Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts.
2024/09/06 21:02:16 ignoring optional flag "sandboxArg"="0"
2024/09/06 21:02:16 parsed 1 programs
2024/09/06 21:02:17 executed programs: 0
[   48.290649][   T30] kauditd_printk_skb: 19 callbacks suppressed
[   48.290663][   T30] audit: type=1400 audit(1725656537.090:95): avc:  denied  { unlink } for  pid=350 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   48.328391][  T350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   48.383731][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.390607][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.397765][  T357] device bridge_slave_0 entered promiscuous mode
[   48.404545][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.411913][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.419028][  T357] device bridge_slave_1 entered promiscuous mode
[   48.465853][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.472882][  T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.480630][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.487715][  T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.507840][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.515057][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.522894][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   48.530162][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.539262][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.547330][   T20] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.554615][   T20] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.563111][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.571394][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.578238][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.599177][  T357] device veth0_vlan entered promiscuous mode
[   48.606939][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.615536][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.623683][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.631055][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.638862][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.646926][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.658850][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.667957][  T357] device veth1_macvtap entered promiscuous mode
[   48.677186][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   48.691206][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.709050][   T30] audit: type=1400 audit(1725656537.500:96): avc:  denied  { prog_load } for  pid=362 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   48.728600][   T30] audit: type=1400 audit(1725656537.500:97): avc:  denied  { bpf } for  pid=362 comm="syz-executor.0" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   48.730958][  T363] FAULT_INJECTION: forcing a failure.
[   48.730958][  T363] name failslab, interval 1, probability 0, space 0, times 1
[   48.750436][   T30] audit: type=1400 audit(1725656537.500:98): avc:  denied  { perfmon } for  pid=362 comm="syz-executor.0" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   48.762012][  T363] CPU: 0 PID: 363 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   48.782751][   T30] audit: type=1400 audit(1725656537.530:99): avc:  denied  { prog_run } for  pid=362 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   48.792565][  T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   48.792588][  T363] Call Trace:
[   48.792594][  T363]  <TASK>
[   48.792601][  T363]  dump_stack_lvl+0x151/0x1c0
[   48.811848][   T30] audit: type=1400 audit(1725656537.530:100): avc:  denied  { map_create } for  pid=362 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   48.821467][  T363]  ? io_uring_drop_tctx_refs+0x190/0x190
[   48.821503][  T363]  dump_stack+0x15/0x20
[   48.824931][   T30] audit: type=1400 audit(1725656537.530:101): avc:  denied  { map_read map_write } for  pid=362 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   48.827367][  T363]  should_fail+0x3c6/0x510
[   48.886881][  T363]  __should_failslab+0xa4/0xe0
[   48.891464][  T363]  should_failslab+0x9/0x20
[   48.895806][  T363]  slab_pre_alloc_hook+0x37/0xd0
[   48.900679][  T363]  kmem_cache_alloc_trace+0x48/0x210
[   48.905783][  T363]  ? sk_psock_skb_ingress_self+0x60/0x330
[   48.911339][  T363]  ? migrate_disable+0x190/0x190
[   48.916114][  T363]  sk_psock_skb_ingress_self+0x60/0x330
[   48.921495][  T363]  sk_psock_verdict_recv+0x66d/0x840
[   48.926700][  T363]  unix_read_sock+0x132/0x370
[   48.931220][  T363]  ? sk_psock_skb_redirect+0x440/0x440
[   48.936515][  T363]  ? unix_stream_splice_actor+0x120/0x120
[   48.942073][  T363]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   48.947460][  T363]  ? unix_stream_splice_actor+0x120/0x120
[   48.953003][  T363]  sk_psock_verdict_data_ready+0x147/0x1a0
[   48.958646][  T363]  ? sk_psock_start_verdict+0xc0/0xc0
[   48.963848][  T363]  ? _raw_spin_lock+0xa4/0x1b0
[   48.968448][  T363]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   48.974100][  T363]  ? skb_queue_tail+0xfb/0x120
[   48.978755][  T363]  unix_dgram_sendmsg+0x15fa/0x2090
[   48.983822][  T363]  ? unix_dgram_poll+0x710/0x710
[   48.988605][  T363]  ? __kasan_check_write+0x14/0x20
[   48.993638][  T363]  ? __cpuidle_text_end+0x2/0x2
[   48.998312][  T363]  ? cgroup_rstat_updated+0xe5/0x370
[   49.003611][  T363]  ? security_socket_sendmsg+0x82/0xb0
[   49.008900][  T363]  ? unix_dgram_poll+0x710/0x710
[   49.013677][  T363]  ____sys_sendmsg+0x59e/0x8f0
[   49.018286][  T363]  ? __sys_sendmsg_sock+0x40/0x40
[   49.023138][  T363]  ? import_iovec+0xe5/0x120
[   49.027580][  T363]  ___sys_sendmsg+0x252/0x2e0
[   49.032070][  T363]  ? __sys_sendmsg+0x260/0x260
[   49.037158][  T363]  ? __kasan_check_write+0x14/0x20
[   49.042137][  T363]  ? proc_fail_nth_write+0x20b/0x290
[   49.047348][  T363]  ? __fdget+0x1bc/0x240
[   49.051424][  T363]  __sys_sendmmsg+0x2bf/0x530
[   49.056200][  T363]  ? __ia32_sys_sendmsg+0x90/0x90
[   49.061156][  T363]  ? mutex_unlock+0xb2/0x260
[   49.065578][  T363]  ? __kasan_check_write+0x14/0x20
[   49.070631][  T363]  ? __ia32_sys_read+0x90/0x90
[   49.075316][  T363]  ? debug_smp_processor_id+0x17/0x20
[   49.080511][  T363]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   49.086412][  T363]  __x64_sys_sendmmsg+0xa0/0xb0
[   49.091098][  T363]  x64_sys_call+0x81d/0x9a0
[   49.095436][  T363]  do_syscall_64+0x3b/0xb0
[   49.099699][  T363]  ? clear_bhb_loop+0x35/0x90
[   49.104207][  T363]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   49.110220][  T363] RIP: 0033:0x7f60347c3da9
[   49.114460][  T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   49.133985][  T363] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   49.142309][  T363] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   49.150348][  T363] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   49.158245][  T363] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   49.166145][  T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.174324][  T363] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   49.182124][  T363]  </TASK>
[   49.187346][  T362] ==================================================================
[   49.195329][  T362] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[   49.201995][  T362] Read of size 4 at addr ffff88811bf440ec by task syz-executor.0/362
[   49.210078][  T362] 
[   49.212239][  T362] CPU: 1 PID: 362 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   49.222569][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   49.232460][  T362] Call Trace:
[   49.235597][  T362]  <TASK>
[   49.238405][  T362]  dump_stack_lvl+0x151/0x1c0
[   49.242878][  T362]  ? io_uring_drop_tctx_refs+0x190/0x190
[   49.248345][  T362]  ? panic+0x760/0x760
[   49.252335][  T362]  ? debug_smp_processor_id+0x17/0x20
[   49.257556][  T362]  print_address_description+0x87/0x3b0
[   49.262940][  T362]  kasan_report+0x179/0x1c0
[   49.267287][  T362]  ? consume_skb+0x3c/0x250
[   49.271820][  T362]  ? consume_skb+0x3c/0x250
[   49.276168][  T362]  kasan_check_range+0x293/0x2a0
[   49.280930][  T362]  __kasan_check_read+0x11/0x20
[   49.285620][  T362]  consume_skb+0x3c/0x250
[   49.290037][  T362]  __sk_msg_free+0x2dd/0x370
[   49.294568][  T362]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   49.300201][  T362]  sk_psock_stop+0x44c/0x4d0
[   49.304618][  T362]  ? unix_peer_get+0xe0/0xe0
[   49.309250][  T362]  sock_map_close+0x2b9/0x4c0
[   49.313860][  T362]  ? sock_map_remove_links+0x650/0x650
[   49.319136][  T362]  ? rwsem_mark_wake+0x770/0x770
[   49.323919][  T362]  unix_release+0x82/0xc0
[   49.328077][  T362]  sock_close+0xdf/0x270
[   49.332156][  T362]  ? sock_mmap+0xa0/0xa0
[   49.336241][  T362]  __fput+0x3fe/0x910
[   49.340140][  T362]  ____fput+0x15/0x20
[   49.343976][  T362]  task_work_run+0x129/0x190
[   49.348404][  T362]  exit_to_user_mode_loop+0xc4/0xe0
[   49.353426][  T362]  exit_to_user_mode_prepare+0x5a/0xa0
[   49.358732][  T362]  syscall_exit_to_user_mode+0x26/0x160
[   49.365190][  T362]  do_syscall_64+0x47/0xb0
[   49.369513][  T362]  ? clear_bhb_loop+0x35/0x90
[   49.374065][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   49.379754][  T362] RIP: 0033:0x7f60347c2c9a
[   49.383997][  T362] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   49.403703][  T362] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   49.412125][  T362] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   49.420544][  T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   49.428449][  T362] RBP: 0000000000000032 R08: 0000001b32060000 R09: 00007f60348f2f8c
[   49.436444][  T362] R10: 00007ffd449e87f0 R11: 0000000000000293 R12: 00007f60343481b0
[   49.444511][  T362] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000be30
[   49.452499][  T362]  </TASK>
[   49.455556][  T362] 
[   49.457728][  T362] Allocated by task 363:
[   49.461805][  T362]  __kasan_slab_alloc+0xb1/0xe0
[   49.466495][  T362]  slab_post_alloc_hook+0x53/0x2c0
[   49.471536][  T362]  kmem_cache_alloc+0xf5/0x200
[   49.476136][  T362]  skb_clone+0x1d1/0x360
[   49.480382][  T362]  sk_psock_verdict_recv+0x53/0x840
[   49.485513][  T362]  unix_read_sock+0x132/0x370
[   49.490025][  T362]  sk_psock_verdict_data_ready+0x147/0x1a0
[   49.496045][  T362]  unix_dgram_sendmsg+0x15fa/0x2090
[   49.501192][  T362]  ____sys_sendmsg+0x59e/0x8f0
[   49.505749][  T362]  ___sys_sendmsg+0x252/0x2e0
[   49.510383][  T362]  __sys_sendmmsg+0x2bf/0x530
[   49.515580][  T362]  __x64_sys_sendmmsg+0xa0/0xb0
[   49.520282][  T362]  x64_sys_call+0x81d/0x9a0
[   49.524810][  T362]  do_syscall_64+0x3b/0xb0
[   49.529202][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   49.534966][  T362] 
[   49.537137][  T362] Freed by task 39:
[   49.540781][  T362]  kasan_set_track+0x4b/0x70
[   49.545314][  T362]  kasan_set_free_info+0x23/0x40
[   49.550072][  T362]  ____kasan_slab_free+0x126/0x160
[   49.555016][  T362]  __kasan_slab_free+0x11/0x20
[   49.559618][  T362]  slab_free_freelist_hook+0xbd/0x190
[   49.564825][  T362]  kmem_cache_free+0x116/0x2e0
[   49.569425][  T362]  kfree_skbmem+0x104/0x170
[   49.573765][  T362]  kfree_skb+0xc2/0x360
[   49.577754][  T362]  sk_psock_backlog+0xc21/0xd90
[   49.582441][  T362]  process_one_work+0x6bb/0xc10
[   49.587131][  T362]  worker_thread+0xad5/0x12a0
[   49.592613][  T362]  kthread+0x421/0x510
[   49.596587][  T362]  ret_from_fork+0x1f/0x30
[   49.600850][  T362] 
[   49.603030][  T362] The buggy address belongs to the object at ffff88811bf44000
[   49.603030][  T362]  which belongs to the cache skbuff_head_cache of size 248
[   49.617585][  T362] The buggy address is located 236 bytes inside of
[   49.617585][  T362]  248-byte region [ffff88811bf44000, ffff88811bf440f8)
[   49.631761][  T362] The buggy address belongs to the page:
[   49.637334][  T362] page:ffffea00046fd100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bf44
[   49.647487][  T362] flags: 0x4000000000000200(slab|zone=1)
[   49.653053][  T362] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   49.661478][  T362] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   49.669968][  T362] page dumped because: kasan: bad access detected
[   49.676416][  T362] page_owner tracks the page as allocated
[   49.681965][  T362] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 363, ts 48729616742, free_ts 41519630369
[   49.699233][  T362]  post_alloc_hook+0x1a3/0x1b0
[   49.703830][  T362]  prep_new_page+0x1b/0x110
[   49.708167][  T362]  get_page_from_freelist+0x3550/0x35d0
[   49.713633][  T362]  __alloc_pages+0x27e/0x8f0
[   49.718073][  T362]  new_slab+0x9a/0x4e0
[   49.721967][  T362]  ___slab_alloc+0x39e/0x830
[   49.726510][  T362]  __slab_alloc+0x4a/0x90
[   49.730655][  T362]  kmem_cache_alloc+0x134/0x200
[   49.735445][  T362]  __alloc_skb+0xbe/0x550
[   49.739605][  T362]  audit_log_start+0x456/0xa80
[   49.744202][  T362]  common_lsm_audit+0xd8/0x18b0
[   49.748892][  T362]  slow_avc_audit+0x26c/0x3c0
[   49.753496][  T362]  avc_has_perm+0x1f5/0x260
[   49.757831][  T362]  selinux_bpf_map+0xd7/0x110
[   49.762448][  T362]  security_bpf_map+0x6b/0xa0
[   49.766959][  T362]  bpf_map_new_fd+0x2e/0x80
[   49.771300][  T362] page last free stack trace:
[   49.775809][  T362]  free_unref_page_prepare+0x7c8/0x7d0
[   49.781305][  T362]  free_unref_page+0xe8/0x750
[   49.785976][  T362]  __put_page+0xb0/0xe0
[   49.789960][  T362]  anon_pipe_buf_release+0x187/0x200
[   49.795188][  T362]  pipe_read+0x5a6/0x1040
[   49.799330][  T362]  vfs_read+0xa7e/0xd40
[   49.803330][  T362]  ksys_read+0x199/0x2c0
[   49.807400][  T362]  __x64_sys_read+0x7b/0x90
[   49.811754][  T362]  x64_sys_call+0x28/0x9a0
[   49.815993][  T362]  do_syscall_64+0x3b/0xb0
[   49.820245][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   49.825981][  T362] 
[   49.828270][  T362] Memory state around the buggy address:
[   49.833755][  T362]  ffff88811bf43f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.841824][  T362]  ffff88811bf44000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.849802][  T362] >ffff88811bf44080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   49.858008][  T362]                                                           ^
[   49.865304][  T362]  ffff88811bf44100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   49.873288][  T362]  ffff88811bf44180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.881181][  T362] ==================================================================
[   49.889175][  T362] Disabling lock debugging due to kernel taint
[   49.895206][  T362] ==================================================================
[   49.903153][  T362] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   49.911396][  T362] 
[   49.913562][  T362] CPU: 1 PID: 362 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   49.925130][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   49.935115][  T362] Call Trace:
[   49.938569][  T362]  <TASK>
