Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts.
2024/12/12 12:56:48 ignoring optional flag "sandboxArg"="0"
2024/12/12 12:56:48 ignoring optional flag "type"="gce"
2024/12/12 12:56:48 parsed 1 programs
[ 44.770255][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 44.770270][ T30] audit: type=1400 audit(1734008208.308:95): avc: denied { unlink } for pid=346 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 44.802152][ T30] audit: type=1400 audit(1734008208.338:96): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
2024/12/12 12:56:48 executed programs: 0
[ 44.840822][ T346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 44.898455][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.905355][ T352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.912584][ T352] device bridge_slave_0 entered promiscuous mode
[ 44.919251][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.926148][ T352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.933296][ T352] device bridge_slave_1 entered promiscuous mode
[ 44.979264][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.986136][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.993244][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.000031][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.019536][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.026659][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.034276][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.041542][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.050489][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.058495][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.065363][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.074496][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.082505][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.089349][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.102232][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.111253][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.124806][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.136321][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.144527][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.152084][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.160339][ T352] device veth0_vlan entered promiscuous mode
[ 45.170128][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.178965][ T352] device veth1_macvtap entered promiscuous mode
[ 45.188315][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.198447][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.213585][ T30] audit: type=1400 audit(1734008208.748:97): avc: denied { mounton } for pid=352 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 45.242441][ T30] audit: type=1400 audit(1734008208.778:98): avc: denied { prog_load } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.265991][ T30] audit: type=1400 audit(1734008208.778:99): avc: denied { bpf } for pid=357 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.297443][ T360] FAULT_INJECTION: forcing a failure.
[ 45.297443][ T360] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 45.310926][ T30] audit: type=1400 audit(1734008208.828:100): avc: denied { map_create } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.330264][ T30] audit: type=1400 audit(1734008208.828:101): avc: denied { map_read map_write } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.331368][ T360] CPU: 1 PID: 360 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 45.360205][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 45.370107][ T360] Call Trace:
[ 45.373220][ T360]
[ 45.375998][ T360] dump_stack_lvl+0x151/0x1c0
[ 45.380512][ T360] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.385988][ T360] ? vsnprintf+0x1dd/0x1c70
[ 45.390409][ T360] dump_stack+0x15/0x20
[ 45.394398][ T360] should_fail+0x3c6/0x510
[ 45.398740][ T360] should_fail_usercopy+0x1a/0x20
[ 45.403599][ T360] _copy_from_user+0x20/0xd0
[ 45.408024][ T360] kstrtouint_from_user+0xca/0x2a0
[ 45.412972][ T360] ? kstrtol_from_user+0x310/0x310
[ 45.417917][ T360] ? snprintf+0xd6/0x120
[ 45.421997][ T360] ? check_stack_object+0x114/0x130
[ 45.427120][ T360] ? __kasan_check_read+0x11/0x20
[ 45.432062][ T360] ? _copy_to_user+0x78/0x90
[ 45.436408][ T360] proc_fail_nth_write+0xa6/0x290
[ 45.441264][ T360] ? selinux_file_permission+0x2c4/0x570
[ 45.446735][ T360] ? proc_fail_nth_read+0x210/0x210
[ 45.451777][ T360] ? fsnotify_perm+0x6a/0x5b0
[ 45.456279][ T360] ? security_file_permission+0x86/0xb0
[ 45.461660][ T360] ? proc_fail_nth_read+0x210/0x210
[ 45.466701][ T360] vfs_write+0x406/0x1110
[ 45.470872][ T360] ? file_end_write+0x1c0/0x1c0
[ 45.475547][ T360] ? __kasan_check_write+0x14/0x20
[ 45.480497][ T360] ? mutex_lock+0xb6/0x1e0
[ 45.484751][ T360] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.491181][ T360] ? __fdget_pos+0x2e7/0x3a0
[ 45.495603][ T360] ? ksys_write+0x77/0x2c0
[ 45.499851][ T360] ksys_write+0x199/0x2c0
[ 45.504106][ T360] ? __ia32_sys_read+0x90/0x90
[ 45.508701][ T360] ? debug_smp_processor_id+0x17/0x20
[ 45.513909][ T360] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.519919][ T360] __x64_sys_write+0x7b/0x90
[ 45.524329][ T360] x64_sys_call+0x2f/0x9a0
[ 45.528583][ T360] do_syscall_64+0x3b/0xb0
[ 45.532840][ T360] ? clear_bhb_loop+0x35/0x90
[ 45.537351][ T360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.543081][ T360] RIP: 0033:0x7fea17f81aef
[ 45.547326][ T360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[ 45.565633][ T30] audit: type=1400 audit(1734008209.078:102): avc: denied { perfmon } for pid=357 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.566849][ T360] RSP: 002b:00007fea17ae40c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 45.596555][ T360] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fea17f81aef
[ 45.604343][ T360] RDX: 0000000000000001 RSI: 00007fea17ae4130 RDI: 0000000000000005
[ 45.612151][ T360] RBP: 00007fea17ae4120 R08: 0000000000000000 R09: 0000000000000000
[ 45.620158][ T360] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 45.627956][ T360] R13: 000000000000006e R14: 00007fea180b2050 R15: 00007ffd1d559df8
[ 45.635764][ T360]
[ 45.640095][ T30] audit: type=1400 audit(1734008209.178:103): avc: denied { prog_run } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.667892][ T363] FAULT_INJECTION: forcing a failure.
[ 45.667892][ T363] name failslab, interval 1, probability 0, space 0, times 1
[ 45.680434][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 45.690540][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 45.700536][ T363] Call Trace:
[ 45.703643][ T363]
[ 45.706421][ T363] dump_stack_lvl+0x151/0x1c0
[ 45.710932][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.716401][ T363] dump_stack+0x15/0x20
[ 45.720396][ T363] should_fail+0x3c6/0x510
[ 45.724748][ T363] __should_failslab+0xa4/0xe0
[ 45.729334][ T363] should_failslab+0x9/0x20
[ 45.733672][ T363] slab_pre_alloc_hook+0x37/0xd0
[ 45.738448][ T363] kmem_cache_alloc_trace+0x48/0x210
[ 45.743568][ T363] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.749211][ T363] ? migrate_disable+0x190/0x190
[ 45.753987][ T363] sk_psock_skb_ingress_self+0x60/0x330
[ 45.759368][ T363] sk_psock_verdict_recv+0x66d/0x840
[ 45.764515][ T363] unix_read_sock+0x132/0x370
[ 45.768999][ T363] ? sk_psock_skb_redirect+0x440/0x440
[ 45.774295][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.779846][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.785152][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.790695][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.796365][ T363] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.801549][ T363] ? _raw_spin_lock+0xa4/0x1b0
[ 45.806145][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.811787][ T363] ? skb_queue_tail+0xfb/0x120
[ 45.816385][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.821423][ T363] ? unix_dgram_poll+0x690/0x690
[ 45.826194][ T363] ? __kasan_check_write+0x14/0x20
[ 45.831263][ T363] ? __cpuidle_text_end+0x2/0x2
[ 45.835950][ T363] ? cgroup_rstat_updated+0xe5/0x370
[ 45.841070][ T363] ? security_socket_sendmsg+0x82/0xb0
[ 45.846361][ T363] ? unix_dgram_poll+0x690/0x690
[ 45.851141][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 45.855757][ T363] ? __sys_sendmsg_sock+0x40/0x40
[ 45.860641][ T363] ? import_iovec+0xe5/0x120
[ 45.865026][ T363] ___sys_sendmsg+0x252/0x2e0
[ 45.869645][ T363] ? __sys_sendmsg+0x260/0x260
[ 45.874237][ T363] ? __kasan_check_write+0x14/0x20
[ 45.879174][ T363] ? proc_fail_nth_write+0x20b/0x290
[ 45.884405][ T363] ? __fdget+0x1bc/0x240
[ 45.888484][ T363] __sys_sendmmsg+0x2bf/0x530
[ 45.893007][ T363] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.898119][ T363] ? mutex_unlock+0xb2/0x260
[ 45.902549][ T363] ? __kasan_check_write+0x14/0x20
[ 45.907493][ T363] ? __ia32_sys_read+0x90/0x90
[ 45.912090][ T363] ? debug_smp_processor_id+0x17/0x20
[ 45.917302][ T363] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.923200][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.927973][ T363] x64_sys_call+0x81d/0x9a0
[ 45.932315][ T363] do_syscall_64+0x3b/0xb0
[ 45.936564][ T363] ? clear_bhb_loop+0x35/0x90
[ 45.941079][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.946814][ T363] RIP: 0033:0x7fea17f82da9
[ 45.951060][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.970933][ T363] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.979186][ T363] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 45.986989][ T363] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 45.994801][ T363] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 46.002699][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.010510][ T363] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 46.018336][ T363]
[ 46.025256][ T362] ==================================================================
[ 46.033141][ T362] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 46.039829][ T362] Read of size 4 at addr ffff88810f1305ec by task syz-executor.0/362
[ 46.047717][ T362]
[ 46.049886][ T362] CPU: 0 PID: 362 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 46.060042][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.070024][ T362] Call Trace:
[ 46.073148][ T362]
[ 46.075945][ T362] dump_stack_lvl+0x151/0x1c0
[ 46.080436][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.085904][ T362] ? panic+0x760/0x760
[ 46.089807][ T362] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 46.095291][ T362] print_address_description+0x87/0x3b0
[ 46.100659][ T362] kasan_report+0x179/0x1c0
[ 46.104996][ T362] ? consume_skb+0x3c/0x250
[ 46.109335][ T362] ? consume_skb+0x3c/0x250
[ 46.113686][ T362] kasan_check_range+0x293/0x2a0
[ 46.118455][ T362] __kasan_check_read+0x11/0x20
[ 46.123136][ T362] consume_skb+0x3c/0x250
[ 46.127302][ T362] __sk_msg_free+0x2dd/0x370
[ 46.131728][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.137531][ T362] sk_psock_stop+0x44c/0x4d0
[ 46.141885][ T362] sk_psock_drop+0x219/0x310
[ 46.146308][ T362] sock_map_unref+0x48f/0x4d0
[ 46.150840][ T362] ? __local_bh_enable_ip+0x58/0x80
[ 46.155945][ T362] ? _raw_spin_unlock_bh+0x51/0x60
[ 46.160893][ T362] sock_map_remove_links+0x41c/0x650
[ 46.166011][ T362] ? __kasan_record_aux_stack+0xd3/0xf0
[ 46.171391][ T362] ? kasan_record_aux_stack+0xe/0x10
[ 46.176515][ T362] ? task_work_add+0x27/0x1d0
[ 46.181028][ T362] ? sock_map_unhash+0x120/0x120
[ 46.185798][ T362] ? x64_sys_call+0x3d/0x9a0
[ 46.190226][ T362] ? locks_remove_posix+0x610/0x610
[ 46.195260][ T362] sock_map_close+0x114/0x530
[ 46.199773][ T362] ? unix_peer_get+0xe0/0xe0
[ 46.204198][ T362] ? sock_map_remove_links+0x650/0x650
[ 46.209495][ T362] ? rwsem_mark_wake+0x770/0x770
[ 46.214270][ T362] unix_release+0x82/0xc0
[ 46.218437][ T362] sock_close+0xdf/0x270
[ 46.222516][ T362] ? sock_mmap+0xa0/0xa0
[ 46.226591][ T362] __fput+0x228/0x8c0
[ 46.230412][ T362] ____fput+0x15/0x20
[ 46.234231][ T362] task_work_run+0x129/0x190
[ 46.238658][ T362] exit_to_user_mode_loop+0xc4/0xe0
