Warning: Permanently added '10.128.0.149' (ED25519) to the list of known hosts.
2024/09/06 21:15:42 ignoring optional flag "sandboxArg"="0"
2024/09/06 21:15:42 parsed 1 programs
[ 45.270514][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 45.270529][ T30] audit: type=1400 audit(1725657343.000:95): avc: denied { unlink } for pid=347 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/09/06 21:15:43 executed programs: 0
[ 45.328645][ T347] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 45.385250][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.393159][ T353] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.400760][ T353] device bridge_slave_0 entered promiscuous mode
[ 45.407432][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.414520][ T353] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.421680][ T353] device bridge_slave_1 entered promiscuous mode
[ 45.466810][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.473799][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.481289][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.488509][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.507568][ T20] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.515207][ T20] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.522759][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.530073][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.539444][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.547861][ T39] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.555194][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.563590][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.571864][ T20] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.579276][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.601413][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.610144][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.618171][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.626223][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.633624][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.641393][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.649867][ T353] device veth0_vlan entered promiscuous mode
[ 45.660343][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.669387][ T353] device veth1_macvtap entered promiscuous mode
[ 45.680232][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.688657][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.710243][ T30] audit: type=1400 audit(1725657343.440:96): avc: denied { prog_load } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.729785][ T30] audit: type=1400 audit(1725657343.440:97): avc: denied { bpf } for pid=358 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.751968][ T30] audit: type=1400 audit(1725657343.440:98): avc: denied { perfmon } for pid=358 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.753598][ T359] FAULT_INJECTION: forcing a failure.
[ 45.753598][ T359] name failslab, interval 1, probability 0, space 0, times 1
[ 45.774347][ T30] audit: type=1400 audit(1725657343.480:99): avc: denied { prog_run } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.787607][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 45.806655][ T30] audit: type=1400 audit(1725657343.480:100): avc: denied { map_create } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.817604][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 45.817633][ T359] Call Trace:
[ 45.817639][ T359]
[ 45.817648][ T359] dump_stack_lvl+0x151/0x1c0
[ 45.837920][ T30] audit: type=1400 audit(1725657343.480:101): avc: denied { map_read map_write } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.848050][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.887007][ T359] dump_stack+0x15/0x20
[ 45.891082][ T359] should_fail+0x3c6/0x510
[ 45.895330][ T359] __should_failslab+0xa4/0xe0
[ 45.900323][ T359] should_failslab+0x9/0x20
[ 45.905262][ T359] slab_pre_alloc_hook+0x37/0xd0
[ 45.910053][ T359] kmem_cache_alloc_trace+0x48/0x210
[ 45.915933][ T359] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.921657][ T359] ? migrate_disable+0x190/0x190
[ 45.926425][ T359] sk_psock_skb_ingress_self+0x60/0x330
[ 45.932173][ T359] sk_psock_verdict_recv+0x66d/0x840
[ 45.937511][ T359] unix_read_sock+0x132/0x370
[ 45.941957][ T359] ? sk_psock_skb_redirect+0x440/0x440
[ 45.947514][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 45.953066][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.958361][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 45.964312][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.970291][ T359] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.975715][ T359] ? _raw_spin_lock+0xa4/0x1b0
[ 45.980435][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.986262][ T359] ? skb_queue_tail+0xfb/0x120
[ 45.991197][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.996519][ T359] ? unix_dgram_poll+0x710/0x710
[ 46.001622][ T359] ? __kasan_check_write+0x14/0x20
[ 46.006836][ T359] ? __cpuidle_text_end+0x2/0x2
[ 46.011663][ T359] ? cgroup_rstat_updated+0xe5/0x370
[ 46.017003][ T359] ? security_socket_sendmsg+0x82/0xb0
[ 46.022430][ T359] ? unix_dgram_poll+0x710/0x710
[ 46.027196][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 46.032017][ T359] ? __sys_sendmsg_sock+0x40/0x40
[ 46.037037][ T359] ? import_iovec+0xe5/0x120
[ 46.041617][ T359] ___sys_sendmsg+0x252/0x2e0
[ 46.046206][ T359] ? __sys_sendmsg+0x260/0x260
[ 46.050896][ T359] ? __kasan_check_write+0x14/0x20
[ 46.055929][ T359] ? proc_fail_nth_write+0x20b/0x290
[ 46.061236][ T359] ? __fdget+0x1bc/0x240
[ 46.066048][ T359] __sys_sendmmsg+0x2bf/0x530
[ 46.071817][ T359] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.076843][ T359] ? mutex_unlock+0xb2/0x260
[ 46.081270][ T359] ? __kasan_check_write+0x14/0x20
[ 46.086366][ T359] ? __ia32_sys_read+0x90/0x90
[ 46.091017][ T359] ? debug_smp_processor_id+0x17/0x20
[ 46.096328][ T359] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.102418][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.107573][ T359] x64_sys_call+0x81d/0x9a0
[ 46.112025][ T359] do_syscall_64+0x3b/0xb0
[ 46.116437][ T359] ? clear_bhb_loop+0x35/0x90
[ 46.120949][ T359] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.126798][ T359] RIP: 0033:0x7f51a66abae9
[ 46.131021][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.151398][ T359] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.160173][ T359] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 46.168211][ T359] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.176291][ T359] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 46.184360][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.192175][ T359] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 46.200083][ T359]
[ 46.206028][ T358] ==================================================================
[ 46.214287][ T358] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 46.221126][ T358] Read of size 4 at addr ffff8881231469ac by task syz-executor.0/358
[ 46.229293][ T358]
[ 46.231725][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 46.242149][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 46.252116][ T358] Call Trace:
[ 46.255414][ T358]
[ 46.258276][ T358] dump_stack_lvl+0x151/0x1c0
[ 46.262790][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.268354][ T358] ? panic+0x760/0x760
[ 46.272251][ T358] ? debug_smp_processor_id+0x17/0x20
[ 46.277655][ T358] print_address_description+0x87/0x3b0
[ 46.283145][ T358] kasan_report+0x179/0x1c0
[ 46.287582][ T358] ? consume_skb+0x3c/0x250
[ 46.292007][ T358] ? consume_skb+0x3c/0x250
[ 46.296501][ T358] kasan_check_range+0x293/0x2a0
[ 46.301199][ T358] __kasan_check_read+0x11/0x20
[ 46.305881][ T358] consume_skb+0x3c/0x250
[ 46.310234][ T358] __sk_msg_free+0x2dd/0x370
[ 46.314849][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.320487][ T358] sk_psock_stop+0x44c/0x4d0
[ 46.324913][ T358] ? unix_peer_get+0xe0/0xe0
[ 46.329972][ T358] sock_map_close+0x2b9/0x4c0
[ 46.334654][ T358] ? sock_map_remove_links+0x650/0x650
[ 46.340049][ T358] ? rwsem_mark_wake+0x770/0x770
[ 46.344997][ T358] unix_release+0x82/0xc0
[ 46.349475][ T358] sock_close+0xdf/0x270
[ 46.353595][ T358] ? sock_mmap+0xa0/0xa0
[ 46.357849][ T358] __fput+0x3fe/0x910
[ 46.361697][ T358] ____fput+0x15/0x20
[ 46.365689][ T358] task_work_run+0x129/0x190
[ 46.370493][ T358] exit_to_user_mode_loop+0xc4/0xe0
[ 46.375802][ T358] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.381322][ T358] syscall_exit_to_user_mode+0x26/0x160
[ 46.387003][ T358] do_syscall_64+0x47/0xb0
[ 46.391637][ T358] ? clear_bhb_loop+0x35/0x90
[ 46.396156][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.402231][ T358] RIP: 0033:0x7f51a66aa9da
[ 46.406542][ T358] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.426313][ T358] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.434750][ T358] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 46.442813][ T358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.450618][ T358] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 46.458831][ T358] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5ba
[ 46.466732][ T358] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000b279
[ 46.475008][ T358]
[ 46.477865][ T358]
[ 46.480034][ T358] Allocated by task 359:
[ 46.484469][ T358] __kasan_slab_alloc+0xb1/0xe0
[ 46.489326][ T358] slab_post_alloc_hook+0x53/0x2c0
[ 46.494711][ T358] kmem_cache_alloc+0xf5/0x200
[ 46.499651][ T358] skb_clone+0x1d1/0x360
[ 46.503736][ T358] sk_psock_verdict_recv+0x53/0x840
[ 46.508767][ T358] unix_read_sock+0x132/0x370
[ 46.513383][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.519012][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.524124][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 46.528646][ T358] ___sys_sendmsg+0x252/0x2e0
[ 46.533325][ T358] __sys_sendmmsg+0x2bf/0x530
[ 46.537926][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.542698][ T358] x64_sys_call+0x81d/0x9a0
[ 46.547043][ T358] do_syscall_64+0x3b/0xb0
[ 46.551421][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.557229][ T358]
[ 46.559403][ T358] Freed by task 26:
[ 46.563225][ T358] kasan_set_track+0x4b/0x70
[ 46.567816][ T358] kasan_set_free_info+0x23/0x40
[ 46.572588][ T358] ____kasan_slab_free+0x126/0x160
[ 46.577888][ T358] __kasan_slab_free+0x11/0x20
[ 46.582569][ T358] slab_free_freelist_hook+0xbd/0x190
[ 46.587789][ T358] kmem_cache_free+0x116/0x2e0
[ 46.592566][ T358] kfree_skbmem+0x104/0x170
[ 46.597259][ T358] kfree_skb+0xc2/0x360
[ 46.601336][ T358] sk_psock_backlog+0xc21/0xd90
[ 46.606023][ T358] process_one_work+0x6bb/0xc10
[ 46.611000][ T358] worker_thread+0xad5/0x12a0
[ 46.615618][ T358] kthread+0x421/0x510
[ 46.619687][ T358] ret_from_fork+0x1f/0x30
[ 46.624020][ T358]
[ 46.626181][ T358] The buggy address belongs to the object at ffff8881231468c0
[ 46.626181][ T358] which belongs to the cache skbuff_head_cache of size 248
[ 46.641139][ T358] The buggy address is located 236 bytes inside of
[ 46.641139][ T358] 248-byte region [ffff8881231468c0, ffff8881231469b8)
[ 46.655075][ T358] The buggy address belongs to the page:
[ 46.660644][ T358] page:ffffea00048c5180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123146
[ 46.671047][ T358] flags: 0x4000000000000200(slab|zone=1)
[ 46.676701][ T358] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 46.685558][ T358] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.694919][ T358] page dumped because: kasan: bad access detected
[ 46.701177][ T358] page_owner tracks the page as allocated
[ 46.706799][ T358] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 26, ts 45752064886, free_ts 38624346480
[ 46.724011][ T358] post_alloc_hook+0x1a3/0x1b0
[ 46.728673][ T358] prep_new_page+0x1b/0x110
[ 46.733097][ T358] get_page_from_freelist+0x3550/0x35d0
[ 46.738481][ T358] __alloc_pages+0x27e/0x8f0
[ 46.743166][ T358] new_slab+0x9a/0x4e0
[ 46.747156][ T358] ___slab_alloc+0x39e/0x830
[ 46.751591][ T358] __slab_alloc+0x4a/0x90
[ 46.755929][ T358] kmem_cache_alloc+0x134/0x200
[ 46.760737][ T358] __alloc_skb+0xbe/0x550
[ 46.764989][ T358] ndisc_alloc_skb+0xf3/0x2d0
[ 46.769599][ T358] ndisc_send_ns+0x29d/0x830
[ 46.774099][ T358] addrconf_dad_work+0xb29/0x1710
[ 46.779042][ T358] process_one_work+0x6bb/0xc10
[ 46.783731][ T358] worker_thread+0xad5/0x12a0
[ 46.788263][ T358] kthread+0x421/0x510
[ 46.792320][ T358] ret_from_fork+0x1f/0x30
[ 46.796667][ T358] page last free stack trace:
[ 46.801214][ T358] free_unref_page_prepare+0x7c8/0x7d0
[ 46.806650][ T358] free_unref_page+0xe8/0x750
[ 46.811425][ T358] __put_page+0xb0/0xe0
[ 46.815506][ T358] anon_pipe_buf_release+0x187/0x200
[ 46.820876][ T358] pipe_read+0x5a6/0x1040
[ 46.825044][ T358] vfs_read+0xa7e/0xd40
[ 46.829206][ T358] ksys_read+0x199/0x2c0
[ 46.833288][ T358] __x64_sys_read+0x7b/0x90
[ 46.837624][ T358] x64_sys_call+0x28/0x9a0
[ 46.841976][ T358] do_syscall_64+0x3b/0xb0
[ 46.846572][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.852563][ T358]
[ 46.855168][ T358] Memory state around the buggy address:
[ 46.861179][ T358] ffff888123146880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.869596][ T358] ffff888123146900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.877575][ T358] >ffff888123146980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.885472][ T358] ^
[ 46.891377][ T358] ffff888123146a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.899552][ T358] ffff888123146a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.907878][ T358] ==================================================================
[ 46.916491][ T358] Disabling lock debugging due to kernel taint
[ 46.922628][ T358] ==================================================================
[ 46.930737][ T358] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.934414][ T30] audit: type=1400 audit(1725657344.650:102): avc: denied { read } for pid=81 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 46.939191][ T358]
[ 46.939203][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 46.939227][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 46.985093][ T358] Call Trace:
[ 46.988214][ T358]
[ 46.990989][ T358] dump_stack_lvl+0x151/0x1c0
[ 46.995957][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.001676][ T358] ? __wake_up_klogd+0xd5/0x110
[ 47.006725][ T358] ? panic+0x760/0x760
[ 47.010714][ T358] ? kmem_cache_free+0x116/0x2e0
[ 47.015746][ T358] print_address_description+0x87/0x3b0
[ 47.021222][ T358] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 47.027397][ T358] ? kmem_cache_free+0x116/0x2e0
[ 47.032162][ T358] ? kmem_cache_free+0x116/0x2e0
[ 47.037373][ T358] kasan_report_invalid_free+0x6b/0xa0
[ 47.042959][ T358] ____kasan_slab_free+0x13e/0x160
[ 47.047965][ T358] __kasan_slab_free+0x11/0x20
[ 47.052918][ T358] slab_free_freelist_hook+0xbd/0x190
[ 47.058453][ T358] ? kfree_skbmem+0x104/0x170
[ 47.063110][ T358] kmem_cache_free+0x116/0x2e0
[ 47.067720][ T358] kfree_skbmem+0x104/0x170
[ 47.072277][ T358] consume_skb+0xb4/0x250
[ 47.077038][ T358] __sk_msg_free+0x2dd/0x370
[ 47.081450][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.087161][ T358] sk_psock_stop+0x44c/0x4d0
[ 47.091795][ T358] ? unix_peer_get+0xe0/0xe0
[ 47.096394][ T358] sock_map_close+0x2b9/0x4c0
[ 47.100928][ T358] ? sock_map_remove_links+0x650/0x650
[ 47.106312][ T358] ? rwsem_mark_wake+0x770/0x770
[ 47.111419][ T358] unix_release+0x82/0xc0
[ 47.115773][ T358] sock_close+0xdf/0x270
[ 47.119851][ T358] ? sock_mmap+0xa0/0xa0
[ 47.124090][ T358] __fput+0x3fe/0x910
[ 47.127881][ T358] ____fput+0x15/0x20
[ 47.131768][ T358] task_work_run+0x129/0x190
[ 47.136420][ T358] exit_to_user_mode_loop+0xc4/0xe0
[ 47.141605][ T358] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.147157][ T358] syscall_exit_to_user_mode+0x26/0x160
[ 47.152821][ T358] do_syscall_64+0x47/0xb0
[ 47.157661][ T358] ? clear_bhb_loop+0x35/0x90
[ 47.162519][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.169395][ T358] RIP: 0033:0x7f51a66aa9da
[ 47.173804][ T358] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.193802][ T358] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.202239][ T358] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 47.210709][ T358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.218572][ T358] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 47.226475][ T358] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5ba
[ 47.234370][ T358] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000b279
[ 47.242441][ T358]
[ 47.245492][ T358]
[ 47.247990][ T358] Allocated by task 359:
[ 47.252516][ T358] __kasan_slab_alloc+0xb1/0xe0
[ 47.257728][ T358] slab_post_alloc_hook+0x53/0x2c0
[ 47.262933][ T358] kmem_cache_alloc+0xf5/0x200
[ 47.267629][ T358] skb_clone+0x1d1/0x360
[ 47.271813][ T358] sk_psock_verdict_recv+0x53/0x840
[ 47.277088][ T358] unix_read_sock+0x132/0x370
[ 47.281601][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.287550][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.292805][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 47.297402][ T358] ___sys_sendmsg+0x252/0x2e0
[ 47.301934][ T358] __sys_sendmmsg+0x2bf/0x530
[ 47.306704][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.311672][ T358] x64_sys_call+0x81d/0x9a0
[ 47.316100][ T358] do_syscall_64+0x3b/0xb0
[ 47.320575][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.326522][ T358]
[ 47.328723][ T358] Freed by task 26:
[ 47.332554][ T358] kasan_set_track+0x4b/0x70
[ 47.337168][ T358] kasan_set_free_info+0x23/0x40
[ 47.341927][ T358] ____kasan_slab_free+0x126/0x160
[ 47.346882][ T358] __kasan_slab_free+0x11/0x20
[ 47.351742][ T358] slab_free_freelist_hook+0xbd/0x190
[ 47.357246][ T358] kmem_cache_free+0x116/0x2e0
[ 47.362098][ T358] kfree_skbmem+0x104/0x170
[ 47.366515][ T358] kfree_skb+0xc2/0x360
[ 47.370508][ T358] sk_psock_backlog+0xc21/0xd90
[ 47.375205][ T358] process_one_work+0x6bb/0xc10
[ 47.380064][ T358] worker_thread+0xad5/0x12a0
[ 47.385041][ T358] kthread+0x421/0x510
[ 47.389500][ T358] ret_from_fork+0x1f/0x30
[ 47.394024][ T358]
[ 47.396226][ T358] The buggy address belongs to the object at ffff8881231468c0
[ 47.396226][ T358] which belongs to the cache skbuff_head_cache of size 248
[ 47.411930][ T358] The buggy address is located 0 bytes inside of
[ 47.411930][ T358] 248-byte region [ffff8881231468c0, ffff8881231469b8)
[ 47.425130][ T358] The buggy address belongs to the page:
[ 47.431118][ T358] page:ffffea00048c5180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123146
[ 47.442388][ T358] flags: 0x4000000000000200(slab|zone=1)
[ 47.447835][ T358] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 47.456918][ T358] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.466010][ T358] page dumped because: kasan: bad access detected
[ 47.472535][ T358] page_owner tracks the page as allocated
[ 47.478164][ T358] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 26, ts 45752064886, free_ts 38624346480
[ 47.495625][ T358] post_alloc_hook+0x1a3/0x1b0
[ 47.500425][ T358] prep_new_page+0x1b/0x110
[ 47.504756][ T358] get_page_from_freelist+0x3550/0x35d0
[ 47.510488][ T358] __alloc_pages+0x27e/0x8f0
[ 47.514995][ T358] new_slab+0x9a/0x4e0
[ 47.518914][ T358] ___slab_alloc+0x39e/0x830
[ 47.523353][ T358] __slab_alloc+0x4a/0x90
[ 47.527592][ T358] kmem_cache_alloc+0x134/0x200
[ 47.532271][ T358] __alloc_skb+0xbe/0x550
[ 47.536528][ T358] ndisc_alloc_skb+0xf3/0x2d0
[ 47.541120][ T358] ndisc_send_ns+0x29d/0x830
[ 47.546182][ T358] addrconf_dad_work+0xb29/0x1710
[ 47.551043][ T358] process_one_work+0x6bb/0xc10
[ 47.555730][ T358] worker_thread+0xad5/0x12a0
[ 47.560231][ T358] kthread+0x421/0x510
[ 47.564142][ T358] ret_from_fork+0x1f/0x30
[ 47.568399][ T358] page last free stack trace:
[ 47.573016][ T358] free_unref_page_prepare+0x7c8/0x7d0
[ 47.578611][ T358] free_unref_page+0xe8/0x750
[ 47.583680][ T358] __put_page+0xb0/0xe0
[ 47.587656][ T358] anon_pipe_buf_release+0x187/0x200
[ 47.593154][ T358] pipe_read+0x5a6/0x1040
[ 47.597488][ T358] vfs_read+0xa7e/0xd40
[ 47.601661][ T358] ksys_read+0x199/0x2c0
[ 47.605830][ T358] __x64_sys_read+0x7b/0x90
[ 47.610438][ T358] x64_sys_call+0x28/0x9a0
[ 47.614670][ T358] do_syscall_64+0x3b/0xb0
[ 47.619018][ T358] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.624913][ T358]
[ 47.627077][ T358] Memory state around the buggy address:
[ 47.632660][ T358] ffff888123146780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.640908][ T358] ffff888123146800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.649030][ T358] >ffff888123146880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.656934][ T358] ^
[ 47.663093][ T358] ffff888123146900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.671336][ T358] ffff888123146980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.679318][ T358] ==================================================================
[ 47.704932][ T364] FAULT_INJECTION: forcing a failure.
[ 47.704932][ T364] name failslab, interval 1, probability 0, space 0, times 0
[ 47.718051][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 47.730170][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 47.740567][ T364] Call Trace:
[ 47.743850][ T364]
[ 47.746920][ T364] dump_stack_lvl+0x151/0x1c0
[ 47.751442][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.757443][ T364] dump_stack+0x15/0x20
[ 47.761705][ T364] should_fail+0x3c6/0x510
[ 47.766138][ T364] __should_failslab+0xa4/0xe0
[ 47.770736][ T364] should_failslab+0x9/0x20
[ 47.775063][ T364] slab_pre_alloc_hook+0x37/0xd0
[ 47.779852][ T364] kmem_cache_alloc_trace+0x48/0x210
[ 47.785062][ T364] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.790812][ T364] ? migrate_disable+0x190/0x190
[ 47.795586][ T364] sk_psock_skb_ingress_self+0x60/0x330
[ 47.801065][ T364] sk_psock_verdict_recv+0x66d/0x840
[ 47.806480][ T364] unix_read_sock+0x132/0x370
[ 47.811138][ T364] ? sk_psock_skb_redirect+0x440/0x440
[ 47.816696][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 47.822245][ T364] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.827942][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 47.833483][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.839423][ T364] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.845371][ T364] ? _raw_spin_lock+0xa4/0x1b0
[ 47.850552][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.856852][ T364] ? skb_queue_tail+0xfb/0x120
[ 47.862946][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.868064][ T364] ? unix_dgram_poll+0x710/0x710
[ 47.872923][ T364] ? __kasan_check_write+0x14/0x20
[ 47.878048][ T364] ? __cpuidle_text_end+0x2/0x2
[ 47.882988][ T364] ? cgroup_rstat_updated+0xe5/0x370
[ 47.888359][ T364] ? security_socket_sendmsg+0x82/0xb0
[ 47.894217][ T364] ? unix_dgram_poll+0x710/0x710
[ 47.899588][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 47.904197][ T364] ? __sys_sendmsg_sock+0x40/0x40
[ 47.909146][ T364] ? import_iovec+0xe5/0x120
[ 47.914265][ T364] ___sys_sendmsg+0x252/0x2e0
[ 47.919028][ T364] ? __sys_sendmsg+0x260/0x260
[ 47.924138][ T364] ? __kasan_check_write+0x14/0x20
[ 47.929087][ T364] ? proc_fail_nth_write+0x20b/0x290
[ 47.934394][ T364] ? __fdget+0x1bc/0x240
[ 47.938661][ T364] __sys_sendmmsg+0x2bf/0x530
[ 47.943485][ T364] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.948488][ T364] ? mutex_unlock+0xb2/0x260
[ 47.953303][ T364] ? __kasan_check_write+0x14/0x20
[ 47.958410][ T364] ? __ia32_sys_read+0x90/0x90
[ 47.963543][ T364] ? debug_smp_processor_id+0x17/0x20
[ 47.968821][ T364] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.975179][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.979982][ T364] x64_sys_call+0x81d/0x9a0
[ 47.984572][ T364] do_syscall_64+0x3b/0xb0
[ 47.988821][ T364] ? clear_bhb_loop+0x35/0x90
[ 47.993666][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.999738][ T364] RIP: 0033:0x7f51a66abae9
[ 48.004096][ T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.024626][ T364] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.033415][ T364] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 48.041660][ T364] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.049778][ T364] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 48.057693][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.065865][ T364] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 48.073854][ T364]
[ 48.079863][ T363] ==================================================================
[ 48.088551][ T363] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.097089][ T363]
[ 48.099297][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.111333][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.121564][ T363] Call Trace:
[ 48.124689][ T363]
[ 48.127464][ T363] dump_stack_lvl+0x151/0x1c0
[ 48.131980][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.137529][ T363] ? __wake_up_klogd+0xd5/0x110
[ 48.142489][ T363] ? panic+0x760/0x760
[ 48.146652][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.151473][ T363] print_address_description+0x87/0x3b0
[ 48.156901][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.161670][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.166616][ T363] kasan_report_invalid_free+0x6b/0xa0
[ 48.172606][ T363] ____kasan_slab_free+0x13e/0x160
[ 48.177550][ T363] __kasan_slab_free+0x11/0x20
[ 48.182161][ T363] slab_free_freelist_hook+0xbd/0x190
[ 48.187357][ T363] ? kfree_skbmem+0x104/0x170
[ 48.191870][ T363] kmem_cache_free+0x116/0x2e0
[ 48.196470][ T363] kfree_skbmem+0x104/0x170
[ 48.200812][ T363] consume_skb+0xb4/0x250
[ 48.205209][ T363] __sk_msg_free+0x2dd/0x370
[ 48.209912][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.216318][ T363] sk_psock_stop+0x44c/0x4d0
[ 48.221013][ T363] ? unix_peer_get+0xe0/0xe0
[ 48.225436][ T363] sock_map_close+0x2b9/0x4c0
[ 48.229946][ T363] ? sock_map_remove_links+0x650/0x650
[ 48.235556][ T363] ? rwsem_mark_wake+0x770/0x770
[ 48.240754][ T363] unix_release+0x82/0xc0
[ 48.245018][ T363] sock_close+0xdf/0x270
[ 48.249249][ T363] ? sock_mmap+0xa0/0xa0
[ 48.253452][ T363] __fput+0x3fe/0x910
[ 48.257347][ T363] ____fput+0x15/0x20
[ 48.261527][ T363] task_work_run+0x129/0x190
[ 48.266079][ T363] exit_to_user_mode_loop+0xc4/0xe0
[ 48.271115][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.276671][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 48.282168][ T363] do_syscall_64+0x47/0xb0
