0x23/0x40
[ 50.708295][ T367] ____kasan_slab_free+0x126/0x160
[ 50.713263][ T367] __kasan_slab_free+0x11/0x20
[ 50.717937][ T367] slab_free_freelist_hook+0xbd/0x190
[ 50.723257][ T367] kmem_cache_free+0x116/0x2e0
[ 50.727833][ T367] kfree_skbmem+0x104/0x170
[ 50.732177][ T367] kfree_skb+0xc2/0x360
[ 50.736291][ T367] sk_psock_backlog+0xc21/0xd90
[ 50.741299][ T367] process_one_work+0x6bb/0xc10
[ 50.746069][ T367] worker_thread+0xad5/0x12a0
[ 50.750606][ T367] kthread+0x421/0x510
[ 50.754483][ T367] ret_from_fork+0x1f/0x30
[ 50.758871][ T367]
[ 50.761007][ T367] The buggy address belongs to the object at ffff88810f4b9280
[ 50.761007][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 50.775667][ T367] The buggy address is located 236 bytes inside of
[ 50.775667][ T367] 248-byte region [ffff88810f4b9280, ffff88810f4b9378)
[ 50.789215][ T367] The buggy address belongs to the page:
[ 50.794797][ T367] page:ffffea00043d2e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f4b9
[ 50.805200][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 50.811001][ T367] raw: 4000000000000200 ffffea00043d1240 0000000300000003 ffff8881081abb00
[ 50.819668][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.828379][ T367] page dumped because: kasan: bad access detected
[ 50.835017][ T367] page_owner tracks the page as allocated
[ 50.840648][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 114, ts 4459792684, free_ts 0
[ 50.855694][ T367] post_alloc_hook+0x1a3/0x1b0
[ 50.860399][ T367] prep_new_page+0x1b/0x110
[ 50.864744][ T367] get_page_from_freelist+0x3550/0x35d0
[ 50.870578][ T367] __alloc_pages+0x27e/0x8f0
[ 50.875090][ T367] new_slab+0x9a/0x4e0
[ 50.879107][ T367] ___slab_alloc+0x39e/0x830
[ 50.883530][ T367] __slab_alloc+0x4a/0x90
[ 50.887947][ T367] kmem_cache_alloc+0x134/0x200
[ 50.892616][ T367] __alloc_skb+0xbe/0x550
[ 50.896781][ T367] alloc_skb_with_frags+0xa6/0x680
[ 50.901819][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 50.907144][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.912174][ T367] sock_write_iter+0x39b/0x530
[ 50.916778][ T367] vfs_write+0xd5d/0x1110
[ 50.920931][ T367] ksys_write+0x199/0x2c0
[ 50.925094][ T367] __x64_sys_write+0x7b/0x90
[ 50.929530][ T367] page_owner free stack trace missing
[ 50.934731][ T367]
[ 50.936895][ T367] Memory state around the buggy address:
[ 50.942370][ T367] ffff88810f4b9200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.950266][ T367] ffff88810f4b9280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.958390][ T367] >ffff88810f4b9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.966380][ T367] ^
[ 50.973663][ T367] ffff88810f4b9380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.981672][ T367] ffff88810f4b9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.989540][ T367] ==================================================================
[ 50.997436][ T367] Disabling lock debugging due to kernel taint
[ 51.003601][ T367] ==================================================================
[ 51.011416][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.020212][ T367]
[ 51.022394][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.034115][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.044016][ T367] Call Trace:
[ 51.047219][ T367]
[ 51.050002][ T367] dump_stack_lvl+0x151/0x1c0
[ 51.054512][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.059977][ T367] ? __wake_up_klogd+0xd5/0x110
[ 51.064668][ T367] ? panic+0x760/0x760
[ 51.068576][ T367] ? kmem_cache_free+0x116/0x2e0
[ 51.073640][ T367] print_address_description+0x87/0x3b0
[ 51.079384][ T367] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 51.085475][ T367] ? kmem_cache_free+0x116/0x2e0
[ 51.090384][ T367] ? kmem_cache_free+0x116/0x2e0
[ 51.095106][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 51.100501][ T367] ____kasan_slab_free+0x13e/0x160
[ 51.105524][ T367] __kasan_slab_free+0x11/0x20
[ 51.110337][ T367] slab_free_freelist_hook+0xbd/0x190
[ 51.115691][ T367] ? kfree_skbmem+0x104/0x170
[ 51.120191][ T367] kmem_cache_free+0x116/0x2e0
[ 51.124794][ T367] kfree_skbmem+0x104/0x170
[ 51.129148][ T367] consume_skb+0xb4/0x250
[ 51.133657][ T367] __sk_msg_free+0x2dd/0x370
[ 51.138083][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.143715][ T367] sk_psock_stop+0x44c/0x4d0
[ 51.148141][ T367] sk_psock_drop+0x219/0x310
[ 51.153015][ T367] sock_map_unref+0x48f/0x4d0
[ 51.157615][ T367] ? __local_bh_enable_ip+0x58/0x80
[ 51.162957][ T367] ? _raw_spin_unlock_bh+0x51/0x60
[ 51.167996][ T367] sock_map_remove_links+0x41c/0x650
[ 51.173531][ T367] ? __kasan_record_aux_stack+0xd3/0xf0
[ 51.179158][ T367] ? kasan_record_aux_stack+0xe/0x10
[ 51.184469][ T367] ? task_work_add+0x27/0x1d0
[ 51.189462][ T367] ? sock_map_unhash+0x120/0x120
[ 51.194340][ T367] ? x64_sys_call+0x3d/0x9a0
[ 51.198715][ T367] ? locks_remove_posix+0x610/0x610
[ 51.204098][ T367] sock_map_close+0x114/0x530
[ 51.209068][ T367] ? unix_peer_get+0xe0/0xe0
[ 51.214142][ T367] ? sock_map_remove_links+0x650/0x650
[ 51.219858][ T367] ? rwsem_mark_wake+0x770/0x770
[ 51.224628][ T367] unix_release+0x82/0xc0
[ 51.229476][ T367] sock_close+0xdf/0x270
[ 51.233796][ T367] ? sock_mmap+0xa0/0xa0
[ 51.238212][ T367] __fput+0x228/0x8c0
[ 51.242003][ T367] ____fput+0x15/0x20
[ 51.247249][ T367] task_work_run+0x129/0x190
[ 51.252538][ T367] exit_to_user_mode_loop+0xc4/0xe0
[ 51.258515][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.265658][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 51.271380][ T367] do_syscall_64+0x47/0xb0
[ 51.275613][ T367] ? clear_bhb_loop+0x35/0x90
[ 51.280608][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.286463][ T367] RIP: 0033:0x7f23fa6679da
[ 51.291246][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.311986][ T367] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.320303][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 51.328769][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.337223][ T367] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 51.345266][ T367] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c634
[ 51.353156][ T367] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000c2f3
[ 51.361067][ T367]
[ 51.363941][ T367]
[ 51.366185][ T367] Allocated by task 368:
[ 51.370267][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 51.374950][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 51.380376][ T367] kmem_cache_alloc+0xf5/0x200
[ 51.385253][ T367] skb_clone+0x1d1/0x360
[ 51.389334][ T367] sk_psock_verdict_recv+0x53/0x840
[ 51.394483][ T367] unix_read_sock+0x132/0x370
[ 51.399008][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.405051][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.410019][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 51.414610][ T367] ___sys_sendmsg+0x252/0x2e0
[ 51.419138][ T367] __sys_sendmmsg+0x2bf/0x530
[ 51.423765][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.428442][ T367] x64_sys_call+0x81d/0x9a0
[ 51.432779][ T367] do_syscall_64+0x3b/0xb0
[ 51.437132][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.443058][ T367]
[ 51.445233][ T367] Freed by task 311:
[ 51.448958][ T367] kasan_set_track+0x4b/0x70
[ 51.453497][ T367] kasan_set_free_info+0x23/0x40
[ 51.458614][ T367] ____kasan_slab_free+0x126/0x160
[ 51.463819][ T367] __kasan_slab_free+0x11/0x20
[ 51.468902][ T367] slab_free_freelist_hook+0xbd/0x190
[ 51.474085][ T367] kmem_cache_free+0x116/0x2e0
[ 51.478774][ T367] kfree_skbmem+0x104/0x170
[ 51.483330][ T367] kfree_skb+0xc2/0x360
[ 51.487392][ T367] sk_psock_backlog+0xc21/0xd90
[ 51.492162][ T367] process_one_work+0x6bb/0xc10
[ 51.497113][ T367] worker_thread+0xad5/0x12a0
[ 51.501844][ T367] kthread+0x421/0x510
[ 51.505893][ T367] ret_from_fork+0x1f/0x30
[ 51.510307][ T367]
[ 51.512800][ T367] The buggy address belongs to the object at ffff88810f4b9280
[ 51.512800][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 51.527668][ T367] The buggy address is located 0 bytes inside of
[ 51.527668][ T367] 248-byte region [ffff88810f4b9280, ffff88810f4b9378)
[ 51.540764][ T367] The buggy address belongs to the page:
[ 51.546348][ T367] page:ffffea00043d2e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f4b9
[ 51.556483][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 51.561949][ T367] raw: 4000000000000200 ffffea00043d1240 0000000300000003 ffff8881081abb00
[ 51.570397][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.579203][ T367] page dumped because: kasan: bad access detected
[ 51.586329][ T367] page_owner tracks the page as allocated
[ 51.592261][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 114, ts 4459792684, free_ts 0
[ 51.607546][ T367] post_alloc_hook+0x1a3/0x1b0
[ 51.612461][ T367] prep_new_page+0x1b/0x110
[ 51.617053][ T367] get_page_from_freelist+0x3550/0x35d0
[ 51.624332][ T367] __alloc_pages+0x27e/0x8f0
[ 51.629522][ T367] new_slab+0x9a/0x4e0
[ 51.633613][ T367] ___slab_alloc+0x39e/0x830
[ 51.638198][ T367] __slab_alloc+0x4a/0x90
[ 51.642537][ T367] kmem_cache_alloc+0x134/0x200
[ 51.647222][ T367] __alloc_skb+0xbe/0x550
[ 51.651396][ T367] alloc_skb_with_frags+0xa6/0x680
[ 51.656335][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 51.661464][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 51.666410][ T367] sock_write_iter+0x39b/0x530
[ 51.671007][ T367] vfs_write+0xd5d/0x1110
[ 51.675165][ T367] ksys_write+0x199/0x2c0
[ 51.679422][ T367] __x64_sys_write+0x7b/0x90
[ 51.683935][ T367] page_owner free stack trace missing
[ 51.689303][ T367]
[ 51.691456][ T367] Memory state around the buggy address:
[ 51.696919][ T367] ffff88810f4b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.704811][ T367] ffff88810f4b9200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.712710][ T367] >ffff88810f4b9280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.720617][ T367] ^
[ 51.724736][ T367] ffff88810f4b9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.732633][ T367] ffff88810f4b9380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.740840][ T367] ==================================================================
[ 51.760502][ T372] FAULT_INJECTION: forcing a failure.