[ 46.243692][ T362] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.248985][ T362] syscall_exit_to_user_mode+0x26/0x160
[ 46.254366][ T362] do_syscall_64+0x47/0xb0
[ 46.258619][ T362] ? clear_bhb_loop+0x35/0x90
[ 46.263130][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.268856][ T362] RIP: 0033:0x7fea17f81c9a
[ 46.273124][ T362] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.292564][ T362] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.300796][ T362] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 46.308608][ T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.316434][ T362] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 46.324234][ T362] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b58f
[ 46.332054][ T362] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000b24e
[ 46.339862][ T362]
[ 46.342717][ T362]
[ 46.344889][ T362] Allocated by task 363:
[ 46.348976][ T362] __kasan_slab_alloc+0xb1/0xe0
[ 46.353653][ T362] slab_post_alloc_hook+0x53/0x2c0
[ 46.358601][ T362] kmem_cache_alloc+0xf5/0x200
[ 46.363204][ T362] skb_clone+0x1d1/0x360
[ 46.367281][ T362] sk_psock_verdict_recv+0x53/0x840
[ 46.372318][ T362] unix_read_sock+0x132/0x370
[ 46.376828][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.382476][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.387627][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 46.392216][ T362] ___sys_sendmsg+0x252/0x2e0
[ 46.396728][ T362] __sys_sendmmsg+0x2bf/0x530
[ 46.401243][ T362] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.405927][ T362] x64_sys_call+0x81d/0x9a0
[ 46.410270][ T362] do_syscall_64+0x3b/0xb0
[ 46.414521][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.420250][ T362]
[ 46.422418][ T362] Freed by task 356:
[ 46.426149][ T362] kasan_set_track+0x4b/0x70
[ 46.430579][ T362] kasan_set_free_info+0x23/0x40
[ 46.435352][ T362] ____kasan_slab_free+0x126/0x160
[ 46.440299][ T362] __kasan_slab_free+0x11/0x20
[ 46.444984][ T362] slab_free_freelist_hook+0xbd/0x190
[ 46.450191][ T362] kmem_cache_free+0x116/0x2e0
[ 46.454797][ T362] kfree_skbmem+0x104/0x170
[ 46.459135][ T362] kfree_skb+0xc2/0x360
[ 46.463318][ T362] sk_psock_backlog+0xc21/0xd90
[ 46.468327][ T362] process_one_work+0x6bb/0xc10
[ 46.473124][ T362] worker_thread+0xad5/0x12a0
[ 46.477620][ T362] kthread+0x421/0x510
[ 46.481526][ T362] ret_from_fork+0x1f/0x30
[ 46.485864][ T362]
[ 46.488047][ T362] The buggy address belongs to the object at ffff88810f130500
[ 46.488047][ T362] which belongs to the cache skbuff_head_cache of size 248
[ 46.502442][ T362] The buggy address is located 236 bytes inside of
[ 46.502442][ T362] 248-byte region [ffff88810f130500, ffff88810f1305f8)
[ 46.515548][ T362] The buggy address belongs to the page:
[ 46.521036][ T362] page:ffffea00043c4c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f130
[ 46.531282][ T362] flags: 0x4000000000000200(slab|zone=1)
[ 46.536765][ T362] raw: 4000000000000200 ffffea00043db6c0 0000000200000002 ffff8881081ab500
[ 46.545179][ T362] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.553586][ T362] page dumped because: kasan: bad access detected
[ 46.559841][ T362] page_owner tracks the page as allocated
[ 46.565416][ T362] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 103, ts 4142278306, free_ts 0
[ 46.580232][ T362] post_alloc_hook+0x1a3/0x1b0
[ 46.584999][ T362] prep_new_page+0x1b/0x110
[ 46.589319][ T362] get_page_from_freelist+0x3550/0x35d0
[ 46.594699][ T362] __alloc_pages+0x27e/0x8f0
[ 46.599123][ T362] new_slab+0x9a/0x4e0
[ 46.603025][ T362] ___slab_alloc+0x39e/0x830
[ 46.607454][ T362] __slab_alloc+0x4a/0x90
[ 46.611617][ T362] kmem_cache_alloc+0x134/0x200
[ 46.616317][ T362] __alloc_skb+0xbe/0x550
[ 46.620475][ T362] alloc_skb_with_frags+0xa6/0x680
[ 46.625434][ T362] sock_alloc_send_pskb+0x915/0xa50
[ 46.630459][ T362] unix_dgram_sendmsg+0x6fd/0x2090
[ 46.635402][ T362] sock_write_iter+0x39b/0x530
[ 46.640005][ T362] vfs_write+0xd5d/0x1110
[ 46.644166][ T362] ksys_write+0x199/0x2c0
[ 46.648332][ T362] __x64_sys_write+0x7b/0x90
[ 46.652761][ T362] page_owner free stack trace missing
[ 46.657969][ T362]
[ 46.660137][ T362] Memory state around the buggy address:
[ 46.665607][ T362] ffff88810f130480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.673524][ T362] ffff88810f130500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.681402][ T362] >ffff88810f130580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.689308][ T362] ^
[ 46.696589][ T362] ffff88810f130600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.704521][ T362] ffff88810f130680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.712423][ T362] ==================================================================
[ 46.720284][ T362] Disabling lock debugging due to kernel taint
[ 46.726510][ T362] ==================================================================
[ 46.734344][ T362] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.742678][ T362]
[ 46.744848][ T362] CPU: 0 PID: 362 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 46.756578][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.766908][ T362] Call Trace:
[ 46.770015][ T362]
[ 46.772792][ T362] dump_stack_lvl+0x151/0x1c0
[ 46.777306][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.782770][ T362] ? __wake_up_klogd+0xd5/0x110
[ 46.787462][ T362] ? panic+0x760/0x760
[ 46.791380][ T362] ? kmem_cache_free+0x116/0x2e0
[ 46.796148][ T362] print_address_description+0x87/0x3b0
[ 46.801704][ T362] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 46.807683][ T362] ? kmem_cache_free+0x116/0x2e0
[ 46.812456][ T362] ? kmem_cache_free+0x116/0x2e0
[ 46.817345][ T362] kasan_report_invalid_free+0x6b/0xa0
[ 46.822637][ T362] ____kasan_slab_free+0x13e/0x160
[ 46.827589][ T362] __kasan_slab_free+0x11/0x20
[ 46.832184][ T362] slab_free_freelist_hook+0xbd/0x190
[ 46.837395][ T362] ? kfree_skbmem+0x104/0x170
[ 46.841906][ T362] kmem_cache_free+0x116/0x2e0
[ 46.846512][ T362] kfree_skbmem+0x104/0x170
[ 46.850848][ T362] consume_skb+0xb4/0x250
[ 46.855038][ T362] __sk_msg_free+0x2dd/0x370
[ 46.859438][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.865085][ T362] sk_psock_stop+0x44c/0x4d0
[ 46.869509][ T362] sk_psock_drop+0x219/0x310
[ 46.874025][ T362] sock_map_unref+0x48f/0x4d0
[ 46.878531][ T362] ? __local_bh_enable_ip+0x58/0x80
[ 46.883575][ T362] ? _raw_spin_unlock_bh+0x51/0x60
[ 46.888518][ T362] sock_map_remove_links+0x41c/0x650
[ 46.893633][ T362] ? __kasan_record_aux_stack+0xd3/0xf0
[ 46.899014][ T362] ? kasan_record_aux_stack+0xe/0x10
[ 46.904223][ T362] ? task_work_add+0x27/0x1d0
[ 46.908748][ T362] ? sock_map_unhash+0x120/0x120
[ 46.913515][ T362] ? x64_sys_call+0x3d/0x9a0
[ 46.917934][ T362] ? locks_remove_posix+0x610/0x610
[ 46.922971][ T362] sock_map_close+0x114/0x530
[ 46.927485][ T362] ? unix_peer_get+0xe0/0xe0
[ 46.931913][ T362] ? sock_map_remove_links+0x650/0x650
[ 46.937203][ T362] ? rwsem_mark_wake+0x770/0x770
[ 46.941978][ T362] unix_release+0x82/0xc0
[ 46.946227][ T362] sock_close+0xdf/0x270
[ 46.950336][ T362] ? sock_mmap+0xa0/0xa0
[ 46.954387][ T362] __fput+0x228/0x8c0
[ 46.958209][ T362] ____fput+0x15/0x20
[ 46.962054][ T362] task_work_run+0x129/0x190
[ 46.966975][ T362] exit_to_user_mode_loop+0xc4/0xe0
[ 46.972092][ T362] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.977397][ T362] syscall_exit_to_user_mode+0x26/0x160
[ 46.982772][ T362] do_syscall_64+0x47/0xb0
[ 46.987023][ T362] ? clear_bhb_loop+0x35/0x90
[ 46.991537][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.997262][ T362] RIP: 0033:0x7fea17f81c9a
[ 47.001518][ T362] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.020960][ T362] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.029205][ T362] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 47.037116][ T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.044940][ T362] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 47.052736][ T362] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b58f
[ 47.060632][ T362] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000b24e
[ 47.068544][ T362]
[ 47.071415][ T362]
[ 47.073563][ T362] Allocated by task 363:
[ 47.077642][ T362] __kasan_slab_alloc+0xb1/0xe0
[ 47.082331][ T362] slab_post_alloc_hook+0x53/0x2c0
[ 47.087273][ T362] kmem_cache_alloc+0xf5/0x200
[ 47.091990][ T362] skb_clone+0x1d1/0x360
[ 47.096068][ T362] sk_psock_verdict_recv+0x53/0x840
[ 47.101194][ T362] unix_read_sock+0x132/0x370
[ 47.105702][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.111344][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.116377][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 47.120976][ T362] ___sys_sendmsg+0x252/0x2e0
[ 47.125490][ T362] __sys_sendmmsg+0x2bf/0x530
[ 47.130004][ T362] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.134689][ T362] x64_sys_call+0x81d/0x9a0
[ 47.139055][ T362] do_syscall_64+0x3b/0xb0
[ 47.143291][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.149012][ T362]
[ 47.151181][ T362] Freed by task 356:
[ 47.154913][ T362] kasan_set_track+0x4b/0x70
[ 47.159369][ T362] kasan_set_free_info+0x23/0x40
[ 47.164112][ T362] ____kasan_slab_free+0x126/0x160
[ 47.169057][ T362] __kasan_slab_free+0x11/0x20
[ 47.173658][ T362] slab_free_freelist_hook+0xbd/0x190
[ 47.179127][ T362] kmem_cache_free+0x116/0x2e0
[ 47.183728][ T362] kfree_skbmem+0x104/0x170
[ 47.188067][ T362] kfree_skb+0xc2/0x360
[ 47.192058][ T362] sk_psock_backlog+0xc21/0xd90
[ 47.196753][ T362] process_one_work+0x6bb/0xc10
[ 47.201435][ T362] worker_thread+0xad5/0x12a0
[ 47.206031][ T362] kthread+0x421/0x510
[ 47.209938][ T362] ret_from_fork+0x1f/0x30
[ 47.214189][ T362]
[ 47.216360][ T362] The buggy address belongs to the object at ffff88810f130500
[ 47.216360][ T362] which belongs to the cache skbuff_head_cache of size 248
[ 47.230766][ T362] The buggy address is located 0 bytes inside of
[ 47.230766][ T362] 248-byte region [ffff88810f130500, ffff88810f1305f8)
[ 47.243701][ T362] The buggy address belongs to the page:
[ 47.249171][ T362] page:ffffea00043c4c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f130
[ 47.259506][ T362] flags: 0x4000000000000200(slab|zone=1)
[ 47.264979][ T362] raw: 4000000000000200 ffffea00043db6c0 0000000200000002 ffff8881081ab500
[ 47.273898][ T362] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.282305][ T362] page dumped because: kasan: bad access detected
[ 47.288553][ T362] page_owner tracks the page as allocated
[ 47.294106][ T362] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 103, ts 4142278306, free_ts 0
[ 47.308947][ T362] post_alloc_hook+0x1a3/0x1b0
[ 47.313634][ T362] prep_new_page+0x1b/0x110
[ 47.317985][ T362] get_page_from_freelist+0x3550/0x35d0
[ 47.323357][ T362] __alloc_pages+0x27e/0x8f0
[ 47.327781][ T362] new_slab+0x9a/0x4e0
[ 47.331686][ T362] ___slab_alloc+0x39e/0x830
[ 47.336111][ T362] __slab_alloc+0x4a/0x90
[ 47.340286][ T362] kmem_cache_alloc+0x134/0x200
[ 47.344966][ T362] __alloc_skb+0xbe/0x550
[ 47.349216][ T362] alloc_skb_with_frags+0xa6/0x680
[ 47.354167][ T362] sock_alloc_send_pskb+0x915/0xa50
[ 47.359285][ T362] unix_dgram_sendmsg+0x6fd/0x2090
[ 47.364234][ T362] sock_write_iter+0x39b/0x530
[ 47.368831][ T362] vfs_write+0xd5d/0x1110
[ 47.372996][ T362] ksys_write+0x199/0x2c0
[ 47.377171][ T362] __x64_sys_write+0x7b/0x90
[ 47.381591][ T362] page_owner free stack trace missing
[ 47.386807][ T362]
[ 47.388978][ T362] Memory state around the buggy address:
[ 47.394614][ T362] ffff88810f130400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.402528][ T362] ffff88810f130480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.410459][ T362] >ffff88810f130500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.418316][ T362] ^
[ 47.422217][ T362] ffff88810f130580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.430117][ T362] ffff88810f130600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.438092][ T362] ==================================================================
[ 47.460863][ T366] FAULT_INJECTION: forcing a failure.