[ 48.286417][ T363] ? clear_bhb_loop+0x35/0x90
[ 48.291329][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.297160][ T363] RIP: 0033:0x7f51a66aa9da
[ 48.301464][ T363] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.321628][ T363] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.330142][ T363] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 48.338119][ T363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.346026][ T363] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 48.354303][ T363] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bd84
[ 48.362734][ T363] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000ba43
[ 48.370640][ T363]
[ 48.373582][ T363]
[ 48.375754][ T363] Allocated by task 364:
[ 48.380125][ T363] __kasan_slab_alloc+0xb1/0xe0
[ 48.384952][ T363] slab_post_alloc_hook+0x53/0x2c0
[ 48.389985][ T363] kmem_cache_alloc+0xf5/0x200
[ 48.394758][ T363] skb_clone+0x1d1/0x360
[ 48.398839][ T363] sk_psock_verdict_recv+0x53/0x840
[ 48.404267][ T363] unix_read_sock+0x132/0x370
[ 48.409012][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.414740][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.419780][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 48.424808][ T363] ___sys_sendmsg+0x252/0x2e0
[ 48.429415][ T363] __sys_sendmmsg+0x2bf/0x530
[ 48.434298][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.439142][ T363] x64_sys_call+0x81d/0x9a0
[ 48.443668][ T363] do_syscall_64+0x3b/0xb0
[ 48.448080][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.453910][ T363]
[ 48.456601][ T363] Freed by task 26:
[ 48.460419][ T363] kasan_set_track+0x4b/0x70
[ 48.464930][ T363] kasan_set_free_info+0x23/0x40
[ 48.469823][ T363] ____kasan_slab_free+0x126/0x160
[ 48.474886][ T363] __kasan_slab_free+0x11/0x20
[ 48.479457][ T363] slab_free_freelist_hook+0xbd/0x190
[ 48.484892][ T363] kmem_cache_free+0x116/0x2e0
[ 48.489737][ T363] kfree_skbmem+0x104/0x170
[ 48.494295][ T363] kfree_skb+0xc2/0x360
[ 48.498506][ T363] sk_psock_backlog+0xc21/0xd90
[ 48.503476][ T363] process_one_work+0x6bb/0xc10
[ 48.508437][ T363] worker_thread+0xad5/0x12a0
[ 48.513121][ T363] kthread+0x421/0x510
[ 48.517298][ T363] ret_from_fork+0x1f/0x30
[ 48.521627][ T363]
[ 48.523799][ T363] The buggy address belongs to the object at ffff8881231483c0
[ 48.523799][ T363] which belongs to the cache skbuff_head_cache of size 248
[ 48.538757][ T363] The buggy address is located 0 bytes inside of
[ 48.538757][ T363] 248-byte region [ffff8881231483c0, ffff8881231484b8)
[ 48.553237][ T363] The buggy address belongs to the page:
[ 48.558845][ T363] page:ffffea00048c5200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123148
[ 48.569564][ T363] flags: 0x4000000000000200(slab|zone=1)
[ 48.575024][ T363] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 48.583446][ T363] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 48.591941][ T363] page dumped because: kasan: bad access detected
[ 48.598501][ T363] page_owner tracks the page as allocated
[ 48.604269][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 88, ts 47697444492, free_ts 47694270179
[ 48.620184][ T363] post_alloc_hook+0x1a3/0x1b0
[ 48.625060][ T363] prep_new_page+0x1b/0x110
[ 48.629643][ T363] get_page_from_freelist+0x3550/0x35d0
[ 48.635218][ T363] __alloc_pages+0x27e/0x8f0
[ 48.639655][ T363] new_slab+0x9a/0x4e0
[ 48.643624][ T363] ___slab_alloc+0x39e/0x830
[ 48.648316][ T363] __slab_alloc+0x4a/0x90
[ 48.652564][ T363] kmem_cache_alloc+0x134/0x200
[ 48.657514][ T363] __alloc_skb+0xbe/0x550
[ 48.661678][ T363] alloc_skb_with_frags+0xa6/0x680
[ 48.666626][ T363] sock_alloc_send_pskb+0x915/0xa50
[ 48.671928][ T363] unix_dgram_sendmsg+0x6fd/0x2090
[ 48.676962][ T363] __sys_sendto+0x564/0x720
[ 48.681669][ T363] __x64_sys_sendto+0xe5/0x100
[ 48.686709][ T363] x64_sys_call+0x15c/0x9a0
[ 48.692567][ T363] do_syscall_64+0x3b/0xb0
[ 48.697030][ T363] page last free stack trace:
[ 48.702560][ T363] free_unref_page_prepare+0x7c8/0x7d0
[ 48.708050][ T363] free_unref_page_list+0x14b/0xa60
[ 48.713141][ T363] release_pages+0x1310/0x1370
[ 48.717740][ T363] free_pages_and_swap_cache+0x8a/0xa0
[ 48.723211][ T363] tlb_finish_mmu+0x177/0x320
[ 48.727816][ T363] exit_mmap+0x40d/0x940
[ 48.732246][ T363] __mmput+0x95/0x310
[ 48.736227][ T363] mmput+0x5b/0x170
[ 48.739884][ T363] do_exit+0xb9c/0x2ca0
[ 48.744152][ T363] do_group_exit+0x141/0x310
[ 48.748577][ T363] get_signal+0x7a3/0x1630
[ 48.753004][ T363] arch_do_signal_or_restart+0xbd/0x1680
[ 48.758490][ T363] exit_to_user_mode_loop+0xa0/0xe0
[ 48.763697][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.769340][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 48.774919][ T363] do_syscall_64+0x47/0xb0
[ 48.779140][ T363]
[ 48.781398][ T363] Memory state around the buggy address:
[ 48.786932][ T363] ffff888123148280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.794772][ T363] ffff888123148300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.802851][ T363] >ffff888123148380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.811001][ T363] ^
[ 48.817514][ T363] ffff888123148400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.826409][ T363] ffff888123148480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.834485][ T363] ==================================================================
[ 48.856455][ T367] FAULT_INJECTION: forcing a failure.
[ 48.856455][ T367] name failslab, interval 1, probability 0, space 0, times 0
[ 48.869278][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.881249][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.891247][ T367] Call Trace:
[ 48.894367][ T367]
[ 48.898011][ T367] dump_stack_lvl+0x151/0x1c0
[ 48.903011][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.908740][ T367] dump_stack+0x15/0x20
[ 48.912724][ T367] should_fail+0x3c6/0x510
[ 48.916977][ T367] __should_failslab+0xa4/0xe0
[ 48.921954][ T367] should_failslab+0x9/0x20
[ 48.926851][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 48.931860][ T367] kmem_cache_alloc_trace+0x48/0x210
[ 48.937223][ T367] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.943147][ T367] ? migrate_disable+0x190/0x190
[ 48.947952][ T367] sk_psock_skb_ingress_self+0x60/0x330
[ 48.953656][ T367] sk_psock_verdict_recv+0x66d/0x840
[ 48.958790][ T367] unix_read_sock+0x132/0x370
[ 48.963368][ T367] ? sk_psock_skb_redirect+0x440/0x440
[ 48.968837][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 48.974477][ T367] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.979773][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 48.985539][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.991377][ T367] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.997072][ T367] ? _raw_spin_lock+0xa4/0x1b0
[ 49.002505][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.009342][ T367] ? skb_queue_tail+0xfb/0x120
[ 49.014033][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.019259][ T367] ? unix_dgram_poll+0x710/0x710
[ 49.024095][ T367] ? __kasan_check_write+0x14/0x20
[ 49.029424][ T367] ? __cpuidle_text_end+0x2/0x2
[ 49.034900][ T367] ? cgroup_rstat_updated+0xe5/0x370
[ 49.040315][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 49.045659][ T367] ? unix_dgram_poll+0x710/0x710
[ 49.050658][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 49.055330][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 49.060551][ T367] ? import_iovec+0xe5/0x120
[ 49.065075][ T367] ___sys_sendmsg+0x252/0x2e0
[ 49.069809][ T367] ? __sys_sendmsg+0x260/0x260
[ 49.074368][ T367] ? __kasan_check_write+0x14/0x20
[ 49.079494][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 49.084703][ T367] ? __fdget+0x1bc/0x240
[ 49.089047][ T367] __sys_sendmmsg+0x2bf/0x530
[ 49.093565][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.098636][ T367] ? mutex_unlock+0xb2/0x260
[ 49.103351][ T367] ? __kasan_check_write+0x14/0x20
[ 49.108396][ T367] ? __ia32_sys_read+0x90/0x90
[ 49.113098][ T367] ? debug_smp_processor_id+0x17/0x20
[ 49.118506][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.124895][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.129768][ T367] x64_sys_call+0x81d/0x9a0
[ 49.134210][ T367] do_syscall_64+0x3b/0xb0
[ 49.138573][ T367] ? clear_bhb_loop+0x35/0x90
[ 49.143190][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.149114][ T367] RIP: 0033:0x7f51a66abae9
[ 49.153457][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.173279][ T367] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.182102][ T367] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 49.190011][ T367] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.198425][ T367] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 49.207604][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.215494][ T367] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 49.224024][ T367]
[ 49.229263][ T366] ==================================================================
[ 49.237776][ T366] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.246213][ T366]
[ 49.248522][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.260515][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.270389][ T366] Call Trace:
[ 49.273541][ T366]
[ 49.276385][ T366] dump_stack_lvl+0x151/0x1c0
[ 49.281065][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.287019][ T366] ? __wake_up_klogd+0xd5/0x110
[ 49.292214][ T366] ? panic+0x760/0x760
[ 49.296842][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.301942][ T366] print_address_description+0x87/0x3b0
[ 49.307406][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.312270][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.317167][ T366] kasan_report_invalid_free+0x6b/0xa0
[ 49.322613][ T366] ____kasan_slab_free+0x13e/0x160
[ 49.327758][ T366] __kasan_slab_free+0x11/0x20
[ 49.332532][ T366] slab_free_freelist_hook+0xbd/0x190
[ 49.337916][ T366] ? kfree_skbmem+0x104/0x170
[ 49.342733][ T366] kmem_cache_free+0x116/0x2e0
[ 49.347430][ T366] kfree_skbmem+0x104/0x170
[ 49.352035][ T366] consume_skb+0xb4/0x250
[ 49.356688][ T366] __sk_msg_free+0x2dd/0x370
[ 49.361782][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.367569][ T366] sk_psock_stop+0x44c/0x4d0
[ 49.372174][ T366] ? unix_peer_get+0xe0/0xe0
[ 49.376612][ T366] sock_map_close+0x2b9/0x4c0
[ 49.381204][ T366] ? sock_map_remove_links+0x650/0x650
[ 49.386574][ T366] ? rwsem_mark_wake+0x770/0x770
[ 49.391350][ T366] unix_release+0x82/0xc0
[ 49.395599][ T366] sock_close+0xdf/0x270
[ 49.399723][ T366] ? sock_mmap+0xa0/0xa0
[ 49.403850][ T366] __fput+0x3fe/0x910
[ 49.407681][ T366] ____fput+0x15/0x20
[ 49.411489][ T366] task_work_run+0x129/0x190
[ 49.416211][ T366] exit_to_user_mode_loop+0xc4/0xe0
[ 49.421246][ T366] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.426831][ T366] syscall_exit_to_user_mode+0x26/0x160
[ 49.432193][ T366] do_syscall_64+0x47/0xb0
[ 49.436442][ T366] ? clear_bhb_loop+0x35/0x90
[ 49.441128][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.447196][ T366] RIP: 0033:0x7f51a66aa9da
[ 49.451629][ T366] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.471156][ T366] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.479783][ T366] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 49.487676][ T366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.495691][ T366] RBP: 0000000000000032 R08: 0000001b31c60000 R09: 00007f51a67caf8c
[ 49.503576][ T366] R10: 00007ffc8f91db40 R11: 0000000000000293 R12: 00007f51a62300d0
[ 49.511500][ T366] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000bec2
[ 49.519403][ T366]
[ 49.522270][ T366]
[ 49.524440][ T366] Allocated by task 367:
[ 49.528612][ T366] __kasan_slab_alloc+0xb1/0xe0
[ 49.533472][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 49.538684][ T366] kmem_cache_alloc+0xf5/0x200
[ 49.543367][ T366] skb_clone+0x1d1/0x360
[ 49.547616][ T366] sk_psock_verdict_recv+0x53/0x840
[ 49.553001][ T366] unix_read_sock+0x132/0x370
[ 49.558011][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.563664][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.568692][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 49.573379][ T366] ___sys_sendmsg+0x252/0x2e0
[ 49.577909][ T366] __sys_sendmmsg+0x2bf/0x530
[ 49.582661][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.587816][ T366] x64_sys_call+0x81d/0x9a0
[ 49.592233][ T366] do_syscall_64+0x3b/0xb0
[ 49.596575][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.602495][ T366]
[ 49.604661][ T366] Freed by task 39:
[ 49.608395][ T366] kasan_set_track+0x4b/0x70
[ 49.612897][ T366] kasan_set_free_info+0x23/0x40
[ 49.617923][ T366] ____kasan_slab_free+0x126/0x160
[ 49.623296][ T366] __kasan_slab_free+0x11/0x20
[ 49.627885][ T366] slab_free_freelist_hook+0xbd/0x190
[ 49.633420][ T366] kmem_cache_free+0x116/0x2e0
[ 49.638189][ T366] kfree_skbmem+0x104/0x170
[ 49.642888][ T366] kfree_skb+0xc2/0x360
[ 49.646970][ T366] sk_psock_backlog+0xc21/0xd90
[ 49.651654][ T366] process_one_work+0x6bb/0xc10
[ 49.656514][ T366] worker_thread+0xad5/0x12a0
[ 49.661253][ T366] kthread+0x421/0x510
[ 49.665155][ T366] ret_from_fork+0x1f/0x30
[ 49.669415][ T366]
[ 49.671754][ T366] The buggy address belongs to the object at ffff88810c9578c0