[ 51.760502][ T372] name failslab, interval 1, probability 0, space 0, times 0
[ 51.773082][ T372] CPU: 1 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.784640][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.794565][ T372] Call Trace:
[ 51.797682][ T372]
[ 51.800453][ T372] dump_stack_lvl+0x151/0x1c0
[ 51.805105][ T372] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.810592][ T372] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.816339][ T372] ? __skb_try_recv_datagram+0x495/0x6a0
[ 51.821798][ T372] dump_stack+0x15/0x20
[ 51.825781][ T372] should_fail+0x3c6/0x510
[ 51.830054][ T372] __should_failslab+0xa4/0xe0
[ 51.834637][ T372] ? skb_clone+0x1d1/0x360
[ 51.839172][ T372] should_failslab+0x9/0x20
[ 51.843516][ T372] slab_pre_alloc_hook+0x37/0xd0
[ 51.848315][ T372] ? skb_clone+0x1d1/0x360
[ 51.852548][ T372] kmem_cache_alloc+0x44/0x200
[ 51.857137][ T372] skb_clone+0x1d1/0x360
[ 51.861229][ T372] sk_psock_verdict_recv+0x53/0x840
[ 51.866255][ T372] ? avc_has_perm_noaudit+0x430/0x430
[ 51.871564][ T372] ? mntput_no_expire+0xfc/0x6b0
[ 51.876492][ T372] unix_read_sock+0x132/0x370
[ 51.881272][ T372] ? sk_psock_skb_redirect+0x440/0x440
[ 51.886568][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 51.892210][ T372] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.897509][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 51.903055][ T372] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.908698][ T372] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.913924][ T372] ? _raw_spin_lock+0xa4/0x1b0
[ 51.918714][ T372] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.924403][ T372] ? skb_queue_tail+0xfb/0x120
[ 51.928951][ T372] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.934080][ T372] ? unix_dgram_poll+0x690/0x690
[ 51.938858][ T372] ? __kasan_check_write+0x14/0x20
[ 51.943785][ T372] ? __cpuidle_text_end+0x2/0x2
[ 51.948509][ T372] ? cgroup_rstat_updated+0xe5/0x370
[ 51.953602][ T372] ? security_socket_sendmsg+0x82/0xb0
[ 51.958889][ T372] ? unix_dgram_poll+0x690/0x690
[ 51.963663][ T372] ____sys_sendmsg+0x59e/0x8f0
[ 51.968353][ T372] ? __sys_sendmsg_sock+0x40/0x40
[ 51.973213][ T372] ? import_iovec+0xe5/0x120
[ 51.977634][ T372] ___sys_sendmsg+0x252/0x2e0
[ 51.982157][ T372] ? __sys_sendmsg+0x260/0x260
[ 51.986786][ T372] ? __kasan_check_write+0x14/0x20
[ 51.991696][ T372] ? proc_fail_nth_write+0x20b/0x290
[ 51.996910][ T372] ? __fdget+0x1bc/0x240
[ 52.001071][ T372] __sys_sendmmsg+0x2bf/0x530
[ 52.005588][ T372] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.011132][ T372] ? mutex_unlock+0xb2/0x260
[ 52.015675][ T372] ? __kasan_check_write+0x14/0x20
[ 52.020593][ T372] ? __ia32_sys_read+0x90/0x90
[ 52.025300][ T372] ? debug_smp_processor_id+0x17/0x20
[ 52.030503][ T372] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.036418][ T372] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.041206][ T372] x64_sys_call+0x81d/0x9a0
[ 52.045854][ T372] do_syscall_64+0x3b/0xb0
[ 52.050121][ T372] ? clear_bhb_loop+0x35/0x90
[ 52.054643][ T372] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.060370][ T372] RIP: 0033:0x7f23fa668ae9
[ 52.064617][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.084241][ T372] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.092565][ T372] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 52.100394][ T372] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.108184][ T372] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 52.116027][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.123895][ T372] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 52.132146][ T372]
[ 52.144056][ T375] FAULT_INJECTION: forcing a failure.
[ 52.144056][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 52.156834][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.168279][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.178380][ T375] Call Trace:
[ 52.181490][ T375]
[ 52.184404][ T375] dump_stack_lvl+0x151/0x1c0
[ 52.189039][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.194445][ T375] dump_stack+0x15/0x20
[ 52.198425][ T375] should_fail+0x3c6/0x510
[ 52.202686][ T375] __should_failslab+0xa4/0xe0
[ 52.207277][ T375] should_failslab+0x9/0x20
[ 52.211621][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 52.216395][ T375] kmem_cache_alloc_trace+0x48/0x210
[ 52.221507][ T375] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.227066][ T375] ? migrate_disable+0x190/0x190
[ 52.232015][ T375] sk_psock_skb_ingress_self+0x60/0x330
[ 52.237650][ T375] sk_psock_verdict_recv+0x66d/0x840
[ 52.242767][ T375] unix_read_sock+0x132/0x370
[ 52.247282][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 52.252580][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 52.258258][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.263519][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 52.269157][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.274918][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.280226][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 52.284825][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.290471][ T375] ? skb_queue_tail+0xfb/0x120
[ 52.295065][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.300102][ T375] ? unix_dgram_poll+0x690/0x690
[ 52.304870][ T375] ? __kasan_check_write+0x14/0x20
[ 52.309904][ T375] ? __cpuidle_text_end+0x2/0x2
[ 52.314875][ T375] ? cgroup_rstat_updated+0xe5/0x370
[ 52.320074][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 52.325365][ T375] ? unix_dgram_poll+0x690/0x690
[ 52.330142][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 52.334827][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 52.339951][ T375] ? import_iovec+0xe5/0x120
[ 52.344377][ T375] ___sys_sendmsg+0x252/0x2e0
[ 52.348975][ T375] ? __sys_sendmsg+0x260/0x260
[ 52.353633][ T375] ? __kasan_check_write+0x14/0x20
[ 52.358540][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 52.363662][ T375] ? __fdget+0x1bc/0x240
[ 52.367722][ T375] __sys_sendmmsg+0x2bf/0x530
[ 52.372298][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.377092][ T375] ? mutex_unlock+0xb2/0x260
[ 52.381524][ T375] ? __kasan_check_write+0x14/0x20
[ 52.386558][ T375] ? __ia32_sys_read+0x90/0x90
[ 52.391274][ T375] ? debug_smp_processor_id+0x17/0x20
[ 52.396446][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.402354][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.407037][ T375] x64_sys_call+0x81d/0x9a0
[ 52.411378][ T375] do_syscall_64+0x3b/0xb0
[ 52.415631][ T375] ? clear_bhb_loop+0x35/0x90
[ 52.420153][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.425960][ T375] RIP: 0033:0x7f23fa668ae9
[ 52.430247][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.449795][ T375] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.458026][ T375] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 52.465825][ T375] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.473775][ T375] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 52.481625][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.489431][ T375] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 52.497516][ T375]
[ 52.501343][ T374] ==================================================================
[ 52.509226][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.518359][ T374]
[ 52.520533][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.532401][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.542309][ T374] Call Trace:
[ 52.545424][ T374]
[ 52.548211][ T374] dump_stack_lvl+0x151/0x1c0
[ 52.552721][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.558189][ T374] ? __wake_up_klogd+0xd5/0x110
[ 52.562868][ T374] ? panic+0x760/0x760
[ 52.566779][ T374] ? kmem_cache_free+0x116/0x2e0
[ 52.571639][ T374] print_address_description+0x87/0x3b0
[ 52.577139][ T374] ? kmem_cache_free+0x116/0x2e0
[ 52.581980][ T374] ? kmem_cache_free+0x116/0x2e0
[ 52.586863][ T374] kasan_report_invalid_free+0x6b/0xa0
[ 52.592526][ T374] ____kasan_slab_free+0x13e/0x160
[ 52.597452][ T374] __kasan_slab_free+0x11/0x20
[ 52.602059][ T374] slab_free_freelist_hook+0xbd/0x190
[ 52.607263][ T374] ? kfree_skbmem+0x104/0x170
[ 52.611779][ T374] kmem_cache_free+0x116/0x2e0
[ 52.616628][ T374] kfree_skbmem+0x104/0x170
[ 52.621181][ T374] consume_skb+0xb4/0x250
[ 52.625344][ T374] __sk_msg_free+0x2dd/0x370
[ 52.630030][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.635862][ T374] sk_psock_stop+0x44c/0x4d0
[ 52.640889][ T374] sk_psock_drop+0x219/0x310
[ 52.645319][ T374] sock_map_unref+0x48f/0x4d0
[ 52.649822][ T374] ? __local_bh_enable_ip+0x58/0x80
[ 52.654854][ T374] ? _raw_spin_unlock_bh+0x51/0x60
[ 52.659997][ T374] sock_map_remove_links+0x41c/0x650
[ 52.665304][ T374] ? __kasan_record_aux_stack+0xd3/0xf0
[ 52.670659][ T374] ? kasan_record_aux_stack+0xe/0x10
[ 52.675782][ T374] ? task_work_add+0x27/0x1d0
[ 52.680300][ T374] ? sock_map_unhash+0x120/0x120
[ 52.685164][ T374] ? x64_sys_call+0x3d/0x9a0
[ 52.689607][ T374] ? locks_remove_posix+0x610/0x610
[ 52.694640][ T374] sock_map_close+0x114/0x530
[ 52.699155][ T374] ? unix_peer_get+0xe0/0xe0
[ 52.703577][ T374] ? sock_map_remove_links+0x650/0x650
[ 52.708872][ T374] ? rwsem_mark_wake+0x770/0x770
[ 52.713647][ T374] unix_release+0x82/0xc0
[ 52.717814][ T374] sock_close+0xdf/0x270
[ 52.722222][ T374] ? sock_mmap+0xa0/0xa0
[ 52.726295][ T374] __fput+0x228/0x8c0
[ 52.730119][ T374] ____fput+0x15/0x20
[ 52.733943][ T374] task_work_run+0x129/0x190
[ 52.738359][ T374] exit_to_user_mode_loop+0xc4/0xe0
[ 52.743390][ T374] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.748685][ T374] syscall_exit_to_user_mode+0x26/0x160
[ 52.754068][ T374] do_syscall_64+0x47/0xb0
[ 52.758318][ T374] ? clear_bhb_loop+0x35/0x90
[ 52.762832][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.768585][ T374] RIP: 0033:0x7f23fa6679da
[ 52.772821][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.792360][ T374] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.800604][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 52.808416][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.816222][ T374] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 52.824028][ T374] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000ced5
[ 52.831845][ T374] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000cb94
[ 52.839779][ T374]
[ 52.842704][ T374]
[ 52.844861][ T374] Allocated by task 375:
[ 52.848940][ T374] __kasan_slab_alloc+0xb1/0xe0
[ 52.853625][ T374] slab_post_alloc_hook+0x53/0x2c0
[ 52.858578][ T374] kmem_cache_alloc+0xf5/0x200
[ 52.863181][ T374] skb_clone+0x1d1/0x360
[ 52.867254][ T374] sk_psock_verdict_recv+0x53/0x840
[ 52.872380][ T374] unix_read_sock+0x132/0x370
[ 52.876887][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.882531][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.887571][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 52.892250][ T374] ___sys_sendmsg+0x252/0x2e0
[ 52.896765][ T374] __sys_sendmmsg+0x2bf/0x530
[ 52.901280][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.905964][ T374] x64_sys_call+0x81d/0x9a0
[ 52.910309][ T374] do_syscall_64+0x3b/0xb0
[ 52.914563][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.920290][ T374]
[ 52.922457][ T374] Freed by task 20:
[ 52.926191][ T374] kasan_set_track+0x4b/0x70
[ 52.930614][ T374] kasan_set_free_info+0x23/0x40
[ 52.935390][ T374] ____kasan_slab_free+0x126/0x160
[ 52.940348][ T374] __kasan_slab_free+0x11/0x20
[ 52.945156][ T374] slab_free_freelist_hook+0xbd/0x190
[ 52.950434][ T374] kmem_cache_free+0x116/0x2e0
[ 52.955120][ T374] kfree_skbmem+0x104/0x170
[ 52.959547][ T374] kfree_skb+0xc2/0x360
[ 52.963554][ T374] sk_psock_backlog+0xc21/0xd90
[ 52.968338][ T374] process_one_work+0x6bb/0xc10
[ 52.973014][ T374] worker_thread+0xad5/0x12a0
[ 52.977533][ T374] kthread+0x421/0x510
[ 52.981428][ T374] ret_from_fork+0x1f/0x30
[ 52.985683][ T374]
[ 52.987851][ T374] The buggy address belongs to the object at ffff88810c84c3c0
[ 52.987851][ T374] which belongs to the cache skbuff_head_cache of size 248
[ 53.002359][ T374] The buggy address is located 0 bytes inside of
[ 53.002359][ T374] 248-byte region [ffff88810c84c3c0, ffff88810c84c4b8)
[ 53.015373][ T374] The buggy address belongs to the page:
[ 53.020932][ T374] page:ffffea0004321300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c84c
[ 53.031091][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 53.036829][ T374] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881081abb00
[ 53.045367][ T374] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.053855][ T374] page dumped because: kasan: bad access detected
[ 53.060106][ T374] page_owner tracks the page as allocated
[ 53.065661][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 110, ts 4498576399, free_ts 4480134993
[ 53.081638][ T374] post_alloc_hook+0x1a3/0x1b0
[ 53.086319][ T374] prep_new_page+0x1b/0x110
[ 53.090658][ T374] get_page_from_freelist+0x3550/0x35d0
[ 53.096047][ T374] __alloc_pages+0x27e/0x8f0
[ 53.100501][ T374] new_slab+0x9a/0x4e0
[ 53.104376][ T374] ___slab_alloc+0x39e/0x830
[ 53.108928][ T374] __slab_alloc+0x4a/0x90
[ 53.113049][ T374] kmem_cache_alloc+0x134/0x200
[ 53.117793][ T374] __alloc_skb+0xbe/0x550
[ 53.122040][ T374] netlink_sendmsg+0x797/0xd20
[ 53.126665][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 53.131227][ T374] ___sys_sendmsg+0x252/0x2e0
[ 53.135742][ T374] __se_sys_sendmsg+0x19a/0x260
[ 53.140541][ T374] __x64_sys_sendmsg+0x7b/0x90
[ 53.145139][ T374] x64_sys_call+0x16a/0x9a0
[ 53.149583][ T374] do_syscall_64+0x3b/0xb0
[ 53.153821][ T374] page last free stack trace:
[ 53.158343][ T374] free_unref_page_prepare+0x7c8/0x7d0
[ 53.163626][ T374] free_unref_page+0xe8/0x750
[ 53.168241][ T374] __free_pages+0x61/0xf0
[ 53.172400][ T374] __vunmap+0x7bc/0x8f0
[ 53.176444][ T374] free_work+0x5b/0x80
[ 53.180299][ T374] process_one_work+0x6bb/0xc10
[ 53.184988][ T374] worker_thread+0xad5/0x12a0
[ 53.189510][ T374] kthread+0x421/0x510
[ 53.193434][ T374] ret_from_fork+0x1f/0x30
[ 53.197778][ T374]
[ 53.199922][ T374] Memory state around the buggy address:
[ 53.205396][ T374] ffff88810c84c280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.213293][ T374] ffff88810c84c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.221291][ T374] >ffff88810c84c380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.229177][ T374] ^
[ 53.235353][ T374] ffff88810c84c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.243346][ T374] ffff88810c84c480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.251325][ T374] ==================================================================
[ 53.263400][ T30] audit: type=1400 audit(1734009185.647:103): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 53.285726][ T30] audit: type=1400 audit(1734009185.647:104): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 53.286520][ T378] FAULT_INJECTION: forcing a failure.