[ 47.460863][ T366] name failslab, interval 1, probability 0, space 0, times 0
[ 47.473596][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.485113][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.495125][ T366] Call Trace:
[ 47.498270][ T366]
[ 47.501034][ T366] dump_stack_lvl+0x151/0x1c0
[ 47.505544][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.511101][ T366] dump_stack+0x15/0x20
[ 47.515092][ T366] should_fail+0x3c6/0x510
[ 47.519345][ T366] __should_failslab+0xa4/0xe0
[ 47.523937][ T366] should_failslab+0x9/0x20
[ 47.528275][ T366] slab_pre_alloc_hook+0x37/0xd0
[ 47.533062][ T366] kmem_cache_alloc_trace+0x48/0x210
[ 47.538172][ T366] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.543731][ T366] ? migrate_disable+0x190/0x190
[ 47.548511][ T366] sk_psock_skb_ingress_self+0x60/0x330
[ 47.553974][ T366] sk_psock_verdict_recv+0x66d/0x840
[ 47.559089][ T366] unix_read_sock+0x132/0x370
[ 47.563604][ T366] ? sk_psock_skb_redirect+0x440/0x440
[ 47.568903][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 47.574798][ T366] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.580098][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 47.585653][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.591377][ T366] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.596581][ T366] ? _raw_spin_lock+0xa4/0x1b0
[ 47.601183][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.606828][ T366] ? skb_queue_tail+0xfb/0x120
[ 47.611518][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.616550][ T366] ? unix_dgram_poll+0x690/0x690
[ 47.621326][ T366] ? __kasan_check_write+0x14/0x20
[ 47.626266][ T366] ? __cpuidle_text_end+0x2/0x2
[ 47.630950][ T366] ? cgroup_rstat_updated+0xe5/0x370
[ 47.636102][ T366] ? security_socket_sendmsg+0x82/0xb0
[ 47.641369][ T366] ? unix_dgram_poll+0x690/0x690
[ 47.646139][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 47.650842][ T366] ? __sys_sendmsg_sock+0x40/0x40
[ 47.655708][ T366] ? import_iovec+0xe5/0x120
[ 47.660137][ T366] ___sys_sendmsg+0x252/0x2e0
[ 47.664641][ T366] ? __sys_sendmsg+0x260/0x260
[ 47.669242][ T366] ? __kasan_check_write+0x14/0x20
[ 47.674187][ T366] ? proc_fail_nth_write+0x20b/0x290
[ 47.679347][ T366] ? __fdget+0x1bc/0x240
[ 47.683388][ T366] __sys_sendmmsg+0x2bf/0x530
[ 47.687901][ T366] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.692933][ T366] ? mutex_unlock+0xb2/0x260
[ 47.697368][ T366] ? __kasan_check_write+0x14/0x20
[ 47.702315][ T366] ? __ia32_sys_read+0x90/0x90
[ 47.706909][ T366] ? debug_smp_processor_id+0x17/0x20
[ 47.712113][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.718015][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.722740][ T366] x64_sys_call+0x81d/0x9a0
[ 47.727049][ T366] do_syscall_64+0x3b/0xb0
[ 47.731294][ T366] ? clear_bhb_loop+0x35/0x90
[ 47.735814][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.741586][ T366] RIP: 0033:0x7fea17f82da9
[ 47.745791][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.765289][ T366] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.773479][ T366] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 47.781288][ T366] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 47.789098][ T366] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 47.796910][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.804842][ T366] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 47.812658][ T366]
[ 47.818089][ T365] ==================================================================
[ 47.825960][ T365] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 47.834202][ T365]
[ 47.836375][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.848006][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.857932][ T365] Call Trace:
[ 47.861033][ T365]
[ 47.863888][ T365] dump_stack_lvl+0x151/0x1c0
[ 47.868502][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.873999][ T365] ? __wake_up_klogd+0xd5/0x110
[ 47.878655][ T365] ? panic+0x760/0x760
[ 47.882648][ T365] ? kvm_sched_clock_read+0x18/0x40
[ 47.887681][ T365] ? kmem_cache_free+0x116/0x2e0
[ 47.892458][ T365] print_address_description+0x87/0x3b0
[ 47.897839][ T365] ? kmem_cache_free+0x116/0x2e0
[ 47.903044][ T365] ? kmem_cache_free+0x116/0x2e0
[ 47.907822][ T365] kasan_report_invalid_free+0x6b/0xa0
[ 47.913120][ T365] ____kasan_slab_free+0x13e/0x160
[ 47.918059][ T365] __kasan_slab_free+0x11/0x20
[ 47.922665][ T365] slab_free_freelist_hook+0xbd/0x190
[ 47.927866][ T365] ? kfree_skbmem+0x104/0x170
[ 47.932388][ T365] kmem_cache_free+0x116/0x2e0
[ 47.937023][ T365] kfree_skbmem+0x104/0x170
[ 47.941406][ T365] consume_skb+0xb4/0x250
[ 47.945580][ T365] __sk_msg_free+0x2dd/0x370
[ 47.950204][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.955843][ T365] sk_psock_stop+0x44c/0x4d0
[ 47.960269][ T365] sk_psock_drop+0x219/0x310
[ 47.964699][ T365] sock_map_unref+0x48f/0x4d0
[ 47.969278][ T365] ? __local_bh_enable_ip+0x58/0x80
[ 47.974253][ T365] ? _raw_spin_unlock_bh+0x51/0x60
[ 47.979192][ T365] sock_map_remove_links+0x41c/0x650
[ 47.984419][ T365] ? __kasan_record_aux_stack+0xd3/0xf0
[ 47.989791][ T365] ? kasan_record_aux_stack+0xe/0x10
[ 47.994915][ T365] ? task_work_add+0x27/0x1d0
[ 47.999433][ T365] ? sock_map_unhash+0x120/0x120
[ 48.004237][ T365] ? x64_sys_call+0x3d/0x9a0
[ 48.008626][ T365] ? locks_remove_posix+0x610/0x610
[ 48.013746][ T365] sock_map_close+0x114/0x530
[ 48.018296][ T365] ? unix_peer_get+0xe0/0xe0
[ 48.022692][ T365] ? sock_map_remove_links+0x650/0x650
[ 48.027978][ T365] ? rwsem_mark_wake+0x770/0x770
[ 48.032839][ T365] unix_release+0x82/0xc0
[ 48.037101][ T365] sock_close+0xdf/0x270
[ 48.041183][ T365] ? sock_mmap+0xa0/0xa0
[ 48.045258][ T365] __fput+0x228/0x8c0
[ 48.049071][ T365] ____fput+0x15/0x20
[ 48.052891][ T365] task_work_run+0x129/0x190
[ 48.057418][ T365] exit_to_user_mode_loop+0xc4/0xe0
[ 48.062450][ T365] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.067749][ T365] syscall_exit_to_user_mode+0x26/0x160
[ 48.073225][ T365] do_syscall_64+0x47/0xb0
[ 48.077383][ T365] ? clear_bhb_loop+0x35/0x90
[ 48.081898][ T365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.087757][ T365] RIP: 0033:0x7fea17f81c9a
[ 48.092011][ T365] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.111451][ T365] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.119792][ T365] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 48.127762][ T365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.135664][ T365] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 48.143478][ T365] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bc90
[ 48.151287][ T365] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000b94f
[ 48.159101][ T365]
[ 48.161971][ T365]
[ 48.164130][ T365] Allocated by task 366:
[ 48.168210][ T365] __kasan_slab_alloc+0xb1/0xe0
[ 48.172907][ T365] slab_post_alloc_hook+0x53/0x2c0
[ 48.177841][ T365] kmem_cache_alloc+0xf5/0x200
[ 48.182441][ T365] skb_clone+0x1d1/0x360
[ 48.186522][ T365] sk_psock_verdict_recv+0x53/0x840
[ 48.191561][ T365] unix_read_sock+0x132/0x370
[ 48.196075][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.201718][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.206742][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 48.211345][ T365] ___sys_sendmsg+0x252/0x2e0
[ 48.215857][ T365] __sys_sendmmsg+0x2bf/0x530
[ 48.220381][ T365] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.225148][ T365] x64_sys_call+0x81d/0x9a0
[ 48.229482][ T365] do_syscall_64+0x3b/0xb0
[ 48.233743][ T365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.239467][ T365]
[ 48.241637][ T365] Freed by task 356:
[ 48.245395][ T365] kasan_set_track+0x4b/0x70
[ 48.249791][ T365] kasan_set_free_info+0x23/0x40
[ 48.254566][ T365] ____kasan_slab_free+0x126/0x160
[ 48.259614][ T365] __kasan_slab_free+0x11/0x20
[ 48.264214][ T365] slab_free_freelist_hook+0xbd/0x190
[ 48.269428][ T365] kmem_cache_free+0x116/0x2e0
[ 48.274025][ T365] kfree_skbmem+0x104/0x170
[ 48.278359][ T365] kfree_skb+0xc2/0x360
[ 48.282352][ T365] sk_psock_backlog+0xc21/0xd90
[ 48.287039][ T365] process_one_work+0x6bb/0xc10
[ 48.291723][ T365] worker_thread+0xad5/0x12a0
[ 48.296248][ T365] kthread+0x421/0x510
[ 48.300144][ T365] ret_from_fork+0x1f/0x30
[ 48.304398][ T365]
[ 48.306566][ T365] The buggy address belongs to the object at ffff88811e82a780
[ 48.306566][ T365] which belongs to the cache skbuff_head_cache of size 248
[ 48.320975][ T365] The buggy address is located 0 bytes inside of
[ 48.320975][ T365] 248-byte region [ffff88811e82a780, ffff88811e82a878)
[ 48.333912][ T365] The buggy address belongs to the page:
[ 48.339381][ T365] page:ffffea00047a0a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e82a
[ 48.349539][ T365] flags: 0x4000000000000200(slab|zone=1)
[ 48.355047][ T365] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab500
[ 48.363437][ T365] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.371850][ T365] page dumped because: kasan: bad access detected
[ 48.378096][ T365] page_owner tracks the page as allocated
[ 48.383647][ T365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 356, ts 47451711772, free_ts 45639461670
[ 48.400882][ T365] post_alloc_hook+0x1a3/0x1b0
[ 48.405435][ T365] prep_new_page+0x1b/0x110
[ 48.409771][ T365] get_page_from_freelist+0x3550/0x35d0
[ 48.415165][ T365] __alloc_pages+0x27e/0x8f0
[ 48.419579][ T365] new_slab+0x9a/0x4e0
[ 48.423486][ T365] ___slab_alloc+0x39e/0x830
[ 48.427919][ T365] __slab_alloc+0x4a/0x90
[ 48.432165][ T365] kmem_cache_alloc+0x134/0x200
[ 48.436855][ T365] __alloc_skb+0xbe/0x550
[ 48.441020][ T365] __ipv6_ifa_notify+0x2e1/0x11c0
[ 48.445879][ T365] addrconf_dad_completed+0x177/0xd80
[ 48.451086][ T365] addrconf_dad_work+0xdc1/0x1710
[ 48.455949][ T365] process_one_work+0x6bb/0xc10
[ 48.460630][ T365] worker_thread+0xad5/0x12a0
[ 48.465146][ T365] kthread+0x421/0x510
[ 48.469055][ T365] ret_from_fork+0x1f/0x30
[ 48.473305][ T365] page last free stack trace:
[ 48.477817][ T365] free_unref_page_prepare+0x7c8/0x7d0
[ 48.483112][ T365] free_unref_page+0xe8/0x750
[ 48.487623][ T365] __free_pages+0x61/0xf0
[ 48.491909][ T365] free_pages+0x7c/0x90
[ 48.495999][ T365] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 48.501528][ T365] __apply_to_page_range+0x8dd/0xbe0
[ 48.506648][ T365] apply_to_existing_page_range+0x38/0x50
[ 48.512205][ T365] kasan_release_vmalloc+0x9a/0xb0
[ 48.517148][ T365] __purge_vmap_area_lazy+0x154a/0x1690
[ 48.522533][ T365] _vm_unmap_aliases+0x339/0x3b0
[ 48.527425][ T365] vm_unmap_aliases+0x19/0x20
[ 48.531933][ T365] change_page_attr_set_clr+0x308/0x1050
[ 48.537401][ T365] set_memory_ro+0xa1/0xe0
[ 48.541745][ T365] bpf_int_jit_compile+0xbf21/0xc6b0
[ 48.546861][ T365] bpf_prog_select_runtime+0x724/0xa10
[ 48.552193][ T365] bpf_prog_load+0x1315/0x1b50
[ 48.556762][ T365]
[ 48.558926][ T365] Memory state around the buggy address:
[ 48.564400][ T365] ffff88811e82a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.572365][ T365] ffff88811e82a700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.580199][ T365] >ffff88811e82a780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.588089][ T365] ^
[ 48.591996][ T365] ffff88811e82a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.599893][ T365] ffff88811e82a880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.607788][ T365] ==================================================================
[ 48.628076][ T369] FAULT_INJECTION: forcing a failure.