[ 49.671754][ T366] which belongs to the cache skbuff_head_cache of size 248
[ 49.686353][ T366] The buggy address is located 0 bytes inside of
[ 49.686353][ T366] 248-byte region [ffff88810c9578c0, ffff88810c9579b8)
[ 49.699457][ T366] The buggy address belongs to the page:
[ 49.704943][ T366] page:ffffea00043255c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c957
[ 49.715153][ T366] flags: 0x4000000000000200(slab|zone=1)
[ 49.720976][ T366] raw: 4000000000000200 ffffea0004325580 0000000900000009 ffff8881081b2f00
[ 49.730174][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.738891][ T366] page dumped because: kasan: bad access detected
[ 49.745146][ T366] page_owner tracks the page as allocated
[ 49.750627][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 88, ts 4226369184, free_ts 0
[ 49.766088][ T366] post_alloc_hook+0x1a3/0x1b0
[ 49.770770][ T366] prep_new_page+0x1b/0x110
[ 49.775115][ T366] get_page_from_freelist+0x3550/0x35d0
[ 49.780487][ T366] __alloc_pages+0x27e/0x8f0
[ 49.785097][ T366] new_slab+0x9a/0x4e0
[ 49.788988][ T366] ___slab_alloc+0x39e/0x830
[ 49.793413][ T366] __slab_alloc+0x4a/0x90
[ 49.797591][ T366] kmem_cache_alloc+0x134/0x200
[ 49.802569][ T366] __alloc_skb+0xbe/0x550
[ 49.806727][ T366] alloc_skb_with_frags+0xa6/0x680
[ 49.811860][ T366] sock_alloc_send_pskb+0x915/0xa50
[ 49.817305][ T366] unix_dgram_sendmsg+0x6fd/0x2090
[ 49.822340][ T366] __sys_sendto+0x564/0x720
[ 49.827035][ T366] __x64_sys_sendto+0xe5/0x100
[ 49.831715][ T366] x64_sys_call+0x15c/0x9a0
[ 49.836045][ T366] do_syscall_64+0x3b/0xb0
[ 49.840473][ T366] page_owner free stack trace missing
[ 49.846303][ T366]
[ 49.848602][ T366] Memory state around the buggy address:
[ 49.854073][ T366] ffff88810c957780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.864572][ T366] ffff88810c957800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.872851][ T366] >ffff88810c957880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.881294][ T366] ^
[ 49.887567][ T366] ffff88810c957900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.896020][ T366] ffff88810c957980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.904313][ T366] ==================================================================
[ 49.925582][ T370] FAULT_INJECTION: forcing a failure.
[ 49.925582][ T370] name failslab, interval 1, probability 0, space 0, times 0
[ 49.938301][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.950014][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.959984][ T370] Call Trace:
[ 49.963397][ T370]
[ 49.966202][ T370] dump_stack_lvl+0x151/0x1c0
[ 49.970981][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.976471][ T370] dump_stack+0x15/0x20
[ 49.980571][ T370] should_fail+0x3c6/0x510
[ 49.985023][ T370] __should_failslab+0xa4/0xe0
[ 49.989621][ T370] should_failslab+0x9/0x20
[ 49.994168][ T370] slab_pre_alloc_hook+0x37/0xd0
[ 49.999358][ T370] kmem_cache_alloc_trace+0x48/0x210
[ 50.004700][ T370] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.010255][ T370] ? migrate_disable+0x190/0x190
[ 50.015110][ T370] sk_psock_skb_ingress_self+0x60/0x330
[ 50.020530][ T370] sk_psock_verdict_recv+0x66d/0x840
[ 50.025918][ T370] unix_read_sock+0x132/0x370
[ 50.030642][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 50.036380][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 50.042452][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.047917][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 50.053896][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.059695][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.064897][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 50.069962][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.075931][ T370] ? skb_queue_tail+0xfb/0x120
[ 50.080741][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.085800][ T370] ? unix_dgram_poll+0x710/0x710
[ 50.090734][ T370] ? __kasan_check_write+0x14/0x20
[ 50.095917][ T370] ? __cpuidle_text_end+0x2/0x2
[ 50.101018][ T370] ? cgroup_rstat_updated+0xe5/0x370
[ 50.106325][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 50.112155][ T370] ? unix_dgram_poll+0x710/0x710
[ 50.116852][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 50.121632][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 50.126781][ T370] ? import_iovec+0xe5/0x120
[ 50.131223][ T370] ___sys_sendmsg+0x252/0x2e0
[ 50.136232][ T370] ? __sys_sendmsg+0x260/0x260
[ 50.141073][ T370] ? __kasan_check_write+0x14/0x20
[ 50.146017][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 50.151256][ T370] ? __fdget+0x1bc/0x240
[ 50.155492][ T370] __sys_sendmmsg+0x2bf/0x530
[ 50.160013][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.164879][ T370] ? mutex_unlock+0xb2/0x260
[ 50.169810][ T370] ? __kasan_check_write+0x14/0x20
[ 50.175533][ T370] ? __ia32_sys_read+0x90/0x90
[ 50.180398][ T370] ? debug_smp_processor_id+0x17/0x20
[ 50.185604][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.191682][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.196890][ T370] x64_sys_call+0x81d/0x9a0
[ 50.201825][ T370] do_syscall_64+0x3b/0xb0
[ 50.206279][ T370] ? clear_bhb_loop+0x35/0x90
[ 50.211228][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.217481][ T370] RIP: 0033:0x7f51a66abae9
[ 50.221856][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.242503][ T370] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.251190][ T370] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 50.259001][ T370] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.267060][ T370] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 50.274930][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.282736][ T370] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 50.290726][ T370]
[ 50.295438][ T369] ==================================================================
[ 50.303595][ T369] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.311836][ T369]
[ 50.314145][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 50.325723][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 50.335957][ T369] Call Trace:
[ 50.339548][ T369]
[ 50.342693][ T369] dump_stack_lvl+0x151/0x1c0
[ 50.347410][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.353125][ T369] ? __wake_up_klogd+0xd5/0x110
[ 50.357926][ T369] ? panic+0x760/0x760
[ 50.362235][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.367208][ T369] print_address_description+0x87/0x3b0
[ 50.372705][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.377570][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.382321][ T369] kasan_report_invalid_free+0x6b/0xa0
[ 50.388004][ T369] ____kasan_slab_free+0x13e/0x160
[ 50.393333][ T369] __kasan_slab_free+0x11/0x20
[ 50.398069][ T369] slab_free_freelist_hook+0xbd/0x190
[ 50.403595][ T369] ? kfree_skbmem+0x104/0x170
[ 50.408543][ T369] kmem_cache_free+0x116/0x2e0
[ 50.413232][ T369] kfree_skbmem+0x104/0x170
[ 50.417562][ T369] consume_skb+0xb4/0x250
[ 50.421818][ T369] __sk_msg_free+0x2dd/0x370
[ 50.426248][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.432262][ T369] sk_psock_stop+0x44c/0x4d0
[ 50.437311][ T369] ? unix_peer_get+0xe0/0xe0
[ 50.441720][ T369] sock_map_close+0x2b9/0x4c0
[ 50.446232][ T369] ? sock_map_remove_links+0x650/0x650
[ 50.451883][ T369] ? rwsem_mark_wake+0x770/0x770
[ 50.456868][ T369] unix_release+0x82/0xc0
[ 50.461313][ T369] sock_close+0xdf/0x270
[ 50.465382][ T369] ? sock_mmap+0xa0/0xa0
[ 50.469570][ T369] __fput+0x3fe/0x910
[ 50.473520][ T369] ____fput+0x15/0x20
[ 50.477408][ T369] task_work_run+0x129/0x190
[ 50.481835][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 50.486987][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.492363][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 50.497728][ T369] do_syscall_64+0x47/0xb0
[ 50.502241][ T369] ? clear_bhb_loop+0x35/0x90
[ 50.506928][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.512830][ T369] RIP: 0033:0x7f51a66aa9da
[ 50.517100][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.536918][ T369] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.545610][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 50.553684][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.562269][ T369] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 50.570055][ T369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c630
[ 50.578397][ T369] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000c2ef
[ 50.586613][ T369]
[ 50.589454][ T369]
[ 50.591716][ T369] Allocated by task 370:
[ 50.595789][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 50.600603][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 50.605718][ T369] kmem_cache_alloc+0xf5/0x200
[ 50.610585][ T369] skb_clone+0x1d1/0x360
[ 50.614926][ T369] sk_psock_verdict_recv+0x53/0x840
[ 50.620132][ T369] unix_read_sock+0x132/0x370
[ 50.624808][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.630811][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.636210][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 50.641043][ T369] ___sys_sendmsg+0x252/0x2e0
[ 50.645559][ T369] __sys_sendmmsg+0x2bf/0x530
[ 50.650079][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.654751][ T369] x64_sys_call+0x81d/0x9a0
[ 50.659092][ T369] do_syscall_64+0x3b/0xb0
[ 50.663638][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.669880][ T369]
[ 50.672116][ T369] Freed by task 39:
[ 50.676498][ T369] kasan_set_track+0x4b/0x70
[ 50.681144][ T369] kasan_set_free_info+0x23/0x40
[ 50.686578][ T369] ____kasan_slab_free+0x126/0x160
[ 50.692121][ T369] __kasan_slab_free+0x11/0x20
[ 50.696808][ T369] slab_free_freelist_hook+0xbd/0x190
[ 50.702210][ T369] kmem_cache_free+0x116/0x2e0
[ 50.706802][ T369] kfree_skbmem+0x104/0x170
[ 50.711183][ T369] kfree_skb+0xc2/0x360
[ 50.715219][ T369] sk_psock_backlog+0xc21/0xd90
[ 50.720076][ T369] process_one_work+0x6bb/0xc10
[ 50.724781][ T369] worker_thread+0xad5/0x12a0
[ 50.729496][ T369] kthread+0x421/0x510
[ 50.733498][ T369] ret_from_fork+0x1f/0x30
[ 50.737725][ T369]
[ 50.739886][ T369] The buggy address belongs to the object at ffff88812311dc80
[ 50.739886][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 50.755253][ T369] The buggy address is located 0 bytes inside of
[ 50.755253][ T369] 248-byte region [ffff88812311dc80, ffff88812311dd78)
[ 50.768725][ T369] The buggy address belongs to the page:
[ 50.774198][ T369] page:ffffea00048c4740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12311d
[ 50.784375][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 50.789843][ T369] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 50.798415][ T369] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.807438][ T369] page dumped because: kasan: bad access detected
[ 50.813960][ T369] page_owner tracks the page as allocated
[ 50.819891][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 360, ts 49923321178, free_ts 49915496722
[ 50.836519][ T369] post_alloc_hook+0x1a3/0x1b0
[ 50.841206][ T369] prep_new_page+0x1b/0x110
[ 50.845883][ T369] get_page_from_freelist+0x3550/0x35d0
[ 50.852037][ T369] __alloc_pages+0x27e/0x8f0
[ 50.856841][ T369] new_slab+0x9a/0x4e0
[ 50.860928][ T369] ___slab_alloc+0x39e/0x830
[ 50.865858][ T369] __slab_alloc+0x4a/0x90
[ 50.870627][ T369] kmem_cache_alloc+0x134/0x200
[ 50.875703][ T369] __alloc_skb+0xbe/0x550
[ 50.880134][ T369] alloc_skb_with_frags+0xa6/0x680
[ 50.885788][ T369] sock_alloc_send_pskb+0x915/0xa50
[ 50.891256][ T369] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.896477][ T369] sock_write_iter+0x39b/0x530
[ 50.901265][ T369] vfs_write+0xd5d/0x1110
[ 50.905510][ T369] ksys_write+0x199/0x2c0
[ 50.909940][ T369] __x64_sys_write+0x7b/0x90
[ 50.914383][ T369] page last free stack trace:
[ 50.919164][ T369] free_unref_page_prepare+0x7c8/0x7d0
[ 50.924816][ T369] free_unref_page_list+0x14b/0xa60
[ 50.930127][ T369] release_pages+0x1310/0x1370
[ 50.934729][ T369] free_pages_and_swap_cache+0x8a/0xa0
[ 50.940289][ T369] tlb_finish_mmu+0x177/0x320
[ 50.945612][ T369] exit_mmap+0x40d/0x940
[ 50.949707][ T369] __mmput+0x95/0x310
[ 50.953934][ T369] mmput+0x5b/0x170
[ 50.957846][ T369] do_exit+0xb9c/0x2ca0
[ 50.962046][ T369] do_group_exit+0x141/0x310
[ 50.967183][ T369] get_signal+0x7a3/0x1630
[ 50.971595][ T369] arch_do_signal_or_restart+0xbd/0x1680
[ 50.977513][ T369] exit_to_user_mode_loop+0xa0/0xe0
[ 50.982691][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.988742][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 50.994300][ T369] do_syscall_64+0x47/0xb0
[ 50.998633][ T369]
[ 51.000809][ T369] Memory state around the buggy address:
[ 51.006279][ T369] ffff88812311db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.014274][ T369] ffff88812311dc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.022249][ T369] >ffff88812311dc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.030239][ T369] ^
[ 51.034280][ T369] ffff88812311dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2024/09/06 21:15:48 executed programs: 4
[ 51.042395][ T369] ffff88812311dd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.050548][ T369] ==================================================================
[ 51.091642][ T373] FAULT_INJECTION: forcing a failure.