[ 53.286520][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 53.320602][ T378] CPU: 1 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.332275][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.342211][ T378] Call Trace:
[ 53.345308][ T378]
[ 53.348079][ T378] dump_stack_lvl+0x151/0x1c0
[ 53.353039][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.358877][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.364523][ T378] ? __skb_try_recv_datagram+0x495/0x6a0
[ 53.369985][ T378] dump_stack+0x15/0x20
[ 53.373990][ T378] should_fail+0x3c6/0x510
[ 53.378563][ T378] __should_failslab+0xa4/0xe0
[ 53.383127][ T378] ? skb_clone+0x1d1/0x360
[ 53.387467][ T378] should_failslab+0x9/0x20
[ 53.391926][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 53.396694][ T378] ? skb_clone+0x1d1/0x360
[ 53.401122][ T378] kmem_cache_alloc+0x44/0x200
[ 53.405737][ T378] skb_clone+0x1d1/0x360
[ 53.409799][ T378] sk_psock_verdict_recv+0x53/0x840
[ 53.414834][ T378] ? avc_has_perm_noaudit+0x430/0x430
[ 53.420059][ T378] ? mntput_no_expire+0xfc/0x6b0
[ 53.425059][ T378] unix_read_sock+0x132/0x370
[ 53.429532][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 53.434824][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 53.440379][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.445678][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 53.451274][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.456964][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.462164][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 53.466768][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.472571][ T378] ? skb_queue_tail+0xfb/0x120
[ 53.477203][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.482363][ T378] ? unix_dgram_poll+0x690/0x690
[ 53.487139][ T378] ? __kasan_check_write+0x14/0x20
[ 53.492095][ T378] ? __cpuidle_text_end+0x2/0x2
[ 53.496905][ T378] ? cgroup_rstat_updated+0xe5/0x370
[ 53.501998][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 53.507488][ T378] ? unix_dgram_poll+0x690/0x690
[ 53.512269][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 53.517432][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 53.522340][ T378] ? import_iovec+0xe5/0x120
[ 53.526780][ T378] ___sys_sendmsg+0x252/0x2e0
[ 53.531296][ T378] ? __sys_sendmsg+0x260/0x260
[ 53.536014][ T378] ? __kasan_check_write+0x14/0x20
[ 53.540947][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 53.546052][ T378] ? __fdget+0x1bc/0x240
[ 53.550128][ T378] __sys_sendmmsg+0x2bf/0x530
[ 53.554718][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.559682][ T378] ? mutex_unlock+0xb2/0x260
[ 53.564283][ T378] ? __kasan_check_write+0x14/0x20
[ 53.569335][ T378] ? __ia32_sys_read+0x90/0x90
[ 53.574078][ T378] ? debug_smp_processor_id+0x17/0x20
[ 53.579353][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.585263][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.589937][ T378] x64_sys_call+0x81d/0x9a0
[ 53.594389][ T378] do_syscall_64+0x3b/0xb0
[ 53.598670][ T378] ? clear_bhb_loop+0x35/0x90
[ 53.603601][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.609237][ T378] RIP: 0033:0x7f23fa668ae9
[ 53.613564][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.633393][ T378] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.642394][ T378] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
2024/12/12 13:13:06 executed programs: 6
[ 53.650199][ T378] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.658142][ T378] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 53.666049][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.673845][ T378] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 53.681847][ T378]
[ 53.708617][ T380] FAULT_INJECTION: forcing a failure.
[ 53.708617][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 53.721764][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.733469][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.743390][ T380] Call Trace:
[ 53.746486][ T380]
[ 53.749705][ T380] dump_stack_lvl+0x151/0x1c0
[ 53.754577][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.760029][ T380] dump_stack+0x15/0x20
[ 53.764167][ T380] should_fail+0x3c6/0x510
[ 53.768479][ T380] __should_failslab+0xa4/0xe0
[ 53.773076][ T380] should_failslab+0x9/0x20
[ 53.777587][ T380] slab_pre_alloc_hook+0x37/0xd0
[ 53.782372][ T380] kmem_cache_alloc_trace+0x48/0x210
[ 53.787569][ T380] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.793238][ T380] ? migrate_disable+0x190/0x190
[ 53.798149][ T380] sk_psock_skb_ingress_self+0x60/0x330
[ 53.803905][ T380] sk_psock_verdict_recv+0x66d/0x840
[ 53.809405][ T380] unix_read_sock+0x132/0x370
[ 53.813876][ T380] ? sk_psock_skb_redirect+0x440/0x440
[ 53.819173][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 53.824821][ T380] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.830115][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 53.835744][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.841439][ T380] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.846596][ T380] ? _raw_spin_lock+0xa4/0x1b0
[ 53.851414][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.857228][ T380] ? skb_queue_tail+0xfb/0x120
[ 53.861911][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.867043][ T380] ? unix_dgram_poll+0x690/0x690
[ 53.871804][ T380] ? __kasan_check_write+0x14/0x20
[ 53.876750][ T380] ? __cpuidle_text_end+0x2/0x2
[ 53.881525][ T380] ? cgroup_rstat_updated+0xe5/0x370
[ 53.886647][ T380] ? security_socket_sendmsg+0x82/0xb0
[ 53.891947][ T380] ? unix_dgram_poll+0x690/0x690
[ 53.896715][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 53.901419][ T380] ? __sys_sendmsg_sock+0x40/0x40
[ 53.906345][ T380] ? import_iovec+0xe5/0x120
[ 53.910894][ T380] ___sys_sendmsg+0x252/0x2e0
[ 53.915399][ T380] ? __sys_sendmsg+0x260/0x260
[ 53.920127][ T380] ? __kasan_check_write+0x14/0x20
[ 53.925050][ T380] ? proc_fail_nth_write+0x20b/0x290
[ 53.930191][ T380] ? __fdget+0x1bc/0x240
[ 53.934250][ T380] __sys_sendmmsg+0x2bf/0x530
[ 53.938866][ T380] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.943972][ T380] ? mutex_unlock+0xb2/0x260
[ 53.948428][ T380] ? __kasan_check_write+0x14/0x20
[ 53.953730][ T380] ? __ia32_sys_read+0x90/0x90
[ 53.958325][ T380] ? debug_smp_processor_id+0x17/0x20
[ 53.963567][ T380] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.969436][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.974360][ T380] x64_sys_call+0x81d/0x9a0
[ 53.978848][ T380] do_syscall_64+0x3b/0xb0
[ 53.983330][ T380] ? clear_bhb_loop+0x35/0x90
[ 53.987857][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.993603][ T380] RIP: 0033:0x7f23fa668ae9
[ 53.997824][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.017265][ T380] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.025600][ T380] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 54.033496][ T380] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.041445][ T380] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 54.049458][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.057364][ T380] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 54.065257][ T380]
[ 54.070100][ T379] ==================================================================
[ 54.078070][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.086324][ T379]
[ 54.088489][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.100459][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.110658][ T379] Call Trace:
[ 54.113791][ T379]
[ 54.116689][ T379] dump_stack_lvl+0x151/0x1c0
[ 54.121284][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.126811][ T379] ? __wake_up_klogd+0xd5/0x110
[ 54.131510][ T379] ? panic+0x760/0x760
[ 54.135490][ T379] ? kmem_cache_free+0x116/0x2e0
[ 54.140261][ T379] print_address_description+0x87/0x3b0
[ 54.145732][ T379] ? kmem_cache_free+0x116/0x2e0
[ 54.150507][ T379] ? kmem_cache_free+0x116/0x2e0
[ 54.155295][ T379] kasan_report_invalid_free+0x6b/0xa0
[ 54.160666][ T379] ____kasan_slab_free+0x13e/0x160
[ 54.165619][ T379] __kasan_slab_free+0x11/0x20
[ 54.170218][ T379] slab_free_freelist_hook+0xbd/0x190
[ 54.175426][ T379] ? kfree_skbmem+0x104/0x170
[ 54.180104][ T379] kmem_cache_free+0x116/0x2e0
[ 54.184705][ T379] kfree_skbmem+0x104/0x170
[ 54.189059][ T379] consume_skb+0xb4/0x250
[ 54.193239][ T379] __sk_msg_free+0x2dd/0x370
[ 54.197745][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.203386][ T379] sk_psock_stop+0x44c/0x4d0
[ 54.207929][ T379] sk_psock_drop+0x219/0x310
[ 54.212457][ T379] sock_map_unref+0x48f/0x4d0
[ 54.216941][ T379] ? __local_bh_enable_ip+0x58/0x80
[ 54.221991][ T379] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.226991][ T379] sock_map_remove_links+0x41c/0x650
[ 54.232043][ T379] ? __kasan_record_aux_stack+0xd3/0xf0
[ 54.237443][ T379] ? kasan_record_aux_stack+0xe/0x10
[ 54.242540][ T379] ? task_work_add+0x27/0x1d0
[ 54.247082][ T379] ? sock_map_unhash+0x120/0x120
[ 54.251838][ T379] ? x64_sys_call+0x3d/0x9a0
[ 54.256263][ T379] ? locks_remove_posix+0x610/0x610
[ 54.261390][ T379] sock_map_close+0x114/0x530
[ 54.265934][ T379] ? unix_peer_get+0xe0/0xe0
[ 54.270483][ T379] ? sock_map_remove_links+0x650/0x650
[ 54.275703][ T379] ? rwsem_mark_wake+0x770/0x770
[ 54.280769][ T379] unix_release+0x82/0xc0
[ 54.285020][ T379] sock_close+0xdf/0x270
[ 54.289117][ T379] ? sock_mmap+0xa0/0xa0
[ 54.293435][ T379] __fput+0x228/0x8c0
[ 54.297252][ T379] ____fput+0x15/0x20
[ 54.301067][ T379] task_work_run+0x129/0x190
[ 54.305526][ T379] exit_to_user_mode_loop+0xc4/0xe0
[ 54.310636][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.316016][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 54.321484][ T379] do_syscall_64+0x47/0xb0
[ 54.325854][ T379] ? clear_bhb_loop+0x35/0x90
[ 54.330360][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.336241][ T379] RIP: 0033:0x7f23fa6679da
[ 54.340488][ T379] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.360145][ T379] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.368395][ T379] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 54.376184][ T379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.384147][ T379] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 54.391975][ T379] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d4f0
[ 54.399785][ T379] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000d1af
[ 54.407661][ T379]
[ 54.410610][ T379]
[ 54.412781][ T379] Allocated by task 380:
[ 54.416866][ T379] __kasan_slab_alloc+0xb1/0xe0
[ 54.421552][ T379] slab_post_alloc_hook+0x53/0x2c0
[ 54.426508][ T379] kmem_cache_alloc+0xf5/0x200
[ 54.431181][ T379] skb_clone+0x1d1/0x360
[ 54.435289][ T379] sk_psock_verdict_recv+0x53/0x840
[ 54.440387][ T379] unix_read_sock+0x132/0x370
[ 54.444897][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.450823][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.455846][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 54.460445][ T379] ___sys_sendmsg+0x252/0x2e0
[ 54.464957][ T379] __sys_sendmmsg+0x2bf/0x530
[ 54.469471][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.474245][ T379] x64_sys_call+0x81d/0x9a0
[ 54.478710][ T379] do_syscall_64+0x3b/0xb0
[ 54.482932][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.488717][ T379]
[ 54.490827][ T379] Freed by task 6:
[ 54.494385][ T379] kasan_set_track+0x4b/0x70
[ 54.498814][ T379] kasan_set_free_info+0x23/0x40
[ 54.503672][ T379] ____kasan_slab_free+0x126/0x160
[ 54.508658][ T379] __kasan_slab_free+0x11/0x20
[ 54.513754][ T379] slab_free_freelist_hook+0xbd/0x190
[ 54.519474][ T379] kmem_cache_free+0x116/0x2e0
[ 54.524073][ T379] kfree_skbmem+0x104/0x170
[ 54.528504][ T379] kfree_skb+0xc2/0x360
[ 54.532501][ T379] sk_psock_backlog+0xc21/0xd90
[ 54.537186][ T379] process_one_work+0x6bb/0xc10
[ 54.541874][ T379] worker_thread+0xad5/0x12a0
[ 54.546385][ T379] kthread+0x421/0x510
[ 54.550299][ T379] ret_from_fork+0x1f/0x30
[ 54.554545][ T379]
[ 54.556994][ T379] The buggy address belongs to the object at ffff888124608640
[ 54.556994][ T379] which belongs to the cache skbuff_head_cache of size 248
[ 54.571434][ T379] The buggy address is located 0 bytes inside of
[ 54.571434][ T379] 248-byte region [ffff888124608640, ffff888124608738)
[ 54.584790][ T379] The buggy address belongs to the page:
[ 54.590246][ T379] page:ffffea0004918200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124608
[ 54.600312][ T379] flags: 0x4000000000000200(slab|zone=1)
[ 54.605797][ T379] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 54.614204][ T379] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.622712][ T379] page dumped because: kasan: bad access detected
[ 54.629114][ T379] page_owner tracks the page as allocated
[ 54.634640][ T379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 53687262991, free_ts 0
[ 54.649489][ T379] post_alloc_hook+0x1a3/0x1b0
[ 54.654080][ T379] prep_new_page+0x1b/0x110
[ 54.658520][ T379] get_page_from_freelist+0x3550/0x35d0
[ 54.663890][ T379] __alloc_pages+0x27e/0x8f0
[ 54.668400][ T379] new_slab+0x9a/0x4e0
[ 54.672307][ T379] ___slab_alloc+0x39e/0x830
[ 54.676744][ T379] __slab_alloc+0x4a/0x90
[ 54.680899][ T379] kmem_cache_alloc+0x134/0x200
[ 54.685592][ T379] __alloc_skb+0xbe/0x550
[ 54.689995][ T379] alloc_skb_with_frags+0xa6/0x680
[ 54.694922][ T379] sock_alloc_send_pskb+0x915/0xa50
[ 54.700068][ T379] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.705075][ T379] __sys_sendto+0x564/0x720
[ 54.709353][ T379] __x64_sys_sendto+0xe5/0x100
[ 54.713955][ T379] x64_sys_call+0x15c/0x9a0
[ 54.718384][ T379] do_syscall_64+0x3b/0xb0
[ 54.722636][ T379] page_owner free stack trace missing
[ 54.727930][ T379]
[ 54.730109][ T379] Memory state around the buggy address:
[ 54.735584][ T379] ffff888124608500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.743466][ T379] ffff888124608580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.751373][ T379] >ffff888124608600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.759474][ T379] ^
[ 54.765581][ T379] ffff888124608680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.773587][ T379] ffff888124608700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.781566][ T379] ==================================================================
[ 54.801876][ T383] FAULT_INJECTION: forcing a failure.