[ 48.628076][ T369] name failslab, interval 1, probability 0, space 0, times 0
[ 48.640534][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 48.652028][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.661943][ T369] Call Trace:
[ 48.665133][ T369]
[ 48.668473][ T369] dump_stack_lvl+0x151/0x1c0
[ 48.673143][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.678612][ T369] dump_stack+0x15/0x20
[ 48.682611][ T369] should_fail+0x3c6/0x510
[ 48.686966][ T369] __should_failslab+0xa4/0xe0
[ 48.691543][ T369] should_failslab+0x9/0x20
[ 48.695881][ T369] slab_pre_alloc_hook+0x37/0xd0
[ 48.700658][ T369] kmem_cache_alloc_trace+0x48/0x210
[ 48.705775][ T369] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.711360][ T369] ? migrate_disable+0x190/0x190
[ 48.716111][ T369] sk_psock_skb_ingress_self+0x60/0x330
[ 48.721489][ T369] sk_psock_verdict_recv+0x66d/0x840
[ 48.726787][ T369] unix_read_sock+0x132/0x370
[ 48.731325][ T369] ? sk_psock_skb_redirect+0x440/0x440
[ 48.736586][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 48.742141][ T369] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.747546][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 48.753080][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.758719][ T369] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.764011][ T369] ? _raw_spin_lock+0xa4/0x1b0
[ 48.768618][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.774256][ T369] ? skb_queue_tail+0xfb/0x120
[ 48.778853][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.783894][ T369] ? unix_dgram_poll+0x690/0x690
[ 48.788663][ T369] ? __kasan_check_write+0x14/0x20
[ 48.793607][ T369] ? __cpuidle_text_end+0x2/0x2
[ 48.798297][ T369] ? cgroup_rstat_updated+0xe5/0x370
[ 48.803417][ T369] ? security_socket_sendmsg+0x82/0xb0
[ 48.808735][ T369] ? unix_dgram_poll+0x690/0x690
[ 48.813487][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 48.818087][ T369] ? __sys_sendmsg_sock+0x40/0x40
[ 48.823032][ T369] ? import_iovec+0xe5/0x120
[ 48.827456][ T369] ___sys_sendmsg+0x252/0x2e0
[ 48.831976][ T369] ? __sys_sendmsg+0x260/0x260
[ 48.836571][ T369] ? __kasan_check_write+0x14/0x20
[ 48.841519][ T369] ? proc_fail_nth_write+0x20b/0x290
[ 48.846639][ T369] ? __fdget+0x1bc/0x240
[ 48.850716][ T369] __sys_sendmmsg+0x2bf/0x530
[ 48.855233][ T369] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.860088][ T369] ? mutex_unlock+0xb2/0x260
[ 48.864626][ T369] ? __kasan_check_write+0x14/0x20
[ 48.869558][ T369] ? __ia32_sys_read+0x90/0x90
[ 48.874152][ T369] ? debug_smp_processor_id+0x17/0x20
[ 48.879358][ T369] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.885300][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.889963][ T369] x64_sys_call+0x81d/0x9a0
[ 48.894405][ T369] do_syscall_64+0x3b/0xb0
[ 48.898760][ T369] ? clear_bhb_loop+0x35/0x90
[ 48.903410][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.909087][ T369] RIP: 0033:0x7fea17f82da9
[ 48.913341][ T369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.932787][ T369] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.941024][ T369] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 48.948846][ T369] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 48.956647][ T369] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 48.964458][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.972278][ T369] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 48.980085][ T369]
[ 48.985106][ T30] audit: type=1400 audit(1734008212.518:104): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 48.985758][ T368] ==================================================================
[ 49.015132][ T368] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.023372][ T368]
[ 49.025545][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.037086][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.046981][ T368] Call Trace:
[ 49.050167][ T368]
[ 49.053143][ T368] dump_stack_lvl+0x151/0x1c0
[ 49.057656][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.063130][ T368] ? __wake_up_klogd+0xd5/0x110
[ 49.067809][ T368] ? panic+0x760/0x760
[ 49.071843][ T368] ? kmem_cache_free+0x116/0x2e0
[ 49.076610][ T368] print_address_description+0x87/0x3b0
[ 49.081999][ T368] ? kmem_cache_free+0x116/0x2e0
[ 49.086765][ T368] ? kmem_cache_free+0x116/0x2e0
[ 49.091543][ T368] kasan_report_invalid_free+0x6b/0xa0
[ 49.096828][ T368] ____kasan_slab_free+0x13e/0x160
[ 49.101785][ T368] __kasan_slab_free+0x11/0x20
[ 49.106385][ T368] slab_free_freelist_hook+0xbd/0x190
[ 49.111587][ T368] ? kfree_skbmem+0x104/0x170
[ 49.116100][ T368] kmem_cache_free+0x116/0x2e0
[ 49.120785][ T368] kfree_skbmem+0x104/0x170
[ 49.125124][ T368] consume_skb+0xb4/0x250
[ 49.129380][ T368] __sk_msg_free+0x2dd/0x370
[ 49.133839][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.139453][ T368] sk_psock_stop+0x44c/0x4d0
[ 49.143873][ T368] sk_psock_drop+0x219/0x310
[ 49.148296][ T368] sock_map_unref+0x48f/0x4d0
[ 49.152809][ T368] ? __local_bh_enable_ip+0x58/0x80
[ 49.157848][ T368] ? _raw_spin_unlock_bh+0x51/0x60
[ 49.162794][ T368] sock_map_remove_links+0x41c/0x650
[ 49.167915][ T368] ? __kasan_record_aux_stack+0xd3/0xf0
[ 49.173297][ T368] ? kasan_record_aux_stack+0xe/0x10
[ 49.178413][ T368] ? task_work_add+0x27/0x1d0
[ 49.182925][ T368] ? sock_map_unhash+0x120/0x120
[ 49.187703][ T368] ? x64_sys_call+0x3d/0x9a0
[ 49.192142][ T368] ? locks_remove_posix+0x610/0x610
[ 49.197160][ T368] sock_map_close+0x114/0x530
[ 49.201673][ T368] ? unix_peer_get+0xe0/0xe0
[ 49.206097][ T368] ? sock_map_remove_links+0x650/0x650
[ 49.211394][ T368] ? rwsem_mark_wake+0x770/0x770
[ 49.216184][ T368] unix_release+0x82/0xc0
[ 49.220334][ T368] sock_close+0xdf/0x270
[ 49.224413][ T368] ? sock_mmap+0xa0/0xa0
[ 49.228500][ T368] __fput+0x228/0x8c0
[ 49.232311][ T368] ____fput+0x15/0x20
[ 49.236145][ T368] task_work_run+0x129/0x190
[ 49.240557][ T368] exit_to_user_mode_loop+0xc4/0xe0
[ 49.245588][ T368] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.250882][ T368] syscall_exit_to_user_mode+0x26/0x160
[ 49.256264][ T368] do_syscall_64+0x47/0xb0
[ 49.260516][ T368] ? clear_bhb_loop+0x35/0x90
[ 49.265029][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.270757][ T368] RIP: 0033:0x7fea17f81c9a
[ 49.275019][ T368] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.294573][ T368] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.302904][ T368] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 49.310884][ T368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.318695][ T368] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 49.326509][ T368] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c11f
[ 49.334323][ T368] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000bdde
[ 49.342270][ T368]
[ 49.345119][ T368]
[ 49.347295][ T368] Allocated by task 369:
[ 49.351372][ T368] __kasan_slab_alloc+0xb1/0xe0
[ 49.356232][ T368] slab_post_alloc_hook+0x53/0x2c0
[ 49.361178][ T368] kmem_cache_alloc+0xf5/0x200
[ 49.365774][ T368] skb_clone+0x1d1/0x360
[ 49.369854][ T368] sk_psock_verdict_recv+0x53/0x840
[ 49.374912][ T368] unix_read_sock+0x132/0x370
[ 49.379406][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.385048][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.390083][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 49.394683][ T368] ___sys_sendmsg+0x252/0x2e0
[ 49.399284][ T368] __sys_sendmmsg+0x2bf/0x530
[ 49.403791][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.408484][ T368] x64_sys_call+0x81d/0x9a0
[ 49.412820][ T368] do_syscall_64+0x3b/0xb0
[ 49.417075][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.422800][ T368]
[ 49.424969][ T368] Freed by task 20:
[ 49.428614][ T368] kasan_set_track+0x4b/0x70
[ 49.433043][ T368] kasan_set_free_info+0x23/0x40
[ 49.437814][ T368] ____kasan_slab_free+0x126/0x160
[ 49.442762][ T368] __kasan_slab_free+0x11/0x20
[ 49.447447][ T368] slab_free_freelist_hook+0xbd/0x190
[ 49.452654][ T368] kmem_cache_free+0x116/0x2e0
[ 49.457255][ T368] kfree_skbmem+0x104/0x170
[ 49.461592][ T368] kfree_skb+0xc2/0x360
[ 49.465743][ T368] sk_psock_backlog+0xc21/0xd90
[ 49.470423][ T368] process_one_work+0x6bb/0xc10
[ 49.475112][ T368] worker_thread+0xad5/0x12a0
[ 49.479750][ T368] kthread+0x421/0x510
[ 49.484082][ T368] ret_from_fork+0x1f/0x30
[ 49.488340][ T368]
[ 49.490508][ T368] The buggy address belongs to the object at ffff88811e888c80
[ 49.490508][ T368] which belongs to the cache skbuff_head_cache of size 248
[ 49.505024][ T368] The buggy address is located 0 bytes inside of
[ 49.505024][ T368] 248-byte region [ffff88811e888c80, ffff88811e888d78)
[ 49.517960][ T368] The buggy address belongs to the page:
[ 49.523427][ T368] page:ffffea00047a2200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e888
[ 49.533493][ T368] flags: 0x4000000000000200(slab|zone=1)
[ 49.538972][ T368] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab500
[ 49.547386][ T368] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.555796][ T368] page dumped because: kasan: bad access detected
[ 49.562058][ T368] page_owner tracks the page as allocated
[ 49.567600][ T368] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 48625514984, free_ts 48618882580
[ 49.583313][ T368] post_alloc_hook+0x1a3/0x1b0
[ 49.587913][ T368] prep_new_page+0x1b/0x110
[ 49.592594][ T368] get_page_from_freelist+0x3550/0x35d0
[ 49.597980][ T368] __alloc_pages+0x27e/0x8f0
[ 49.602395][ T368] new_slab+0x9a/0x4e0
[ 49.606297][ T368] ___slab_alloc+0x39e/0x830
[ 49.610985][ T368] __slab_alloc+0x4a/0x90
[ 49.615237][ T368] kmem_cache_alloc+0x134/0x200
[ 49.619934][ T368] skb_clone+0x1d1/0x360
[ 49.624006][ T368] netlink_broadcast_filtered+0x692/0x1220
[ 49.629650][ T368] netlink_broadcast+0x3a/0x50
[ 49.634334][ T368] kobject_uevent_net_broadcast+0x3a1/0x590
[ 49.640280][ T368] kobject_uevent_env+0x525/0x700
[ 49.645136][ T368] kobject_synth_uevent+0x4eb/0xae0
[ 49.650173][ T368] uevent_store+0x25/0x60
[ 49.654337][ T368] dev_attr_store+0x5c/0x80
[ 49.658679][ T368] page last free stack trace:
[ 49.663189][ T368] free_unref_page_prepare+0x7c8/0x7d0
[ 49.668483][ T368] free_unref_page+0xe8/0x750
[ 49.672999][ T368] __free_pages+0x61/0xf0
[ 49.677161][ T368] __vunmap+0x7bc/0x8f0
[ 49.681156][ T368] free_work+0x5b/0x80
[ 49.685117][ T368] process_one_work+0x6bb/0xc10
[ 49.689748][ T368] worker_thread+0xad5/0x12a0
[ 49.694262][ T368] kthread+0x421/0x510
[ 49.698446][ T368] ret_from_fork+0x1f/0x30
[ 49.702702][ T368]
[ 49.704961][ T368] Memory state around the buggy address:
[ 49.710430][ T368] ffff88811e888b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.718333][ T368] ffff88811e888c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.726228][ T368] >ffff88811e888c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.734213][ T368] ^
[ 49.738116][ T368] ffff88811e888d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.746025][ T368] ffff88811e888d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.753913][ T368] ==================================================================
[ 49.775602][ T373] FAULT_INJECTION: forcing a failure.