[   49.941506][  T362]  dump_stack_lvl+0x151/0x1c0
[   49.946072][  T362]  ? io_uring_drop_tctx_refs+0x190/0x190
[   49.951896][  T362]  ? __wake_up_klogd+0xd5/0x110
[   49.956574][  T362]  ? panic+0x760/0x760
[   49.960655][  T362]  ? kmem_cache_free+0x116/0x2e0
[   49.965527][  T362]  print_address_description+0x87/0x3b0
[   49.970903][  T362]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   49.976983][  T362]  ? kmem_cache_free+0x116/0x2e0
[   49.981751][  T362]  ? kmem_cache_free+0x116/0x2e0
[   49.986519][  T362]  kasan_report_invalid_free+0x6b/0xa0
[   49.992162][  T362]  ____kasan_slab_free+0x13e/0x160
[   49.997121][  T362]  __kasan_slab_free+0x11/0x20
[   50.001794][  T362]  slab_free_freelist_hook+0xbd/0x190
[   50.007004][  T362]  ? kfree_skbmem+0x104/0x170
[   50.011516][  T362]  kmem_cache_free+0x116/0x2e0
[   50.016116][  T362]  kfree_skbmem+0x104/0x170
[   50.020456][  T362]  consume_skb+0xb4/0x250
[   50.024622][  T362]  __sk_msg_free+0x2dd/0x370
[   50.029228][  T362]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   50.034868][  T362]  sk_psock_stop+0x44c/0x4d0
[   50.039299][  T362]  ? unix_peer_get+0xe0/0xe0
[   50.043726][  T362]  sock_map_close+0x2b9/0x4c0
[   50.048319][  T362]  ? sock_map_remove_links+0x650/0x650
[   50.053709][  T362]  ? rwsem_mark_wake+0x770/0x770
[   50.058473][  T362]  unix_release+0x82/0xc0
[   50.062640][  T362]  sock_close+0xdf/0x270
[   50.066813][  T362]  ? sock_mmap+0xa0/0xa0
[   50.070882][  T362]  __fput+0x3fe/0x910
[   50.074702][  T362]  ____fput+0x15/0x20
[   50.078529][  T362]  task_work_run+0x129/0x190
[   50.083008][  T362]  exit_to_user_mode_loop+0xc4/0xe0
[   50.088068][  T362]  exit_to_user_mode_prepare+0x5a/0xa0
[   50.093363][  T362]  syscall_exit_to_user_mode+0x26/0x160
[   50.098917][  T362]  do_syscall_64+0x47/0xb0
[   50.103354][  T362]  ? clear_bhb_loop+0x35/0x90
[   50.107856][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.113584][  T362] RIP: 0033:0x7f60347c2c9a
[   50.117838][  T362] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   50.137376][  T362] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   50.145708][  T362] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   50.153594][  T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   50.161405][  T362] RBP: 0000000000000032 R08: 0000001b32060000 R09: 00007f60348f2f8c
[   50.169221][  T362] R10: 00007ffd449e87f0 R11: 0000000000000293 R12: 00007f60343481b0
[   50.177032][  T362] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000be30
[   50.184845][  T362]  </TASK>
[   50.187709][  T362] 
[   50.189877][  T362] Allocated by task 363:
[   50.193956][  T362]  __kasan_slab_alloc+0xb1/0xe0
[   50.198642][  T362]  slab_post_alloc_hook+0x53/0x2c0
[   50.203951][  T362]  kmem_cache_alloc+0xf5/0x200
[   50.208559][  T362]  skb_clone+0x1d1/0x360
[   50.212875][  T362]  sk_psock_verdict_recv+0x53/0x840
[   50.217913][  T362]  unix_read_sock+0x132/0x370
[   50.222415][  T362]  sk_psock_verdict_data_ready+0x147/0x1a0
[   50.228081][  T362]  unix_dgram_sendmsg+0x15fa/0x2090
[   50.233099][  T362]  ____sys_sendmsg+0x59e/0x8f0
[   50.237695][  T362]  ___sys_sendmsg+0x252/0x2e0
[   50.242207][  T362]  __sys_sendmmsg+0x2bf/0x530
[   50.246724][  T362]  __x64_sys_sendmmsg+0xa0/0xb0
[   50.251405][  T362]  x64_sys_call+0x81d/0x9a0
[   50.255748][  T362]  do_syscall_64+0x3b/0xb0
[   50.259997][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.265728][  T362] 
[   50.267983][  T362] Freed by task 39:
[   50.271720][  T362]  kasan_set_track+0x4b/0x70
[   50.276246][  T362]  kasan_set_free_info+0x23/0x40
[   50.281023][  T362]  ____kasan_slab_free+0x126/0x160
[   50.286089][  T362]  __kasan_slab_free+0x11/0x20
[   50.290701][  T362]  slab_free_freelist_hook+0xbd/0x190
[   50.295911][  T362]  kmem_cache_free+0x116/0x2e0
[   50.300519][  T362]  kfree_skbmem+0x104/0x170
[   50.304843][  T362]  kfree_skb+0xc2/0x360
[   50.308827][  T362]  sk_psock_backlog+0xc21/0xd90
[   50.313521][  T362]  process_one_work+0x6bb/0xc10
[   50.318296][  T362]  worker_thread+0xad5/0x12a0
[   50.322970][  T362]  kthread+0x421/0x510
[   50.327054][  T362]  ret_from_fork+0x1f/0x30
[   50.331412][  T362] 
[   50.333571][  T362] The buggy address belongs to the object at ffff88811bf44000
[   50.333571][  T362]  which belongs to the cache skbuff_head_cache of size 248
[   50.347989][  T362] The buggy address is located 0 bytes inside of
[   50.347989][  T362]  248-byte region [ffff88811bf44000, ffff88811bf440f8)
[   50.361058][  T362] The buggy address belongs to the page:
[   50.366513][  T362] page:ffffea00046fd100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bf44
[   50.376574][  T362] flags: 0x4000000000000200(slab|zone=1)
[   50.382100][  T362] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   50.390489][  T362] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   50.398967][  T362] page dumped because: kasan: bad access detected
[   50.405216][  T362] page_owner tracks the page as allocated
[   50.410772][  T362] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 363, ts 48729616742, free_ts 41519630369
[   50.427955][  T362]  post_alloc_hook+0x1a3/0x1b0
[   50.432643][  T362]  prep_new_page+0x1b/0x110
[   50.436983][  T362]  get_page_from_freelist+0x3550/0x35d0
[   50.442462][  T362]  __alloc_pages+0x27e/0x8f0
[   50.446967][  T362]  new_slab+0x9a/0x4e0
[   50.450881][  T362]  ___slab_alloc+0x39e/0x830
[   50.455298][  T362]  __slab_alloc+0x4a/0x90
[   50.459549][  T362]  kmem_cache_alloc+0x134/0x200
[   50.464244][  T362]  __alloc_skb+0xbe/0x550
[   50.468411][  T362]  audit_log_start+0x456/0xa80
[   50.473071][  T362]  common_lsm_audit+0xd8/0x18b0
[   50.477699][  T362]  slow_avc_audit+0x26c/0x3c0
[   50.482368][  T362]  avc_has_perm+0x1f5/0x260
[   50.486692][  T362]  selinux_bpf_map+0xd7/0x110
[   50.491337][  T362]  security_bpf_map+0x6b/0xa0
[   50.495806][  T362]  bpf_map_new_fd+0x2e/0x80
[   50.500155][  T362] page last free stack trace:
[   50.504745][  T362]  free_unref_page_prepare+0x7c8/0x7d0
[   50.510584][  T362]  free_unref_page+0xe8/0x750
[   50.515081][  T362]  __put_page+0xb0/0xe0
[   50.519078][  T362]  anon_pipe_buf_release+0x187/0x200
[   50.524214][  T362]  pipe_read+0x5a6/0x1040
[   50.528364][  T362]  vfs_read+0xa7e/0xd40
[   50.532556][  T362]  ksys_read+0x199/0x2c0
[   50.536635][  T362]  __x64_sys_read+0x7b/0x90
[   50.540976][  T362]  x64_sys_call+0x28/0x9a0
[   50.545232][  T362]  do_syscall_64+0x3b/0xb0
[   50.549482][  T362]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.555504][  T362] 
[   50.557763][  T362] Memory state around the buggy address:
[   50.563235][  T362]  ffff88811bf43f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.571222][  T362]  ffff88811bf43f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.579121][  T362] >ffff88811bf44000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.587098][  T362]                    ^
[   50.591004][  T362]  ffff88811bf44080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   50.599087][  T362]  ffff88811bf44100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   50.607322][  T362] ==================================================================
[   50.623520][   T30] audit: type=1400 audit(1725656539.410:102): avc:  denied  { read } for  pid=82 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   50.646526][  T368] FAULT_INJECTION: forcing a failure.
[   50.646526][  T368] name failslab, interval 1, probability 0, space 0, times 0
[   50.659644][  T368] CPU: 0 PID: 368 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   50.671351][  T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   50.681245][  T368] Call Trace:
[   50.684367][  T368]  <TASK>
[   50.687180][  T368]  dump_stack_lvl+0x151/0x1c0
[   50.691753][  T368]  ? io_uring_drop_tctx_refs+0x190/0x190
[   50.697225][  T368]  dump_stack+0x15/0x20
[   50.701212][  T368]  should_fail+0x3c6/0x510
[   50.705554][  T368]  __should_failslab+0xa4/0xe0
[   50.710182][  T368]  should_failslab+0x9/0x20
[   50.714496][  T368]  slab_pre_alloc_hook+0x37/0xd0
[   50.719508][  T368]  kmem_cache_alloc_trace+0x48/0x210
[   50.724638][  T368]  ? sk_psock_skb_ingress_self+0x60/0x330
[   50.730179][  T368]  ? migrate_disable+0x190/0x190
[   50.734960][  T368]  sk_psock_skb_ingress_self+0x60/0x330
[   50.740347][  T368]  sk_psock_verdict_recv+0x66d/0x840
[   50.745576][  T368]  unix_read_sock+0x132/0x370
[   50.750087][  T368]  ? sk_psock_skb_redirect+0x440/0x440
[   50.755379][  T368]  ? unix_stream_splice_actor+0x120/0x120
[   50.760929][  T368]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   50.766320][  T368]  ? unix_stream_splice_actor+0x120/0x120
[   50.771885][  T368]  sk_psock_verdict_data_ready+0x147/0x1a0
[   50.777622][  T368]  ? sk_psock_start_verdict+0xc0/0xc0
[   50.782823][  T368]  ? _raw_spin_lock+0xa4/0x1b0
[   50.787414][  T368]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   50.793061][  T368]  ? skb_queue_tail+0xfb/0x120
[   50.797660][  T368]  unix_dgram_sendmsg+0x15fa/0x2090
[   50.802692][  T368]  ? unix_dgram_poll+0x710/0x710
[   50.807460][  T368]  ? __kasan_check_write+0x14/0x20
[   50.812413][  T368]  ? __cpuidle_text_end+0x2/0x2
[   50.817099][  T368]  ? cgroup_rstat_updated+0xe5/0x370
[   50.822225][  T368]  ? security_socket_sendmsg+0x82/0xb0
[   50.827510][  T368]  ? unix_dgram_poll+0x710/0x710
[   50.832289][  T368]  ____sys_sendmsg+0x59e/0x8f0
[   50.836972][  T368]  ? __sys_sendmsg_sock+0x40/0x40
[   50.841833][  T368]  ? import_iovec+0xe5/0x120
[   50.846259][  T368]  ___sys_sendmsg+0x252/0x2e0
[   50.850883][  T368]  ? __sys_sendmsg+0x260/0x260
[   50.855559][  T368]  ? __kasan_check_write+0x14/0x20
[   50.860607][  T368]  ? proc_fail_nth_write+0x20b/0x290
[   50.865734][  T368]  ? __fdget+0x1bc/0x240
[   50.869806][  T368]  __sys_sendmmsg+0x2bf/0x530
[   50.874328][  T368]  ? __ia32_sys_sendmsg+0x90/0x90
[   50.879179][  T368]  ? mutex_unlock+0xb2/0x260
[   50.883611][  T368]  ? __kasan_check_write+0x14/0x20
[   50.888551][  T368]  ? __ia32_sys_read+0x90/0x90
[   50.893150][  T368]  ? debug_smp_processor_id+0x17/0x20
[   50.898450][  T368]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   50.904450][  T368]  __x64_sys_sendmmsg+0xa0/0xb0
[   50.909244][  T368]  x64_sys_call+0x81d/0x9a0
[   50.913726][  T368]  do_syscall_64+0x3b/0xb0
[   50.918275][  T368]  ? clear_bhb_loop+0x35/0x90
[   50.922772][  T368]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.928485][  T368] RIP: 0033:0x7f60347c3da9
[   50.932777][  T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   50.952268][  T368] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   50.960516][  T368] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   50.968437][  T368] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   50.976260][  T368] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   50.984238][  T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.992081][  T368] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   50.999975][  T368]  </TASK>
[   51.007099][  T367] ==================================================================
[   51.015211][  T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   51.023630][  T367] 
[   51.025801][  T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   51.037343][  T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   51.047766][  T367] Call Trace:
[   51.051004][  T367]  <TASK>
[   51.053757][  T367]  dump_stack_lvl+0x151/0x1c0
[   51.058282][  T367]  ? io_uring_drop_tctx_refs+0x190/0x190
[   51.063741][  T367]  ? __wake_up_klogd+0xd5/0x110
[   51.068426][  T367]  ? panic+0x760/0x760
[   51.072338][  T367]  ? kmem_cache_free+0x116/0x2e0
[   51.077101][  T367]  print_address_description+0x87/0x3b0
[   51.082572][  T367]  ? kmem_cache_free+0x116/0x2e0
[   51.087374][  T367]  ? kmem_cache_free+0x116/0x2e0
[   51.092141][  T367]  kasan_report_invalid_free+0x6b/0xa0
[   51.097781][  T367]  ____kasan_slab_free+0x13e/0x160
[   51.102715][  T367]  __kasan_slab_free+0x11/0x20
[   51.107305][  T367]  slab_free_freelist_hook+0xbd/0x190
[   51.112514][  T367]  ? kfree_skbmem+0x104/0x170
[   51.117038][  T367]  kmem_cache_free+0x116/0x2e0
[   51.121642][  T367]  kfree_skbmem+0x104/0x170
[   51.125978][  T367]  consume_skb+0xb4/0x250
[   51.130136][  T367]  __sk_msg_free+0x2dd/0x370
[   51.134560][  T367]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   51.140200][  T367]  sk_psock_stop+0x44c/0x4d0
[   51.144627][  T367]  ? unix_peer_get+0xe0/0xe0
[   51.149205][  T367]  sock_map_close+0x2b9/0x4c0
[   51.153697][  T367]  ? sock_map_remove_links+0x650/0x650
[   51.160071][  T367]  ? rwsem_mark_wake+0x770/0x770
[   51.164844][  T367]  unix_release+0x82/0xc0
[   51.169072][  T367]  sock_close+0xdf/0x270
[   51.173109][  T367]  ? sock_mmap+0xa0/0xa0
[   51.177170][  T367]  __fput+0x3fe/0x910
[   51.181223][  T367]  ____fput+0x15/0x20
[   51.185066][  T367]  task_work_run+0x129/0x190
[   51.189469][  T367]  exit_to_user_mode_loop+0xc4/0xe0
[   51.194499][  T367]  exit_to_user_mode_prepare+0x5a/0xa0
[   51.199905][  T367]  syscall_exit_to_user_mode+0x26/0x160
[   51.205300][  T367]  do_syscall_64+0x47/0xb0
[   51.209715][  T367]  ? clear_bhb_loop+0x35/0x90
[   51.214311][  T367]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   51.220041][  T367] RIP: 0033:0x7f60347c2c9a
[   51.224301][  T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   51.243738][  T367] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   51.252007][  T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   51.259796][  T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   51.267697][  T367] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   51.275508][  T367] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c8f7
[   51.283317][  T367] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000c5b6
[   51.291251][  T367]  </TASK>
[   51.294081][  T367] 
[   51.296249][  T367] Allocated by task 368:
[   51.300330][  T367]  __kasan_slab_alloc+0xb1/0xe0
[   51.305014][  T367]  slab_post_alloc_hook+0x53/0x2c0
[   51.309962][  T367]  kmem_cache_alloc+0xf5/0x200
[   51.314563][  T367]  skb_clone+0x1d1/0x360
[   51.318642][  T367]  sk_psock_verdict_recv+0x53/0x840
[   51.323682][  T367]  unix_read_sock+0x132/0x370
[   51.328190][  T367]  sk_psock_verdict_data_ready+0x147/0x1a0
[   51.334026][  T367]  unix_dgram_sendmsg+0x15fa/0x2090
[   51.339049][  T367]  ____sys_sendmsg+0x59e/0x8f0
[   51.343897][  T367]  ___sys_sendmsg+0x252/0x2e0
[   51.348413][  T367]  __sys_sendmmsg+0x2bf/0x530
[   51.353095][  T367]  __x64_sys_sendmmsg+0xa0/0xb0
[   51.357896][  T367]  x64_sys_call+0x81d/0x9a0
[   51.362573][  T367]  do_syscall_64+0x3b/0xb0
[   51.366783][  T367]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   51.372524][  T367] 
[   51.374693][  T367] Freed by task 308:
[   51.378434][  T367]  kasan_set_track+0x4b/0x70
[   51.382932][  T367]  kasan_set_free_info+0x23/0x40
[   51.387763][  T367]  ____kasan_slab_free+0x126/0x160