[ 54.801876][ T383] name failslab, interval 1, probability 0, space 0, times 0
[ 54.814461][ T383] CPU: 1 PID: 383 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.826389][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.836844][ T383] Call Trace:
[ 54.839969][ T383]
[ 54.842858][ T383] dump_stack_lvl+0x151/0x1c0
[ 54.847374][ T383] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.853157][ T383] dump_stack+0x15/0x20
[ 54.857230][ T383] should_fail+0x3c6/0x510
[ 54.861491][ T383] __should_failslab+0xa4/0xe0
[ 54.866179][ T383] should_failslab+0x9/0x20
[ 54.870509][ T383] slab_pre_alloc_hook+0x37/0xd0
[ 54.875369][ T383] kmem_cache_alloc_trace+0x48/0x210
[ 54.880499][ T383] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.886244][ T383] ? migrate_disable+0x190/0x190
[ 54.891088][ T383] sk_psock_skb_ingress_self+0x60/0x330
[ 54.896564][ T383] sk_psock_verdict_recv+0x66d/0x840
[ 54.901792][ T383] unix_read_sock+0x132/0x370
[ 54.906396][ T383] ? sk_psock_skb_redirect+0x440/0x440
[ 54.911685][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.917341][ T383] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.922626][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.928179][ T383] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.933841][ T383] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.939148][ T383] ? _raw_spin_lock+0xa4/0x1b0
[ 54.943758][ T383] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.949614][ T383] ? skb_queue_tail+0xfb/0x120
[ 54.954324][ T383] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.959369][ T383] ? unix_dgram_poll+0x690/0x690
[ 54.964133][ T383] ? __kasan_check_write+0x14/0x20
[ 54.969078][ T383] ? __cpuidle_text_end+0x2/0x2
[ 54.973769][ T383] ? cgroup_rstat_updated+0xe5/0x370
[ 54.978894][ T383] ? security_socket_sendmsg+0x82/0xb0
[ 54.984397][ T383] ? unix_dgram_poll+0x690/0x690
[ 54.989568][ T383] ____sys_sendmsg+0x59e/0x8f0
[ 54.994112][ T383] ? __sys_sendmsg_sock+0x40/0x40
[ 54.998971][ T383] ? import_iovec+0xe5/0x120
[ 55.003663][ T383] ___sys_sendmsg+0x252/0x2e0
[ 55.008269][ T383] ? __sys_sendmsg+0x260/0x260
[ 55.013100][ T383] ? __kasan_check_write+0x14/0x20
[ 55.018199][ T383] ? proc_fail_nth_write+0x20b/0x290
[ 55.023310][ T383] ? __fdget+0x1bc/0x240
[ 55.027487][ T383] __sys_sendmmsg+0x2bf/0x530
[ 55.032087][ T383] ? __ia32_sys_sendmsg+0x90/0x90
[ 55.036963][ T383] ? mutex_unlock+0xb2/0x260
[ 55.041386][ T383] ? __kasan_check_write+0x14/0x20
[ 55.046448][ T383] ? __ia32_sys_read+0x90/0x90
[ 55.051018][ T383] ? debug_smp_processor_id+0x17/0x20
[ 55.056232][ T383] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.062323][ T383] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.067192][ T383] x64_sys_call+0x81d/0x9a0
[ 55.071552][ T383] do_syscall_64+0x3b/0xb0
[ 55.075925][ T383] ? clear_bhb_loop+0x35/0x90
[ 55.080394][ T383] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.086181][ T383] RIP: 0033:0x7f23fa668ae9
[ 55.090628][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.110302][ T383] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.118689][ T383] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 55.126592][ T383] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.134488][ T383] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 55.142302][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.150139][ T383] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 55.157930][ T383]
[ 55.163096][ T382] ==================================================================
[ 55.171087][ T382] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.179602][ T382]
[ 55.181762][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.193365][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.203445][ T382] Call Trace:
[ 55.206680][ T382]
[ 55.209449][ T382] dump_stack_lvl+0x151/0x1c0
[ 55.214500][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.220063][ T382] ? __wake_up_klogd+0xd5/0x110
[ 55.224818][ T382] ? panic+0x760/0x760
[ 55.228718][ T382] ? kvm_sched_clock_read+0x18/0x40
[ 55.233858][ T382] ? kmem_cache_free+0x116/0x2e0
[ 55.238620][ T382] print_address_description+0x87/0x3b0
[ 55.244042][ T382] ? kmem_cache_free+0x116/0x2e0
[ 55.248869][ T382] ? kmem_cache_free+0x116/0x2e0
[ 55.253728][ T382] kasan_report_invalid_free+0x6b/0xa0
[ 55.259038][ T382] ____kasan_slab_free+0x13e/0x160
[ 55.264099][ T382] __kasan_slab_free+0x11/0x20
[ 55.268664][ T382] slab_free_freelist_hook+0xbd/0x190
[ 55.273869][ T382] ? kfree_skbmem+0x104/0x170
[ 55.278565][ T382] kmem_cache_free+0x116/0x2e0
[ 55.283167][ T382] kfree_skbmem+0x104/0x170
[ 55.287699][ T382] consume_skb+0xb4/0x250
[ 55.291950][ T382] __sk_msg_free+0x2dd/0x370
[ 55.296521][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.302157][ T382] sk_psock_stop+0x44c/0x4d0
[ 55.306670][ T382] sk_psock_drop+0x219/0x310
[ 55.311115][ T382] sock_map_unref+0x48f/0x4d0
[ 55.315607][ T382] ? __local_bh_enable_ip+0x58/0x80
[ 55.320643][ T382] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.325599][ T382] sock_map_remove_links+0x41c/0x650
[ 55.330708][ T382] ? __kasan_record_aux_stack+0xd3/0xf0
[ 55.336085][ T382] ? kasan_record_aux_stack+0xe/0x10
[ 55.341215][ T382] ? task_work_add+0x27/0x1d0
[ 55.345721][ T382] ? sock_map_unhash+0x120/0x120
[ 55.350595][ T382] ? x64_sys_call+0x3d/0x9a0
[ 55.355020][ T382] ? locks_remove_posix+0x610/0x610
[ 55.360147][ T382] sock_map_close+0x114/0x530
[ 55.364836][ T382] ? unix_peer_get+0xe0/0xe0
[ 55.369304][ T382] ? sock_map_remove_links+0x650/0x650
[ 55.374555][ T382] ? rwsem_mark_wake+0x770/0x770
[ 55.379503][ T382] unix_release+0x82/0xc0
[ 55.383677][ T382] sock_close+0xdf/0x270
[ 55.387834][ T382] ? sock_mmap+0xa0/0xa0
[ 55.391923][ T382] __fput+0x228/0x8c0
[ 55.395735][ T382] ____fput+0x15/0x20
[ 55.399549][ T382] task_work_run+0x129/0x190
[ 55.403979][ T382] exit_to_user_mode_loop+0xc4/0xe0
[ 55.409015][ T382] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.414305][ T382] syscall_exit_to_user_mode+0x26/0x160
[ 55.419817][ T382] do_syscall_64+0x47/0xb0
[ 55.424042][ T382] ? clear_bhb_loop+0x35/0x90
[ 55.428557][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.434287][ T382] RIP: 0033:0x7f23fa6679da
[ 55.438541][ T382] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.458068][ T382] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 55.466414][ T382] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 55.474319][ T382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 55.482235][ T382] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 55.490040][ T382] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d936
[ 55.497936][ T382] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000d5f5
[ 55.505860][ T382]
[ 55.508765][ T382]
[ 55.510870][ T382] Allocated by task 383:
[ 55.515039][ T382] __kasan_slab_alloc+0xb1/0xe0
[ 55.519724][ T382] slab_post_alloc_hook+0x53/0x2c0
[ 55.524755][ T382] kmem_cache_alloc+0xf5/0x200
[ 55.529368][ T382] skb_clone+0x1d1/0x360
[ 55.533438][ T382] sk_psock_verdict_recv+0x53/0x840
[ 55.538566][ T382] unix_read_sock+0x132/0x370
[ 55.543167][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.548894][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.554025][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 55.558613][ T382] ___sys_sendmsg+0x252/0x2e0
[ 55.563126][ T382] __sys_sendmmsg+0x2bf/0x530
[ 55.567639][ T382] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.572326][ T382] x64_sys_call+0x81d/0x9a0
[ 55.576664][ T382] do_syscall_64+0x3b/0xb0
[ 55.580921][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.587006][ T382]
[ 55.589170][ T382] Freed by task 311:
[ 55.593015][ T382] kasan_set_track+0x4b/0x70
[ 55.597407][ T382] kasan_set_free_info+0x23/0x40
[ 55.602281][ T382] ____kasan_slab_free+0x126/0x160
[ 55.607219][ T382] __kasan_slab_free+0x11/0x20
[ 55.611830][ T382] slab_free_freelist_hook+0xbd/0x190
[ 55.617041][ T382] kmem_cache_free+0x116/0x2e0
[ 55.621720][ T382] kfree_skbmem+0x104/0x170
[ 55.626417][ T382] kfree_skb+0xc2/0x360
[ 55.630485][ T382] sk_psock_backlog+0xc21/0xd90
[ 55.635268][ T382] process_one_work+0x6bb/0xc10
[ 55.639956][ T382] worker_thread+0xad5/0x12a0
[ 55.644576][ T382] kthread+0x421/0x510
[ 55.648469][ T382] ret_from_fork+0x1f/0x30
[ 55.652703][ T382]
[ 55.654874][ T382] The buggy address belongs to the object at ffff888110034a00
[ 55.654874][ T382] which belongs to the cache skbuff_head_cache of size 248
[ 55.669617][ T382] The buggy address is located 0 bytes inside of
[ 55.669617][ T382] 248-byte region [ffff888110034a00, ffff888110034af8)
[ 55.682548][ T382] The buggy address belongs to the page:
[ 55.688026][ T382] page:ffffea0004400d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110034
[ 55.698099][ T382] flags: 0x4000000000000200(slab|zone=1)
[ 55.703561][ T382] raw: 4000000000000200 0000000000000000 0000000100000001 ffff8881081abb00
[ 55.711980][ T382] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.720911][ T382] page dumped because: kasan: bad access detected
[ 55.727211][ T382] page_owner tracks the page as allocated
[ 55.732810][ T382] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4493250299, free_ts 0
[ 55.747818][ T382] post_alloc_hook+0x1a3/0x1b0
[ 55.752614][ T382] prep_new_page+0x1b/0x110
[ 55.757037][ T382] get_page_from_freelist+0x3550/0x35d0
[ 55.762429][ T382] __alloc_pages+0x27e/0x8f0
[ 55.766840][ T382] new_slab+0x9a/0x4e0
[ 55.770745][ T382] ___slab_alloc+0x39e/0x830
[ 55.775582][ T382] __slab_alloc+0x4a/0x90
[ 55.780013][ T382] kmem_cache_alloc+0x134/0x200
[ 55.784788][ T382] __alloc_skb+0xbe/0x550
[ 55.789232][ T382] netlink_sendmsg+0x797/0xd20
[ 55.793987][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 55.798589][ T382] ___sys_sendmsg+0x252/0x2e0
[ 55.803099][ T382] __se_sys_sendmsg+0x19a/0x260
[ 55.807785][ T382] __x64_sys_sendmsg+0x7b/0x90
[ 55.812392][ T382] x64_sys_call+0x16a/0x9a0
[ 55.816911][ T382] do_syscall_64+0x3b/0xb0
[ 55.821154][ T382] page_owner free stack trace missing
[ 55.826559][ T382]
[ 55.828725][ T382] Memory state around the buggy address:
[ 55.834216][ T382] ffff888110034900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.842098][ T382] ffff888110034980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.850087][ T382] >ffff888110034a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.858418][ T382] ^
[ 55.862496][ T382] ffff888110034a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.870416][ T382] ffff888110034b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.878305][ T382] ==================================================================
[ 55.900196][ T386] FAULT_INJECTION: forcing a failure.