[ 49.775602][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 49.788060][ T373] CPU: 1 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.799550][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.809447][ T373] Call Trace:
[ 49.812569][ T373]
[ 49.815350][ T373] dump_stack_lvl+0x151/0x1c0
[ 49.820037][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.825543][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.831150][ T373] ? __skb_try_recv_datagram+0x495/0x6a0
[ 49.836708][ T373] dump_stack+0x15/0x20
[ 49.840696][ T373] should_fail+0x3c6/0x510
[ 49.844947][ T373] __should_failslab+0xa4/0xe0
[ 49.849546][ T373] ? skb_clone+0x1d1/0x360
[ 49.853797][ T373] should_failslab+0x9/0x20
[ 49.858136][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 49.862916][ T373] ? skb_clone+0x1d1/0x360
[ 49.867279][ T373] kmem_cache_alloc+0x44/0x200
[ 49.871885][ T373] skb_clone+0x1d1/0x360
[ 49.875960][ T373] sk_psock_verdict_recv+0x53/0x840
[ 49.881022][ T373] ? avc_has_perm_noaudit+0x430/0x430
[ 49.886345][ T373] ? mntput_no_expire+0xfc/0x6b0
[ 49.891108][ T373] unix_read_sock+0x132/0x370
[ 49.895706][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 49.900996][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 49.906550][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.911878][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 49.917610][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.923247][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.928453][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 49.933055][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.938695][ T373] ? skb_queue_tail+0xfb/0x120
[ 49.943295][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.948333][ T373] ? unix_dgram_poll+0x690/0x690
[ 49.953100][ T373] ? __kasan_check_write+0x14/0x20
[ 49.958050][ T373] ? __cpuidle_text_end+0x2/0x2
[ 49.962838][ T373] ? cgroup_rstat_updated+0xe5/0x370
[ 49.967948][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 49.973251][ T373] ? unix_dgram_poll+0x690/0x690
[ 49.978010][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 49.982618][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 49.987473][ T373] ? import_iovec+0xe5/0x120
[ 49.991908][ T373] ___sys_sendmsg+0x252/0x2e0
[ 49.996416][ T373] ? __sys_sendmsg+0x260/0x260
[ 50.001013][ T373] ? __kasan_check_write+0x14/0x20
[ 50.005962][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 50.011078][ T373] ? __fdget+0x1bc/0x240
[ 50.015160][ T373] __sys_sendmmsg+0x2bf/0x530
[ 50.019677][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.024675][ T373] ? mutex_unlock+0xb2/0x260
[ 50.029137][ T373] ? __kasan_check_write+0x14/0x20
[ 50.034077][ T373] ? __ia32_sys_read+0x90/0x90
[ 50.038683][ T373] ? debug_smp_processor_id+0x17/0x20
[ 50.044017][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.049998][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.054683][ T373] x64_sys_call+0x81d/0x9a0
[ 50.059021][ T373] do_syscall_64+0x3b/0xb0
[ 50.063273][ T373] ? clear_bhb_loop+0x35/0x90
[ 50.067783][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.073513][ T373] RIP: 0033:0x7fea17f82da9
[ 50.077766][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
2024/12/12 12:56:53 executed programs: 5
[ 50.097482][ T373] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.105748][ T373] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 50.113528][ T373] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.121347][ T373] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 50.129236][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.137045][ T373] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 50.145209][ T373]
[ 50.160412][ T375] FAULT_INJECTION: forcing a failure.
[ 50.160412][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 50.172954][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.184571][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.194465][ T375] Call Trace:
[ 50.197676][ T375]
[ 50.200453][ T375] dump_stack_lvl+0x151/0x1c0
[ 50.204964][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.210434][ T375] dump_stack+0x15/0x20
[ 50.214425][ T375] should_fail+0x3c6/0x510
[ 50.218684][ T375] __should_failslab+0xa4/0xe0
[ 50.223278][ T375] should_failslab+0x9/0x20
[ 50.227618][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 50.232397][ T375] kmem_cache_alloc_trace+0x48/0x210
[ 50.237509][ T375] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.243065][ T375] ? migrate_disable+0x190/0x190
[ 50.247838][ T375] sk_psock_skb_ingress_self+0x60/0x330
[ 50.253229][ T375] sk_psock_verdict_recv+0x66d/0x840
[ 50.258344][ T375] unix_read_sock+0x132/0x370
[ 50.262983][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 50.268272][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 50.273912][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.279292][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 50.284848][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.290490][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.295697][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 50.300296][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.305946][ T375] ? skb_queue_tail+0xfb/0x120
[ 50.310542][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.315698][ T375] ? unix_dgram_poll+0x690/0x690
[ 50.320461][ T375] ? __kasan_check_write+0x14/0x20
[ 50.325419][ T375] ? __cpuidle_text_end+0x2/0x2
[ 50.330099][ T375] ? cgroup_rstat_updated+0xe5/0x370
[ 50.335216][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 50.340520][ T375] ? unix_dgram_poll+0x690/0x690
[ 50.345282][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 50.349891][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 50.354747][ T375] ? import_iovec+0xe5/0x120
[ 50.359168][ T375] ___sys_sendmsg+0x252/0x2e0
[ 50.363683][ T375] ? __sys_sendmsg+0x260/0x260
[ 50.368287][ T375] ? __kasan_check_write+0x14/0x20
[ 50.373244][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 50.378354][ T375] ? __fdget+0x1bc/0x240
[ 50.382429][ T375] __sys_sendmmsg+0x2bf/0x530
[ 50.387033][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.391948][ T375] ? mutex_unlock+0xb2/0x260
[ 50.396318][ T375] ? __kasan_check_write+0x14/0x20
[ 50.401447][ T375] ? __ia32_sys_read+0x90/0x90
[ 50.406055][ T375] ? debug_smp_processor_id+0x17/0x20
[ 50.411247][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.417152][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.421837][ T375] x64_sys_call+0x81d/0x9a0
[ 50.426187][ T375] do_syscall_64+0x3b/0xb0
[ 50.430432][ T375] ? clear_bhb_loop+0x35/0x90
[ 50.434948][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.440672][ T375] RIP: 0033:0x7fea17f82da9
[ 50.445117][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.464899][ T375] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.473136][ T375] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 50.480948][ T375] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.488763][ T375] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 50.496576][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.504381][ T375] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 50.512457][ T375]
[ 50.516330][ T374] ==================================================================
[ 50.524301][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.532542][ T374]
[ 50.534710][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.546357][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.556381][ T374] Call Trace:
[ 50.559497][ T374]
[ 50.562363][ T374] dump_stack_lvl+0x151/0x1c0
[ 50.567397][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.572864][ T374] ? __wake_up_klogd+0xd5/0x110
[ 50.577550][ T374] ? panic+0x760/0x760
[ 50.581454][ T374] ? kmem_cache_free+0x116/0x2e0
[ 50.586228][ T374] print_address_description+0x87/0x3b0
[ 50.592046][ T374] ? kmem_cache_free+0x116/0x2e0
[ 50.596825][ T374] ? kmem_cache_free+0x116/0x2e0
[ 50.601592][ T374] kasan_report_invalid_free+0x6b/0xa0
[ 50.606886][ T374] ____kasan_slab_free+0x13e/0x160
[ 50.611832][ T374] __kasan_slab_free+0x11/0x20
[ 50.616432][ T374] slab_free_freelist_hook+0xbd/0x190
[ 50.621668][ T374] ? kfree_skbmem+0x104/0x170
[ 50.626263][ T374] kmem_cache_free+0x116/0x2e0
[ 50.630858][ T374] kfree_skbmem+0x104/0x170
[ 50.635203][ T374] consume_skb+0xb4/0x250
[ 50.639362][ T374] __sk_msg_free+0x2dd/0x370
[ 50.643788][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.649434][ T374] sk_psock_stop+0x44c/0x4d0
[ 50.653947][ T374] sk_psock_drop+0x219/0x310
[ 50.658462][ T374] sock_map_unref+0x48f/0x4d0
[ 50.662969][ T374] ? __local_bh_enable_ip+0x58/0x80
[ 50.668020][ T374] ? _raw_spin_unlock_bh+0x51/0x60
[ 50.672950][ T374] sock_map_remove_links+0x41c/0x650
[ 50.678071][ T374] ? __kasan_record_aux_stack+0xd3/0xf0
[ 50.683449][ T374] ? kasan_record_aux_stack+0xe/0x10
[ 50.688569][ T374] ? task_work_add+0x27/0x1d0
[ 50.693091][ T374] ? sock_map_unhash+0x120/0x120
[ 50.697862][ T374] ? x64_sys_call+0x3d/0x9a0
[ 50.702285][ T374] ? locks_remove_posix+0x610/0x610
[ 50.707325][ T374] sock_map_close+0x114/0x530
[ 50.711833][ T374] ? unix_peer_get+0xe0/0xe0
[ 50.716261][ T374] ? sock_map_remove_links+0x650/0x650
[ 50.721564][ T374] ? rwsem_mark_wake+0x770/0x770
[ 50.726454][ T374] unix_release+0x82/0xc0
[ 50.730618][ T374] sock_close+0xdf/0x270
[ 50.734704][ T374] ? sock_mmap+0xa0/0xa0
[ 50.738777][ T374] __fput+0x228/0x8c0
[ 50.742595][ T374] ____fput+0x15/0x20
[ 50.746415][ T374] task_work_run+0x129/0x190
[ 50.750842][ T374] exit_to_user_mode_loop+0xc4/0xe0
[ 50.756434][ T374] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.761734][ T374] syscall_exit_to_user_mode+0x26/0x160
[ 50.767106][ T374] do_syscall_64+0x47/0xb0
[ 50.771354][ T374] ? clear_bhb_loop+0x35/0x90
[ 50.775875][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.781598][ T374] RIP: 0033:0x7fea17f81c9a
[ 50.785852][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.805301][ T374] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.813544][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 50.821357][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.829162][ T374] RBP: 0000000000000032 R08: 0000001b31b60000 R09: 00007fea180b1f8c