[ 51.091642][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 51.105050][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 51.116916][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 51.127174][ T373] Call Trace:
[ 51.130571][ T373]
[ 51.133442][ T373] dump_stack_lvl+0x151/0x1c0
[ 51.138241][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.143959][ T373] dump_stack+0x15/0x20
[ 51.148031][ T373] should_fail+0x3c6/0x510
[ 51.152389][ T373] __should_failslab+0xa4/0xe0
[ 51.156974][ T373] should_failslab+0x9/0x20
[ 51.161398][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 51.166259][ T373] kmem_cache_alloc_trace+0x48/0x210
[ 51.171495][ T373] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.177318][ T373] ? migrate_disable+0x190/0x190
[ 51.182412][ T373] sk_psock_skb_ingress_self+0x60/0x330
[ 51.188264][ T373] sk_psock_verdict_recv+0x66d/0x840
[ 51.194006][ T373] unix_read_sock+0x132/0x370
[ 51.198585][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 51.204281][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 51.210035][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.215795][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 51.221716][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.227644][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.233341][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 51.238038][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.243926][ T373] ? skb_queue_tail+0xfb/0x120
[ 51.248934][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.254024][ T373] ? unix_dgram_poll+0x710/0x710
[ 51.258954][ T373] ? __kasan_check_write+0x14/0x20
[ 51.263855][ T373] ? __cpuidle_text_end+0x2/0x2
[ 51.268719][ T373] ? cgroup_rstat_updated+0xe5/0x370
[ 51.273990][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 51.279396][ T373] ? unix_dgram_poll+0x710/0x710
[ 51.284173][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 51.289026][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 51.294128][ T373] ? import_iovec+0xe5/0x120
[ 51.299263][ T373] ___sys_sendmsg+0x252/0x2e0
[ 51.303867][ T373] ? __sys_sendmsg+0x260/0x260
[ 51.308720][ T373] ? __kasan_check_write+0x14/0x20
[ 51.313847][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 51.319058][ T373] ? __fdget+0x1bc/0x240
[ 51.323252][ T373] __sys_sendmmsg+0x2bf/0x530
[ 51.327880][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.332744][ T373] ? mutex_unlock+0xb2/0x260
[ 51.337775][ T373] ? __kasan_check_write+0x14/0x20
[ 51.343114][ T373] ? __ia32_sys_read+0x90/0x90
[ 51.348060][ T373] ? debug_smp_processor_id+0x17/0x20
[ 51.353830][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.360965][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.365739][ T373] x64_sys_call+0x81d/0x9a0
[ 51.370972][ T373] do_syscall_64+0x3b/0xb0
[ 51.375397][ T373] ? clear_bhb_loop+0x35/0x90
[ 51.380620][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.386455][ T373] RIP: 0033:0x7f51a66abae9
[ 51.390777][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.410836][ T373] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.419522][ T373] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 51.427410][ T373] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.435738][ T373] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 51.443731][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.451852][ T373] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 51.459745][ T373]
[ 51.463615][ T30] audit: type=1400 audit(1725657349.190:103): avc: denied { remove_name } for pid=81 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 51.486942][ T372] ==================================================================
[ 51.486956][ T372] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.486987][ T372]
[ 51.486993][ T372] CPU: 1 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 51.495293][ T30] audit: type=1400 audit(1725657349.190:104): avc: denied { rename } for pid=81 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.503809][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 51.503825][ T372] Call Trace:
[ 51.503831][ T372]
[ 51.503839][ T372] dump_stack_lvl+0x151/0x1c0
[ 51.503871][ T372] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.566887][ T372] ? __wake_up_klogd+0xd5/0x110
[ 51.572131][ T372] ? panic+0x760/0x760
[ 51.576108][ T372] ? kmem_cache_free+0x116/0x2e0
[ 51.581001][ T372] print_address_description+0x87/0x3b0
[ 51.586464][ T372] ? kmem_cache_free+0x116/0x2e0
[ 51.591495][ T372] ? kmem_cache_free+0x116/0x2e0
[ 51.596273][ T372] kasan_report_invalid_free+0x6b/0xa0
[ 51.601562][ T372] ____kasan_slab_free+0x13e/0x160
[ 51.606714][ T372] __kasan_slab_free+0x11/0x20
[ 51.611369][ T372] slab_free_freelist_hook+0xbd/0x190
[ 51.616675][ T372] ? kfree_skbmem+0x104/0x170
[ 51.621191][ T372] kmem_cache_free+0x116/0x2e0
[ 51.626164][ T372] kfree_skbmem+0x104/0x170
[ 51.630618][ T372] consume_skb+0xb4/0x250
[ 51.635002][ T372] __sk_msg_free+0x2dd/0x370
[ 51.639605][ T372] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.645503][ T372] sk_psock_stop+0x44c/0x4d0
[ 51.650026][ T372] ? unix_peer_get+0xe0/0xe0
[ 51.654457][ T372] sock_map_close+0x2b9/0x4c0
[ 51.658968][ T372] ? sock_map_remove_links+0x650/0x650
[ 51.664261][ T372] ? rwsem_mark_wake+0x770/0x770
[ 51.669035][ T372] unix_release+0x82/0xc0
[ 51.673218][ T372] sock_close+0xdf/0x270
[ 51.677292][ T372] ? sock_mmap+0xa0/0xa0
[ 51.681370][ T372] __fput+0x3fe/0x910
[ 51.685185][ T372] ____fput+0x15/0x20
[ 51.689173][ T372] task_work_run+0x129/0x190
[ 51.693603][ T372] exit_to_user_mode_loop+0xc4/0xe0
[ 51.698709][ T372] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.704205][ T372] syscall_exit_to_user_mode+0x26/0x160
[ 51.709687][ T372] do_syscall_64+0x47/0xb0
[ 51.714026][ T372] ? clear_bhb_loop+0x35/0x90
[ 51.718540][ T372] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.724273][ T372] RIP: 0033:0x7f51a66aa9da
[ 51.728694][ T372] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.749272][ T372] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.758641][ T372] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 51.766955][ T372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.774841][ T372] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 51.783085][ T372] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cabe
[ 51.791094][ T372] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000c77d
[ 51.799185][ T372]
[ 51.802122][ T372]
[ 51.804376][ T372] Allocated by task 373:
[ 51.808456][ T372] __kasan_slab_alloc+0xb1/0xe0
[ 51.813223][ T372] slab_post_alloc_hook+0x53/0x2c0
[ 51.819257][ T372] kmem_cache_alloc+0xf5/0x200
[ 51.824210][ T372] skb_clone+0x1d1/0x360
[ 51.828541][ T372] sk_psock_verdict_recv+0x53/0x840
[ 51.833668][ T372] unix_read_sock+0x132/0x370
[ 51.838177][ T372] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.843991][ T372] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.849084][ T372] ____sys_sendmsg+0x59e/0x8f0
[ 51.854065][ T372] ___sys_sendmsg+0x252/0x2e0
[ 51.858922][ T372] __sys_sendmmsg+0x2bf/0x530
[ 51.863954][ T372] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.869074][ T372] x64_sys_call+0x81d/0x9a0
[ 51.873498][ T372] do_syscall_64+0x3b/0xb0
[ 51.878391][ T372] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.884994][ T372]
[ 51.888184][ T372] Freed by task 6:
[ 51.892122][ T372] kasan_set_track+0x4b/0x70
[ 51.896964][ T372] kasan_set_free_info+0x23/0x40
[ 51.901727][ T372] ____kasan_slab_free+0x126/0x160
[ 51.906850][ T372] __kasan_slab_free+0x11/0x20
[ 51.911623][ T372] slab_free_freelist_hook+0xbd/0x190
[ 51.917225][ T372] kmem_cache_free+0x116/0x2e0
[ 51.921959][ T372] kfree_skbmem+0x104/0x170
[ 51.926472][ T372] kfree_skb+0xc2/0x360
[ 51.930822][ T372] sk_psock_backlog+0xc21/0xd90
[ 51.935850][ T372] process_one_work+0x6bb/0xc10
[ 51.940533][ T372] worker_thread+0xad5/0x12a0
[ 51.945040][ T372] kthread+0x421/0x510
[ 51.949118][ T372] ret_from_fork+0x1f/0x30
[ 51.953633][ T372]
[ 51.956507][ T372] The buggy address belongs to the object at ffff88812314fb40
[ 51.956507][ T372] which belongs to the cache skbuff_head_cache of size 248
[ 51.971729][ T372] The buggy address is located 0 bytes inside of
[ 51.971729][ T372] 248-byte region [ffff88812314fb40, ffff88812314fc38)
[ 51.985001][ T372] The buggy address belongs to the page:
[ 51.990703][ T372] page:ffffea00048c53c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12314f
[ 52.001110][ T372] flags: 0x4000000000000200(slab|zone=1)
[ 52.006769][ T372] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 52.015369][ T372] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.023976][ T372] page dumped because: kasan: bad access detected
[ 52.030652][ T372] page_owner tracks the page as allocated
[ 52.036381][ T372] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 0, ts 51070084509, free_ts 51062734901
[ 52.054128][ T372] post_alloc_hook+0x1a3/0x1b0
[ 52.059340][ T372] prep_new_page+0x1b/0x110
[ 52.064117][ T372] get_page_from_freelist+0x3550/0x35d0
[ 52.069771][ T372] __alloc_pages+0x27e/0x8f0
[ 52.074556][ T372] new_slab+0x9a/0x4e0
[ 52.078458][ T372] ___slab_alloc+0x39e/0x830
[ 52.083094][ T372] __slab_alloc+0x4a/0x90
[ 52.087318][ T372] kmem_cache_alloc+0x134/0x200
[ 52.092102][ T372] __alloc_skb+0xbe/0x550
[ 52.096275][ T372] ndisc_alloc_skb+0xf3/0x2d0
[ 52.100895][ T372] ndisc_send_rs+0x26c/0x6a0
[ 52.105333][ T372] addrconf_rs_timer+0x2d1/0x600
[ 52.110150][ T372] call_timer_fn+0x3b/0x2d0
[ 52.114549][ T372] __run_timers+0x72a/0xa10
[ 52.118963][ T372] run_timer_softirq+0x69/0xf0
[ 52.123761][ T372] __do_softirq+0x26d/0x5bf
[ 52.128272][ T372] page last free stack trace:
[ 52.132785][ T372] free_unref_page_prepare+0x7c8/0x7d0
[ 52.138361][ T372] free_unref_page+0xe8/0x750
[ 52.143175][ T372] __free_pages+0x61/0xf0
[ 52.147281][ T372] __vunmap+0x7bc/0x8f0
[ 52.151282][ T372] free_work+0x5b/0x80
[ 52.155349][ T372] process_one_work+0x6bb/0xc10
[ 52.160342][ T372] worker_thread+0xad5/0x12a0
[ 52.164957][ T372] kthread+0x421/0x510
[ 52.169975][ T372] ret_from_fork+0x1f/0x30
[ 52.174428][ T372]
[ 52.176879][ T372] Memory state around the buggy address:
[ 52.182449][ T372] ffff88812314fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.190622][ T372] ffff88812314fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.198961][ T372] >ffff88812314fb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.207018][ T372] ^
[ 52.213360][ T372] ffff88812314fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.221660][ T372] ffff88812314fc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.229781][ T372] ==================================================================
[ 52.250202][ T376] FAULT_INJECTION: forcing a failure.