[   51.392656][  T367]  __kasan_slab_free+0x11/0x20
[   51.397255][  T367]  slab_free_freelist_hook+0xbd/0x190
[   51.402545][  T367]  kmem_cache_free+0x116/0x2e0
[   51.407317][  T367]  kfree_skbmem+0x104/0x170
[   51.411666][  T367]  kfree_skb+0xc2/0x360
[   51.415737][  T367]  sk_psock_backlog+0xc21/0xd90
[   51.420651][  T367]  process_one_work+0x6bb/0xc10
[   51.425336][  T367]  worker_thread+0xad5/0x12a0
[   51.429854][  T367]  kthread+0x421/0x510
[   51.433769][  T367]  ret_from_fork+0x1f/0x30
[   51.438117][  T367] 
[   51.440276][  T367] The buggy address belongs to the object at ffff88812372c500
[   51.440276][  T367]  which belongs to the cache skbuff_head_cache of size 248
[   51.454947][  T367] The buggy address is located 0 bytes inside of
[   51.454947][  T367]  248-byte region [ffff88812372c500, ffff88812372c5f8)
[   51.467895][  T367] The buggy address belongs to the page:
[   51.473436][  T367] page:ffffea00048dcb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12372c
[   51.483761][  T367] flags: 0x4000000000000200(slab|zone=1)
[   51.489257][  T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   51.497800][  T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   51.506197][  T367] page dumped because: kasan: bad access detected
[   51.512453][  T367] page_owner tracks the page as allocated
[   51.518002][  T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 50645605803, free_ts 50638825471
[   51.533618][  T367]  post_alloc_hook+0x1a3/0x1b0
[   51.538454][  T367]  prep_new_page+0x1b/0x110
[   51.542779][  T367]  get_page_from_freelist+0x3550/0x35d0
[   51.548173][  T367]  __alloc_pages+0x27e/0x8f0
[   51.552681][  T367]  new_slab+0x9a/0x4e0
[   51.556592][  T367]  ___slab_alloc+0x39e/0x830
[   51.561096][  T367]  __slab_alloc+0x4a/0x90
[   51.565262][  T367]  kmem_cache_alloc+0x134/0x200
[   51.569956][  T367]  __alloc_skb+0xbe/0x550
[   51.574210][  T367]  alloc_skb_with_frags+0xa6/0x680
[   51.579160][  T367]  sock_alloc_send_pskb+0x915/0xa50
[   51.584185][  T367]  unix_dgram_sendmsg+0x6fd/0x2090
[   51.589134][  T367]  __sys_sendto+0x564/0x720
[   51.593599][  T367]  __x64_sys_sendto+0xe5/0x100
[   51.598171][  T367]  x64_sys_call+0x15c/0x9a0
[   51.602642][  T367]  do_syscall_64+0x3b/0xb0
[   51.606887][  T367] page last free stack trace:
[   51.611413][  T367]  free_unref_page_prepare+0x7c8/0x7d0
[   51.616808][  T367]  free_unref_page+0xe8/0x750
[   51.621392][  T367]  __free_pages+0x61/0xf0
[   51.625846][  T367]  __vunmap+0x7bc/0x8f0
[   51.629831][  T367]  vfree+0x7f/0xb0
[   51.633401][  T367]  bpf_patch_insn_data+0x7f0/0xde0
[   51.638469][  T367]  bpf_check+0x65bc/0x12b20
[   51.642794][  T367]  bpf_prog_load+0x12ac/0x1b50
[   51.647511][  T367]  __sys_bpf+0x4bc/0x760
[   51.651711][  T367]  __x64_sys_bpf+0x7c/0x90
[   51.655993][  T367]  x64_sys_call+0x87f/0x9a0
[   51.660300][  T367]  do_syscall_64+0x3b/0xb0
[   51.664552][  T367]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   51.670285][  T367] 
[   51.672555][  T367] Memory state around the buggy address:
[   51.678029][  T367]  ffff88812372c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.685946][  T367]  ffff88812372c480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   51.693836][  T367] >ffff88812372c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.701813][  T367]                    ^
[   51.705711][  T367]  ffff88812372c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   51.713627][  T367]  ffff88812372c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   51.721690][  T367] ==================================================================
[   51.742837][  T371] FAULT_INJECTION: forcing a failure.
[   51.742837][  T371] name failslab, interval 1, probability 0, space 0, times 0
[   51.755324][  T371] CPU: 0 PID: 371 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   51.766810][  T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   51.776847][  T371] Call Trace:
[   51.779992][  T371]  <TASK>
[   51.782768][  T371]  dump_stack_lvl+0x151/0x1c0
[   51.787436][  T371]  ? io_uring_drop_tctx_refs+0x190/0x190
[   51.793125][  T371]  dump_stack+0x15/0x20
[   51.797105][  T371]  should_fail+0x3c6/0x510
[   51.801357][  T371]  __should_failslab+0xa4/0xe0
[   51.805989][  T371]  should_failslab+0x9/0x20
[   51.810313][  T371]  slab_pre_alloc_hook+0x37/0xd0
[   51.815307][  T371]  kmem_cache_alloc_trace+0x48/0x210
[   51.820710][  T371]  ? sk_psock_skb_ingress_self+0x60/0x330
[   51.826395][  T371]  ? migrate_disable+0x190/0x190
[   51.831280][  T371]  sk_psock_skb_ingress_self+0x60/0x330
[   51.836885][  T371]  sk_psock_verdict_recv+0x66d/0x840
[   51.842312][  T371]  unix_read_sock+0x132/0x370
[   51.846798][  T371]  ? sk_psock_skb_redirect+0x440/0x440
[   51.852402][  T371]  ? unix_stream_splice_actor+0x120/0x120
[   51.857965][  T371]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   51.863675][  T371]  ? unix_stream_splice_actor+0x120/0x120
[   51.869548][  T371]  sk_psock_verdict_data_ready+0x147/0x1a0
[   51.875262][  T371]  ? sk_psock_start_verdict+0xc0/0xc0
[   51.880466][  T371]  ? _raw_spin_lock+0xa4/0x1b0
[   51.885376][  T371]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   51.891221][  T371]  ? skb_queue_tail+0xfb/0x120
[   51.895926][  T371]  unix_dgram_sendmsg+0x15fa/0x2090
[   51.901043][  T371]  ? unix_dgram_poll+0x710/0x710
[   51.905990][  T371]  ? __kasan_check_write+0x14/0x20
[   51.910935][  T371]  ? __cpuidle_text_end+0x2/0x2
[   51.915621][  T371]  ? cgroup_rstat_updated+0xe5/0x370
[   51.920886][  T371]  ? security_socket_sendmsg+0x82/0xb0
[   51.926170][  T371]  ? unix_dgram_poll+0x710/0x710
[   51.930933][  T371]  ____sys_sendmsg+0x59e/0x8f0
[   51.935523][  T371]  ? __sys_sendmsg_sock+0x40/0x40
[   51.940383][  T371]  ? import_iovec+0xe5/0x120
[   51.944807][  T371]  ___sys_sendmsg+0x252/0x2e0
[   51.949442][  T371]  ? __sys_sendmsg+0x260/0x260
[   51.954372][  T371]  ? __kasan_check_write+0x14/0x20
[   51.959305][  T371]  ? proc_fail_nth_write+0x20b/0x290
[   51.964430][  T371]  ? __fdget+0x1bc/0x240
[   51.968599][  T371]  __sys_sendmmsg+0x2bf/0x530
[   51.973145][  T371]  ? __ia32_sys_sendmsg+0x90/0x90
[   51.977978][  T371]  ? mutex_unlock+0xb2/0x260
[   51.982725][  T371]  ? __kasan_check_write+0x14/0x20
[   51.987699][  T371]  ? __ia32_sys_read+0x90/0x90
[   51.992306][  T371]  ? debug_smp_processor_id+0x17/0x20
[   51.997475][  T371]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   52.003583][  T371]  __x64_sys_sendmmsg+0xa0/0xb0
[   52.008442][  T371]  x64_sys_call+0x81d/0x9a0
[   52.012977][  T371]  do_syscall_64+0x3b/0xb0
[   52.017222][  T371]  ? clear_bhb_loop+0x35/0x90
[   52.022322][  T371]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.028017][  T371] RIP: 0033:0x7f60347c3da9
[   52.032262][  T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   52.052068][  T371] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   52.060307][  T371] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   52.068211][  T371] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   52.076369][  T371] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   52.084263][  T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.092078][  T371] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   52.100007][  T371]  </TASK>
[   52.104590][  T370] ==================================================================
[   52.112479][  T370] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   52.120717][  T370] 
[   52.122896][  T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   52.134637][  T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   52.144807][  T370] Call Trace:
[   52.147914][  T370]  <TASK>
[   52.150697][  T370]  dump_stack_lvl+0x151/0x1c0
[   52.155408][  T370]  ? io_uring_drop_tctx_refs+0x190/0x190
[   52.160969][  T370]  ? __wake_up_klogd+0xd5/0x110
[   52.165600][  T370]  ? panic+0x760/0x760
[   52.169522][  T370]  ? kmem_cache_free+0x116/0x2e0
[   52.174327][  T370]  print_address_description+0x87/0x3b0
[   52.179761][  T370]  ? kmem_cache_free+0x116/0x2e0
[   52.184520][  T370]  ? kmem_cache_free+0x116/0x2e0
[   52.189292][  T370]  kasan_report_invalid_free+0x6b/0xa0
[   52.194591][  T370]  ____kasan_slab_free+0x13e/0x160
[   52.199671][  T370]  __kasan_slab_free+0x11/0x20
[   52.204265][  T370]  slab_free_freelist_hook+0xbd/0x190
[   52.209476][  T370]  ? kfree_skbmem+0x104/0x170
[   52.214062][  T370]  kmem_cache_free+0x116/0x2e0
[   52.218767][  T370]  kfree_skbmem+0x104/0x170
[   52.223086][  T370]  consume_skb+0xb4/0x250
[   52.227459][  T370]  __sk_msg_free+0x2dd/0x370
[   52.231893][  T370]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   52.237849][  T370]  sk_psock_stop+0x44c/0x4d0
[   52.242235][  T370]  ? unix_peer_get+0xe0/0xe0
[   52.246659][  T370]  sock_map_close+0x2b9/0x4c0
[   52.251258][  T370]  ? sock_map_remove_links+0x650/0x650
[   52.256563][  T370]  ? rwsem_mark_wake+0x770/0x770
[   52.261554][  T370]  unix_release+0x82/0xc0
[   52.265708][  T370]  sock_close+0xdf/0x270
[   52.269879][  T370]  ? sock_mmap+0xa0/0xa0
[   52.273980][  T370]  __fput+0x3fe/0x910
[   52.277783][  T370]  ____fput+0x15/0x20
[   52.281594][  T370]  task_work_run+0x129/0x190
[   52.286038][  T370]  exit_to_user_mode_loop+0xc4/0xe0
[   52.291055][  T370]  exit_to_user_mode_prepare+0x5a/0xa0
[   52.296355][  T370]  syscall_exit_to_user_mode+0x26/0x160
[   52.301730][  T370]  do_syscall_64+0x47/0xb0
[   52.305997][  T370]  ? clear_bhb_loop+0x35/0x90
[   52.310668][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.316671][  T370] RIP: 0033:0x7f60347c2c9a
[   52.321357][  T370] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   52.340896][  T370] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   52.349312][  T370] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   52.357223][  T370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   52.365844][  T370] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   52.373707][  T370] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cd4a
[   52.381597][  T370] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000ca09
[   52.389588][  T370]  </TASK>
[   52.392439][  T370] 
[   52.394609][  T370] Allocated by task 371:
[   52.398702][  T370]  __kasan_slab_alloc+0xb1/0xe0
[   52.403524][  T370]  slab_post_alloc_hook+0x53/0x2c0
[   52.408431][  T370]  kmem_cache_alloc+0xf5/0x200
[   52.413028][  T370]  skb_clone+0x1d1/0x360
[   52.417206][  T370]  sk_psock_verdict_recv+0x53/0x840
[   52.422223][  T370]  unix_read_sock+0x132/0x370
[   52.426747][  T370]  sk_psock_verdict_data_ready+0x147/0x1a0
[   52.432378][  T370]  unix_dgram_sendmsg+0x15fa/0x2090
[   52.437410][  T370]  ____sys_sendmsg+0x59e/0x8f0
[   52.442022][  T370]  ___sys_sendmsg+0x252/0x2e0
[   52.446534][  T370]  __sys_sendmmsg+0x2bf/0x530
[   52.451041][  T370]  __x64_sys_sendmmsg+0xa0/0xb0
[   52.455901][  T370]  x64_sys_call+0x81d/0x9a0
[   52.460363][  T370]  do_syscall_64+0x3b/0xb0
[   52.464615][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.470342][  T370] 
[   52.472515][  T370] Freed by task 308:
[   52.476253][  T370]  kasan_set_track+0x4b/0x70
[   52.480808][  T370]  kasan_set_free_info+0x23/0x40
[   52.485684][  T370]  ____kasan_slab_free+0x126/0x160
[   52.490628][  T370]  __kasan_slab_free+0x11/0x20
[   52.495232][  T370]  slab_free_freelist_hook+0xbd/0x190
[   52.500435][  T370]  kmem_cache_free+0x116/0x2e0
[   52.505034][  T370]  kfree_skbmem+0x104/0x170
[   52.509376][  T370]  kfree_skb+0xc2/0x360
[   52.513379][  T370]  sk_psock_backlog+0xc21/0xd90
[   52.518063][  T370]  process_one_work+0x6bb/0xc10
[   52.522827][  T370]  worker_thread+0xad5/0x12a0
[   52.527349][  T370]  kthread+0x421/0x510
[   52.531274][  T370]  ret_from_fork+0x1f/0x30
[   52.535507][  T370] 
[   52.537668][  T370] The buggy address belongs to the object at ffff888123702780
[   52.537668][  T370]  which belongs to the cache skbuff_head_cache of size 248
[   52.552082][  T370] The buggy address is located 0 bytes inside of
[   52.552082][  T370]  248-byte region [ffff888123702780, ffff888123702878)
[   52.565013][  T370] The buggy address belongs to the page:
[   52.570481][  T370] page:ffffea00048dc080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123702
[   52.580675][  T370] flags: 0x4000000000000200(slab|zone=1)
[   52.586291][  T370] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   52.594710][  T370] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   52.603263][  T370] page dumped because: kasan: bad access detected
[   52.609984][  T370] page_owner tracks the page as allocated
[   52.615655][  T370] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 51736482181, free_ts 51732333483
[   52.631354][  T370]  post_alloc_hook+0x1a3/0x1b0
[   52.635954][  T370]  prep_new_page+0x1b/0x110
[   52.640294][  T370]  get_page_from_freelist+0x3550/0x35d0
[   52.645676][  T370]  __alloc_pages+0x27e/0x8f0
[   52.650209][  T370]  new_slab+0x9a/0x4e0
[   52.654110][  T370]  ___slab_alloc+0x39e/0x830
[   52.658538][  T370]  __slab_alloc+0x4a/0x90
[   52.663003][  T370]  kmem_cache_alloc+0x134/0x200
[   52.667679][  T370]  __alloc_skb+0xbe/0x550
[   52.672004][  T370]  alloc_skb_with_frags+0xa6/0x680
[   52.677367][  T370]  sock_alloc_send_pskb+0x915/0xa50
[   52.682402][  T370]  unix_dgram_sendmsg+0x6fd/0x2090
[   52.687561][  T370]  __sys_sendto+0x564/0x720
[   52.692003][  T370]  __x64_sys_sendto+0xe5/0x100
[   52.696600][  T370]  x64_sys_call+0x15c/0x9a0
[   52.700951][  T370]  do_syscall_64+0x3b/0xb0
[   52.705186][  T370] page last free stack trace:
[   52.709967][  T370]  free_unref_page_prepare+0x7c8/0x7d0
[   52.715578][  T370]  free_unref_page_list+0x14b/0xa60
[   52.720644][  T370]  release_pages+0x1310/0x1370
[   52.725368][  T370]  free_pages_and_swap_cache+0x8a/0xa0
[   52.730664][  T370]  tlb_finish_mmu+0x177/0x320
[   52.735180][  T370]  exit_mmap+0x40d/0x940
[   52.739263][  T370]  __mmput+0x95/0x310
[   52.743178][  T370]  mmput+0x5b/0x170
[   52.746801][  T370]  do_exit+0xb9c/0x2ca0
[   52.750796][  T370]  do_group_exit+0x141/0x310
[   52.755309][  T370]  __x64_sys_exit_group+0x3f/0x40
[   52.760171][  T370]  x64_sys_call+0x610/0x9a0
[   52.764507][  T370]  do_syscall_64+0x3b/0xb0
[   52.768769][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.774597][  T370] 
[   52.776849][  T370] Memory state around the buggy address:
[   52.782335][  T370]  ffff888123702680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.790299][  T370]  ffff888123702700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   52.798397][  T370] >ffff888123702780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.806441][  T370]                    ^
[   52.810363][  T370]  ffff888123702800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   52.818442][  T370]  ffff888123702880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   52.826937][  T370] ==================================================================
[   52.850472][  T374] FAULT_INJECTION: forcing a failure.