[ 50.836973][ T374] R10: 00007ffd1d55a010 R11: 0000000000000293 R12: 00007fea17b071b0
[ 50.844872][ T374] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000c3db
[ 50.852682][ T374]
[ 50.855585][ T374]
[ 50.857714][ T374] Allocated by task 375:
[ 50.861795][ T374] __kasan_slab_alloc+0xb1/0xe0
[ 50.866480][ T374] slab_post_alloc_hook+0x53/0x2c0
[ 50.871514][ T374] kmem_cache_alloc+0xf5/0x200
[ 50.876143][ T374] skb_clone+0x1d1/0x360
[ 50.880195][ T374] sk_psock_verdict_recv+0x53/0x840
[ 50.885362][ T374] unix_read_sock+0x132/0x370
[ 50.889858][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.895495][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.900530][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 50.905135][ T374] ___sys_sendmsg+0x252/0x2e0
[ 50.909646][ T374] __sys_sendmmsg+0x2bf/0x530
[ 50.914160][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.918842][ T374] x64_sys_call+0x81d/0x9a0
[ 50.923184][ T374] do_syscall_64+0x3b/0xb0
[ 50.927525][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.933259][ T374]
[ 50.935527][ T374] Freed by task 39:
[ 50.939171][ T374] kasan_set_track+0x4b/0x70
[ 50.943602][ T374] kasan_set_free_info+0x23/0x40
[ 50.948381][ T374] ____kasan_slab_free+0x126/0x160
[ 50.953316][ T374] __kasan_slab_free+0x11/0x20
[ 50.957914][ T374] slab_free_freelist_hook+0xbd/0x190
[ 50.963129][ T374] kmem_cache_free+0x116/0x2e0
[ 50.967727][ T374] kfree_skbmem+0x104/0x170
[ 50.972062][ T374] kfree_skb+0xc2/0x360
[ 50.976054][ T374] sk_psock_backlog+0xc21/0xd90
[ 50.980741][ T374] process_one_work+0x6bb/0xc10
[ 50.985430][ T374] worker_thread+0xad5/0x12a0
[ 50.989953][ T374] kthread+0x421/0x510
[ 50.993849][ T374] ret_from_fork+0x1f/0x30
[ 50.998100][ T374]
[ 51.000270][ T374] The buggy address belongs to the object at ffff88810f6f4140
[ 51.000270][ T374] which belongs to the cache skbuff_head_cache of size 248
[ 51.015171][ T374] The buggy address is located 0 bytes inside of
[ 51.015171][ T374] 248-byte region [ffff88810f6f4140, ffff88810f6f4238)
[ 51.028100][ T374] The buggy address belongs to the page:
[ 51.033576][ T374] page:ffffea00043dbd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f6f4
[ 51.043747][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 51.049235][ T374] raw: 4000000000000200 ffffea00043dbc80 0000000500000005 ffff8881081ab500
[ 51.057656][ T374] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 51.066135][ T374] page dumped because: kasan: bad access detected
[ 51.072386][ T374] page_owner tracks the page as allocated
[ 51.077939][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4182406772, free_ts 0
[ 51.092778][ T374] post_alloc_hook+0x1a3/0x1b0
[ 51.097382][ T374] prep_new_page+0x1b/0x110
[ 51.101718][ T374] get_page_from_freelist+0x3550/0x35d0
[ 51.107193][ T374] __alloc_pages+0x27e/0x8f0
[ 51.111630][ T374] new_slab+0x9a/0x4e0
[ 51.115519][ T374] ___slab_alloc+0x39e/0x830
[ 51.119945][ T374] __slab_alloc+0x4a/0x90
[ 51.124115][ T374] kmem_cache_alloc+0x134/0x200
[ 51.128797][ T374] __alloc_skb+0xbe/0x550
[ 51.132965][ T374] netlink_sendmsg+0x797/0xd20
[ 51.137569][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 51.142163][ T374] ___sys_sendmsg+0x252/0x2e0
[ 51.146677][ T374] __se_sys_sendmsg+0x19a/0x260
[ 51.151366][ T374] __x64_sys_sendmsg+0x7b/0x90
[ 51.155962][ T374] x64_sys_call+0x16a/0x9a0
[ 51.160311][ T374] do_syscall_64+0x3b/0xb0
[ 51.164568][ T374] page_owner free stack trace missing
[ 51.169764][ T374]
[ 51.171934][ T374] Memory state around the buggy address:
[ 51.177403][ T374] ffff88810f6f4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.185302][ T374] ffff88810f6f4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.193198][ T374] >ffff88810f6f4100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.201098][ T374] ^
[ 51.207086][ T374] ffff88810f6f4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.214986][ T374] ffff88810f6f4200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.222879][ T374] ==================================================================
[ 51.242410][ T378] FAULT_INJECTION: forcing a failure.
[ 51.242410][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 51.254860][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.266374][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.276260][ T378] Call Trace:
[ 51.279411][ T378]
[ 51.282161][ T378] dump_stack_lvl+0x151/0x1c0
[ 51.286673][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.292418][ T378] dump_stack+0x15/0x20
[ 51.296395][ T378] should_fail+0x3c6/0x510
[ 51.300645][ T378] __should_failslab+0xa4/0xe0
[ 51.305252][ T378] should_failslab+0x9/0x20
[ 51.309590][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 51.314359][ T378] kmem_cache_alloc_trace+0x48/0x210
[ 51.319485][ T378] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.325039][ T378] ? migrate_disable+0x190/0x190
[ 51.329811][ T378] sk_psock_skb_ingress_self+0x60/0x330
[ 51.335191][ T378] sk_psock_verdict_recv+0x66d/0x840
[ 51.340312][ T378] unix_read_sock+0x132/0x370
[ 51.344841][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 51.350119][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 51.355687][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.361060][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 51.366608][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.372248][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.377454][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 51.382057][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.387698][ T378] ? skb_queue_tail+0xfb/0x120
[ 51.392296][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.397333][ T378] ? unix_dgram_poll+0x690/0x690
[ 51.402107][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 51.407403][ T378] ? unix_dgram_poll+0x690/0x690
[ 51.412174][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 51.416775][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 51.421632][ T378] ? import_iovec+0xe5/0x120
[ 51.426059][ T378] ___sys_sendmsg+0x252/0x2e0
[ 51.431007][ T378] ? __sys_sendmsg+0x260/0x260
[ 51.435608][ T378] ? __kasan_check_write+0x14/0x20
[ 51.440551][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 51.445764][ T378] ? __fdget+0x1bc/0x240
[ 51.449840][ T378] __sys_sendmmsg+0x2bf/0x530
[ 51.454357][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.459210][ T378] ? mutex_unlock+0xb2/0x260
[ 51.463643][ T378] ? __kasan_check_write+0x14/0x20
[ 51.468586][ T378] ? __ia32_sys_read+0x90/0x90
[ 51.473193][ T378] ? debug_smp_processor_id+0x17/0x20
[ 51.478656][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.484558][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.489253][ T378] x64_sys_call+0x81d/0x9a0
[ 51.493594][ T378] do_syscall_64+0x3b/0xb0
[ 51.498076][ T378] ? clear_bhb_loop+0x35/0x90
[ 51.502529][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.508423][ T378] RIP: 0033:0x7fea17f82da9
[ 51.512765][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.532205][ T378] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.540460][ T378] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 51.548266][ T378] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 51.556072][ T378] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 51.564011][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.571784][ T378] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 51.579598][ T378]
[ 51.584938][ T377] ==================================================================
[ 51.592847][ T377] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.601064][ T377]
[ 51.603237][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.614777][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.624677][ T377] Call Trace:
[ 51.627795][ T377]
[ 51.630574][ T377] dump_stack_lvl+0x151/0x1c0
[ 51.635088][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.640734][ T377] ? __wake_up_klogd+0xd5/0x110
[ 51.645417][ T377] ? panic+0x760/0x760
[ 51.649353][ T377] ? kmem_cache_free+0x116/0x2e0
[ 51.654100][ T377] print_address_description+0x87/0x3b0
[ 51.659488][ T377] ? kmem_cache_free+0x116/0x2e0
[ 51.664252][ T377] ? kmem_cache_free+0x116/0x2e0
[ 51.669021][ T377] kasan_report_invalid_free+0x6b/0xa0
[ 51.674325][ T377] ____kasan_slab_free+0x13e/0x160
[ 51.679273][ T377] __kasan_slab_free+0x11/0x20
[ 51.683862][ T377] slab_free_freelist_hook+0xbd/0x190
[ 51.689076][ T377] ? kfree_skbmem+0x104/0x170
[ 51.693586][ T377] kmem_cache_free+0x116/0x2e0
[ 51.698184][ T377] kfree_skbmem+0x104/0x170
[ 51.702536][ T377] consume_skb+0xb4/0x250
[ 51.706700][ T377] __sk_msg_free+0x2dd/0x370
[ 51.711118][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.716765][ T377] sk_psock_stop+0x44c/0x4d0
[ 51.721194][ T377] sk_psock_drop+0x219/0x310
[ 51.725610][ T377] sock_map_unref+0x48f/0x4d0
[ 51.730127][ T377] ? __local_bh_enable_ip+0x58/0x80
[ 51.735159][ T377] ? _raw_spin_unlock_bh+0x51/0x60
[ 51.740108][ T377] sock_map_remove_links+0x41c/0x650
[ 51.745231][ T377] ? __kasan_record_aux_stack+0xd3/0xf0
[ 51.750622][ T377] ? kasan_record_aux_stack+0xe/0x10
[ 51.755787][ T377] ? task_work_add+0x27/0x1d0
[ 51.760242][ T377] ? sock_map_unhash+0x120/0x120
[ 51.765020][ T377] ? x64_sys_call+0x3d/0x9a0
[ 51.769548][ T377] ? locks_remove_posix+0x610/0x610
[ 51.774673][ T377] sock_map_close+0x114/0x530
[ 51.779313][ T377] ? unix_peer_get+0xe0/0xe0
[ 51.783730][ T377] ? sock_map_remove_links+0x650/0x650
[ 51.789031][ T377] ? rwsem_mark_wake+0x770/0x770
[ 51.793881][ T377] unix_release+0x82/0xc0
[ 51.798054][ T377] sock_close+0xdf/0x270
[ 51.802152][ T377] ? sock_mmap+0xa0/0xa0
[ 51.806295][ T377] __fput+0x228/0x8c0
[ 51.810113][ T377] ____fput+0x15/0x20
[ 51.814069][ T377] task_work_run+0x129/0x190
[ 51.818597][ T377] exit_to_user_mode_loop+0xc4/0xe0
[ 51.823623][ T377] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.828918][ T377] syscall_exit_to_user_mode+0x26/0x160
[ 51.834408][ T377] do_syscall_64+0x47/0xb0
[ 51.838654][ T377] ? clear_bhb_loop+0x35/0x90
[ 51.843182][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.849054][ T377] RIP: 0033:0x7fea17f81c9a