[ 52.250202][ T376] name failslab, interval 1, probability 0, space 0, times 0
[ 52.264251][ T376] CPU: 1 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.276083][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.286453][ T376] Call Trace:
[ 52.290211][ T376]
[ 52.293869][ T376] dump_stack_lvl+0x151/0x1c0
[ 52.300223][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.306616][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.313849][ T376] ? __skb_try_recv_datagram+0x495/0x6a0
[ 52.319593][ T376] dump_stack+0x15/0x20
[ 52.323849][ T376] should_fail+0x3c6/0x510
[ 52.328281][ T376] __should_failslab+0xa4/0xe0
[ 52.333307][ T376] ? skb_clone+0x1d1/0x360
[ 52.337911][ T376] should_failslab+0x9/0x20
[ 52.342819][ T376] slab_pre_alloc_hook+0x37/0xd0
[ 52.348468][ T376] ? skb_clone+0x1d1/0x360
[ 52.352719][ T376] kmem_cache_alloc+0x44/0x200
[ 52.357414][ T376] skb_clone+0x1d1/0x360
[ 52.361679][ T376] sk_psock_verdict_recv+0x53/0x840
[ 52.366729][ T376] ? avc_has_perm_noaudit+0x430/0x430
[ 52.372655][ T376] ? mntput_no_expire+0xfc/0x6b0
[ 52.377602][ T376] unix_read_sock+0x132/0x370
[ 52.382687][ T376] ? sk_psock_skb_redirect+0x440/0x440
[ 52.388948][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 52.394644][ T376] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.400383][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 52.407048][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.414406][ T376] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.420121][ T376] ? _raw_spin_lock+0xa4/0x1b0
[ 52.425253][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.431784][ T376] ? skb_queue_tail+0xfb/0x120
[ 52.437058][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.442241][ T376] ? unix_dgram_poll+0x710/0x710
[ 52.447183][ T376] ? __kasan_check_write+0x14/0x20
[ 52.452521][ T376] ? __cpuidle_text_end+0x2/0x2
[ 52.457663][ T376] ? cgroup_rstat_updated+0xe5/0x370
[ 52.462776][ T376] ? security_socket_sendmsg+0x82/0xb0
[ 52.468258][ T376] ? unix_dgram_poll+0x710/0x710
[ 52.473106][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 52.477882][ T376] ? __sys_sendmsg_sock+0x40/0x40
[ 52.482745][ T376] ? import_iovec+0xe5/0x120
[ 52.487290][ T376] ___sys_sendmsg+0x252/0x2e0
[ 52.492107][ T376] ? __sys_sendmsg+0x260/0x260
[ 52.497071][ T376] ? __kasan_check_write+0x14/0x20
[ 52.502204][ T376] ? proc_fail_nth_write+0x20b/0x290
[ 52.507319][ T376] ? __fdget+0x1bc/0x240
[ 52.511396][ T376] __sys_sendmmsg+0x2bf/0x530
[ 52.516089][ T376] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.520945][ T376] ? mutex_unlock+0xb2/0x260
[ 52.525470][ T376] ? __kasan_check_write+0x14/0x20
[ 52.530508][ T376] ? __ia32_sys_read+0x90/0x90
[ 52.535191][ T376] ? debug_smp_processor_id+0x17/0x20
[ 52.540603][ T376] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.546930][ T376] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.552064][ T376] x64_sys_call+0x81d/0x9a0
[ 52.556601][ T376] do_syscall_64+0x3b/0xb0
[ 52.560845][ T376] ? clear_bhb_loop+0x35/0x90
[ 52.565476][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.571483][ T376] RIP: 0033:0x7f51a66abae9
[ 52.576182][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.596496][ T376] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.604835][ T376] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 52.612767][ T376] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.621158][ T376] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 52.629224][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.637470][ T376] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 52.646119][ T376]
[ 52.659565][ T378] FAULT_INJECTION: forcing a failure.
[ 52.659565][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 52.672585][ T378] CPU: 1 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.684333][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.695273][ T378] Call Trace:
[ 52.698668][ T378]
[ 52.701608][ T378] dump_stack_lvl+0x151/0x1c0
[ 52.706556][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.712394][ T378] dump_stack+0x15/0x20
[ 52.716951][ T378] should_fail+0x3c6/0x510
[ 52.721553][ T378] __should_failslab+0xa4/0xe0
[ 52.726189][ T378] should_failslab+0x9/0x20
[ 52.730939][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 52.736008][ T378] kmem_cache_alloc_trace+0x48/0x210
[ 52.741457][ T378] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.747815][ T378] ? migrate_disable+0x190/0x190
[ 52.752771][ T378] sk_psock_skb_ingress_self+0x60/0x330
[ 52.758259][ T378] sk_psock_verdict_recv+0x66d/0x840
[ 52.763969][ T378] unix_read_sock+0x132/0x370
[ 52.768800][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 52.774196][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 52.780055][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.785558][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 52.791397][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.797808][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.803100][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 52.808402][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.814587][ T378] ? skb_queue_tail+0xfb/0x120
[ 52.819413][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.825205][ T378] ? unix_dgram_poll+0x710/0x710
[ 52.830128][ T378] ? __kasan_check_write+0x14/0x20
[ 52.835590][ T378] ? __cpuidle_text_end+0x2/0x2
[ 52.841050][ T378] ? cgroup_rstat_updated+0xe5/0x370
[ 52.846736][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 52.853597][ T378] ? unix_dgram_poll+0x710/0x710
[ 52.858996][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 52.865385][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 52.870249][ T378] ? import_iovec+0xe5/0x120
[ 52.875163][ T378] ___sys_sendmsg+0x252/0x2e0
[ 52.880797][ T378] ? __sys_sendmsg+0x260/0x260
[ 52.886662][ T378] ? __kasan_check_write+0x14/0x20
[ 52.892237][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 52.899201][ T378] ? __fdget+0x1bc/0x240
[ 52.904337][ T378] __sys_sendmmsg+0x2bf/0x530
[ 52.909675][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.915675][ T378] ? mutex_unlock+0xb2/0x260
[ 52.921264][ T378] ? __kasan_check_write+0x14/0x20
[ 52.926591][ T378] ? __ia32_sys_read+0x90/0x90
[ 52.931501][ T378] ? debug_smp_processor_id+0x17/0x20
[ 52.937952][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.944064][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.949853][ T378] x64_sys_call+0x81d/0x9a0
[ 52.954777][ T378] do_syscall_64+0x3b/0xb0
[ 52.959155][ T378] ? clear_bhb_loop+0x35/0x90
[ 52.964301][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.970752][ T378] RIP: 0033:0x7f51a66abae9
[ 52.975621][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.996326][ T378] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.004935][ T378] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 53.013220][ T378] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.021564][ T378] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 53.029506][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.038126][ T378] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 53.047460][ T378]
[ 53.051750][ T377] ==================================================================
[ 53.059912][ T377] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 53.068844][ T377]
[ 53.071095][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 53.082918][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 53.093553][ T377] Call Trace:
[ 53.096851][ T377]
[ 53.100000][ T377] dump_stack_lvl+0x151/0x1c0
[ 53.104603][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.110503][ T377] ? __wake_up_klogd+0xd5/0x110
[ 53.115453][ T377] ? panic+0x760/0x760
[ 53.119446][ T377] ? kmem_cache_free+0x116/0x2e0
[ 53.124332][ T377] print_address_description+0x87/0x3b0
[ 53.130055][ T377] ? kmem_cache_free+0x116/0x2e0
[ 53.134887][ T377] ? kmem_cache_free+0x116/0x2e0
[ 53.139678][ T377] kasan_report_invalid_free+0x6b/0xa0
[ 53.146539][ T377] ____kasan_slab_free+0x13e/0x160
[ 53.151577][ T377] __kasan_slab_free+0x11/0x20
[ 53.156295][ T377] slab_free_freelist_hook+0xbd/0x190
[ 53.161734][ T377] ? kfree_skbmem+0x104/0x170
[ 53.166429][ T377] kmem_cache_free+0x116/0x2e0
[ 53.171119][ T377] kfree_skbmem+0x104/0x170
[ 53.175736][ T377] consume_skb+0xb4/0x250
[ 53.179996][ T377] __sk_msg_free+0x2dd/0x370
[ 53.184846][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.190702][ T377] sk_psock_stop+0x44c/0x4d0
[ 53.195814][ T377] ? unix_peer_get+0xe0/0xe0
[ 53.200341][ T377] sock_map_close+0x2b9/0x4c0
[ 53.204860][ T377] ? sock_map_remove_links+0x650/0x650
[ 53.210508][ T377] ? rwsem_mark_wake+0x770/0x770
[ 53.215307][ T377] unix_release+0x82/0xc0
[ 53.219541][ T377] sock_close+0xdf/0x270
[ 53.224081][ T377] ? sock_mmap+0xa0/0xa0
[ 53.228448][ T377] __fput+0x3fe/0x910
[ 53.232719][ T377] ____fput+0x15/0x20
[ 53.236948][ T377] task_work_run+0x129/0x190
[ 53.241374][ T377] exit_to_user_mode_loop+0xc4/0xe0
[ 53.246409][ T377] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.252125][ T377] syscall_exit_to_user_mode+0x26/0x160
[ 53.258032][ T377] do_syscall_64+0x47/0xb0
[ 53.262618][ T377] ? clear_bhb_loop+0x35/0x90
[ 53.267242][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.273225][ T377] RIP: 0033:0x7f51a66aa9da
[ 53.277484][ T377] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.297352][ T377] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.305770][ T377] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 53.313754][ T377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.322017][ T377] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 53.330509][ T377] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d0de
[ 53.338432][ T377] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000cd9d
[ 53.347193][ T377]
[ 53.350323][ T377]
[ 53.352646][ T377] Allocated by task 378:
[ 53.357132][ T377] __kasan_slab_alloc+0xb1/0xe0
[ 53.362795][ T377] slab_post_alloc_hook+0x53/0x2c0
[ 53.367770][ T377] kmem_cache_alloc+0xf5/0x200
[ 53.372344][ T377] skb_clone+0x1d1/0x360
[ 53.376645][ T377] sk_psock_verdict_recv+0x53/0x840
[ 53.382003][ T377] unix_read_sock+0x132/0x370
[ 53.386679][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.392884][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.398007][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 53.403226][ T377] ___sys_sendmsg+0x252/0x2e0
[ 53.407901][ T377] __sys_sendmmsg+0x2bf/0x530
[ 53.412411][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.417195][ T377] x64_sys_call+0x81d/0x9a0
[ 53.422073][ T377] do_syscall_64+0x3b/0xb0
[ 53.426400][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.432155][ T377]
[ 53.434467][ T377] Freed by task 26:
[ 53.438518][ T377] kasan_set_track+0x4b/0x70
[ 53.443028][ T377] kasan_set_free_info+0x23/0x40
[ 53.447962][ T377] ____kasan_slab_free+0x126/0x160
[ 53.453245][ T377] __kasan_slab_free+0x11/0x20
[ 53.458131][ T377] slab_free_freelist_hook+0xbd/0x190
[ 53.463545][ T377] kmem_cache_free+0x116/0x2e0
[ 53.468230][ T377] kfree_skbmem+0x104/0x170
[ 53.472580][ T377] kfree_skb+0xc2/0x360
[ 53.477255][ T377] sk_psock_backlog+0xc21/0xd90
[ 53.482480][ T377] process_one_work+0x6bb/0xc10
[ 53.487819][ T377] worker_thread+0xad5/0x12a0
[ 53.492537][ T377] kthread+0x421/0x510
[ 53.496527][ T377] ret_from_fork+0x1f/0x30
[ 53.500878][ T377]
[ 53.503259][ T377] The buggy address belongs to the object at ffff888123144dc0
[ 53.503259][ T377] which belongs to the cache skbuff_head_cache of size 248
[ 53.517750][ T377] The buggy address is located 0 bytes inside of
[ 53.517750][ T377] 248-byte region [ffff888123144dc0, ffff888123144eb8)
[ 53.530679][ T377] The buggy address belongs to the page:
[ 53.536229][ T377] page:ffffea00048c5100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123144
[ 53.546520][ T377] flags: 0x4000000000000200(slab|zone=1)
[ 53.552239][ T377] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 53.560825][ T377] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.569580][ T377] page dumped because: kasan: bad access detected
[ 53.575999][ T377] page_owner tracks the page as allocated
[ 53.581819][ T377] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 88, ts 52649500270, free_ts 52249437139
[ 53.598186][ T377] post_alloc_hook+0x1a3/0x1b0
[ 53.602780][ T377] prep_new_page+0x1b/0x110
[ 53.607380][ T377] get_page_from_freelist+0x3550/0x35d0
[ 53.612898][ T377] __alloc_pages+0x27e/0x8f0
[ 53.617515][ T377] new_slab+0x9a/0x4e0
[ 53.621423][ T377] ___slab_alloc+0x39e/0x830
[ 53.625854][ T377] __slab_alloc+0x4a/0x90
[ 53.630477][ T377] kmem_cache_alloc+0x134/0x200
[ 53.635237][ T377] __alloc_skb+0xbe/0x550
[ 53.639577][ T377] alloc_skb_with_frags+0xa6/0x680
[ 53.644930][ T377] sock_alloc_send_pskb+0x915/0xa50
[ 53.650171][ T377] unix_dgram_sendmsg+0x6fd/0x2090
[ 53.655109][ T377] __sys_sendto+0x564/0x720
[ 53.659626][ T377] __x64_sys_sendto+0xe5/0x100
[ 53.664316][ T377] x64_sys_call+0x15c/0x9a0
[ 53.668784][ T377] do_syscall_64+0x3b/0xb0
[ 53.673238][ T377] page last free stack trace:
[ 53.677828][ T377] free_unref_page_prepare+0x7c8/0x7d0
[ 53.683383][ T377] free_unref_page+0xe8/0x750
[ 53.688011][ T377] __free_pages+0x61/0xf0
[ 53.692190][ T377] free_pages+0x7c/0x90
[ 53.696264][ T377] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 53.702188][ T377] __apply_to_page_range+0x8dd/0xbe0
[ 53.707648][ T377] apply_to_existing_page_range+0x38/0x50
[ 53.713334][ T377] kasan_release_vmalloc+0x9a/0xb0
[ 53.718275][ T377] __purge_vmap_area_lazy+0x154a/0x1690
[ 53.723673][ T377] _vm_unmap_aliases+0x339/0x3b0
[ 53.728520][ T377] vm_unmap_aliases+0x19/0x20
[ 53.733128][ T377] change_page_attr_set_clr+0x308/0x1050
[ 53.738776][ T377] set_memory_ro+0xa1/0xe0
[ 53.743146][ T377] bpf_int_jit_compile+0xbf42/0xc6d0
[ 53.748375][ T377] bpf_prog_select_runtime+0x706/0x9e0
[ 53.753842][ T377] bpf_prog_load+0x1315/0x1b50
[ 53.758529][ T377]
[ 53.760800][ T377] Memory state around the buggy address:
[ 53.766643][ T377] ffff888123144c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.774896][ T377] ffff888123144d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.783194][ T377] >ffff888123144d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.791347][ T377] ^
[ 53.797349][ T377] ffff888123144e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.805419][ T377] ffff888123144e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.813516][ T377] ==================================================================
[ 53.834410][ T381] FAULT_INJECTION: forcing a failure.