[   52.850472][  T374] name failslab, interval 1, probability 0, space 0, times 0
[   52.863184][  T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   52.875091][  T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   52.885841][  T374] Call Trace:
[   52.889039][  T374]  <TASK>
[   52.892150][  T374]  dump_stack_lvl+0x151/0x1c0
[   52.896979][  T374]  ? io_uring_drop_tctx_refs+0x190/0x190
[   52.902612][  T374]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   52.908539][  T374]  ? __skb_try_recv_datagram+0x495/0x6a0
[   52.914106][  T374]  dump_stack+0x15/0x20
[   52.918088][  T374]  should_fail+0x3c6/0x510
[   52.922609][  T374]  __should_failslab+0xa4/0xe0
[   52.927198][  T374]  ? skb_clone+0x1d1/0x360
[   52.931450][  T374]  should_failslab+0x9/0x20
[   52.935792][  T374]  slab_pre_alloc_hook+0x37/0xd0
[   52.940578][  T374]  ? skb_clone+0x1d1/0x360
[   52.944821][  T374]  kmem_cache_alloc+0x44/0x200
[   52.949503][  T374]  skb_clone+0x1d1/0x360
[   52.953582][  T374]  sk_psock_verdict_recv+0x53/0x840
[   52.958620][  T374]  ? avc_has_perm_noaudit+0x430/0x430
[   52.963959][  T374]  ? mntput_no_expire+0xfc/0x6b0
[   52.968749][  T374]  unix_read_sock+0x132/0x370
[   52.973332][  T374]  ? sk_psock_skb_redirect+0x440/0x440
[   52.978629][  T374]  ? unix_stream_splice_actor+0x120/0x120
[   52.984262][  T374]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   52.989567][  T374]  ? unix_stream_splice_actor+0x120/0x120
[   52.995111][  T374]  sk_psock_verdict_data_ready+0x147/0x1a0
[   53.000764][  T374]  ? sk_psock_start_verdict+0xc0/0xc0
[   53.005958][  T374]  ? _raw_spin_lock+0xa4/0x1b0
[   53.010563][  T374]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   53.016204][  T374]  ? skb_queue_tail+0xfb/0x120
[   53.020803][  T374]  unix_dgram_sendmsg+0x15fa/0x2090
[   53.025840][  T374]  ? unix_dgram_poll+0x710/0x710
[   53.030608][  T374]  ? __kasan_check_write+0x14/0x20
[   53.035555][  T374]  ? __cpuidle_text_end+0x2/0x2
[   53.040243][  T374]  ? cgroup_rstat_updated+0xe5/0x370
[   53.045366][  T374]  ? security_socket_sendmsg+0x82/0xb0
[   53.050661][  T374]  ? unix_dgram_poll+0x710/0x710
[   53.055534][  T374]  ____sys_sendmsg+0x59e/0x8f0
[   53.060209][  T374]  ? __sys_sendmsg_sock+0x40/0x40
[   53.065068][  T374]  ? import_iovec+0xe5/0x120
[   53.069513][  T374]  ___sys_sendmsg+0x252/0x2e0
[   53.074187][  T374]  ? __sys_sendmsg+0x260/0x260
[   53.078785][  T374]  ? __kasan_check_write+0x14/0x20
[   53.083739][  T374]  ? proc_fail_nth_write+0x20b/0x290
[   53.088946][  T374]  ? __fdget+0x1bc/0x240
[   53.093015][  T374]  __sys_sendmmsg+0x2bf/0x530
[   53.097533][  T374]  ? __ia32_sys_sendmsg+0x90/0x90
[   53.102398][  T374]  ? mutex_unlock+0xb2/0x260
[   53.106817][  T374]  ? __kasan_check_write+0x14/0x20
[   53.111768][  T374]  ? __ia32_sys_read+0x90/0x90
[   53.116362][  T374]  ? debug_smp_processor_id+0x17/0x20
[   53.121570][  T374]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   53.127487][  T374]  __x64_sys_sendmmsg+0xa0/0xb0
[   53.132173][  T374]  x64_sys_call+0x81d/0x9a0
[   53.136506][  T374]  do_syscall_64+0x3b/0xb0
[   53.141016][  T374]  ? clear_bhb_loop+0x35/0x90
[   53.145651][  T374]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.151375][  T374] RIP: 0033:0x7f60347c3da9
[   53.155619][  T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   53.175417][  T374] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   53.183653][  T374] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   53.191553][  T374] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   53.199449][  T374] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   53.207349][  T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.215166][  T374] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   53.222973][  T374]  </TASK>
[   53.238783][  T376] FAULT_INJECTION: forcing a failure.
[   53.238783][  T376] name failslab, interval 1, probability 0, space 0, times 0
[   53.251260][  T376] CPU: 1 PID: 376 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   53.262732][  T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   53.272626][  T376] Call Trace:
[   53.275861][  T376]  <TASK>
[   53.278616][  T376]  dump_stack_lvl+0x151/0x1c0
[   53.283236][  T376]  ? io_uring_drop_tctx_refs+0x190/0x190
[   53.288994][  T376]  dump_stack+0x15/0x20
[   53.292938][  T376]  should_fail+0x3c6/0x510
[   53.297198][  T376]  __should_failslab+0xa4/0xe0
[   53.301887][  T376]  should_failslab+0x9/0x20
[   53.306218][  T376]  slab_pre_alloc_hook+0x37/0xd0
[   53.310992][  T376]  kmem_cache_alloc_trace+0x48/0x210
[   53.316119][  T376]  ? sk_psock_skb_ingress_self+0x60/0x330
[   53.321768][  T376]  ? migrate_disable+0x190/0x190
[   53.326537][  T376]  sk_psock_skb_ingress_self+0x60/0x330
[   53.332043][  T376]  sk_psock_verdict_recv+0x66d/0x840
[   53.337245][  T376]  unix_read_sock+0x132/0x370
[   53.341893][  T376]  ? sk_psock_skb_redirect+0x440/0x440
[   53.347185][  T376]  ? unix_stream_splice_actor+0x120/0x120
[   53.352735][  T376]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   53.358032][  T376]  ? unix_stream_splice_actor+0x120/0x120
[   53.363585][  T376]  sk_psock_verdict_data_ready+0x147/0x1a0
[   53.369228][  T376]  ? sk_psock_start_verdict+0xc0/0xc0
[   53.374434][  T376]  ? _raw_spin_lock+0xa4/0x1b0
[   53.379037][  T376]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   53.384677][  T376]  ? skb_queue_tail+0xfb/0x120
[   53.389276][  T376]  unix_dgram_sendmsg+0x15fa/0x2090
[   53.394323][  T376]  ? unix_dgram_poll+0x710/0x710
[   53.399083][  T376]  ? __kasan_check_write+0x14/0x20
[   53.404039][  T376]  ? __cpuidle_text_end+0x2/0x2
[   53.408824][  T376]  ? cgroup_rstat_updated+0xe5/0x370
[   53.413949][  T376]  ? security_socket_sendmsg+0x82/0xb0
[   53.419310][  T376]  ? unix_dgram_poll+0x710/0x710
[   53.424086][  T376]  ____sys_sendmsg+0x59e/0x8f0
[   53.428771][  T376]  ? __sys_sendmsg_sock+0x40/0x40
[   53.433720][  T376]  ? import_iovec+0xe5/0x120
[   53.438143][  T376]  ___sys_sendmsg+0x252/0x2e0
[   53.442663][  T376]  ? __sys_sendmsg+0x260/0x260
[   53.447264][  T376]  ? __kasan_check_write+0x14/0x20
[   53.452203][  T376]  ? proc_fail_nth_write+0x20b/0x290
[   53.457323][  T376]  ? __fdget+0x1bc/0x240
[   53.461400][  T376]  __sys_sendmmsg+0x2bf/0x530
[   53.465923][  T376]  ? __ia32_sys_sendmsg+0x90/0x90
[   53.470775][  T376]  ? mutex_unlock+0xb2/0x260
[   53.475214][  T376]  ? __kasan_check_write+0x14/0x20
[   53.480262][  T376]  ? __ia32_sys_read+0x90/0x90
[   53.485011][  T376]  ? debug_smp_processor_id+0x17/0x20
[   53.490266][  T376]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   53.496094][  T376]  __x64_sys_sendmmsg+0xa0/0xb0
[   53.500818][  T376]  x64_sys_call+0x81d/0x9a0
[   53.505233][  T376]  do_syscall_64+0x3b/0xb0
[   53.509817][  T376]  ? clear_bhb_loop+0x35/0x90
[   53.514327][  T376]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.520054][  T376] RIP: 0033:0x7f60347c3da9
[   53.524304][  T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   53.543742][  T376] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   53.551992][  T376] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   53.559936][  T376] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   53.567750][  T376] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   53.575550][  T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.583369][  T376] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   53.591179][  T376]  </TASK>
[   53.596549][  T375] ==================================================================
[   53.604882][  T375] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   53.613728][  T375] 
[   53.615892][  T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   53.628069][  T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   53.638163][  T375] Call Trace:
[   53.641287][  T375]  <TASK>
[   53.644146][  T375]  dump_stack_lvl+0x151/0x1c0
[   53.648657][  T375]  ? io_uring_drop_tctx_refs+0x190/0x190
[   53.654135][  T375]  ? __wake_up_klogd+0xd5/0x110
[   53.658817][  T375]  ? panic+0x760/0x760
[   53.662719][  T375]  ? kmem_cache_free+0x116/0x2e0
[   53.667582][  T375]  print_address_description+0x87/0x3b0
[   53.672991][  T375]  ? kmem_cache_free+0x116/0x2e0
[   53.677738][  T375]  ? kmem_cache_free+0x116/0x2e0
[   53.682506][  T375]  kasan_report_invalid_free+0x6b/0xa0
[   53.687889][  T375]  ____kasan_slab_free+0x13e/0x160
[   53.692833][  T375]  __kasan_slab_free+0x11/0x20
[   53.697443][  T375]  slab_free_freelist_hook+0xbd/0x190
[   53.702687][  T375]  ? kfree_skbmem+0x104/0x170
[   53.707199][  T375]  kmem_cache_free+0x116/0x2e0
[   53.711924][  T375]  kfree_skbmem+0x104/0x170
[   53.716251][  T375]  consume_skb+0xb4/0x250
[   53.720421][  T375]  __sk_msg_free+0x2dd/0x370
[   53.724824][  T375]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   53.730464][  T375]  sk_psock_stop+0x44c/0x4d0
[   53.734948][  T375]  ? unix_peer_get+0xe0/0xe0
[   53.739404][  T375]  sock_map_close+0x2b9/0x4c0
[   53.743915][  T375]  ? sock_map_remove_links+0x650/0x650
[   53.749216][  T375]  ? rwsem_mark_wake+0x770/0x770
[   53.753978][  T375]  unix_release+0x82/0xc0
[   53.758143][  T375]  sock_close+0xdf/0x270
[   53.762316][  T375]  ? sock_mmap+0xa0/0xa0
[   53.766392][  T375]  __fput+0x3fe/0x910
[   53.770209][  T375]  ____fput+0x15/0x20
[   53.774236][  T375]  task_work_run+0x129/0x190
[   53.778670][  T375]  exit_to_user_mode_loop+0xc4/0xe0
[   53.783690][  T375]  exit_to_user_mode_prepare+0x5a/0xa0
[   53.788982][  T375]  syscall_exit_to_user_mode+0x26/0x160
[   53.794369][  T375]  do_syscall_64+0x47/0xb0
[   53.798618][  T375]  ? clear_bhb_loop+0x35/0x90
[   53.803130][  T375]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.808855][  T375] RIP: 0033:0x7f60347c2c9a
[   53.813197][  T375] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   53.833003][  T375] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   53.841501][  T375] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   53.849320][  T375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   53.857122][  T375] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   53.864935][  T375] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d320
[   53.872830][  T375] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000cfdf
[   53.880651][  T375]  </TASK>
[   53.883504][  T375] 
[   53.885690][  T375] Allocated by task 376:
[   53.889761][  T375]  __kasan_slab_alloc+0xb1/0xe0
[   53.894451][  T375]  slab_post_alloc_hook+0x53/0x2c0
[   53.899391][  T375]  kmem_cache_alloc+0xf5/0x200
[   53.903988][  T375]  skb_clone+0x1d1/0x360
[   53.908241][  T375]  sk_psock_verdict_recv+0x53/0x840
[   53.913278][  T375]  unix_read_sock+0x132/0x370
[   53.917795][  T375]  sk_psock_verdict_data_ready+0x147/0x1a0
[   53.923613][  T375]  unix_dgram_sendmsg+0x15fa/0x2090
[   53.928643][  T375]  ____sys_sendmsg+0x59e/0x8f0
[   53.933245][  T375]  ___sys_sendmsg+0x252/0x2e0
[   53.937756][  T375]  __sys_sendmmsg+0x2bf/0x530
[   53.942367][  T375]  __x64_sys_sendmmsg+0xa0/0xb0
[   53.947142][  T375]  x64_sys_call+0x81d/0x9a0
[   53.951482][  T375]  do_syscall_64+0x3b/0xb0
[   53.955732][  T375]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.961461][  T375] 
[   53.963631][  T375] Freed by task 312:
[   53.967364][  T375]  kasan_set_track+0x4b/0x70
[   53.971789][  T375]  kasan_set_free_info+0x23/0x40
[   53.976561][  T375]  ____kasan_slab_free+0x126/0x160
[   53.981509][  T375]  __kasan_slab_free+0x11/0x20
[   53.986108][  T375]  slab_free_freelist_hook+0xbd/0x190
[   53.991321][  T375]  kmem_cache_free+0x116/0x2e0
[   53.995916][  T375]  kfree_skbmem+0x104/0x170
[   54.000277][  T375]  kfree_skb+0xc2/0x360
[   54.004250][  T375]  sk_psock_backlog+0xc21/0xd90
[   54.008942][  T375]  process_one_work+0x6bb/0xc10
[   54.013633][  T375]  worker_thread+0xad5/0x12a0
[   54.018137][  T375]  kthread+0x421/0x510
[   54.022052][  T375]  ret_from_fork+0x1f/0x30
[   54.026297][  T375] 
[   54.028476][  T375] The buggy address belongs to the object at ffff88810bf2dc80
[   54.028476][  T375]  which belongs to the cache skbuff_head_cache of size 248
[   54.042877][  T375] The buggy address is located 0 bytes inside of
[   54.042877][  T375]  248-byte region [ffff88810bf2dc80, ffff88810bf2dd78)
[   54.055814][  T375] The buggy address belongs to the page:
[   54.061390][  T375] page:ffffea00042fcb40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bf2d
[   54.071718][  T375] flags: 0x4000000000000200(slab|zone=1)
[   54.077329][  T375] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   54.085738][  T375] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   54.094157][  T375] page dumped because: kasan: bad access detected
[   54.100486][  T375] page_owner tracks the page as allocated
[   54.106151][  T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 53235142174, free_ts 53230444604
[   54.121837][  T375]  post_alloc_hook+0x1a3/0x1b0
[   54.126443][  T375]  prep_new_page+0x1b/0x110
[   54.130776][  T375]  get_page_from_freelist+0x3550/0x35d0
[   54.136156][  T375]  __alloc_pages+0x27e/0x8f0
[   54.140582][  T375]  new_slab+0x9a/0x4e0
[   54.144488][  T375]  ___slab_alloc+0x39e/0x830
[   54.148913][  T375]  __slab_alloc+0x4a/0x90
[   54.153097][  T375]  kmem_cache_alloc+0x134/0x200
[   54.158028][  T375]  __alloc_skb+0xbe/0x550
[   54.162279][  T375]  netlink_sendmsg+0x797/0xd20
[   54.166911][  T375]  ____sys_sendmsg+0x59e/0x8f0
[   54.171565][  T375]  ___sys_sendmsg+0x252/0x2e0