[ 55.900196][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 55.913003][ T386] CPU: 0 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.924508][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.934488][ T386] Call Trace:
[ 55.937611][ T386]
[ 55.940386][ T386] dump_stack_lvl+0x151/0x1c0
[ 55.944933][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.950420][ T386] dump_stack+0x15/0x20
[ 55.954372][ T386] should_fail+0x3c6/0x510
[ 55.958622][ T386] __should_failslab+0xa4/0xe0
[ 55.963336][ T386] should_failslab+0x9/0x20
[ 55.967689][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 55.972520][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 55.977769][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.983400][ T386] ? migrate_disable+0x190/0x190
[ 55.988281][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 55.993844][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 55.999048][ T386] unix_read_sock+0x132/0x370
[ 56.003786][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 56.009166][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 56.014896][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.020181][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 56.026056][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.031779][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.036983][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 56.041589][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.047230][ T386] ? skb_queue_tail+0xfb/0x120
[ 56.051827][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.056869][ T386] ? unix_dgram_poll+0x690/0x690
[ 56.061636][ T386] ? __kasan_check_write+0x14/0x20
[ 56.066760][ T386] ? __cpuidle_text_end+0x2/0x2
[ 56.071596][ T386] ? cgroup_rstat_updated+0xe5/0x370
[ 56.077313][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 56.082612][ T386] ? unix_dgram_poll+0x690/0x690
[ 56.087380][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 56.092045][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 56.096841][ T386] ? import_iovec+0xe5/0x120
[ 56.101465][ T386] ___sys_sendmsg+0x252/0x2e0
[ 56.106099][ T386] ? __sys_sendmsg+0x260/0x260
[ 56.110696][ T386] ? __kasan_check_write+0x14/0x20
[ 56.115670][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 56.120775][ T386] ? __fdget+0x1bc/0x240
[ 56.124818][ T386] __sys_sendmmsg+0x2bf/0x530
[ 56.129421][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 56.134365][ T386] ? mutex_unlock+0xb2/0x260
[ 56.138820][ T386] ? __kasan_check_write+0x14/0x20
[ 56.143742][ T386] ? __ia32_sys_read+0x90/0x90
[ 56.148441][ T386] ? debug_smp_processor_id+0x17/0x20
[ 56.153636][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.159543][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.164246][ T386] x64_sys_call+0x81d/0x9a0
[ 56.168574][ T386] do_syscall_64+0x3b/0xb0
[ 56.172845][ T386] ? clear_bhb_loop+0x35/0x90
[ 56.177461][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.183174][ T386] RIP: 0033:0x7f23fa668ae9
[ 56.187515][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.207218][ T386] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 56.215740][ T386] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 56.223641][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.231537][ T386] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 56.239350][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.247300][ T386] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 56.255090][ T386]
[ 56.259319][ T385] ==================================================================
[ 56.267725][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 56.276389][ T385]
[ 56.278559][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 56.290185][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.300169][ T385] Call Trace:
[ 56.303289][ T385]
[ 56.306067][ T385] dump_stack_lvl+0x151/0x1c0
[ 56.310583][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.316059][ T385] ? __wake_up_klogd+0xd5/0x110
[ 56.320837][ T385] ? panic+0x760/0x760
[ 56.324943][ T385] ? kmem_cache_free+0x116/0x2e0
[ 56.329678][ T385] print_address_description+0x87/0x3b0
[ 56.335054][ T385] ? kmem_cache_free+0x116/0x2e0
[ 56.339834][ T385] ? kmem_cache_free+0x116/0x2e0
[ 56.344616][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 56.349897][ T385] ____kasan_slab_free+0x13e/0x160
[ 56.354858][ T385] __kasan_slab_free+0x11/0x20
[ 56.359446][ T385] slab_free_freelist_hook+0xbd/0x190
[ 56.364664][ T385] ? kfree_skbmem+0x104/0x170
[ 56.369168][ T385] kmem_cache_free+0x116/0x2e0
[ 56.373782][ T385] kfree_skbmem+0x104/0x170
[ 56.378127][ T385] consume_skb+0xb4/0x250
[ 56.382273][ T385] __sk_msg_free+0x2dd/0x370
[ 56.386700][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.392362][ T385] sk_psock_stop+0x44c/0x4d0
[ 56.396768][ T385] sk_psock_drop+0x219/0x310
[ 56.401194][ T385] sock_map_unref+0x48f/0x4d0
[ 56.405792][ T385] ? __local_bh_enable_ip+0x58/0x80
[ 56.410825][ T385] ? _raw_spin_unlock_bh+0x51/0x60
[ 56.415809][ T385] sock_map_remove_links+0x41c/0x650
[ 56.420899][ T385] ? __kasan_record_aux_stack+0xd3/0xf0
[ 56.426537][ T385] ? kasan_record_aux_stack+0xe/0x10
[ 56.431749][ T385] ? task_work_add+0x27/0x1d0
[ 56.436257][ T385] ? sock_map_unhash+0x120/0x120
[ 56.441029][ T385] ? x64_sys_call+0x3d/0x9a0
[ 56.445458][ T385] ? locks_remove_posix+0x610/0x610
[ 56.450678][ T385] sock_map_close+0x114/0x530
[ 56.455187][ T385] ? unix_peer_get+0xe0/0xe0
[ 56.459613][ T385] ? sock_map_remove_links+0x650/0x650
[ 56.465342][ T385] ? rwsem_mark_wake+0x770/0x770
[ 56.470120][ T385] unix_release+0x82/0xc0
[ 56.474282][ T385] sock_close+0xdf/0x270
[ 56.478463][ T385] ? sock_mmap+0xa0/0xa0
[ 56.482540][ T385] __fput+0x228/0x8c0
[ 56.486360][ T385] ____fput+0x15/0x20
[ 56.490189][ T385] task_work_run+0x129/0x190
[ 56.494605][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 56.499759][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.505120][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 56.510594][ T385] do_syscall_64+0x47/0xb0
[ 56.515031][ T385] ? clear_bhb_loop+0x35/0x90
[ 56.519538][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.525256][ T385] RIP: 0033:0x7f23fa6679da
[ 56.529599][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 56.549136][ T385] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 56.557466][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 56.565277][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 56.573087][ T385] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 56.581004][ T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000dd81
[ 56.588797][ T385] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000da40
[ 56.596637][ T385]
[ 56.599482][ T385]
[ 56.601733][ T385] Allocated by task 386:
[ 56.605815][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 56.610584][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 56.615840][ T385] kmem_cache_alloc+0xf5/0x200
[ 56.620625][ T385] skb_clone+0x1d1/0x360
[ 56.625234][ T385] sk_psock_verdict_recv+0x53/0x840
[ 56.630812][ T385] unix_read_sock+0x132/0x370
[ 56.636288][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.642054][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.647358][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 56.652210][ T385] ___sys_sendmsg+0x252/0x2e0
[ 56.656706][ T385] __sys_sendmmsg+0x2bf/0x530
[ 56.661232][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.665923][ T385] x64_sys_call+0x81d/0x9a0
[ 56.670249][ T385] do_syscall_64+0x3b/0xb0
[ 56.674499][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.680233][ T385]
[ 56.682399][ T385] Freed by task 20:
[ 56.686044][ T385] kasan_set_track+0x4b/0x70
[ 56.690615][ T385] kasan_set_free_info+0x23/0x40
[ 56.695374][ T385] ____kasan_slab_free+0x126/0x160
[ 56.700414][ T385] __kasan_slab_free+0x11/0x20
[ 56.705033][ T385] slab_free_freelist_hook+0xbd/0x190
[ 56.710224][ T385] kmem_cache_free+0x116/0x2e0
[ 56.714914][ T385] kfree_skbmem+0x104/0x170
[ 56.719254][ T385] kfree_skb+0xc2/0x360
[ 56.723241][ T385] sk_psock_backlog+0xc21/0xd90
[ 56.728011][ T385] process_one_work+0x6bb/0xc10
[ 56.732699][ T385] worker_thread+0xad5/0x12a0
[ 56.737216][ T385] kthread+0x421/0x510
[ 56.741226][ T385] ret_from_fork+0x1f/0x30
[ 56.745593][ T385]
[ 56.747722][ T385] The buggy address belongs to the object at ffff888124769640
[ 56.747722][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 56.762669][ T385] The buggy address is located 0 bytes inside of
[ 56.762669][ T385] 248-byte region [ffff888124769640, ffff888124769738)
[ 56.775607][ T385] The buggy address belongs to the page:
[ 56.781280][ T385] page:ffffea000491da40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124769
[ 56.791347][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 56.796822][ T385] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 56.805528][ T385] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 56.814044][ T385] page dumped because: kasan: bad access detected
[ 56.820482][ T385] page_owner tracks the page as allocated
[ 56.826038][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 55896835770, free_ts 49087667145
[ 56.841956][ T385] post_alloc_hook+0x1a3/0x1b0
[ 56.846524][ T385] prep_new_page+0x1b/0x110
[ 56.850869][ T385] get_page_from_freelist+0x3550/0x35d0
[ 56.856337][ T385] __alloc_pages+0x27e/0x8f0
[ 56.860767][ T385] new_slab+0x9a/0x4e0
[ 56.864780][ T385] ___slab_alloc+0x39e/0x830
[ 56.869177][ T385] __slab_alloc+0x4a/0x90
[ 56.873347][ T385] kmem_cache_alloc+0x134/0x200
[ 56.878040][ T385] __alloc_skb+0xbe/0x550
[ 56.882199][ T385] alloc_skb_with_frags+0xa6/0x680
[ 56.887147][ T385] sock_alloc_send_pskb+0x915/0xa50
[ 56.892180][ T385] unix_dgram_sendmsg+0x6fd/0x2090
[ 56.897127][ T385] __sys_sendto+0x564/0x720
[ 56.901554][ T385] __x64_sys_sendto+0xe5/0x100
[ 56.906171][ T385] x64_sys_call+0x15c/0x9a0
[ 56.910490][ T385] do_syscall_64+0x3b/0xb0
[ 56.914746][ T385] page last free stack trace:
[ 56.919261][ T385] __free_pages_ok+0x985/0xa50
[ 56.923897][ T385] __free_pages+0xe9/0xf0
[ 56.928116][ T385] free_nonslab_page+0x82/0xc0
[ 56.932718][ T385] kfree+0x19e/0x220
[ 56.936705][ T385] kvfree+0x35/0x40
[ 56.940347][ T385] btf_check_all_metas+0x5c4/0xa40
[ 56.945392][ T385] btf_parse_vmlinux+0x403/0xe00
[ 56.950170][ T385] bpf_check+0x757/0x12bf0
[ 56.954418][ T385] bpf_prog_load+0x12ac/0x1b50
[ 56.959115][ T385] __sys_bpf+0x4bc/0x760
[ 56.963187][ T385] __x64_sys_bpf+0x7c/0x90
[ 56.967435][ T385] x64_sys_call+0x87f/0x9a0
[ 56.971878][ T385] do_syscall_64+0x3b/0xb0
[ 56.976138][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.981860][ T385]
[ 56.984114][ T385] Memory state around the buggy address:
[ 56.989593][ T385] ffff888124769500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 56.997566][ T385] ffff888124769580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 57.005553][ T385] >ffff888124769600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.013455][ T385] ^
[ 57.019447][ T385] ffff888124769680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.027347][ T385] ffff888124769700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.035317][ T385] ==================================================================
[ 57.058325][ T389] FAULT_INJECTION: forcing a failure.