[ 53.834410][ T381] name failslab, interval 1, probability 0, space 0, times 0
[ 53.847686][ T381] CPU: 0 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 53.860136][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 53.871112][ T381] Call Trace:
[ 53.874432][ T381]
[ 53.877278][ T381] dump_stack_lvl+0x151/0x1c0
[ 53.882047][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.887972][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.893766][ T381] ? __skb_try_recv_datagram+0x495/0x6a0
[ 53.899500][ T381] dump_stack+0x15/0x20
[ 53.903973][ T381] should_fail+0x3c6/0x510
[ 53.908490][ T381] __should_failslab+0xa4/0xe0
[ 53.913642][ T381] ? skb_clone+0x1d1/0x360
[ 53.918314][ T381] should_failslab+0x9/0x20
[ 53.922830][ T381] slab_pre_alloc_hook+0x37/0xd0
[ 53.927823][ T381] ? skb_clone+0x1d1/0x360
[ 53.932219][ T381] kmem_cache_alloc+0x44/0x200
[ 53.937082][ T381] skb_clone+0x1d1/0x360
[ 53.942032][ T381] sk_psock_verdict_recv+0x53/0x840
[ 53.947157][ T381] ? avc_has_perm_noaudit+0x430/0x430
[ 53.953070][ T381] ? mntput_no_expire+0xfc/0x6b0
[ 53.957931][ T381] unix_read_sock+0x132/0x370
[ 53.962603][ T381] ? sk_psock_skb_redirect+0x440/0x440
[ 53.967983][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 53.973535][ T381] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.978922][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 53.985373][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.991193][ T381] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.996642][ T381] ? _raw_spin_lock+0xa4/0x1b0
[ 54.001333][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.007145][ T381] ? skb_queue_tail+0xfb/0x120
[ 54.012006][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.017402][ T381] ? unix_dgram_poll+0x710/0x710
[ 54.022351][ T381] ? __kasan_check_write+0x14/0x20
[ 54.027604][ T381] ? __cpuidle_text_end+0x2/0x2
[ 54.032459][ T381] ? cgroup_rstat_updated+0xe5/0x370
[ 54.038421][ T381] ? security_socket_sendmsg+0x82/0xb0
[ 54.044099][ T381] ? unix_dgram_poll+0x710/0x710
[ 54.048949][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 54.054002][ T381] ? __sys_sendmsg_sock+0x40/0x40
[ 54.059484][ T381] ? import_iovec+0xe5/0x120
[ 54.064255][ T381] ___sys_sendmsg+0x252/0x2e0
[ 54.068952][ T381] ? __sys_sendmsg+0x260/0x260
[ 54.073718][ T381] ? __kasan_check_write+0x14/0x20
[ 54.078780][ T381] ? proc_fail_nth_write+0x20b/0x290
[ 54.084130][ T381] ? __fdget+0x1bc/0x240
[ 54.088410][ T381] __sys_sendmmsg+0x2bf/0x530
[ 54.092940][ T381] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.097785][ T381] ? mutex_unlock+0xb2/0x260
[ 54.102219][ T381] ? __kasan_check_write+0x14/0x20
[ 54.107294][ T381] ? __ia32_sys_read+0x90/0x90
[ 54.112046][ T381] ? debug_smp_processor_id+0x17/0x20
[ 54.117330][ T381] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.123380][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.128403][ T381] x64_sys_call+0x81d/0x9a0
[ 54.133078][ T381] do_syscall_64+0x3b/0xb0
[ 54.137328][ T381] ? clear_bhb_loop+0x35/0x90
[ 54.141842][ T381] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.147660][ T381] RIP: 0033:0x7f51a66abae9
[ 54.152030][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.172299][ T381] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.181346][ T381] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 54.190087][ T381] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.198221][ T381] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 54.206202][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.215012][ T381] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 54.223093][ T381]
[ 54.236205][ T383] FAULT_INJECTION: forcing a failure.
[ 54.236205][ T383] name failslab, interval 1, probability 0, space 0, times 0
[ 54.249332][ T383] CPU: 0 PID: 383 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.260890][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.270780][ T383] Call Trace:
[ 54.273905][ T383]
[ 54.276767][ T383] dump_stack_lvl+0x151/0x1c0
[ 54.281367][ T383] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.287009][ T383] dump_stack+0x15/0x20
[ 54.291206][ T383] should_fail+0x3c6/0x510
[ 54.295754][ T383] __should_failslab+0xa4/0xe0
[ 54.300429][ T383] should_failslab+0x9/0x20
[ 54.304873][ T383] slab_pre_alloc_hook+0x37/0xd0
[ 54.309667][ T383] kmem_cache_alloc_trace+0x48/0x210
[ 54.314853][ T383] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.321105][ T383] ? migrate_disable+0x190/0x190
[ 54.325962][ T383] sk_psock_skb_ingress_self+0x60/0x330
[ 54.331352][ T383] sk_psock_verdict_recv+0x66d/0x840
[ 54.336567][ T383] unix_read_sock+0x132/0x370
[ 54.342357][ T383] ? sk_psock_skb_redirect+0x440/0x440
[ 54.348272][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.354694][ T383] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.360342][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.366546][ T383] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.372555][ T383] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.377998][ T383] ? _raw_spin_lock+0xa4/0x1b0
[ 54.382623][ T383] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.388328][ T383] ? skb_queue_tail+0xfb/0x120
[ 54.394066][ T383] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.399384][ T383] ? unix_dgram_poll+0x710/0x710
[ 54.404150][ T383] ? __kasan_check_write+0x14/0x20
[ 54.409433][ T383] ? __cpuidle_text_end+0x2/0x2
[ 54.414296][ T383] ? cgroup_rstat_updated+0xe5/0x370
[ 54.419432][ T383] ? security_socket_sendmsg+0x82/0xb0
[ 54.424879][ T383] ? unix_dgram_poll+0x710/0x710
[ 54.429648][ T383] ____sys_sendmsg+0x59e/0x8f0
[ 54.434265][ T383] ? __sys_sendmsg_sock+0x40/0x40
[ 54.439279][ T383] ? import_iovec+0xe5/0x120
[ 54.443767][ T383] ___sys_sendmsg+0x252/0x2e0
[ 54.448280][ T383] ? __sys_sendmsg+0x260/0x260
[ 54.452985][ T383] ? __kasan_check_write+0x14/0x20
[ 54.458008][ T383] ? proc_fail_nth_write+0x20b/0x290
[ 54.463302][ T383] ? __fdget+0x1bc/0x240
[ 54.467556][ T383] __sys_sendmmsg+0x2bf/0x530
[ 54.472079][ T383] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.477017][ T383] ? mutex_unlock+0xb2/0x260
[ 54.481455][ T383] ? __kasan_check_write+0x14/0x20
[ 54.486401][ T383] ? __ia32_sys_read+0x90/0x90
[ 54.491279][ T383] ? debug_smp_processor_id+0x17/0x20
[ 54.496577][ T383] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.502482][ T383] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.507356][ T383] x64_sys_call+0x81d/0x9a0
[ 54.511713][ T383] do_syscall_64+0x3b/0xb0
[ 54.516173][ T383] ? clear_bhb_loop+0x35/0x90
[ 54.520808][ T383] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.526538][ T383] RIP: 0033:0x7f51a66abae9
[ 54.530866][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.550736][ T383] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.559028][ T383] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 54.567012][ T383] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.575358][ T383] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 54.583162][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.591163][ T383] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 54.599081][ T383]
[ 54.603682][ T382] ==================================================================
[ 54.611931][ T382] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.620356][ T382]
[ 54.622516][ T382] CPU: 1 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.634241][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.644414][ T382] Call Trace:
[ 54.647538][ T382]
[ 54.650401][ T382] dump_stack_lvl+0x151/0x1c0
[ 54.655001][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.660468][ T382] ? __wake_up_klogd+0xd5/0x110
[ 54.665455][ T382] ? panic+0x760/0x760
[ 54.669351][ T382] ? kmem_cache_free+0x116/0x2e0
[ 54.674221][ T382] print_address_description+0x87/0x3b0
[ 54.679707][ T382] ? kmem_cache_free+0x116/0x2e0
[ 54.684453][ T382] ? kmem_cache_free+0x116/0x2e0
[ 54.689227][ T382] kasan_report_invalid_free+0x6b/0xa0
[ 54.694526][ T382] ____kasan_slab_free+0x13e/0x160
[ 54.699480][ T382] __kasan_slab_free+0x11/0x20
[ 54.704070][ T382] slab_free_freelist_hook+0xbd/0x190
[ 54.709396][ T382] ? kfree_skbmem+0x104/0x170
[ 54.713907][ T382] kmem_cache_free+0x116/0x2e0
[ 54.718611][ T382] kfree_skbmem+0x104/0x170
[ 54.723058][ T382] consume_skb+0xb4/0x250
[ 54.727425][ T382] __sk_msg_free+0x2dd/0x370
[ 54.732160][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.737967][ T382] sk_psock_stop+0x44c/0x4d0
[ 54.742589][ T382] ? unix_peer_get+0xe0/0xe0
[ 54.747195][ T382] sock_map_close+0x2b9/0x4c0
[ 54.751703][ T382] ? sock_map_remove_links+0x650/0x650
[ 54.757099][ T382] ? rwsem_mark_wake+0x770/0x770
[ 54.762076][ T382] unix_release+0x82/0xc0
[ 54.766396][ T382] sock_close+0xdf/0x270
[ 54.770742][ T382] ? sock_mmap+0xa0/0xa0
[ 54.774983][ T382] __fput+0x3fe/0x910
[ 54.778931][ T382] ____fput+0x15/0x20
[ 54.782878][ T382] task_work_run+0x129/0x190
[ 54.787388][ T382] exit_to_user_mode_loop+0xc4/0xe0
[ 54.792418][ T382] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.798108][ T382] syscall_exit_to_user_mode+0x26/0x160
[ 54.804490][ T382] do_syscall_64+0x47/0xb0
[ 54.809205][ T382] ? clear_bhb_loop+0x35/0x90
[ 54.813799][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.819958][ T382] RIP: 0033:0x7f51a66aa9da
[ 54.824183][ T382] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.844326][ T382] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.853193][ T382] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 54.861093][ T382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.870025][ T382] RBP: 0000000000000032 R08: 0000001b31c60000 R09: 00007f51a67caf8c
[ 54.878916][ T382] R10: 00007ffc8f91db40 R11: 0000000000000293 R12: 00007f51a62300d0
[ 54.886880][ T382] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000d3c6
[ 54.895311][ T382]
[ 54.899123][ T382]
[ 54.902026][ T382] Allocated by task 383:
[ 54.906437][ T382] __kasan_slab_alloc+0xb1/0xe0
[ 54.911283][ T382] slab_post_alloc_hook+0x53/0x2c0
[ 54.916753][ T382] kmem_cache_alloc+0xf5/0x200
[ 54.921378][ T382] skb_clone+0x1d1/0x360
[ 54.925599][ T382] sk_psock_verdict_recv+0x53/0x840
[ 54.931069][ T382] unix_read_sock+0x132/0x370
[ 54.936301][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.941945][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.947255][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 54.952297][ T382] ___sys_sendmsg+0x252/0x2e0
[ 54.956901][ T382] __sys_sendmmsg+0x2bf/0x530
[ 54.961405][ T382] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.966404][ T382] x64_sys_call+0x81d/0x9a0
[ 54.971156][ T382] do_syscall_64+0x3b/0xb0
[ 54.975506][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.981985][ T382]
[ 54.984214][ T382] Freed by task 39:
[ 54.988109][ T382] kasan_set_track+0x4b/0x70
[ 54.992820][ T382] kasan_set_free_info+0x23/0x40
[ 54.998192][ T382] ____kasan_slab_free+0x126/0x160
[ 55.003575][ T382] __kasan_slab_free+0x11/0x20
[ 55.008703][ T382] slab_free_freelist_hook+0xbd/0x190
[ 55.014203][ T382] kmem_cache_free+0x116/0x2e0
[ 55.018971][ T382] kfree_skbmem+0x104/0x170
[ 55.023660][ T382] kfree_skb+0xc2/0x360
[ 55.027647][ T382] sk_psock_backlog+0xc21/0xd90
[ 55.033115][ T382] process_one_work+0x6bb/0xc10
[ 55.038075][ T382] worker_thread+0xad5/0x12a0