[   54.176189][  T375]  __se_sys_sendmsg+0x19a/0x260
[   54.180862][  T375]  __x64_sys_sendmsg+0x7b/0x90
[   54.185449][  T375]  x64_sys_call+0x16a/0x9a0
[   54.189907][  T375]  do_syscall_64+0x3b/0xb0
[   54.194131][  T375] page last free stack trace:
[   54.198683][  T375]  free_unref_page_prepare+0x7c8/0x7d0
[   54.204143][  T375]  free_unref_page+0xe8/0x750
[   54.208680][  T375]  __free_pages+0x61/0xf0
[   54.212827][  T375]  free_pages+0x7c/0x90
[   54.216828][  T375]  pgd_free+0x17d/0x190
[   54.220815][  T375]  __mmdrop+0xb0/0x410
[   54.224723][  T375]  finish_task_switch+0x2cd/0x7b0
[   54.229584][  T375]  __schedule+0xcd4/0x1590
[   54.233833][  T375]  schedule+0x11f/0x1e0
[   54.237826][  T375]  schedule_hrtimeout_range_clock+0x228/0x3a0
[   54.243730][  T375]  schedule_hrtimeout_range+0x2a/0x40
[   54.248956][  T375]  do_epoll_wait+0x1913/0x1c10
[   54.253533][  T375]  do_epoll_pwait+0x5c/0x1f0
[   54.257959][  T375]  __x64_sys_epoll_pwait+0x2b4/0x300
[   54.263253][  T375]  x64_sys_call+0x767/0x9a0
[   54.267593][  T375]  do_syscall_64+0x3b/0xb0
[   54.271847][  T375] 
[   54.274017][  T375] Memory state around the buggy address:
[   54.279498][  T375]  ffff88810bf2db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.287386][  T375]  ffff88810bf2dc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   54.295469][  T375] >ffff88810bf2dc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.303360][  T375]                    ^
2024/09/06 21:02:23 executed programs: 5
[   54.307262][  T375]  ffff88810bf2dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   54.315160][  T375]  ffff88810bf2dd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   54.323053][  T375] ==================================================================
[   54.334166][   T30] audit: type=1400 audit(1725656543.130:103): avc:  denied  { remove_name } for  pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   54.356675][   T30] audit: type=1400 audit(1725656543.130:104): avc:  denied  { rename } for  pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   54.392213][  T379] FAULT_INJECTION: forcing a failure.
[   54.392213][  T379] name failslab, interval 1, probability 0, space 0, times 0
[   54.404810][  T379] CPU: 0 PID: 379 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   54.416344][  T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   54.426235][  T379] Call Trace:
[   54.429365][  T379]  <TASK>
[   54.432139][  T379]  dump_stack_lvl+0x151/0x1c0
[   54.436653][  T379]  ? io_uring_drop_tctx_refs+0x190/0x190
[   54.442125][  T379]  dump_stack+0x15/0x20
[   54.446124][  T379]  should_fail+0x3c6/0x510
[   54.450368][  T379]  __should_failslab+0xa4/0xe0
[   54.454970][  T379]  should_failslab+0x9/0x20
[   54.459314][  T379]  slab_pre_alloc_hook+0x37/0xd0
[   54.464080][  T379]  kmem_cache_alloc_trace+0x48/0x210
[   54.469205][  T379]  ? sk_psock_skb_ingress_self+0x60/0x330
[   54.474763][  T379]  ? migrate_disable+0x190/0x190
[   54.479535][  T379]  sk_psock_skb_ingress_self+0x60/0x330
[   54.485010][  T379]  sk_psock_verdict_recv+0x66d/0x840
[   54.490120][  T379]  unix_read_sock+0x132/0x370
[   54.494639][  T379]  ? sk_psock_skb_redirect+0x440/0x440
[   54.499926][  T379]  ? unix_stream_splice_actor+0x120/0x120
[   54.505479][  T379]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   54.510776][  T379]  ? unix_stream_splice_actor+0x120/0x120
[   54.516551][  T379]  sk_psock_verdict_data_ready+0x147/0x1a0
[   54.522277][  T379]  ? sk_psock_start_verdict+0xc0/0xc0
[   54.527481][  T379]  ? _raw_spin_lock+0xa4/0x1b0
[   54.532120][  T379]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   54.537727][  T379]  ? skb_queue_tail+0xfb/0x120
[   54.542335][  T379]  unix_dgram_sendmsg+0x15fa/0x2090
[   54.547362][  T379]  ? unix_dgram_poll+0x710/0x710
[   54.552135][  T379]  ? __kasan_check_write+0x14/0x20
[   54.557343][  T379]  ? __cpuidle_text_end+0x2/0x2
[   54.562041][  T379]  ? cgroup_rstat_updated+0xe5/0x370
[   54.567184][  T379]  ? security_socket_sendmsg+0x82/0xb0
[   54.572442][  T379]  ? unix_dgram_poll+0x710/0x710
[   54.577216][  T379]  ____sys_sendmsg+0x59e/0x8f0
[   54.581946][  T379]  ? __sys_sendmsg_sock+0x40/0x40
[   54.587175][  T379]  ? import_iovec+0xe5/0x120
[   54.591861][  T379]  ___sys_sendmsg+0x252/0x2e0
[   54.596464][  T379]  ? __sys_sendmsg+0x260/0x260
[   54.601233][  T379]  ? __kasan_check_write+0x14/0x20
[   54.606509][  T379]  ? proc_fail_nth_write+0x20b/0x290
[   54.611625][  T379]  ? __fdget+0x1bc/0x240
[   54.615703][  T379]  __sys_sendmmsg+0x2bf/0x530
[   54.620350][  T379]  ? __ia32_sys_sendmsg+0x90/0x90
[   54.625175][  T379]  ? mutex_unlock+0xb2/0x260
[   54.629608][  T379]  ? __kasan_check_write+0x14/0x20
[   54.634549][  T379]  ? __ia32_sys_read+0x90/0x90
[   54.639149][  T379]  ? debug_smp_processor_id+0x17/0x20
[   54.644383][  T379]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   54.650270][  T379]  __x64_sys_sendmmsg+0xa0/0xb0
[   54.655057][  T379]  x64_sys_call+0x81d/0x9a0
[   54.659375][  T379]  do_syscall_64+0x3b/0xb0
[   54.663635][  T379]  ? clear_bhb_loop+0x35/0x90
[   54.668140][  T379]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   54.673871][  T379] RIP: 0033:0x7f60347c3da9
[   54.678122][  T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   54.698146][  T379] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   54.706404][  T379] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   54.714197][  T379] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   54.722087][  T379] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   54.729900][  T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.737889][  T379] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   54.745701][  T379]  </TASK>
[   54.749317][  T378] ==================================================================
[   54.757197][  T378] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   54.765706][  T378] 
[   54.767901][  T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   54.779951][  T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   54.789795][  T378] Call Trace:
[   54.792926][  T378]  <TASK>
[   54.795697][  T378]  dump_stack_lvl+0x151/0x1c0
[   54.800314][  T378]  ? io_uring_drop_tctx_refs+0x190/0x190
[   54.805770][  T378]  ? __wake_up_klogd+0xd5/0x110
[   54.810456][  T378]  ? panic+0x760/0x760
[   54.814363][  T378]  ? kmem_cache_free+0x116/0x2e0
[   54.819140][  T378]  print_address_description+0x87/0x3b0
[   54.825209][  T378]  ? kmem_cache_free+0x116/0x2e0
[   54.830120][  T378]  ? kmem_cache_free+0x116/0x2e0
[   54.834868][  T378]  kasan_report_invalid_free+0x6b/0xa0
[   54.840285][  T378]  ____kasan_slab_free+0x13e/0x160
[   54.845339][  T378]  __kasan_slab_free+0x11/0x20
[   54.850056][  T378]  slab_free_freelist_hook+0xbd/0x190
[   54.855255][  T378]  ? kfree_skbmem+0x104/0x170
[   54.859770][  T378]  kmem_cache_free+0x116/0x2e0
[   54.864367][  T378]  kfree_skbmem+0x104/0x170
[   54.868707][  T378]  consume_skb+0xb4/0x250
[   54.872964][  T378]  __sk_msg_free+0x2dd/0x370
[   54.877397][  T378]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   54.883029][  T378]  sk_psock_stop+0x44c/0x4d0
[   54.887451][  T378]  ? unix_peer_get+0xe0/0xe0
[   54.891892][  T378]  sock_map_close+0x2b9/0x4c0
[   54.896396][  T378]  ? sock_map_remove_links+0x650/0x650
[   54.901686][  T378]  ? rwsem_mark_wake+0x770/0x770
[   54.906468][  T378]  unix_release+0x82/0xc0
[   54.910627][  T378]  sock_close+0xdf/0x270
[   54.914707][  T378]  ? sock_mmap+0xa0/0xa0
[   54.918823][  T378]  __fput+0x3fe/0x910
[   54.922605][  T378]  ____fput+0x15/0x20
[   54.926427][  T378]  task_work_run+0x129/0x190
[   54.930851][  T378]  exit_to_user_mode_loop+0xc4/0xe0
[   54.935885][  T378]  exit_to_user_mode_prepare+0x5a/0xa0
[   54.941277][  T378]  syscall_exit_to_user_mode+0x26/0x160
[   54.946691][  T378]  do_syscall_64+0x47/0xb0
[   54.950922][  T378]  ? clear_bhb_loop+0x35/0x90
[   54.955438][  T378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   54.961266][  T378] RIP: 0033:0x7f60347c2c9a
[   54.965505][  T378] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   54.985207][  T378] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   54.993644][  T378] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   55.001981][  T378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   55.009902][  T378] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   55.017677][  T378] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d7a3
[   55.025575][  T378] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000d462
[   55.033475][  T378]  </TASK>
[   55.036388][  T378] 
[   55.038607][  T378] Allocated by task 379:
[   55.042673][  T378]  __kasan_slab_alloc+0xb1/0xe0
[   55.047360][  T378]  slab_post_alloc_hook+0x53/0x2c0
[   55.052305][  T378]  kmem_cache_alloc+0xf5/0x200
[   55.056904][  T378]  skb_clone+0x1d1/0x360
[   55.060997][  T378]  sk_psock_verdict_recv+0x53/0x840
[   55.066023][  T378]  unix_read_sock+0x132/0x370
[   55.070540][  T378]  sk_psock_verdict_data_ready+0x147/0x1a0
[   55.076172][  T378]  unix_dgram_sendmsg+0x15fa/0x2090
[   55.081206][  T378]  ____sys_sendmsg+0x59e/0x8f0
[   55.085812][  T378]  ___sys_sendmsg+0x252/0x2e0
[   55.090408][  T378]  __sys_sendmmsg+0x2bf/0x530
[   55.094921][  T378]  __x64_sys_sendmmsg+0xa0/0xb0
[   55.099620][  T378]  x64_sys_call+0x81d/0x9a0
[   55.103946][  T378]  do_syscall_64+0x3b/0xb0
[   55.108206][  T378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   55.113932][  T378] 
[   55.116108][  T378] Freed by task 20:
[   55.119744][  T378]  kasan_set_track+0x4b/0x70
[   55.124175][  T378]  kasan_set_free_info+0x23/0x40
[   55.128944][  T378]  ____kasan_slab_free+0x126/0x160
[   55.133890][  T378]  __kasan_slab_free+0x11/0x20
[   55.138492][  T378]  slab_free_freelist_hook+0xbd/0x190
[   55.143698][  T378]  kmem_cache_free+0x116/0x2e0
[   55.148484][  T378]  kfree_skbmem+0x104/0x170
[   55.152904][  T378]  kfree_skb+0xc2/0x360
[   55.156893][  T378]  sk_psock_backlog+0xc21/0xd90
[   55.161621][  T378]  process_one_work+0x6bb/0xc10
[   55.166274][  T378]  worker_thread+0xad5/0x12a0
[   55.170784][  T378]  kthread+0x421/0x510
[   55.174684][  T378]  ret_from_fork+0x1f/0x30
[   55.178962][  T378] 
[   55.181120][  T378] The buggy address belongs to the object at ffff8881237333c0
[   55.181120][  T378]  which belongs to the cache skbuff_head_cache of size 248
[   55.195541][  T378] The buggy address is located 0 bytes inside of
[   55.195541][  T378]  248-byte region [ffff8881237333c0, ffff8881237334b8)
[   55.208558][  T378] The buggy address belongs to the page:
[   55.214031][  T378] page:ffffea00048dccc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123733
[   55.224094][  T378] flags: 0x4000000000000200(slab|zone=1)
[   55.229576][  T378] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   55.238013][  T378] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   55.246402][  T378] page dumped because: kasan: bad access detected
[   55.252650][  T378] page_owner tracks the page as allocated
[   55.258202][  T378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 54340997321, free_ts 54336347841
[   55.278777][  T378]  post_alloc_hook+0x1a3/0x1b0
[   55.283376][  T378]  prep_new_page+0x1b/0x110
[   55.287729][  T378]  get_page_from_freelist+0x3550/0x35d0
[   55.293093][  T378]  __alloc_pages+0x27e/0x8f0
[   55.297520][  T378]  new_slab+0x9a/0x4e0
[   55.301515][  T378]  ___slab_alloc+0x39e/0x830
[   55.306112][  T378]  __slab_alloc+0x4a/0x90
[   55.310277][  T378]  kmem_cache_alloc+0x134/0x200
[   55.314966][  T378]  __alloc_skb+0xbe/0x550
[   55.319133][  T378]  alloc_skb_with_frags+0xa6/0x680
[   55.324080][  T378]  sock_alloc_send_pskb+0x915/0xa50
[   55.329114][  T378]  unix_dgram_sendmsg+0x6fd/0x2090
[   55.334061][  T378]  __sys_sendto+0x564/0x720
[   55.338397][  T378]  __x64_sys_sendto+0xe5/0x100
[   55.343000][  T378]  x64_sys_call+0x15c/0x9a0
[   55.347337][  T378]  do_syscall_64+0x3b/0xb0
[   55.351598][  T378] page last free stack trace:
[   55.356157][  T378]  free_unref_page_prepare+0x7c8/0x7d0
[   55.361577][  T378]  free_unref_page+0xe8/0x750
[   55.366085][  T378]  __free_pages+0x61/0xf0
[   55.370254][  T378]  free_pages+0x7c/0x90
[   55.374254][  T378]  pgd_free+0x17d/0x190
[   55.378253][  T378]  __mmdrop+0xb0/0x410
[   55.382231][  T378]  __mmput+0x304/0x310
[   55.386166][  T378]  mmput+0x5b/0x170
[   55.389781][  T378]  do_exit+0xb9c/0x2ca0
[   55.393775][  T378]  do_group_exit+0x141/0x310
[   55.398229][  T378]  __x64_sys_exit_group+0x3f/0x40
[   55.403061][  T378]  x64_sys_call+0x610/0x9a0
[   55.407406][  T378]  do_syscall_64+0x3b/0xb0
[   55.411740][  T378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   55.417473][  T378] 
[   55.419637][  T378] Memory state around the buggy address:
[   55.425138][  T378]  ffff888123733280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.433110][  T378]  ffff888123733300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   55.441271][  T378] >ffff888123733380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   55.449169][  T378]                                            ^
[   55.455159][  T378]  ffff888123733400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.463062][  T378]  ffff888123733480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   55.470952][  T378] ==================================================================
[   55.491582][  T382] FAULT_INJECTION: forcing a failure.