[ 57.058325][ T389] name failslab, interval 1, probability 0, space 0, times 0
[ 57.071075][ T389] CPU: 0 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.082869][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.092789][ T389] Call Trace:
[ 57.095886][ T389]
[ 57.098690][ T389] dump_stack_lvl+0x151/0x1c0
[ 57.103175][ T389] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.108819][ T389] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.114464][ T389] ? __skb_try_recv_datagram+0x495/0x6a0
[ 57.120012][ T389] dump_stack+0x15/0x20
[ 57.124005][ T389] should_fail+0x3c6/0x510
[ 57.128346][ T389] __should_failslab+0xa4/0xe0
[ 57.132951][ T389] ? skb_clone+0x1d1/0x360
[ 57.137224][ T389] should_failslab+0x9/0x20
[ 57.141547][ T389] slab_pre_alloc_hook+0x37/0xd0
[ 57.146310][ T389] ? skb_clone+0x1d1/0x360
[ 57.150653][ T389] kmem_cache_alloc+0x44/0x200
[ 57.155424][ T389] skb_clone+0x1d1/0x360
[ 57.159507][ T389] sk_psock_verdict_recv+0x53/0x840
[ 57.164825][ T389] ? avc_has_perm_noaudit+0x430/0x430
[ 57.170317][ T389] ? mntput_no_expire+0xfc/0x6b0
[ 57.175077][ T389] unix_read_sock+0x132/0x370
[ 57.179761][ T389] ? sk_psock_skb_redirect+0x440/0x440
[ 57.185226][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 57.190918][ T389] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.196315][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 57.201905][ T389] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.207513][ T389] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.212772][ T389] ? _raw_spin_lock+0xa4/0x1b0
[ 57.217327][ T389] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.222958][ T389] ? skb_queue_tail+0xfb/0x120
[ 57.227739][ T389] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.232933][ T389] ? unix_dgram_poll+0x690/0x690
[ 57.237630][ T389] ? __kasan_check_write+0x14/0x20
[ 57.242575][ T389] ? __cpuidle_text_end+0x2/0x2
[ 57.247271][ T389] ? cgroup_rstat_updated+0xe5/0x370
[ 57.252380][ T389] ? security_socket_sendmsg+0x82/0xb0
[ 57.257673][ T389] ? unix_dgram_poll+0x690/0x690
[ 57.262456][ T389] ____sys_sendmsg+0x59e/0x8f0
[ 57.267061][ T389] ? __sys_sendmsg_sock+0x40/0x40
[ 57.272142][ T389] ? import_iovec+0xe5/0x120
[ 57.276717][ T389] ___sys_sendmsg+0x252/0x2e0
[ 57.281229][ T389] ? __sys_sendmsg+0x260/0x260
[ 57.285830][ T389] ? __kasan_check_write+0x14/0x20
[ 57.290781][ T389] ? proc_fail_nth_write+0x20b/0x290
[ 57.296007][ T389] ? __fdget+0x1bc/0x240
[ 57.300087][ T389] __sys_sendmmsg+0x2bf/0x530
[ 57.304686][ T389] ? __ia32_sys_sendmsg+0x90/0x90
[ 57.309906][ T389] ? mutex_unlock+0xb2/0x260
[ 57.314342][ T389] ? __kasan_check_write+0x14/0x20
[ 57.319274][ T389] ? __ia32_sys_read+0x90/0x90
[ 57.323873][ T389] ? debug_smp_processor_id+0x17/0x20
[ 57.329080][ T389] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.335118][ T389] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.339791][ T389] x64_sys_call+0x81d/0x9a0
[ 57.344218][ T389] do_syscall_64+0x3b/0xb0
[ 57.348653][ T389] ? clear_bhb_loop+0x35/0x90
[ 57.353166][ T389] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.358894][ T389] RIP: 0033:0x7f23fa668ae9
[ 57.363152][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 57.382927][ T389] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 57.391172][ T389] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 57.398982][ T389] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 57.406791][ T389] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 57.414608][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.422417][ T389] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 57.430232][ T389]
[ 57.442394][ T391] FAULT_INJECTION: forcing a failure.
[ 57.442394][ T391] name failslab, interval 1, probability 0, space 0, times 0
[ 57.454867][ T391] CPU: 0 PID: 391 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.466459][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.476442][ T391] Call Trace:
[ 57.479565][ T391]
[ 57.482348][ T391] dump_stack_lvl+0x151/0x1c0
[ 57.486997][ T391] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.492481][ T391] dump_stack+0x15/0x20
[ 57.496452][ T391] should_fail+0x3c6/0x510
[ 57.500808][ T391] __should_failslab+0xa4/0xe0
[ 57.505602][ T391] should_failslab+0x9/0x20
[ 57.510102][ T391] slab_pre_alloc_hook+0x37/0xd0
[ 57.515088][ T391] kmem_cache_alloc_trace+0x48/0x210
[ 57.520205][ T391] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.525936][ T391] ? migrate_disable+0x190/0x190
[ 57.530710][ T391] sk_psock_skb_ingress_self+0x60/0x330
[ 57.536099][ T391] sk_psock_verdict_recv+0x66d/0x840
[ 57.541211][ T391] unix_read_sock+0x132/0x370
[ 57.545734][ T391] ? sk_psock_skb_redirect+0x440/0x440
[ 57.551024][ T391] ? unix_stream_splice_actor+0x120/0x120
[ 57.556575][ T391] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.561870][ T391] ? unix_stream_splice_actor+0x120/0x120
[ 57.567532][ T391] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.573174][ T391] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.578388][ T391] ? _raw_spin_lock+0xa4/0x1b0
[ 57.583071][ T391] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.588834][ T391] ? skb_queue_tail+0xfb/0x120
[ 57.593427][ T391] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.598764][ T391] ? unix_dgram_poll+0x690/0x690
[ 57.603520][ T391] ? __kasan_check_write+0x14/0x20
[ 57.608888][ T391] ? __cpuidle_text_end+0x2/0x2
[ 57.613628][ T391] ? cgroup_rstat_updated+0xe5/0x370
[ 57.618751][ T391] ? security_socket_sendmsg+0x82/0xb0
[ 57.624336][ T391] ? unix_dgram_poll+0x690/0x690
[ 57.629202][ T391] ____sys_sendmsg+0x59e/0x8f0
[ 57.633792][ T391] ? __sys_sendmsg_sock+0x40/0x40
[ 57.638832][ T391] ? import_iovec+0xe5/0x120
[ 57.643409][ T391] ___sys_sendmsg+0x252/0x2e0
[ 57.647921][ T391] ? __sys_sendmsg+0x260/0x260
[ 57.652650][ T391] ? __kasan_check_write+0x14/0x20
[ 57.657589][ T391] ? proc_fail_nth_write+0x20b/0x290
[ 57.662809][ T391] ? __fdget+0x1bc/0x240
[ 57.667050][ T391] __sys_sendmmsg+0x2bf/0x530
[ 57.672006][ T391] ? __ia32_sys_sendmsg+0x90/0x90
[ 57.676953][ T391] ? mutex_unlock+0xb2/0x260
[ 57.681760][ T391] ? __kasan_check_write+0x14/0x20
[ 57.686641][ T391] ? __ia32_sys_read+0x90/0x90
[ 57.691342][ T391] ? debug_smp_processor_id+0x17/0x20
[ 57.696752][ T391] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.702652][ T391] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.707349][ T391] x64_sys_call+0x81d/0x9a0
[ 57.711688][ T391] do_syscall_64+0x3b/0xb0
[ 57.715932][ T391] ? clear_bhb_loop+0x35/0x90
[ 57.720471][ T391] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.726211][ T391] RIP: 0033:0x7f23fa668ae9
[ 57.730429][ T391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 57.750317][ T391] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 57.758642][ T391] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 57.766562][ T391] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 57.774446][ T391] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 57.782860][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.791569][ T391] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 57.799383][ T391]
[ 57.804742][ T390] ==================================================================
[ 57.813002][ T390] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 57.821514][ T390]
[ 57.823688][ T390] CPU: 0 PID: 390 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.835220][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.845281][ T390] Call Trace:
[ 57.848502][ T390]
[ 57.851290][ T390] dump_stack_lvl+0x151/0x1c0
[ 57.855801][ T390] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.861256][ T390] ? __wake_up_klogd+0xd5/0x110
[ 57.865945][ T390] ? panic+0x760/0x760
[ 57.869851][ T390] ? kmem_cache_free+0x116/0x2e0
[ 57.874776][ T390] print_address_description+0x87/0x3b0
[ 57.880309][ T390] ? kmem_cache_free+0x116/0x2e0
[ 57.885079][ T390] ? kmem_cache_free+0x116/0x2e0
[ 57.889875][ T390] kasan_report_invalid_free+0x6b/0xa0
[ 57.895147][ T390] ____kasan_slab_free+0x13e/0x160
[ 57.900272][ T390] __kasan_slab_free+0x11/0x20
[ 57.904876][ T390] slab_free_freelist_hook+0xbd/0x190
[ 57.910095][ T390] ? kfree_skbmem+0x104/0x170
[ 57.914674][ T390] kmem_cache_free+0x116/0x2e0
[ 57.919276][ T390] kfree_skbmem+0x104/0x170
[ 57.923790][ T390] consume_skb+0xb4/0x250
[ 57.927979][ T390] __sk_msg_free+0x2dd/0x370
[ 57.932391][ T390] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.938118][ T390] sk_psock_stop+0x44c/0x4d0
[ 57.942548][ T390] sk_psock_drop+0x219/0x310
[ 57.946963][ T390] sock_map_unref+0x48f/0x4d0
[ 57.951487][ T390] ? __local_bh_enable_ip+0x58/0x80
[ 57.956508][ T390] ? _raw_spin_unlock_bh+0x51/0x60
[ 57.961460][ T390] sock_map_remove_links+0x41c/0x650
[ 57.966576][ T390] ? __kasan_record_aux_stack+0xd3/0xf0
[ 57.971957][ T390] ? kasan_record_aux_stack+0xe/0x10
[ 57.977079][ T390] ? task_work_add+0x27/0x1d0
[ 57.981692][ T390] ? sock_map_unhash+0x120/0x120
[ 57.986473][ T390] ? x64_sys_call+0x3d/0x9a0
[ 57.990978][ T390] ? locks_remove_posix+0x610/0x610
[ 57.996155][ T390] sock_map_close+0x114/0x530
[ 58.000639][ T390] ? unix_peer_get+0xe0/0xe0
[ 58.005058][ T390] ? sock_map_remove_links+0x650/0x650
[ 58.010538][ T390] ? rwsem_mark_wake+0x770/0x770
[ 58.015310][ T390] unix_release+0x82/0xc0
[ 58.019559][ T390] sock_close+0xdf/0x270
[ 58.023636][ T390] ? sock_mmap+0xa0/0xa0
[ 58.027719][ T390] __fput+0x228/0x8c0
[ 58.031709][ T390] ____fput+0x15/0x20