[ 51.853301][ T377] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.872907][ T377] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.881148][ T377] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 51.888957][ T377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.896792][ T377] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 51.904688][ T377] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cb56
[ 51.912490][ T377] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000c815
[ 51.920570][ T377]
[ 51.923429][ T377]
[ 51.925605][ T377] Allocated by task 378:
[ 51.929686][ T377] __kasan_slab_alloc+0xb1/0xe0
[ 51.934396][ T377] slab_post_alloc_hook+0x53/0x2c0
[ 51.939315][ T377] kmem_cache_alloc+0xf5/0x200
[ 51.943969][ T377] skb_clone+0x1d1/0x360
[ 51.947991][ T377] sk_psock_verdict_recv+0x53/0x840
[ 51.953033][ T377] unix_read_sock+0x132/0x370
[ 51.957535][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.963178][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.968209][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 51.972811][ T377] ___sys_sendmsg+0x252/0x2e0
[ 51.977347][ T377] __sys_sendmmsg+0x2bf/0x530
[ 51.981841][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.986525][ T377] x64_sys_call+0x81d/0x9a0
[ 51.990864][ T377] do_syscall_64+0x3b/0xb0
[ 51.995125][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.000853][ T377]
[ 52.003019][ T377] Freed by task 20:
[ 52.006661][ T377] kasan_set_track+0x4b/0x70
[ 52.011090][ T377] kasan_set_free_info+0x23/0x40
[ 52.015935][ T377] ____kasan_slab_free+0x126/0x160
[ 52.020808][ T377] __kasan_slab_free+0x11/0x20
[ 52.025405][ T377] slab_free_freelist_hook+0xbd/0x190
[ 52.030612][ T377] kmem_cache_free+0x116/0x2e0
[ 52.035211][ T377] kfree_skbmem+0x104/0x170
[ 52.039552][ T377] kfree_skb+0xc2/0x360
[ 52.043655][ T377] sk_psock_backlog+0xc21/0xd90
[ 52.048338][ T377] process_one_work+0x6bb/0xc10
[ 52.053024][ T377] worker_thread+0xad5/0x12a0
[ 52.057538][ T377] kthread+0x421/0x510
[ 52.061447][ T377] ret_from_fork+0x1f/0x30
[ 52.065709][ T377]
[ 52.067872][ T377] The buggy address belongs to the object at ffff88810f13bb40
[ 52.067872][ T377] which belongs to the cache skbuff_head_cache of size 248
[ 52.082290][ T377] The buggy address is located 0 bytes inside of
[ 52.082290][ T377] 248-byte region [ffff88810f13bb40, ffff88810f13bc38)
[ 52.095206][ T377] The buggy address belongs to the page:
[ 52.100678][ T377] page:ffffea00043c4ec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f13b
[ 52.110850][ T377] flags: 0x4000000000000200(slab|zone=1)
[ 52.116323][ T377] raw: 4000000000000200 ffffea00043dbac0 0000000300000003 ffff8881081ab500
[ 52.124740][ T377] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.133164][ T377] page dumped because: kasan: bad access detected
[ 52.139488][ T377] page_owner tracks the page as allocated
[ 52.145039][ T377] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 103, ts 4168986800, free_ts 4168667676
[ 52.160670][ T377] post_alloc_hook+0x1a3/0x1b0
[ 52.165271][ T377] prep_new_page+0x1b/0x110
[ 52.169620][ T377] get_page_from_freelist+0x3550/0x35d0
[ 52.175072][ T377] __alloc_pages+0x27e/0x8f0
[ 52.179495][ T377] new_slab+0x9a/0x4e0
[ 52.183491][ T377] ___slab_alloc+0x39e/0x830
[ 52.187917][ T377] __slab_alloc+0x4a/0x90
[ 52.192086][ T377] kmem_cache_alloc+0x134/0x200
[ 52.196765][ T377] __alloc_skb+0xbe/0x550
[ 52.200931][ T377] netlink_sendmsg+0x797/0xd20
[ 52.205534][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 52.210262][ T377] ___sys_sendmsg+0x252/0x2e0
[ 52.214774][ T377] __se_sys_sendmsg+0x19a/0x260
[ 52.219449][ T377] __x64_sys_sendmsg+0x7b/0x90
[ 52.224049][ T377] x64_sys_call+0x16a/0x9a0
[ 52.228389][ T377] do_syscall_64+0x3b/0xb0
[ 52.232646][ T377] page last free stack trace:
[ 52.237154][ T377] free_unref_page_prepare+0x7c8/0x7d0
[ 52.242471][ T377] free_unref_page+0xe8/0x750
[ 52.246961][ T377] __free_pages+0x61/0xf0
[ 52.251129][ T377] free_pages+0x7c/0x90
[ 52.255119][ T377] selinux_genfs_get_sid+0x24d/0x2a0
[ 52.260241][ T377] inode_doinit_with_dentry+0x8d2/0x1070
[ 52.265716][ T377] selinux_d_instantiate+0x27/0x40
[ 52.270655][ T377] security_d_instantiate+0x9f/0x100
[ 52.275776][ T377] d_splice_alias+0x6d/0x390
[ 52.280202][ T377] kernfs_iop_lookup+0x29e/0x2f0
[ 52.285045][ T377] __lookup_slow+0x2b9/0x400
[ 52.289405][ T377] lookup_slow+0x5a/0x80
[ 52.293488][ T377] walk_component+0x48c/0x610
[ 52.298006][ T377] path_lookupat+0x16d/0x450
[ 52.302427][ T377] filename_lookup+0x230/0x5c0
[ 52.307021][ T377] user_path_at_empty+0x43/0x1a0
[ 52.311794][ T377]
[ 52.313964][ T377] Memory state around the buggy address:
[ 52.319438][ T377] ffff88810f13ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.327622][ T377] ffff88810f13ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.335522][ T377] >ffff88810f13bb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.343416][ T377] ^
[ 52.349408][ T377] ffff88810f13bb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.357331][ T377] ffff88810f13bc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.365198][ T377] ==================================================================
[ 52.387703][ T381] FAULT_INJECTION: forcing a failure.
[ 52.387703][ T381] name failslab, interval 1, probability 0, space 0, times 0
[ 52.400184][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.411742][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.421635][ T381] Call Trace:
[ 52.424753][ T381]
[ 52.427596][ T381] dump_stack_lvl+0x151/0x1c0
[ 52.432056][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.437513][ T381] dump_stack+0x15/0x20
[ 52.441502][ T381] should_fail+0x3c6/0x510
[ 52.445761][ T381] __should_failslab+0xa4/0xe0
[ 52.450356][ T381] should_failslab+0x9/0x20
[ 52.454694][ T381] slab_pre_alloc_hook+0x37/0xd0
[ 52.459589][ T381] kmem_cache_alloc_trace+0x48/0x210
[ 52.464807][ T381] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.470340][ T381] ? migrate_disable+0x190/0x190
[ 52.475228][ T381] sk_psock_skb_ingress_self+0x60/0x330
[ 52.480604][ T381] sk_psock_verdict_recv+0x66d/0x840
[ 52.485726][ T381] unix_read_sock+0x132/0x370
[ 52.490238][ T381] ? sk_psock_skb_redirect+0x440/0x440
[ 52.495531][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 52.501177][ T381] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.506464][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 52.512023][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.517661][ T381] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.522877][ T381] ? _raw_spin_lock+0xa4/0x1b0
[ 52.527469][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.533195][ T381] ? skb_queue_tail+0xfb/0x120
[ 52.538060][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.543103][ T381] ? unix_dgram_poll+0x690/0x690
[ 52.547866][ T381] ? __kasan_check_write+0x14/0x20
[ 52.552810][ T381] ? __cpuidle_text_end+0x2/0x2
[ 52.557518][ T381] ? cgroup_rstat_updated+0xe5/0x370
[ 52.562615][ T381] ? security_socket_sendmsg+0x82/0xb0
[ 52.567918][ T381] ? unix_dgram_poll+0x690/0x690
[ 52.572688][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 52.577286][ T381] ? __sys_sendmsg_sock+0x40/0x40
[ 52.582232][ T381] ? import_iovec+0xe5/0x120
[ 52.586662][ T381] ___sys_sendmsg+0x252/0x2e0
[ 52.591177][ T381] ? __sys_sendmsg+0x260/0x260
[ 52.595775][ T381] ? __kasan_check_write+0x14/0x20
[ 52.600717][ T381] ? proc_fail_nth_write+0x20b/0x290
[ 52.605847][ T381] ? __fdget+0x1bc/0x240
[ 52.610105][ T381] __sys_sendmmsg+0x2bf/0x530
[ 52.614619][ T381] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.619471][ T381] ? mutex_unlock+0xb2/0x260
[ 52.623904][ T381] ? __kasan_check_write+0x14/0x20
[ 52.628869][ T381] ? __ia32_sys_read+0x90/0x90
[ 52.633446][ T381] ? debug_smp_processor_id+0x17/0x20
[ 52.638738][ T381] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.644641][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.649323][ T381] x64_sys_call+0x81d/0x9a0
[ 52.653664][ T381] do_syscall_64+0x3b/0xb0
[ 52.657917][ T381] ? clear_bhb_loop+0x35/0x90
[ 52.662447][ T381] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.668269][ T381] RIP: 0033:0x7fea17f82da9
[ 52.672527][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.692219][ T381] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.700547][ T381] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 52.708359][ T381] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 52.716168][ T381] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 52.723980][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.731791][ T381] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 52.739699][ T381]
[ 52.744970][ T380] ==================================================================
[ 52.752942][ T380] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.761196][ T380]
[ 52.763354][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.774901][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.784793][ T380] Call Trace:
[ 52.787917][ T380]
[ 52.790694][ T380] dump_stack_lvl+0x151/0x1c0
[ 52.795211][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.800673][ T380] ? __wake_up_klogd+0xd5/0x110
[ 52.805360][ T380] ? panic+0x760/0x760
[ 52.809265][ T380] ? kmem_cache_free+0x116/0x2e0
[ 52.814039][ T380] print_address_description+0x87/0x3b0
[ 52.819420][ T380] ? kmem_cache_free+0x116/0x2e0
[ 52.824193][ T380] ? kmem_cache_free+0x116/0x2e0
[ 52.828970][ T380] kasan_report_invalid_free+0x6b/0xa0
[ 52.834262][ T380] ____kasan_slab_free+0x13e/0x160
[ 52.839211][ T380] __kasan_slab_free+0x11/0x20
[ 52.843810][ T380] slab_free_freelist_hook+0xbd/0x190
[ 52.849016][ T380] ? kfree_skbmem+0x104/0x170
[ 52.853534][ T380] kmem_cache_free+0x116/0x2e0
[ 52.858131][ T380] kfree_skbmem+0x104/0x170
[ 52.862468][ T380] consume_skb+0xb4/0x250
[ 52.866634][ T380] __sk_msg_free+0x2dd/0x370
[ 52.871074][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.876709][ T380] sk_psock_stop+0x44c/0x4d0
[ 52.881133][ T380] sk_psock_drop+0x219/0x310
[ 52.885582][ T380] sock_map_unref+0x48f/0x4d0
[ 52.890075][ T380] ? __local_bh_enable_ip+0x58/0x80
[ 52.895104][ T380] ? _raw_spin_unlock_bh+0x51/0x60
[ 52.900055][ T380] sock_map_remove_links+0x41c/0x650
[ 52.905180][ T380] ? __kasan_record_aux_stack+0xd3/0xf0