[   55.491582][  T382] name failslab, interval 1, probability 0, space 0, times 0
[   55.504401][  T382] CPU: 1 PID: 382 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   55.515937][  T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   55.525838][  T382] Call Trace:
[   55.528954][  T382]  <TASK>
[   55.531734][  T382]  dump_stack_lvl+0x151/0x1c0
[   55.536246][  T382]  ? io_uring_drop_tctx_refs+0x190/0x190
[   55.541718][  T382]  dump_stack+0x15/0x20
[   55.545717][  T382]  should_fail+0x3c6/0x510
[   55.550057][  T382]  __should_failslab+0xa4/0xe0
[   55.554673][  T382]  should_failslab+0x9/0x20
[   55.559385][  T382]  slab_pre_alloc_hook+0x37/0xd0
[   55.564149][  T382]  kmem_cache_alloc_trace+0x48/0x210
[   55.569267][  T382]  ? sk_psock_skb_ingress_self+0x60/0x330
[   55.574823][  T382]  ? migrate_disable+0x190/0x190
[   55.579824][  T382]  sk_psock_skb_ingress_self+0x60/0x330
[   55.585207][  T382]  sk_psock_verdict_recv+0x66d/0x840
[   55.590546][  T382]  unix_read_sock+0x132/0x370
[   55.595263][  T382]  ? sk_psock_skb_redirect+0x440/0x440
[   55.600581][  T382]  ? unix_stream_splice_actor+0x120/0x120
[   55.606278][  T382]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   55.611621][  T382]  ? unix_stream_splice_actor+0x120/0x120
[   55.617840][  T382]  sk_psock_verdict_data_ready+0x147/0x1a0
[   55.623439][  T382]  ? sk_psock_start_verdict+0xc0/0xc0
[   55.628736][  T382]  ? _raw_spin_lock+0xa4/0x1b0
[   55.633431][  T382]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   55.639150][  T382]  ? skb_queue_tail+0xfb/0x120
[   55.643840][  T382]  unix_dgram_sendmsg+0x15fa/0x2090
[   55.649077][  T382]  ? unix_dgram_poll+0x710/0x710
[   55.653947][  T382]  ? security_socket_sendmsg+0x82/0xb0
[   55.659228][  T382]  ? unix_dgram_poll+0x710/0x710
[   55.664001][  T382]  ____sys_sendmsg+0x59e/0x8f0
[   55.668606][  T382]  ? __sys_sendmsg_sock+0x40/0x40
[   55.673471][  T382]  ? import_iovec+0xe5/0x120
[   55.677893][  T382]  ___sys_sendmsg+0x252/0x2e0
[   55.682410][  T382]  ? __sys_sendmsg+0x260/0x260
[   55.687004][  T382]  ? __kasan_check_write+0x14/0x20
[   55.691946][  T382]  ? proc_fail_nth_write+0x20b/0x290
[   55.697072][  T382]  ? __fdget+0x1bc/0x240
[   55.701148][  T382]  __sys_sendmmsg+0x2bf/0x530
[   55.705663][  T382]  ? __ia32_sys_sendmsg+0x90/0x90
[   55.710524][  T382]  ? mutex_unlock+0xb2/0x260
[   55.714952][  T382]  ? __kasan_check_write+0x14/0x20
[   55.719933][  T382]  ? __ia32_sys_read+0x90/0x90
[   55.724625][  T382]  ? debug_smp_processor_id+0x17/0x20
[   55.729834][  T382]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   55.735813][  T382]  __x64_sys_sendmmsg+0xa0/0xb0
[   55.740506][  T382]  x64_sys_call+0x81d/0x9a0
[   55.744855][  T382]  do_syscall_64+0x3b/0xb0
[   55.749094][  T382]  ? clear_bhb_loop+0x35/0x90
[   55.753618][  T382]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   55.759333][  T382] RIP: 0033:0x7f60347c3da9
[   55.763588][  T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   55.783031][  T382] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   55.791274][  T382] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   55.799085][  T382] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   55.806913][  T382] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   55.814797][  T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.822781][  T382] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   55.830604][  T382]  </TASK>
[   55.836839][  T381] ==================================================================
[   55.844720][  T381] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   55.852961][  T381] 
[   55.855141][  T381] CPU: 0 PID: 381 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   55.866853][  T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   55.876840][  T381] Call Trace:
[   55.879958][  T381]  <TASK>
[   55.882746][  T381]  dump_stack_lvl+0x151/0x1c0
[   55.887259][  T381]  ? io_uring_drop_tctx_refs+0x190/0x190
[   55.892719][  T381]  ? __wake_up_klogd+0xd5/0x110
[   55.897404][  T381]  ? panic+0x760/0x760
[   55.901311][  T381]  ? kmem_cache_free+0x116/0x2e0
[   55.906080][  T381]  print_address_description+0x87/0x3b0
[   55.911482][  T381]  ? kmem_cache_free+0x116/0x2e0
[   55.916232][  T381]  ? kmem_cache_free+0x116/0x2e0
[   55.921013][  T381]  kasan_report_invalid_free+0x6b/0xa0
[   55.926305][  T381]  ____kasan_slab_free+0x13e/0x160
[   55.931250][  T381]  __kasan_slab_free+0x11/0x20
[   55.935939][  T381]  slab_free_freelist_hook+0xbd/0x190
[   55.941145][  T381]  ? kfree_skbmem+0x104/0x170
[   55.945692][  T381]  kmem_cache_free+0x116/0x2e0
[   55.950269][  T381]  kfree_skbmem+0x104/0x170
[   55.955201][  T381]  consume_skb+0xb4/0x250
[   55.959470][  T381]  __sk_msg_free+0x2dd/0x370
[   55.963979][  T381]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   55.969634][  T381]  sk_psock_stop+0x44c/0x4d0
[   55.974162][  T381]  ? unix_peer_get+0xe0/0xe0
[   55.978592][  T381]  sock_map_close+0x2b9/0x4c0
[   55.983103][  T381]  ? sock_map_remove_links+0x650/0x650
[   55.988396][  T381]  ? rwsem_mark_wake+0x770/0x770
[   55.993167][  T381]  unix_release+0x82/0xc0
[   55.997422][  T381]  sock_close+0xdf/0x270
[   56.001500][  T381]  ? sock_mmap+0xa0/0xa0
[   56.005577][  T381]  __fput+0x3fe/0x910
[   56.009400][  T381]  ____fput+0x15/0x20
[   56.013215][  T381]  task_work_run+0x129/0x190
[   56.017732][  T381]  exit_to_user_mode_loop+0xc4/0xe0
[   56.022775][  T381]  exit_to_user_mode_prepare+0x5a/0xa0
[   56.028073][  T381]  syscall_exit_to_user_mode+0x26/0x160
[   56.033531][  T381]  do_syscall_64+0x47/0xb0
[   56.037781][  T381]  ? clear_bhb_loop+0x35/0x90
[   56.042362][  T381]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   56.048115][  T381] RIP: 0033:0x7f60347c2c9a
[   56.052361][  T381] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   56.071805][  T381] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   56.080049][  T381] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   56.087945][  T381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   56.095764][  T381] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   56.104097][  T381] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000dbec
[   56.111904][  T381] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000d8ab
[   56.119719][  T381]  </TASK>
[   56.122594][  T381] 
[   56.124748][  T381] Allocated by task 382:
[   56.128827][  T381]  __kasan_slab_alloc+0xb1/0xe0
[   56.133529][  T381]  slab_post_alloc_hook+0x53/0x2c0
[   56.138464][  T381]  kmem_cache_alloc+0xf5/0x200
[   56.143149][  T381]  skb_clone+0x1d1/0x360
[   56.147234][  T381]  sk_psock_verdict_recv+0x53/0x840
[   56.152260][  T381]  unix_read_sock+0x132/0x370
[   56.156778][  T381]  sk_psock_verdict_data_ready+0x147/0x1a0
[   56.162422][  T381]  unix_dgram_sendmsg+0x15fa/0x2090
[   56.167457][  T381]  ____sys_sendmsg+0x59e/0x8f0
[   56.172144][  T381]  ___sys_sendmsg+0x252/0x2e0
[   56.176667][  T381]  __sys_sendmmsg+0x2bf/0x530
[   56.181161][  T381]  __x64_sys_sendmmsg+0xa0/0xb0
[   56.186027][  T381]  x64_sys_call+0x81d/0x9a0
[   56.190363][  T381]  do_syscall_64+0x3b/0xb0
[   56.194649][  T381]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   56.200435][  T381] 
[   56.202600][  T381] Freed by task 39:
[   56.206356][  T381]  kasan_set_track+0x4b/0x70
[   56.210773][  T381]  kasan_set_free_info+0x23/0x40
[   56.215639][  T381]  ____kasan_slab_free+0x126/0x160
[   56.220582][  T381]  __kasan_slab_free+0x11/0x20
[   56.225186][  T381]  slab_free_freelist_hook+0xbd/0x190
[   56.230569][  T381]  kmem_cache_free+0x116/0x2e0
[   56.235166][  T381]  kfree_skbmem+0x104/0x170
[   56.239502][  T381]  kfree_skb+0xc2/0x360
[   56.243629][  T381]  sk_psock_backlog+0xc21/0xd90
[   56.248280][  T381]  process_one_work+0x6bb/0xc10
[   56.252954][  T381]  worker_thread+0xad5/0x12a0
[   56.257480][  T381]  kthread+0x421/0x510
[   56.261378][  T381]  ret_from_fork+0x1f/0x30
[   56.265795][  T381] 
[   56.267969][  T381] The buggy address belongs to the object at ffff88810cbc58c0
[   56.267969][  T381]  which belongs to the cache skbuff_head_cache of size 248
[   56.282375][  T381] The buggy address is located 0 bytes inside of
[   56.282375][  T381]  248-byte region [ffff88810cbc58c0, ffff88810cbc59b8)
[   56.295408][  T381] The buggy address belongs to the page:
[   56.300894][  T381] page:ffffea000432f140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cbc5
[   56.311023][  T381] flags: 0x4000000000000200(slab|zone=1)
[   56.316523][  T381] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   56.324915][  T381] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   56.333505][  T381] page dumped because: kasan: bad access detected
[   56.339748][  T381] page_owner tracks the page as allocated
[   56.345396][  T381] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 55489658987, free_ts 55482366351
[   56.361126][  T381]  post_alloc_hook+0x1a3/0x1b0
[   56.365739][  T381]  prep_new_page+0x1b/0x110
[   56.370049][  T381]  get_page_from_freelist+0x3550/0x35d0
[   56.375526][  T381]  __alloc_pages+0x27e/0x8f0
[   56.379955][  T381]  new_slab+0x9a/0x4e0
[   56.383859][  T381]  ___slab_alloc+0x39e/0x830
[   56.388283][  T381]  __slab_alloc+0x4a/0x90
[   56.392456][  T381]  kmem_cache_alloc+0x134/0x200
[   56.397136][  T381]  __alloc_skb+0xbe/0x550
[   56.401301][  T381]  alloc_skb_with_frags+0xa6/0x680
[   56.406264][  T381]  sock_alloc_send_pskb+0x915/0xa50
[   56.411371][  T381]  unix_dgram_sendmsg+0x6fd/0x2090
[   56.416319][  T381]  __sys_sendto+0x564/0x720
[   56.420662][  T381]  __x64_sys_sendto+0xe5/0x100
[   56.425256][  T381]  x64_sys_call+0x15c/0x9a0
[   56.429606][  T381]  do_syscall_64+0x3b/0xb0
[   56.433853][  T381] page last free stack trace:
[   56.438450][  T381]  free_unref_page_prepare+0x7c8/0x7d0
[   56.443755][  T381]  free_unref_page_list+0x14b/0xa60
[   56.448791][  T381]  release_pages+0x1310/0x1370
[   56.453389][  T381]  free_pages_and_swap_cache+0x8a/0xa0
[   56.458763][  T381]  tlb_finish_mmu+0x177/0x320
[   56.463275][  T381]  exit_mmap+0x40d/0x940
[   56.467441][  T381]  __mmput+0x95/0x310
[   56.471259][  T381]  mmput+0x5b/0x170
[   56.474906][  T381]  do_exit+0xb9c/0x2ca0
[   56.478897][  T381]  do_group_exit+0x141/0x310
[   56.483323][  T381]  __x64_sys_exit_group+0x3f/0x40
[   56.488197][  T381]  x64_sys_call+0x610/0x9a0
[   56.492532][  T381]  do_syscall_64+0x3b/0xb0
[   56.496879][  T381]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   56.502604][  T381] 
[   56.504773][  T381] Memory state around the buggy address:
[   56.510245][  T381]  ffff88810cbc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   56.518141][  T381]  ffff88810cbc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   56.526045][  T381] >ffff88810cbc5880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   56.534120][  T381]                                            ^
[   56.540189][  T381]  ffff88810cbc5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.548106][  T381]  ffff88810cbc5980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   56.556204][  T381] ==================================================================
[   56.579771][  T386] FAULT_INJECTION: forcing a failure.