[ 55.042664][ T382] kthread+0x421/0x510
[ 55.046596][ T382] ret_from_fork+0x1f/0x30
[ 55.050922][ T382]
[ 55.053108][ T382] The buggy address belongs to the object at ffff8881232c1780
[ 55.053108][ T382] which belongs to the cache skbuff_head_cache of size 248
[ 55.068499][ T382] The buggy address is located 0 bytes inside of
[ 55.068499][ T382] 248-byte region [ffff8881232c1780, ffff8881232c1878)
[ 55.082081][ T382] The buggy address belongs to the page:
[ 55.087707][ T382] page:ffffea00048cb040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1232c1
[ 55.098113][ T382] flags: 0x4000000000000200(slab|zone=1)
[ 55.103940][ T382] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 55.112482][ T382] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.121669][ T382] page dumped because: kasan: bad access detected
[ 55.127870][ T382] page_owner tracks the page as allocated
[ 55.133401][ T382] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 88, ts 54228041482, free_ts 0
[ 55.148773][ T382] post_alloc_hook+0x1a3/0x1b0
[ 55.153689][ T382] prep_new_page+0x1b/0x110
[ 55.158020][ T382] get_page_from_freelist+0x3550/0x35d0
[ 55.163407][ T382] __alloc_pages+0x27e/0x8f0
[ 55.167825][ T382] new_slab+0x9a/0x4e0
[ 55.171732][ T382] ___slab_alloc+0x39e/0x830
[ 55.176158][ T382] __slab_alloc+0x4a/0x90
[ 55.180326][ T382] kmem_cache_alloc+0x134/0x200
[ 55.185010][ T382] __alloc_skb+0xbe/0x550
[ 55.189378][ T382] alloc_skb_with_frags+0xa6/0x680
[ 55.194557][ T382] sock_alloc_send_pskb+0x915/0xa50
[ 55.199688][ T382] unix_dgram_sendmsg+0x6fd/0x2090
[ 55.205169][ T382] __sys_sendto+0x564/0x720
[ 55.210094][ T382] __x64_sys_sendto+0xe5/0x100
[ 55.214987][ T382] x64_sys_call+0x15c/0x9a0
[ 55.219396][ T382] do_syscall_64+0x3b/0xb0
[ 55.223824][ T382] page_owner free stack trace missing
[ 55.229384][ T382]
[ 55.231546][ T382] Memory state around the buggy address:
[ 55.237114][ T382] ffff8881232c1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.246037][ T382] ffff8881232c1700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.253888][ T382] >ffff8881232c1780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.262041][ T382] ^
[ 55.266489][ T382] ffff8881232c1800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.275095][ T382] ffff8881232c1880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.283412][ T382] ==================================================================
[ 55.304901][ T386] FAULT_INJECTION: forcing a failure.
[ 55.304901][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 55.317946][ T386] CPU: 0 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 55.329500][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 55.339759][ T386] Call Trace:
[ 55.343262][ T386]
[ 55.346071][ T386] dump_stack_lvl+0x151/0x1c0
[ 55.350892][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.356668][ T386] dump_stack+0x15/0x20
[ 55.360845][ T386] should_fail+0x3c6/0x510
[ 55.365264][ T386] __should_failslab+0xa4/0xe0
[ 55.369953][ T386] should_failslab+0x9/0x20
[ 55.374382][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 55.379421][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 55.384652][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.390292][ T386] ? migrate_disable+0x190/0x190
[ 55.395063][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 55.400457][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 55.405759][ T386] unix_read_sock+0x132/0x370
[ 55.410434][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 55.415981][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 55.421549][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 55.427005][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 55.432567][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.438584][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.444102][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 55.448886][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.454523][ T386] ? skb_queue_tail+0xfb/0x120
[ 55.459203][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.464665][ T386] ? unix_dgram_poll+0x710/0x710
[ 55.469838][ T386] ? __kasan_check_write+0x14/0x20
[ 55.474963][ T386] ? __cpuidle_text_end+0x2/0x2
[ 55.479654][ T386] ? cgroup_rstat_updated+0xe5/0x370
[ 55.484767][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 55.490235][ T386] ? unix_dgram_poll+0x710/0x710
[ 55.495012][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 55.499609][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 55.504741][ T386] ? import_iovec+0xe5/0x120
[ 55.509416][ T386] ___sys_sendmsg+0x252/0x2e0
[ 55.513935][ T386] ? __sys_sendmsg+0x260/0x260
[ 55.518533][ T386] ? __kasan_check_write+0x14/0x20
[ 55.523653][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 55.528779][ T386] ? __fdget+0x1bc/0x240
[ 55.532855][ T386] __sys_sendmmsg+0x2bf/0x530
[ 55.537452][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 55.542339][ T386] ? mutex_unlock+0xb2/0x260
[ 55.546739][ T386] ? __kasan_check_write+0x14/0x20
[ 55.551692][ T386] ? __ia32_sys_read+0x90/0x90
[ 55.556287][ T386] ? debug_smp_processor_id+0x17/0x20
[ 55.561493][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.567511][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.572198][ T386] x64_sys_call+0x81d/0x9a0
[ 55.576675][ T386] do_syscall_64+0x3b/0xb0
[ 55.580894][ T386] ? clear_bhb_loop+0x35/0x90
[ 55.585499][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.591397][ T386] RIP: 0033:0x7f51a66abae9
[ 55.595743][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.615302][ T386] RSP: 002b:00007f51a622e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.623900][ T386] RAX: ffffffffffffffda RBX: 00007f51a67caf80 RCX: 00007f51a66abae9
[ 55.631708][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.639637][ T386] RBP: 00007f51a622e120 R08: 0000000000000000 R09: 0000000000000000
[ 55.647706][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.655694][ T386] R13: 000000000000000b R14: 00007f51a67caf80 R15: 00007ffc8f91d928
[ 55.663767][ T386]
[ 55.670223][ T385] ==================================================================
[ 55.679644][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.688924][ T385]
[ 55.691618][ T385] CPU: 1 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 55.703432][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 55.714042][ T385] Call Trace:
[ 55.717268][ T385]
[ 55.720053][ T385] dump_stack_lvl+0x151/0x1c0
[ 55.724770][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.730470][ T385] ? __wake_up_klogd+0xd5/0x110
[ 55.735251][ T385] ? panic+0x760/0x760
[ 55.739153][ T385] ? kmem_cache_free+0x116/0x2e0
[ 55.744158][ T385] print_address_description+0x87/0x3b0
[ 55.749952][ T385] ? kmem_cache_free+0x116/0x2e0
[ 55.754904][ T385] ? kmem_cache_free+0x116/0x2e0
[ 55.759755][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 55.765146][ T385] ____kasan_slab_free+0x13e/0x160
[ 55.770098][ T385] __kasan_slab_free+0x11/0x20
[ 55.774686][ T385] slab_free_freelist_hook+0xbd/0x190
[ 55.779976][ T385] ? kfree_skbmem+0x104/0x170
[ 55.784750][ T385] kmem_cache_free+0x116/0x2e0
[ 55.789633][ T385] kfree_skbmem+0x104/0x170
[ 55.794435][ T385] consume_skb+0xb4/0x250
[ 55.798839][ T385] __sk_msg_free+0x2dd/0x370
[ 55.803738][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.809886][ T385] sk_psock_stop+0x44c/0x4d0
[ 55.814426][ T385] ? unix_peer_get+0xe0/0xe0
[ 55.818843][ T385] sock_map_close+0x2b9/0x4c0
[ 55.823615][ T385] ? sock_map_remove_links+0x650/0x650
[ 55.828929][ T385] ? rwsem_mark_wake+0x770/0x770
[ 55.833767][ T385] unix_release+0x82/0xc0
[ 55.838020][ T385] sock_close+0xdf/0x270
[ 55.842758][ T385] ? sock_mmap+0xa0/0xa0
[ 55.847326][ T385] __fput+0x3fe/0x910
[ 55.851949][ T385] ____fput+0x15/0x20
[ 55.856114][ T385] task_work_run+0x129/0x190
[ 55.860887][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 55.866032][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.871634][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 55.877422][ T385] do_syscall_64+0x47/0xb0
[ 55.882003][ T385] ? clear_bhb_loop+0x35/0x90
[ 55.886639][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.892754][ T385] RIP: 0033:0x7f51a66aa9da
[ 55.897460][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.918369][ T385] RSP: 002b:00007ffc8f91d9f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 55.926900][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f51a66aa9da
[ 55.934728][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 55.942943][ T385] RBP: 00007f51a67cc980 R08: 0000001b31c60000 R09: 00007ffc8f9380b0
[ 55.950945][ T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000db34
[ 55.959216][ T385] R13: ffffffffffffffff R14: 00007f51a622f000 R15: 000000000000d7f3
[ 55.967107][ T385]
[ 55.969990][ T385]
[ 55.972247][ T385] Allocated by task 386:
[ 55.976574][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 55.981261][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 55.986292][ T385] kmem_cache_alloc+0xf5/0x200
[ 55.990917][ T385] skb_clone+0x1d1/0x360
[ 55.994979][ T385] sk_psock_verdict_recv+0x53/0x840
[ 56.000706][ T385] unix_read_sock+0x132/0x370
[ 56.005382][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.011025][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.016369][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 56.021177][ T385] ___sys_sendmsg+0x252/0x2e0
[ 56.026257][ T385] __sys_sendmmsg+0x2bf/0x530
[ 56.030919][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.035900][ T385] x64_sys_call+0x81d/0x9a0
[ 56.040542][ T385] do_syscall_64+0x3b/0xb0
[ 56.044998][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.051071][ T385]
[ 56.053328][ T385] Freed by task 20:
[ 56.057216][ T385] kasan_set_track+0x4b/0x70
[ 56.061821][ T385] kasan_set_free_info+0x23/0x40
[ 56.066985][ T385] ____kasan_slab_free+0x126/0x160
[ 56.072144][ T385] __kasan_slab_free+0x11/0x20
[ 56.077730][ T385] slab_free_freelist_hook+0xbd/0x190
[ 56.082952][ T385] kmem_cache_free+0x116/0x2e0
[ 56.087734][ T385] kfree_skbmem+0x104/0x170
[ 56.092607][ T385] kfree_skb+0xc2/0x360
[ 56.097430][ T385] sk_psock_backlog+0xc21/0xd90
[ 56.102921][ T385] process_one_work+0x6bb/0xc10
[ 56.107607][ T385] worker_thread+0xad5/0x12a0
[ 56.112119][ T385] kthread+0x421/0x510
[ 56.116116][ T385] ret_from_fork+0x1f/0x30
[ 56.120559][ T385]
[ 56.122845][ T385] The buggy address belongs to the object at ffff8881232b6640
[ 56.122845][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 56.137588][ T385] The buggy address is located 0 bytes inside of
[ 56.137588][ T385] 248-byte region [ffff8881232b6640, ffff8881232b6738)
[ 56.150660][ T385] The buggy address belongs to the page:
[ 56.156208][ T385] page:ffffea00048cad80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1232b6
[ 56.166589][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 56.172304][ T385] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b2f00
[ 56.181062][ T385] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 56.189989][ T385] page dumped because: kasan: bad access detected
[ 56.196646][ T385] page_owner tracks the page as allocated
[ 56.202412][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 360, ts 55302510610, free_ts 55295631793
[ 56.218831][ T385] post_alloc_hook+0x1a3/0x1b0