[ 58.035532][ T390] task_work_run+0x129/0x190
[ 58.040052][ T390] exit_to_user_mode_loop+0xc4/0xe0
[ 58.045117][ T390] exit_to_user_mode_prepare+0x5a/0xa0
[ 58.050379][ T390] syscall_exit_to_user_mode+0x26/0x160
[ 58.055847][ T390] do_syscall_64+0x47/0xb0
[ 58.060195][ T390] ? clear_bhb_loop+0x35/0x90
[ 58.064946][ T390] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.070614][ T390] RIP: 0033:0x7f23fa6679da
[ 58.074855][ T390] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 58.094389][ T390] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 58.102628][ T390] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 58.110438][ T390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 58.118253][ T390] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 58.126159][ T390] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e387
[ 58.134046][ T390] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000e046
[ 58.142242][ T390]
[ 58.145087][ T390]
[ 58.147246][ T390] Allocated by task 391:
[ 58.151408][ T390] __kasan_slab_alloc+0xb1/0xe0
[ 58.156090][ T390] slab_post_alloc_hook+0x53/0x2c0
[ 58.161041][ T390] kmem_cache_alloc+0xf5/0x200
[ 58.165647][ T390] skb_clone+0x1d1/0x360
[ 58.169730][ T390] sk_psock_verdict_recv+0x53/0x840
[ 58.174754][ T390] unix_read_sock+0x132/0x370
[ 58.179358][ T390] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.184996][ T390] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.190126][ T390] ____sys_sendmsg+0x59e/0x8f0
[ 58.194791][ T390] ___sys_sendmsg+0x252/0x2e0
[ 58.199233][ T390] __sys_sendmmsg+0x2bf/0x530
[ 58.203758][ T390] __x64_sys_sendmmsg+0xa0/0xb0
[ 58.208429][ T390] x64_sys_call+0x81d/0x9a0
[ 58.212916][ T390] do_syscall_64+0x3b/0xb0
[ 58.217357][ T390] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.223089][ T390]
[ 58.225254][ T390] Freed by task 6:
[ 58.228813][ T390] kasan_set_track+0x4b/0x70
[ 58.233245][ T390] kasan_set_free_info+0x23/0x40
[ 58.238031][ T390] ____kasan_slab_free+0x126/0x160
[ 58.242958][ T390] __kasan_slab_free+0x11/0x20
[ 58.247642][ T390] slab_free_freelist_hook+0xbd/0x190
[ 58.253046][ T390] kmem_cache_free+0x116/0x2e0
[ 58.257645][ T390] kfree_skbmem+0x104/0x170
[ 58.261986][ T390] kfree_skb+0xc2/0x360
[ 58.265977][ T390] sk_psock_backlog+0xc21/0xd90
[ 58.270771][ T390] process_one_work+0x6bb/0xc10
[ 58.275534][ T390] worker_thread+0xad5/0x12a0
[ 58.280059][ T390] kthread+0x421/0x510
[ 58.283956][ T390] ret_from_fork+0x1f/0x30
[ 58.288206][ T390]
[ 58.290378][ T390] The buggy address belongs to the object at ffff888124771140
[ 58.290378][ T390] which belongs to the cache skbuff_head_cache of size 248
[ 58.304783][ T390] The buggy address is located 0 bytes inside of
[ 58.304783][ T390] 248-byte region [ffff888124771140, ffff888124771238)
[ 58.317731][ T390] The buggy address belongs to the page:
[ 58.323371][ T390] page:ffffea000491dc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124771
[ 58.333523][ T390] flags: 0x4000000000000200(slab|zone=1)
[ 58.339084][ T390] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 58.347510][ T390] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 58.355997][ T390] page dumped because: kasan: bad access detected
[ 58.362513][ T390] page_owner tracks the page as allocated
[ 58.368318][ T390] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 57436567101, free_ts 55899442890
[ 58.384117][ T390] post_alloc_hook+0x1a3/0x1b0
[ 58.388966][ T390] prep_new_page+0x1b/0x110
[ 58.393226][ T390] get_page_from_freelist+0x3550/0x35d0
[ 58.398611][ T390] __alloc_pages+0x27e/0x8f0
[ 58.403146][ T390] new_slab+0x9a/0x4e0
[ 58.407047][ T390] ___slab_alloc+0x39e/0x830
[ 58.411480][ T390] __slab_alloc+0x4a/0x90
[ 58.415642][ T390] kmem_cache_alloc+0x134/0x200
[ 58.420336][ T390] __alloc_skb+0xbe/0x550
[ 58.424495][ T390] alloc_skb_with_frags+0xa6/0x680
[ 58.429526][ T390] sock_alloc_send_pskb+0x915/0xa50
[ 58.434652][ T390] unix_dgram_sendmsg+0x6fd/0x2090
[ 58.439714][ T390] __sys_sendto+0x564/0x720
[ 58.444049][ T390] __x64_sys_sendto+0xe5/0x100
[ 58.448930][ T390] x64_sys_call+0x15c/0x9a0
[ 58.453358][ T390] do_syscall_64+0x3b/0xb0
[ 58.457604][ T390] page last free stack trace:
[ 58.462107][ T390] free_unref_page_prepare+0x7c8/0x7d0
[ 58.467754][ T390] free_unref_page+0xe8/0x750
[ 58.472316][ T390] __free_pages+0x61/0xf0
[ 58.476632][ T390] __vunmap+0x7bc/0x8f0
[ 58.480887][ T390] vfree+0x7f/0xb0
[ 58.484427][ T390] bpf_patch_insn_data+0x7f0/0xde0
[ 58.489377][ T390] bpf_check+0x6653/0x12bf0
[ 58.493711][ T390] bpf_prog_load+0x12ac/0x1b50
[ 58.498484][ T390] __sys_bpf+0x4bc/0x760
[ 58.502573][ T390] __x64_sys_bpf+0x7c/0x90
[ 58.506823][ T390] x64_sys_call+0x87f/0x9a0
[ 58.511160][ T390] do_syscall_64+0x3b/0xb0
[ 58.515411][ T390] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.521161][ T390]
[ 58.523312][ T390] Memory state around the buggy address:
[ 58.528898][ T390] ffff888124771000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.536817][ T390] ffff888124771080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.544694][ T390] >ffff888124771100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 58.552584][ T390] ^
[ 58.558847][ T390] ffff888124771180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.566919][ T390] ffff888124771200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 58.574814][ T390] ==================================================================
[ 58.597012][ T394] FAULT_INJECTION: forcing a failure.
[ 58.597012][ T394] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 58.610379][ T394] CPU: 0 PID: 394 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 58.622118][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.632109][ T394] Call Trace:
[ 58.635224][ T394]
[ 58.638000][ T394] dump_stack_lvl+0x151/0x1c0
[ 58.642511][ T394] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.648157][ T394] dump_stack+0x15/0x20
[ 58.652159][ T394] should_fail+0x3c6/0x510
[ 58.656519][ T394] should_fail_alloc_page+0x5a/0x80
[ 58.661522][ T394] prepare_alloc_pages+0x15c/0x700
[ 58.666472][ T394] ? __alloc_pages_bulk+0xe40/0xe40
[ 58.671512][ T394] __alloc_pages+0x18c/0x8f0
[ 58.675937][ T394] ? prep_new_page+0x110/0x110
[ 58.680527][ T394] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.685929][ T394] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 58.691568][ T394] new_slab+0x9a/0x4e0
[ 58.695572][ T394] ___slab_alloc+0x39e/0x830
[ 58.699990][ T394] ? skb_clone+0x1d1/0x360
[ 58.704347][ T394] ? skb_clone+0x1d1/0x360
[ 58.708605][ T394] __slab_alloc+0x4a/0x90
[ 58.712763][ T394] ? skb_clone+0x1d1/0x360
[ 58.717021][ T394] kmem_cache_alloc+0x134/0x200
[ 58.721711][ T394] skb_clone+0x1d1/0x360
[ 58.725785][ T394] sk_psock_verdict_recv+0x53/0x840
[ 58.730826][ T394] ? avc_has_perm_noaudit+0x430/0x430
[ 58.736031][ T394] ? mntput_no_expire+0xfc/0x6b0
[ 58.740820][ T394] unix_read_sock+0x132/0x370
[ 58.745506][ T394] ? sk_psock_skb_redirect+0x440/0x440
[ 58.750988][ T394] ? unix_stream_splice_actor+0x120/0x120
[ 58.756627][ T394] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.762596][ T394] ? unix_stream_splice_actor+0x120/0x120
[ 58.768444][ T394] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.774084][ T394] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.779291][ T394] ? _raw_spin_lock+0xa4/0x1b0
[ 58.784070][ T394] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.789976][ T394] ? skb_queue_tail+0xfb/0x120
[ 58.794766][ T394] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.799818][ T394] ? unix_dgram_poll+0x690/0x690
[ 58.804659][ T394] ? __kasan_check_write+0x14/0x20
[ 58.809763][ T394] ? __cpuidle_text_end+0x2/0x2
[ 58.814461][ T394] ? cgroup_rstat_updated+0xe5/0x370
[ 58.819658][ T394] ? security_socket_sendmsg+0x82/0xb0
[ 58.825119][ T394] ? unix_dgram_poll+0x690/0x690
[ 58.829902][ T394] ____sys_sendmsg+0x59e/0x8f0
[ 58.834497][ T394] ? __sys_sendmsg_sock+0x40/0x40
[ 58.839364][ T394] ? import_iovec+0xe5/0x120
[ 58.843872][ T394] ___sys_sendmsg+0x252/0x2e0
[ 58.848561][ T394] ? __sys_sendmsg+0x260/0x260
[ 58.853584][ T394] ? __kasan_check_write+0x14/0x20
[ 58.858591][ T394] ? proc_fail_nth_write+0x20b/0x290
[ 58.863729][ T394] ? __fdget+0x1bc/0x240
[ 58.867792][ T394] __sys_sendmmsg+0x2bf/0x530
[ 58.872406][ T394] ? __ia32_sys_sendmsg+0x90/0x90
[ 58.877266][ T394] ? mutex_unlock+0xb2/0x260
[ 58.881916][ T394] ? __kasan_check_write+0x14/0x20
[ 58.887135][ T394] ? __ia32_sys_read+0x90/0x90
[ 58.891747][ T394] ? debug_smp_processor_id+0x17/0x20
[ 58.897331][ T394] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.903420][ T394] __x64_sys_sendmmsg+0xa0/0xb0
[ 58.908279][ T394] x64_sys_call+0x81d/0x9a0
[ 58.912819][ T394] do_syscall_64+0x3b/0xb0
[ 58.917058][ T394] ? clear_bhb_loop+0x35/0x90
[ 58.921567][ T394] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.927284][ T394] RIP: 0033:0x7f23fa668ae9
[ 58.931536][ T394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 58.951469][ T394] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 58.959835][ T394] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 58.967664][ T394] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
2024/12/12 13:13:11 executed programs: 12
[ 58.975556][ T394] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 58.983481][ T394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.991262][ T394] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 58.999184][ T394]
[ 59.014393][ T396] FAULT_INJECTION: forcing a failure.