[   56.579771][  T386] name failslab, interval 1, probability 0, space 0, times 0
[   56.592926][  T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   56.604681][  T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   56.615231][  T386] Call Trace:
[   56.618539][  T386]  <TASK>
[   56.621400][  T386]  dump_stack_lvl+0x151/0x1c0
[   56.626086][  T386]  ? io_uring_drop_tctx_refs+0x190/0x190
[   56.632075][  T386]  dump_stack+0x15/0x20
[   56.636947][  T386]  should_fail+0x3c6/0x510
[   56.641762][  T386]  __should_failslab+0xa4/0xe0
[   56.646463][  T386]  should_failslab+0x9/0x20
[   56.650793][  T386]  slab_pre_alloc_hook+0x37/0xd0
[   56.655730][  T386]  kmem_cache_alloc_trace+0x48/0x210
[   56.660847][  T386]  ? sk_psock_skb_ingress_self+0x60/0x330
[   56.666417][  T386]  ? migrate_disable+0x190/0x190
[   56.671181][  T386]  sk_psock_skb_ingress_self+0x60/0x330
[   56.676562][  T386]  sk_psock_verdict_recv+0x66d/0x840
[   56.681776][  T386]  unix_read_sock+0x132/0x370
[   56.686280][  T386]  ? sk_psock_skb_redirect+0x440/0x440
[   56.691670][  T386]  ? unix_stream_splice_actor+0x120/0x120
[   56.697218][  T386]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   56.702513][  T386]  ? unix_stream_splice_actor+0x120/0x120
[   56.708090][  T386]  sk_psock_verdict_data_ready+0x147/0x1a0
[   56.713797][  T386]  ? sk_psock_start_verdict+0xc0/0xc0
[   56.719174][  T386]  ? _raw_spin_lock+0xa4/0x1b0
[   56.723775][  T386]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   56.729596][  T386]  ? skb_queue_tail+0xfb/0x120
[   56.734197][  T386]  unix_dgram_sendmsg+0x15fa/0x2090
[   56.739232][  T386]  ? unix_dgram_poll+0x710/0x710
[   56.744000][  T386]  ? __kasan_check_write+0x14/0x20
[   56.749223][  T386]  ? __cpuidle_text_end+0x2/0x2
[   56.753988][  T386]  ? cgroup_rstat_updated+0xe5/0x370
[   56.759733][  T386]  ? security_socket_sendmsg+0x82/0xb0
[   56.765114][  T386]  ? unix_dgram_poll+0x710/0x710
[   56.769967][  T386]  ____sys_sendmsg+0x59e/0x8f0
[   56.774705][  T386]  ? __sys_sendmsg_sock+0x40/0x40
[   56.779713][  T386]  ? import_iovec+0xe5/0x120
[   56.784317][  T386]  ___sys_sendmsg+0x252/0x2e0
[   56.788914][  T386]  ? __sys_sendmsg+0x260/0x260
[   56.793508][  T386]  ? __kasan_check_write+0x14/0x20
[   56.798544][  T386]  ? proc_fail_nth_write+0x20b/0x290
[   56.803671][  T386]  ? __fdget+0x1bc/0x240
[   56.807926][  T386]  __sys_sendmmsg+0x2bf/0x530
[   56.812424][  T386]  ? __ia32_sys_sendmsg+0x90/0x90
[   56.817277][  T386]  ? mutex_unlock+0xb2/0x260
[   56.821740][  T386]  ? __kasan_check_write+0x14/0x20
[   56.826665][  T386]  ? __ia32_sys_read+0x90/0x90
[   56.831471][  T386]  ? debug_smp_processor_id+0x17/0x20
[   56.836671][  T386]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   56.842577][  T386]  __x64_sys_sendmmsg+0xa0/0xb0
[   56.847254][  T386]  x64_sys_call+0x81d/0x9a0
[   56.851629][  T386]  do_syscall_64+0x3b/0xb0
[   56.855856][  T386]  ? clear_bhb_loop+0x35/0x90
[   56.860366][  T386]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   56.866093][  T386] RIP: 0033:0x7f60347c3da9
[   56.870343][  T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   56.889961][  T386] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   56.898382][  T386] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   56.906185][  T386] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   56.913996][  T386] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   56.921899][  T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.929799][  T386] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   56.937618][  T386]  </TASK>
[   56.945598][  T385] ==================================================================
[   56.953583][  T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   56.961817][  T385] 
[   56.963985][  T385] CPU: 1 PID: 385 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   56.975526][  T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   56.985422][  T385] Call Trace:
[   56.988755][  T385]  <TASK>
[   56.991537][  T385]  dump_stack_lvl+0x151/0x1c0
[   56.996040][  T385]  ? io_uring_drop_tctx_refs+0x190/0x190
[   57.001516][  T385]  ? __wake_up_klogd+0xd5/0x110
[   57.006198][  T385]  ? panic+0x760/0x760
[   57.010105][  T385]  ? kmem_cache_free+0x116/0x2e0
[   57.015021][  T385]  print_address_description+0x87/0x3b0
[   57.020389][  T385]  ? kmem_cache_free+0x116/0x2e0
[   57.025159][  T385]  ? kmem_cache_free+0x116/0x2e0
[   57.029934][  T385]  kasan_report_invalid_free+0x6b/0xa0
[   57.035227][  T385]  ____kasan_slab_free+0x13e/0x160
[   57.040175][  T385]  __kasan_slab_free+0x11/0x20
[   57.044788][  T385]  slab_free_freelist_hook+0xbd/0x190
[   57.050163][  T385]  ? kfree_skbmem+0x104/0x170
[   57.054799][  T385]  kmem_cache_free+0x116/0x2e0
[   57.059395][  T385]  kfree_skbmem+0x104/0x170
[   57.063738][  T385]  consume_skb+0xb4/0x250
[   57.067905][  T385]  __sk_msg_free+0x2dd/0x370
[   57.072326][  T385]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   57.077965][  T385]  sk_psock_stop+0x44c/0x4d0
[   57.082491][  T385]  ? unix_peer_get+0xe0/0xe0
[   57.086990][  T385]  sock_map_close+0x2b9/0x4c0
[   57.091592][  T385]  ? sock_map_remove_links+0x650/0x650
[   57.096888][  T385]  ? rwsem_mark_wake+0x770/0x770
[   57.101824][  T385]  unix_release+0x82/0xc0
[   57.105999][  T385]  sock_close+0xdf/0x270
[   57.110250][  T385]  ? sock_mmap+0xa0/0xa0
[   57.114323][  T385]  __fput+0x3fe/0x910
[   57.118151][  T385]  ____fput+0x15/0x20
[   57.121968][  T385]  task_work_run+0x129/0x190
[   57.126395][  T385]  exit_to_user_mode_loop+0xc4/0xe0
[   57.131743][  T385]  exit_to_user_mode_prepare+0x5a/0xa0
[   57.137072][  T385]  syscall_exit_to_user_mode+0x26/0x160
[   57.142415][  T385]  do_syscall_64+0x47/0xb0
[   57.146664][  T385]  ? clear_bhb_loop+0x35/0x90
[   57.151179][  T385]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.157050][  T385] RIP: 0033:0x7f60347c2c9a
[   57.161301][  T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   57.181116][  T385] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   57.189352][  T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   57.197166][  T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   57.204979][  T385] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   57.213081][  T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e02f
[   57.220888][  T385] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000dcee
[   57.228825][  T385]  </TASK>
[   57.231686][  T385] 
[   57.233848][  T385] Allocated by task 386:
[   57.237929][  T385]  __kasan_slab_alloc+0xb1/0xe0
[   57.242614][  T385]  slab_post_alloc_hook+0x53/0x2c0
[   57.247561][  T385]  kmem_cache_alloc+0xf5/0x200
[   57.252163][  T385]  skb_clone+0x1d1/0x360
[   57.256240][  T385]  sk_psock_verdict_recv+0x53/0x840
[   57.261272][  T385]  unix_read_sock+0x132/0x370
[   57.265787][  T385]  sk_psock_verdict_data_ready+0x147/0x1a0
[   57.271612][  T385]  unix_dgram_sendmsg+0x15fa/0x2090
[   57.276725][  T385]  ____sys_sendmsg+0x59e/0x8f0
[   57.281318][  T385]  ___sys_sendmsg+0x252/0x2e0
[   57.285840][  T385]  __sys_sendmmsg+0x2bf/0x530
[   57.290348][  T385]  __x64_sys_sendmmsg+0xa0/0xb0
[   57.295038][  T385]  x64_sys_call+0x81d/0x9a0
[   57.299374][  T385]  do_syscall_64+0x3b/0xb0
[   57.303651][  T385]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.309393][  T385] 
[   57.311529][  T385] Freed by task 312:
[   57.315260][  T385]  kasan_set_track+0x4b/0x70
[   57.319696][  T385]  kasan_set_free_info+0x23/0x40
[   57.324716][  T385]  ____kasan_slab_free+0x126/0x160
[   57.329675][  T385]  __kasan_slab_free+0x11/0x20
[   57.334262][  T385]  slab_free_freelist_hook+0xbd/0x190
[   57.339571][  T385]  kmem_cache_free+0x116/0x2e0
[   57.344274][  T385]  kfree_skbmem+0x104/0x170
[   57.348621][  T385]  kfree_skb+0xc2/0x360
[   57.352609][  T385]  sk_psock_backlog+0xc21/0xd90
[   57.357412][  T385]  process_one_work+0x6bb/0xc10
[   57.362107][  T385]  worker_thread+0xad5/0x12a0
[   57.366829][  T385]  kthread+0x421/0x510
[   57.370728][  T385]  ret_from_fork+0x1f/0x30
[   57.375293][  T385] 
[   57.377419][  T385] The buggy address belongs to the object at ffff88811bef5b40
[   57.377419][  T385]  which belongs to the cache skbuff_head_cache of size 248
[   57.391825][  T385] The buggy address is located 0 bytes inside of
[   57.391825][  T385]  248-byte region [ffff88811bef5b40, ffff88811bef5c38)
[   57.404749][  T385] The buggy address belongs to the page:
[   57.410218][  T385] page:ffffea00046fbd40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bef5
[   57.420574][  T385] flags: 0x4000000000000200(slab|zone=1)
[   57.426313][  T385] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   57.434864][  T385] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   57.443456][  T385] page dumped because: kasan: bad access detected
[   57.449701][  T385] page_owner tracks the page as allocated
[   57.455451][  T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 364, ts 56574707384, free_ts 56567586932
[   57.471519][  T385]  post_alloc_hook+0x1a3/0x1b0
[   57.476280][  T385]  prep_new_page+0x1b/0x110
[   57.480618][  T385]  get_page_from_freelist+0x3550/0x35d0
[   57.486000][  T385]  __alloc_pages+0x27e/0x8f0
[   57.490802][  T385]  new_slab+0x9a/0x4e0
[   57.494700][  T385]  ___slab_alloc+0x39e/0x830
[   57.499120][  T385]  __slab_alloc+0x4a/0x90
[   57.503375][  T385]  kmem_cache_alloc+0x134/0x200
[   57.508062][  T385]  __alloc_skb+0xbe/0x550
[   57.513119][  T385]  alloc_skb_with_frags+0xa6/0x680
[   57.518070][  T385]  sock_alloc_send_pskb+0x915/0xa50
[   57.523100][  T385]  unix_dgram_sendmsg+0x6fd/0x2090
[   57.528183][  T385]  sock_write_iter+0x39b/0x530
[   57.532742][  T385]  vfs_write+0xd5d/0x1110
[   57.536910][  T385]  ksys_write+0x199/0x2c0
[   57.541081][  T385]  __x64_sys_write+0x7b/0x90
[   57.545587][  T385] page last free stack trace:
[   57.550099][  T385]  free_unref_page_prepare+0x7c8/0x7d0
[   57.555435][  T385]  free_unref_page+0xe8/0x750
[   57.559899][  T385]  __free_pages+0x61/0xf0
[   57.564064][  T385]  __vunmap+0x7bc/0x8f0
[   57.568061][  T385]  free_work+0x5b/0x80
[   57.572075][  T385]  process_one_work+0x6bb/0xc10
[   57.576770][  T385]  worker_thread+0xad5/0x12a0
[   57.581272][  T385]  kthread+0x421/0x510
[   57.585181][  T385]  ret_from_fork+0x1f/0x30
[   57.590029][  T385] 
[   57.592185][  T385] Memory state around the buggy address:
[   57.597677][  T385]  ffff88811bef5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.605830][  T385]  ffff88811bef5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   57.613814][  T385] >ffff88811bef5b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   57.621933][  T385]                                            ^
[   57.627918][  T385]  ffff88811bef5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.636019][  T385]  ffff88811bef5c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   57.644010][  T385] ==================================================================
[   57.664644][  T389] FAULT_INJECTION: forcing a failure.