[ 59.014393][ T396] name failslab, interval 1, probability 0, space 0, times 0
[ 59.027413][ T396] CPU: 0 PID: 396 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 59.038902][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 59.048799][ T396] Call Trace:
[ 59.051916][ T396]
[ 59.054695][ T396] dump_stack_lvl+0x151/0x1c0
[ 59.059209][ T396] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.064713][ T396] dump_stack+0x15/0x20
[ 59.068764][ T396] should_fail+0x3c6/0x510
[ 59.073307][ T396] __should_failslab+0xa4/0xe0
[ 59.077894][ T396] should_failslab+0x9/0x20
[ 59.082310][ T396] slab_pre_alloc_hook+0x37/0xd0
[ 59.087181][ T396] kmem_cache_alloc_trace+0x48/0x210
[ 59.092303][ T396] ? sk_psock_skb_ingress_self+0x60/0x330
[ 59.098245][ T396] ? migrate_disable+0x190/0x190
[ 59.103012][ T396] sk_psock_skb_ingress_self+0x60/0x330
[ 59.108526][ T396] sk_psock_verdict_recv+0x66d/0x840
[ 59.113873][ T396] unix_read_sock+0x132/0x370
[ 59.118372][ T396] ? sk_psock_skb_redirect+0x440/0x440
[ 59.123665][ T396] ? unix_stream_splice_actor+0x120/0x120
[ 59.129218][ T396] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 59.134516][ T396] ? unix_stream_splice_actor+0x120/0x120
[ 59.140071][ T396] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.145710][ T396] ? sk_psock_start_verdict+0xc0/0xc0
[ 59.150918][ T396] ? _raw_spin_lock+0xa4/0x1b0
[ 59.155518][ T396] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.161208][ T396] ? skb_queue_tail+0xfb/0x120
[ 59.165764][ T396] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.170985][ T396] ? unix_dgram_poll+0x690/0x690
[ 59.175765][ T396] ? __kasan_check_write+0x14/0x20
[ 59.181071][ T396] ? __cpuidle_text_end+0x2/0x2
[ 59.185744][ T396] ? cgroup_rstat_updated+0xe5/0x370
[ 59.190856][ T396] ? security_socket_sendmsg+0x82/0xb0
[ 59.196159][ T396] ? unix_dgram_poll+0x690/0x690
[ 59.201019][ T396] ____sys_sendmsg+0x59e/0x8f0
[ 59.205623][ T396] ? __sys_sendmsg_sock+0x40/0x40
[ 59.210577][ T396] ? import_iovec+0xe5/0x120
[ 59.214988][ T396] ___sys_sendmsg+0x252/0x2e0
[ 59.219614][ T396] ? __sys_sendmsg+0x260/0x260
[ 59.224210][ T396] ? __kasan_check_write+0x14/0x20
[ 59.229132][ T396] ? proc_fail_nth_write+0x20b/0x290
[ 59.234266][ T396] ? __fdget+0x1bc/0x240
[ 59.238344][ T396] __sys_sendmmsg+0x2bf/0x530
[ 59.242937][ T396] ? __ia32_sys_sendmsg+0x90/0x90
[ 59.247887][ T396] ? mutex_unlock+0xb2/0x260
[ 59.252401][ T396] ? __kasan_check_write+0x14/0x20
[ 59.257369][ T396] ? __ia32_sys_read+0x90/0x90
[ 59.262029][ T396] ? debug_smp_processor_id+0x17/0x20
[ 59.267425][ T396] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 59.273313][ T396] __x64_sys_sendmmsg+0xa0/0xb0
[ 59.278176][ T396] x64_sys_call+0x81d/0x9a0
[ 59.282599][ T396] do_syscall_64+0x3b/0xb0
[ 59.286850][ T396] ? clear_bhb_loop+0x35/0x90
[ 59.291377][ T396] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.297093][ T396] RIP: 0033:0x7f23fa668ae9
[ 59.301349][ T396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 59.320789][ T396] RSP: 002b:00007f23fa1eb0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 59.329034][ T396] RAX: ffffffffffffffda RBX: 00007f23fa787f80 RCX: 00007f23fa668ae9
[ 59.336844][ T396] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 59.344663][ T396] RBP: 00007f23fa1eb120 R08: 0000000000000000 R09: 0000000000000000
[ 59.352470][ T396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.360278][ T396] R13: 000000000000000b R14: 00007f23fa787f80 R15: 00007ffe06ba14a8
[ 59.368096][ T396]
[ 59.374230][ T395] ==================================================================
[ 59.382419][ T395] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 59.390909][ T395]
[ 59.393251][ T395] CPU: 1 PID: 395 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 59.404878][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 59.414785][ T395] Call Trace:
[ 59.417978][ T395]
[ 59.420795][ T395] dump_stack_lvl+0x151/0x1c0
[ 59.425282][ T395] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.430739][ T395] ? __wake_up_klogd+0xd5/0x110
[ 59.435422][ T395] ? panic+0x760/0x760
[ 59.439333][ T395] ? kmem_cache_free+0x116/0x2e0
[ 59.444116][ T395] print_address_description+0x87/0x3b0
[ 59.449491][ T395] ? kmem_cache_free+0x116/0x2e0
[ 59.454345][ T395] ? kmem_cache_free+0x116/0x2e0
[ 59.459555][ T395] kasan_report_invalid_free+0x6b/0xa0
[ 59.464885][ T395] ____kasan_slab_free+0x13e/0x160
[ 59.469970][ T395] __kasan_slab_free+0x11/0x20
[ 59.474568][ T395] slab_free_freelist_hook+0xbd/0x190
[ 59.479981][ T395] ? kfree_skbmem+0x104/0x170
[ 59.484640][ T395] kmem_cache_free+0x116/0x2e0
[ 59.489465][ T395] kfree_skbmem+0x104/0x170
[ 59.493806][ T395] consume_skb+0xb4/0x250
[ 59.498056][ T395] __sk_msg_free+0x2dd/0x370
[ 59.502747][ T395] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.508392][ T395] sk_psock_stop+0x44c/0x4d0
[ 59.512846][ T395] sk_psock_drop+0x219/0x310
[ 59.517245][ T395] sock_map_unref+0x48f/0x4d0
[ 59.521755][ T395] ? __local_bh_enable_ip+0x58/0x80
[ 59.526799][ T395] ? _raw_spin_unlock_bh+0x51/0x60
[ 59.531748][ T395] sock_map_remove_links+0x41c/0x650
[ 59.536853][ T395] ? __kasan_record_aux_stack+0xd3/0xf0
[ 59.542356][ T395] ? kasan_record_aux_stack+0xe/0x10
[ 59.547462][ T395] ? task_work_add+0x27/0x1d0
[ 59.551982][ T395] ? sock_map_unhash+0x120/0x120
[ 59.556753][ T395] ? x64_sys_call+0x3d/0x9a0
[ 59.561183][ T395] ? locks_remove_posix+0x610/0x610
[ 59.566321][ T395] sock_map_close+0x114/0x530
[ 59.570939][ T395] ? unix_peer_get+0xe0/0xe0
[ 59.575480][ T395] ? sock_map_remove_links+0x650/0x650
[ 59.581289][ T395] ? rwsem_mark_wake+0x770/0x770
[ 59.586075][ T395] unix_release+0x82/0xc0
[ 59.590232][ T395] sock_close+0xdf/0x270
[ 59.594305][ T395] ? sock_mmap+0xa0/0xa0
[ 59.598491][ T395] __fput+0x228/0x8c0
[ 59.602304][ T395] ____fput+0x15/0x20
[ 59.606108][ T395] task_work_run+0x129/0x190
[ 59.610534][ T395] exit_to_user_mode_loop+0xc4/0xe0
[ 59.615788][ T395] exit_to_user_mode_prepare+0x5a/0xa0
[ 59.621082][ T395] syscall_exit_to_user_mode+0x26/0x160
[ 59.626549][ T395] do_syscall_64+0x47/0xb0
[ 59.630848][ T395] ? clear_bhb_loop+0x35/0x90
[ 59.635349][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.641038][ T395] RIP: 0033:0x7f23fa6679da
[ 59.645579][ T395] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 59.665362][ T395] RSP: 002b:00007ffe06ba1570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 59.674055][ T395] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f23fa6679da
[ 59.681864][ T395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 59.689823][ T395] RBP: 00007f23fa789980 R08: 0000001b31f60000 R09: 00007ffe06bad0b0
[ 59.697736][ T395] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e9a9
[ 59.705612][ T395] R13: ffffffffffffffff R14: 00007f23fa1ec000 R15: 000000000000e668
[ 59.713427][ T395]
[ 59.716291][ T395]
[ 59.718455][ T395] Allocated by task 396:
[ 59.722656][ T395] __kasan_slab_alloc+0xb1/0xe0
[ 59.729621][ T395] slab_post_alloc_hook+0x53/0x2c0
[ 59.734687][ T395] kmem_cache_alloc+0xf5/0x200
[ 59.739303][ T395] skb_clone+0x1d1/0x360
[ 59.743335][ T395] sk_psock_verdict_recv+0x53/0x840
[ 59.748496][ T395] unix_read_sock+0x132/0x370
[ 59.753294][ T395] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.759086][ T395] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.764601][ T395] ____sys_sendmsg+0x59e/0x8f0
[ 59.769177][ T395] ___sys_sendmsg+0x252/0x2e0
[ 59.773861][ T395] __sys_sendmmsg+0x2bf/0x530
[ 59.778856][ T395] __x64_sys_sendmmsg+0xa0/0xb0
[ 59.783537][ T395] x64_sys_call+0x81d/0x9a0
[ 59.788017][ T395] do_syscall_64+0x3b/0xb0
[ 59.792371][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.798179][ T395]
[ 59.800424][ T395] Freed by task 6:
[ 59.804175][ T395] kasan_set_track+0x4b/0x70
[ 59.808694][ T395] kasan_set_free_info+0x23/0x40
[ 59.813466][ T395] ____kasan_slab_free+0x126/0x160
[ 59.818448][ T395] __kasan_slab_free+0x11/0x20
[ 59.823262][ T395] slab_free_freelist_hook+0xbd/0x190
[ 59.828566][ T395] kmem_cache_free+0x116/0x2e0
[ 59.833277][ T395] kfree_skbmem+0x104/0x170
[ 59.837592][ T395] kfree_skb+0xc2/0x360
[ 59.841593][ T395] sk_psock_backlog+0xc21/0xd90
[ 59.846272][ T395] process_one_work+0x6bb/0xc10
[ 59.851117][ T395] worker_thread+0xad5/0x12a0
[ 59.855696][ T395] kthread+0x421/0x510
[ 59.859619][ T395] ret_from_fork+0x1f/0x30
[ 59.863874][ T395]
[ 59.866021][ T395] The buggy address belongs to the object at ffff888124801000
[ 59.866021][ T395] which belongs to the cache skbuff_head_cache of size 248
[ 59.880638][ T395] The buggy address is located 0 bytes inside of
[ 59.880638][ T395] 248-byte region [ffff888124801000, ffff8881248010f8)
[ 59.893578][ T395] The buggy address belongs to the page:
[ 59.899126][ T395] page:ffffea0004920040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124801
[ 59.909463][ T395] flags: 0x4000000000000200(slab|zone=1)
[ 59.915119][ T395] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 59.923609][ T395] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 59.932014][ T395] page dumped because: kasan: bad access detected
[ 59.938289][ T395] page_owner tracks the page as allocated
[ 59.943923][ T395] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100a20(GFP_ATOMIC|__GFP_HARDWALL), pid 394, ts 59002268320, free_ts 49125572028
[ 59.959109][ T395] post_alloc_hook+0x1a3/0x1b0
[ 59.963701][ T395] prep_new_page+0x1b/0x110
[ 59.968044][ T395] get_page_from_freelist+0x3550/0x35d0
[ 59.973422][ T395] __alloc_pages+0x27e/0x8f0
[ 59.977849][ T395] alloc_slab_page+0x1f/0x80
[ 59.982362][ T395] new_slab+0x397/0x4e0
[ 59.986355][ T395] ___slab_alloc+0x39e/0x830
[ 59.991045][ T395] __slab_alloc+0x4a/0x90
[ 59.995210][ T395] kmem_cache_alloc+0x134/0x200
[ 59.999982][ T395] skb_clone+0x1d1/0x360
[ 60.004075][ T395] sk_psock_verdict_recv+0x53/0x840
[ 60.009125][ T395] unix_read_sock+0x132/0x370
[ 60.013607][ T395] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.019350][ T395] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.024381][ T395] ____sys_sendmsg+0x59e/0x8f0
[ 60.029091][ T395] ___sys_sendmsg+0x252/0x2e0
[ 60.033606][ T395] page last free stack trace:
[ 60.038135][ T395] __free_pages_ok+0x985/0xa50
[ 60.042717][ T395] __free_pages+0xe9/0xf0
[ 60.046889][ T395] free_nonslab_page+0x82/0xc0
[ 60.051487][ T395] kfree+0x19e/0x220
[ 60.055218][ T395] kvfree+0x35/0x40
[ 60.058863][ T395] btf_check_all_metas+0x5c4/0xa40
[ 60.063819][ T395] btf_parse_vmlinux+0x403/0xe00
[ 60.068593][ T395] bpf_check+0x757/0x12bf0
[ 60.073007][ T395] bpf_prog_load+0x12ac/0x1b50
[ 60.077877][ T395] __sys_bpf+0x4bc/0x760
[ 60.082038][ T395] __x64_sys_bpf+0x7c/0x90
[ 60.086409][ T395] x64_sys_call+0x87f/0x9a0
[ 60.092836][ T395] do_syscall_64+0x3b/0xb0
[ 60.097105][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.102817][ T395]
[ 60.104985][ T395] Memory state around the buggy address:
[ 60.110456][ T395] ffff888124800f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.118355][ T395] ffff888124800f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.126251][ T395] >ffff888124801000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.134149][ T395] ^
[ 60.138055][ T395] ffff888124801080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 60.145953][ T395] ffff888124801100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 60.153857][ T395] ==================================================================
[ 60.174315][ T399] FAULT_INJECTION: forcing a failure.
[ 60.174315][ T399] name failslab, interval 1, probability 0, space 0, times 0
[ 60.186765][ T399] CPU: 0 PID: 399 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 60.198650][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.208848][ T399] Call Trace:
[ 60.211959][ T399]
[ 60.215050][ T399] dump_stack_lvl+0x151/0x1c0
[ 60.219627][ T399] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.225145][ T399] dump_stack+0x15/0x20
[ 60.229091][ T399] should_fail+0x3c6/0x510
[ 60.233428][ T399] __should_failslab+0xa4/0xe0
[ 60.238035][ T399] should_failslab+0x9/0x20
[ 60.242380][ T399] slab_pre_alloc_hook+0x37/0xd0
[ 60.247234][ T399] kmem_cache_alloc_trace+0x48/0x210
[ 60.252686][ T399] ? sk_psock_skb_ingress_self+0x60/0x330
[ 60.258222][ T399] ? migrate_disable+0x190/0x190
[ 60.263045][ T399] sk_psock_skb_ingress_self+0x60/0x330
[ 60.268659][ T399] sk_psock_verdict_recv+0x66d/0x840
[ 60.273688][ T399] unix_read_sock+0x132/0x370
[ 60.278318][ T399] ? sk_psock_skb_redirect+0x440/0x440
[ 60.283598][ T399] ? unix_stream_splice_actor+0x120/0x120
[ 60.289158][ T399] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.294446][ T399] ? unix_stream_splice_actor+0x120/0x120
[ 60.300093][ T399] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.305729][ T399] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.310943][ T399] ? _raw_spin_lock+0xa4/0x1b0
[ 60.315532][ T399] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.321189][ T399] ? skb_queue_tail+0xfb/0x120
[ 60.325894][ T399] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.330904][ T399] ? unix_dgram_poll+0x690/0x690