[   57.664644][  T389] name failslab, interval 1, probability 0, space 0, times 0
[   57.677148][  T389] CPU: 0 PID: 389 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   57.688619][  T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   57.698522][  T389] Call Trace:
[   57.701635][  T389]  <TASK>
[   57.704424][  T389]  dump_stack_lvl+0x151/0x1c0
[   57.708928][  T389]  ? io_uring_drop_tctx_refs+0x190/0x190
[   57.714487][  T389]  dump_stack+0x15/0x20
[   57.718476][  T389]  should_fail+0x3c6/0x510
[   57.722766][  T389]  __should_failslab+0xa4/0xe0
[   57.727336][  T389]  should_failslab+0x9/0x20
[   57.731840][  T389]  slab_pre_alloc_hook+0x37/0xd0
[   57.736705][  T389]  kmem_cache_alloc_trace+0x48/0x210
[   57.741928][  T389]  ? sk_psock_skb_ingress_self+0x60/0x330
[   57.747484][  T389]  ? migrate_disable+0x190/0x190
[   57.752253][  T389]  sk_psock_skb_ingress_self+0x60/0x330
[   57.757636][  T389]  sk_psock_verdict_recv+0x66d/0x840
[   57.762753][  T389]  unix_read_sock+0x132/0x370
[   57.767355][  T389]  ? sk_psock_skb_redirect+0x440/0x440
[   57.772763][  T389]  ? unix_stream_splice_actor+0x120/0x120
[   57.778622][  T389]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   57.784011][  T389]  ? unix_stream_splice_actor+0x120/0x120
[   57.789712][  T389]  sk_psock_verdict_data_ready+0x147/0x1a0
[   57.795464][  T389]  ? sk_psock_start_verdict+0xc0/0xc0
[   57.800646][  T389]  ? _raw_spin_lock+0xa4/0x1b0
[   57.805281][  T389]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   57.810884][  T389]  ? skb_queue_tail+0xfb/0x120
[   57.815477][  T389]  unix_dgram_sendmsg+0x15fa/0x2090
[   57.820521][  T389]  ? unix_dgram_poll+0x710/0x710
[   57.825284][  T389]  ? __kasan_check_write+0x14/0x20
[   57.830429][  T389]  ? __cpuidle_text_end+0x2/0x2
[   57.835135][  T389]  ? cgroup_rstat_updated+0xe5/0x370
[   57.840265][  T389]  ? security_socket_sendmsg+0x82/0xb0
[   57.845644][  T389]  ? unix_dgram_poll+0x710/0x710
[   57.850407][  T389]  ____sys_sendmsg+0x59e/0x8f0
[   57.855116][  T389]  ? __sys_sendmsg_sock+0x40/0x40
[   57.859972][  T389]  ? import_iovec+0xe5/0x120
[   57.864395][  T389]  ___sys_sendmsg+0x252/0x2e0
[   57.868910][  T389]  ? __sys_sendmsg+0x260/0x260
[   57.873511][  T389]  ? __kasan_check_write+0x14/0x20
[   57.878548][  T389]  ? proc_fail_nth_write+0x20b/0x290
[   57.883668][  T389]  ? __fdget+0x1bc/0x240
[   57.887744][  T389]  __sys_sendmmsg+0x2bf/0x530
[   57.892258][  T389]  ? __ia32_sys_sendmsg+0x90/0x90
[   57.897115][  T389]  ? mutex_unlock+0xb2/0x260
[   57.901649][  T389]  ? __kasan_check_write+0x14/0x20
[   57.906610][  T389]  ? __ia32_sys_read+0x90/0x90
[   57.911195][  T389]  ? debug_smp_processor_id+0x17/0x20
[   57.916403][  T389]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   57.922298][  T389]  __x64_sys_sendmmsg+0xa0/0xb0
[   57.927076][  T389]  x64_sys_call+0x81d/0x9a0
[   57.931420][  T389]  do_syscall_64+0x3b/0xb0
[   57.935663][  T389]  ? clear_bhb_loop+0x35/0x90
[   57.940179][  T389]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.945917][  T389] RIP: 0033:0x7f60347c3da9
[   57.950271][  T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.969899][  T389] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   57.978213][  T389] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   57.986255][  T389] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   57.994047][  T389] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   58.001881][  T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.009940][  T389] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   58.017765][  T389]  </TASK>
[   58.022661][  T388] ==================================================================
[   58.030560][  T388] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   58.038894][  T388] 
[   58.041143][  T388] CPU: 0 PID: 388 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   58.052768][  T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   58.062749][  T388] Call Trace:
[   58.065876][  T388]  <TASK>
[   58.068652][  T388]  dump_stack_lvl+0x151/0x1c0
[   58.073469][  T388]  ? io_uring_drop_tctx_refs+0x190/0x190
[   58.078997][  T388]  ? __wake_up_klogd+0xd5/0x110
[   58.083934][  T388]  ? panic+0x760/0x760
[   58.087856][  T388]  ? kmem_cache_free+0x116/0x2e0
[   58.092624][  T388]  print_address_description+0x87/0x3b0
[   58.098014][  T388]  ? kmem_cache_free+0x116/0x2e0
[   58.102860][  T388]  ? kmem_cache_free+0x116/0x2e0
[   58.107630][  T388]  kasan_report_invalid_free+0x6b/0xa0
[   58.112922][  T388]  ____kasan_slab_free+0x13e/0x160
[   58.117871][  T388]  __kasan_slab_free+0x11/0x20
[   58.122471][  T388]  slab_free_freelist_hook+0xbd/0x190
[   58.127676][  T388]  ? kfree_skbmem+0x104/0x170
[   58.132190][  T388]  kmem_cache_free+0x116/0x2e0
[   58.136793][  T388]  kfree_skbmem+0x104/0x170
[   58.141132][  T388]  consume_skb+0xb4/0x250
[   58.145296][  T388]  __sk_msg_free+0x2dd/0x370
[   58.149721][  T388]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   58.155368][  T388]  sk_psock_stop+0x44c/0x4d0
[   58.159806][  T388]  ? unix_peer_get+0xe0/0xe0
[   58.164219][  T388]  sock_map_close+0x2b9/0x4c0
[   58.168734][  T388]  ? sock_map_remove_links+0x650/0x650
[   58.174029][  T388]  ? rwsem_mark_wake+0x770/0x770
[   58.178812][  T388]  unix_release+0x82/0xc0
[   58.183229][  T388]  sock_close+0xdf/0x270
[   58.187303][  T388]  ? sock_mmap+0xa0/0xa0
[   58.191384][  T388]  __fput+0x3fe/0x910
[   58.195216][  T388]  ____fput+0x15/0x20
[   58.199032][  T388]  task_work_run+0x129/0x190
[   58.203492][  T388]  exit_to_user_mode_loop+0xc4/0xe0
[   58.208487][  T388]  exit_to_user_mode_prepare+0x5a/0xa0
[   58.213782][  T388]  syscall_exit_to_user_mode+0x26/0x160
[   58.219195][  T388]  do_syscall_64+0x47/0xb0
[   58.223414][  T388]  ? clear_bhb_loop+0x35/0x90
[   58.227927][  T388]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   58.233655][  T388] RIP: 0033:0x7f60347c2c9a
[   58.237908][  T388] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   58.257443][  T388] RSP: 002b:00007ffd449e86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   58.265885][  T388] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f60347c2c9a
[   58.273795][  T388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   58.281942][  T388] RBP: 00007f60348f4980 R08: 0000001b32060000 R09: 00007ffd449eb0b0
[   58.289753][  T388] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e46b
[   58.297651][  T388] R13: ffffffffffffffff R14: 00007f6034347000 R15: 000000000000e12a
[   58.305564][  T388]  </TASK>
[   58.308441][  T388] 
[   58.310593][  T388] Allocated by task 389:
[   58.314674][  T388]  __kasan_slab_alloc+0xb1/0xe0
[   58.319356][  T388]  slab_post_alloc_hook+0x53/0x2c0
[   58.324324][  T388]  kmem_cache_alloc+0xf5/0x200
[   58.328913][  T388]  skb_clone+0x1d1/0x360
[   58.333308][  T388]  sk_psock_verdict_recv+0x53/0x840
[   58.338317][  T388]  unix_read_sock+0x132/0x370
[   58.342829][  T388]  sk_psock_verdict_data_ready+0x147/0x1a0
[   58.348657][  T388]  unix_dgram_sendmsg+0x15fa/0x2090
[   58.353680][  T388]  ____sys_sendmsg+0x59e/0x8f0
[   58.358282][  T388]  ___sys_sendmsg+0x252/0x2e0
[   58.362800][  T388]  __sys_sendmmsg+0x2bf/0x530
[   58.367306][  T388]  __x64_sys_sendmmsg+0xa0/0xb0
[   58.371991][  T388]  x64_sys_call+0x81d/0x9a0
[   58.376419][  T388]  do_syscall_64+0x3b/0xb0
[   58.380676][  T388]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   58.386402][  T388] 
[   58.388573][  T388] Freed by task 20:
[   58.392304][  T388]  kasan_set_track+0x4b/0x70
[   58.396741][  T388]  kasan_set_free_info+0x23/0x40
[   58.401503][  T388]  ____kasan_slab_free+0x126/0x160
[   58.406479][  T388]  __kasan_slab_free+0x11/0x20
[   58.411138][  T388]  slab_free_freelist_hook+0xbd/0x190
[   58.416345][  T388]  kmem_cache_free+0x116/0x2e0
[   58.420945][  T388]  kfree_skbmem+0x104/0x170
[   58.425285][  T388]  kfree_skb+0xc2/0x360
[   58.429274][  T388]  sk_psock_backlog+0xc21/0xd90
[   58.434160][  T388]  process_one_work+0x6bb/0xc10
[   58.438933][  T388]  worker_thread+0xad5/0x12a0
[   58.443446][  T388]  kthread+0x421/0x510
[   58.447366][  T388]  ret_from_fork+0x1f/0x30
[   58.451599][  T388] 
[   58.453765][  T388] The buggy address belongs to the object at ffff8881237973c0
[   58.453765][  T388]  which belongs to the cache skbuff_head_cache of size 248
[   58.468175][  T388] The buggy address is located 0 bytes inside of
[   58.468175][  T388]  248-byte region [ffff8881237973c0, ffff8881237974b8)
[   58.481107][  T388] The buggy address belongs to the page:
[   58.486579][  T388] page:ffffea00048de5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123797
[   58.496641][  T388] flags: 0x4000000000000200(slab|zone=1)
[   58.502117][  T388] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[   58.510546][  T388] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   58.518958][  T388] page dumped because: kasan: bad access detected
[   58.525198][  T388] page_owner tracks the page as allocated
[   58.530749][  T388] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 57658455519, free_ts 41514868315
[   58.546566][  T388]  post_alloc_hook+0x1a3/0x1b0
[   58.551158][  T388]  prep_new_page+0x1b/0x110
[   58.555510][  T388]  get_page_from_freelist+0x3550/0x35d0
[   58.560889][  T388]  __alloc_pages+0x27e/0x8f0
[   58.565311][  T388]  new_slab+0x9a/0x4e0
[   58.569214][  T388]  ___slab_alloc+0x39e/0x830
[   58.573639][  T388]  __slab_alloc+0x4a/0x90
[   58.577815][  T388]  kmem_cache_alloc+0x134/0x200
[   58.582503][  T388]  __alloc_skb+0xbe/0x550
[   58.586660][  T388]  alloc_skb_with_frags+0xa6/0x680
[   58.591610][  T388]  sock_alloc_send_pskb+0x915/0xa50
[   58.596723][  T388]  unix_dgram_sendmsg+0x6fd/0x2090
[   58.601676][  T388]  __sys_sendto+0x564/0x720
[   58.606016][  T388]  __x64_sys_sendto+0xe5/0x100
[   58.610618][  T388]  x64_sys_call+0x15c/0x9a0
[   58.615045][  T388]  do_syscall_64+0x3b/0xb0
[   58.619304][  T388] page last free stack trace:
[   58.623891][  T388]  free_unref_page_prepare+0x7c8/0x7d0
[   58.629184][  T388]  free_unref_page+0xe8/0x750
[   58.633699][  T388]  __put_page+0xb0/0xe0
[   58.637692][  T388]  anon_pipe_buf_release+0x187/0x200
[   58.642814][  T388]  pipe_read+0x5a6/0x1040
[   58.646978][  T388]  vfs_read+0xa7e/0xd40
[   58.650972][  T388]  ksys_read+0x199/0x2c0
[   58.655055][  T388]  __x64_sys_read+0x7b/0x90
[   58.659390][  T388]  x64_sys_call+0x28/0x9a0
[   58.663641][  T388]  do_syscall_64+0x3b/0xb0
[   58.667893][  T388]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   58.673626][  T388] 
[   58.675793][  T388] Memory state around the buggy address:
[   58.681266][  T388]  ffff888123797280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.689167][  T388]  ffff888123797300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   58.697064][  T388] >ffff888123797380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   58.705044][  T388]                                            ^
[   58.711040][  T388]  ffff888123797400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.718937][  T388]  ffff888123797480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[   58.726830][  T388] ==================================================================
[   58.747699][  T392] FAULT_INJECTION: forcing a failure.
[   58.747699][  T392] name failslab, interval 1, probability 0, space 0, times 0
[   58.760188][  T392] CPU: 1 PID: 392 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   58.771652][  T392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   58.781552][  T392] Call Trace:
[   58.784676][  T392]  <TASK>
[   58.787449][  T392]  dump_stack_lvl+0x151/0x1c0
[   58.791971][  T392]  ? io_uring_drop_tctx_refs+0x190/0x190
[   58.797439][  T392]  dump_stack+0x15/0x20
[   58.801429][  T392]  should_fail+0x3c6/0x510
[   58.805676][  T392]  __should_failslab+0xa4/0xe0
[   58.810284][  T392]  should_failslab+0x9/0x20
[   58.814618][  T392]  slab_pre_alloc_hook+0x37/0xd0
[   58.819398][  T392]  kmem_cache_alloc_trace+0x48/0x210
[   58.824511][  T392]  ? sk_psock_skb_ingress_self+0x60/0x330
[   58.830068][  T392]  ? migrate_disable+0x190/0x190
[   58.834845][  T392]  sk_psock_skb_ingress_self+0x60/0x330
[   58.840403][  T392]  sk_psock_verdict_recv+0x66d/0x840
[   58.845907][  T392]  unix_read_sock+0x132/0x370
[   58.850674][  T392]  ? sk_psock_skb_redirect+0x440/0x440
[   58.856124][  T392]  ? unix_stream_splice_actor+0x120/0x120
[   58.861711][  T392]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   58.866970][  T392]  ? unix_stream_splice_actor+0x120/0x120
[   58.872527][  T392]  sk_psock_verdict_data_ready+0x147/0x1a0
[   58.878381][  T392]  ? sk_psock_start_verdict+0xc0/0xc0
[   58.883554][  T392]  ? _raw_spin_lock+0xa4/0x1b0
[   58.888149][  T392]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   58.893796][  T392]  ? skb_queue_tail+0xfb/0x120
[   58.898426][  T392]  unix_dgram_sendmsg+0x15fa/0x2090
[   58.903469][  T392]  ? unix_dgram_poll+0x710/0x710
[   58.908303][  T392]  ? __kasan_check_write+0x14/0x20
[   58.913231][  T392]  ? __cpuidle_text_end+0x2/0x2
[   58.917945][  T392]  ? cgroup_rstat_updated+0xe5/0x370
[   58.923047][  T392]  ? security_socket_sendmsg+0x82/0xb0
[   58.928423][  T392]  ? unix_dgram_poll+0x710/0x710
[   58.933195][  T392]  ____sys_sendmsg+0x59e/0x8f0
[   58.937797][  T392]  ? __sys_sendmsg_sock+0x40/0x40
[   58.942829][  T392]  ? import_iovec+0xe5/0x120
[   58.947288][  T392]  ___sys_sendmsg+0x252/0x2e0
[   58.951772][  T392]  ? __sys_sendmsg+0x260/0x260
[   58.956371][  T392]  ? __kasan_check_write+0x14/0x20
[   58.961313][  T392]  ? proc_fail_nth_write+0x20b/0x290
[   58.966438][  T392]  ? __fdget+0x1bc/0x240
[   58.970602][  T392]  __sys_sendmmsg+0x2bf/0x530
[   58.975120][  T392]  ? __ia32_sys_sendmsg+0x90/0x90
[   58.980148][  T392]  ? mutex_unlock+0xb2/0x260
[   58.984675][  T392]  ? __kasan_check_write+0x14/0x20
[   58.989699][  T392]  ? __ia32_sys_read+0x90/0x90
[   58.994470][  T392]  ? debug_smp_processor_id+0x17/0x20
[   58.999773][  T392]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   59.005679][  T392]  __x64_sys_sendmmsg+0xa0/0xb0
[   59.010365][  T392]  x64_sys_call+0x81d/0x9a0
[   59.014701][  T392]  do_syscall_64+0x3b/0xb0
[   59.018954][  T392]  ? clear_bhb_loop+0x35/0x90
[   59.023613][  T392]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   59.029330][  T392] RIP: 0033:0x7f60347c3da9
[   59.033578][  T392] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   59.053017][  T392] RSP: 002b:00007f60343460c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   59.061263][  T392] RAX: ffffffffffffffda RBX: 00007f60348f2f80 RCX: 00007f60347c3da9
[   59.069160][  T392] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[   59.076972][  T392] RBP: 00007f6034346120 R08: 0000000000000000 R09: 0000000000000000
[   59.084868][  T392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.092684][  T392] R13: 000000000000000b R14: 00007f60348f2f80 R15: 00007ffd449e85d8
[   59.100497][  T392]  </TASK>
[   59.105112][  T391] ==================================================================
[   59.113130][  T391] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[   59.121366][  T391] 
[   59.123534][  T391] CPU: 0 PID: 391 Comm: syz-executor.0 Tainted: G    B             5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[   59.135086][  T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   59.145096][  T391] Call Trace:
[   59.148207][  T391]  <TASK>
[   59.151069][  T391]  dump_stack_lvl+0x151/0x1c0
[   59.155664][  T391]  ? io_uring_drop_tctx_refs+0x190/0x190
[   59.161132][  T391]  ? __wake_up_klogd+0xd5/0x110
[   59.165927][  T391]  ? panic+0x760/0x760
[   59.169818][  T391]  ? kmem_cache_free+0x116/0x2e0
[   59.174593][  T391]  print_address_description+0x87/0x3b0
[   59.180060][  T391]  ? kmem_cache_free+0x116/0x2e0
[   59.184830][  T391]  ? kmem_cache_free+0x116/0x2e0
[   59.189694][  T391]  kasan_report_invalid_free+0x6b/0xa0