[ 52.910551][ T380] ? kasan_record_aux_stack+0xe/0x10
[ 52.915673][ T380] ? task_work_add+0x27/0x1d0
[ 52.920197][ T380] ? sock_map_unhash+0x120/0x120
[ 52.924965][ T380] ? x64_sys_call+0x3d/0x9a0
[ 52.929388][ T380] ? locks_remove_posix+0x610/0x610
[ 52.934419][ T380] sock_map_close+0x114/0x530
[ 52.938935][ T380] ? unix_peer_get+0xe0/0xe0
[ 52.943619][ T380] ? sock_map_remove_links+0x650/0x650
[ 52.948999][ T380] ? rwsem_mark_wake+0x770/0x770
[ 52.953787][ T380] unix_release+0x82/0xc0
[ 52.957941][ T380] sock_close+0xdf/0x270
[ 52.962040][ T380] ? sock_mmap+0xa0/0xa0
[ 52.966095][ T380] __fput+0x228/0x8c0
[ 52.969920][ T380] ____fput+0x15/0x20
[ 52.973736][ T380] task_work_run+0x129/0x190
[ 52.978162][ T380] exit_to_user_mode_loop+0xc4/0xe0
[ 52.983193][ T380] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.988488][ T380] syscall_exit_to_user_mode+0x26/0x160
[ 52.993884][ T380] do_syscall_64+0x47/0xb0
[ 52.998209][ T380] ? clear_bhb_loop+0x35/0x90
[ 53.002722][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.008453][ T380] RIP: 0033:0x7fea17f81c9a
[ 53.012708][ T380] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.032143][ T380] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.040395][ T380] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 53.048208][ T380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.056020][ T380] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 53.063822][ T380] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cfcf
[ 53.071634][ T380] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000cc8e
[ 53.079448][ T380]
[ 53.082308][ T380]
[ 53.084479][ T380] Allocated by task 381:
[ 53.088562][ T380] __kasan_slab_alloc+0xb1/0xe0
[ 53.093243][ T380] slab_post_alloc_hook+0x53/0x2c0
[ 53.098193][ T380] kmem_cache_alloc+0xf5/0x200
[ 53.102795][ T380] skb_clone+0x1d1/0x360
[ 53.106874][ T380] sk_psock_verdict_recv+0x53/0x840
[ 53.111913][ T380] unix_read_sock+0x132/0x370
[ 53.116423][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.122062][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.127096][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 53.131704][ T380] ___sys_sendmsg+0x252/0x2e0
[ 53.136222][ T380] __sys_sendmmsg+0x2bf/0x530
[ 53.140725][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.145406][ T380] x64_sys_call+0x81d/0x9a0
[ 53.149761][ T380] do_syscall_64+0x3b/0xb0
[ 53.154007][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.159758][ T380]
[ 53.161899][ T380] Freed by task 298:
[ 53.165629][ T380] kasan_set_track+0x4b/0x70
[ 53.170239][ T380] kasan_set_free_info+0x23/0x40
[ 53.175016][ T380] ____kasan_slab_free+0x126/0x160
[ 53.179963][ T380] __kasan_slab_free+0x11/0x20
[ 53.184562][ T380] slab_free_freelist_hook+0xbd/0x190
[ 53.189771][ T380] kmem_cache_free+0x116/0x2e0
[ 53.194396][ T380] kfree_skbmem+0x104/0x170
[ 53.198727][ T380] kfree_skb+0xc2/0x360
[ 53.202703][ T380] sk_psock_backlog+0xc21/0xd90
[ 53.207389][ T380] process_one_work+0x6bb/0xc10
[ 53.212075][ T380] worker_thread+0xad5/0x12a0
[ 53.216585][ T380] kthread+0x421/0x510
[ 53.220496][ T380] ret_from_fork+0x1f/0x30
[ 53.224748][ T380]
[ 53.226915][ T380] The buggy address belongs to the object at ffff88811e15bc80
[ 53.226915][ T380] which belongs to the cache skbuff_head_cache of size 248
[ 53.241553][ T380] The buggy address is located 0 bytes inside of
[ 53.241553][ T380] 248-byte region [ffff88811e15bc80, ffff88811e15bd78)
[ 53.254479][ T380] The buggy address belongs to the page:
[ 53.259948][ T380] page:ffffea00047856c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e15b
[ 53.270019][ T380] flags: 0x4000000000000200(slab|zone=1)
[ 53.275750][ T380] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab500
[ 53.284167][ T380] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.292583][ T380] page dumped because: kasan: bad access detected
[ 53.298827][ T380] page_owner tracks the page as allocated
[ 53.304388][ T380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 52382403810, free_ts 52377267635
[ 53.320094][ T380] post_alloc_hook+0x1a3/0x1b0
[ 53.324690][ T380] prep_new_page+0x1b/0x110
[ 53.329029][ T380] get_page_from_freelist+0x3550/0x35d0
[ 53.334670][ T380] __alloc_pages+0x27e/0x8f0
[ 53.339094][ T380] new_slab+0x9a/0x4e0
[ 53.343175][ T380] ___slab_alloc+0x39e/0x830
[ 53.347599][ T380] __slab_alloc+0x4a/0x90
[ 53.351778][ T380] kmem_cache_alloc+0x134/0x200
[ 53.356462][ T380] skb_clone+0x1d1/0x360
[ 53.360534][ T380] netlink_broadcast_filtered+0x692/0x1220
[ 53.366173][ T380] netlink_broadcast+0x3a/0x50
[ 53.370777][ T380] kobject_uevent_net_broadcast+0x3a1/0x590
[ 53.376517][ T380] kobject_uevent_env+0x525/0x700
[ 53.381367][ T380] kobject_synth_uevent+0x4eb/0xae0
[ 53.386403][ T380] uevent_store+0x25/0x60
[ 53.390695][ T380] dev_attr_store+0x5c/0x80
[ 53.395107][ T380] page last free stack trace:
[ 53.399823][ T380] free_unref_page_prepare+0x7c8/0x7d0
[ 53.405114][ T380] free_unref_page+0xe8/0x750
[ 53.409636][ T380] __free_pages+0x61/0xf0
[ 53.413788][ T380] free_pages+0x7c/0x90
[ 53.417782][ T380] pgd_free+0x17d/0x190
[ 53.421775][ T380] __mmdrop+0xb0/0x410
[ 53.425693][ T380] finish_task_switch+0x2cd/0x7b0
[ 53.430546][ T380] __schedule+0xcd4/0x1590
[ 53.434800][ T380] schedule+0x11f/0x1e0
[ 53.438786][ T380] schedule_timeout+0xa9/0x370
[ 53.443384][ T380] __skb_wait_for_more_packets+0x394/0x5f0
[ 53.449030][ T380] __unix_dgram_recvmsg+0x34f/0x1260
[ 53.454144][ T380] unix_dgram_recvmsg+0xc4/0xe0
[ 53.458831][ T380] sock_read_iter+0x353/0x480
[ 53.463367][ T380] vfs_read+0xa81/0xd40
[ 53.467340][ T380] ksys_read+0x199/0x2c0
[ 53.471422][ T380]
[ 53.473594][ T380] Memory state around the buggy address:
[ 53.479066][ T380] ffff88811e15bb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.487129][ T380] ffff88811e15bc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.495248][ T380] >ffff88811e15bc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.503139][ T380] ^
[ 53.507204][ T380] ffff88811e15bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.515042][ T380] ffff88811e15bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.522931][ T380] ==================================================================
[ 53.545820][ T384] FAULT_INJECTION: forcing a failure.
[ 53.545820][ T384] name failslab, interval 1, probability 0, space 0, times 0
[ 53.558259][ T384] CPU: 0 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.569882][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.579774][ T384] Call Trace:
[ 53.582897][ T384]
[ 53.585677][ T384] dump_stack_lvl+0x151/0x1c0
[ 53.590187][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.595652][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.601300][ T384] ? __skb_try_recv_datagram+0x495/0x6a0
[ 53.606765][ T384] dump_stack+0x15/0x20
[ 53.610760][ T384] should_fail+0x3c6/0x510
[ 53.615016][ T384] __should_failslab+0xa4/0xe0
[ 53.619611][ T384] ? skb_clone+0x1d1/0x360
[ 53.623863][ T384] should_failslab+0x9/0x20
[ 53.628206][ T384] slab_pre_alloc_hook+0x37/0xd0
[ 53.633061][ T384] ? skb_clone+0x1d1/0x360
[ 53.637313][ T384] kmem_cache_alloc+0x44/0x200
[ 53.641915][ T384] skb_clone+0x1d1/0x360
[ 53.645995][ T384] sk_psock_verdict_recv+0x53/0x840
[ 53.651030][ T384] ? avc_has_perm_noaudit+0x430/0x430
[ 53.656407][ T384] ? mntput_no_expire+0xfc/0x6b0
[ 53.661184][ T384] unix_read_sock+0x132/0x370
[ 53.665696][ T384] ? sk_psock_skb_redirect+0x440/0x440
[ 53.670987][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 53.676647][ T384] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.681948][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 53.687499][ T384] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.693226][ T384] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.698430][ T384] ? _raw_spin_lock+0xa4/0x1b0
[ 53.703119][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.708781][ T384] ? skb_queue_tail+0xfb/0x120
[ 53.713457][ T384] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.718498][ T384] ? unix_dgram_poll+0x690/0x690
[ 53.723266][ T384] ? __kasan_check_write+0x14/0x20
[ 53.728210][ T384] ? __cpuidle_text_end+0x2/0x2
[ 53.732898][ T384] ? cgroup_rstat_updated+0xe5/0x370
[ 53.738018][ T384] ? security_socket_sendmsg+0x82/0xb0
[ 53.743313][ T384] ? unix_dgram_poll+0x690/0x690
[ 53.748086][ T384] ____sys_sendmsg+0x59e/0x8f0
[ 53.752689][ T384] ? __sys_sendmsg_sock+0x40/0x40
[ 53.757558][ T384] ? import_iovec+0xe5/0x120
[ 53.761976][ T384] ___sys_sendmsg+0x252/0x2e0
[ 53.766576][ T384] ? __sys_sendmsg+0x260/0x260
[ 53.771199][ T384] ? __kasan_check_write+0x14/0x20
[ 53.776126][ T384] ? proc_fail_nth_write+0x20b/0x290
[ 53.781340][ T384] ? __fdget+0x1bc/0x240
[ 53.785409][ T384] __sys_sendmmsg+0x2bf/0x530
[ 53.789922][ T384] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.794780][ T384] ? mutex_unlock+0xb2/0x260
[ 53.799217][ T384] ? __kasan_check_write+0x14/0x20
[ 53.804159][ T384] ? __ia32_sys_read+0x90/0x90
[ 53.808759][ T384] ? debug_smp_processor_id+0x17/0x20
[ 53.813961][ T384] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.819865][ T384] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.824552][ T384] x64_sys_call+0x81d/0x9a0
[ 53.828891][ T384] do_syscall_64+0x3b/0xb0
[ 53.833147][ T384] ? clear_bhb_loop+0x35/0x90
[ 53.837657][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.843385][ T384] RIP: 0033:0x7fea17f82da9
[ 53.847636][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.867079][ T384] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.875345][ T384] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 53.883133][ T384] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 53.891033][ T384] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 53.898849][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.906657][ T384] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 53.914472][ T384]
[ 53.926233][ T386] FAULT_INJECTION: forcing a failure.
[ 53.926233][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 53.938816][ T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.950287][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.960266][ T386] Call Trace:
[ 53.963389][ T386]
[ 53.966167][ T386] dump_stack_lvl+0x151/0x1c0
[ 53.970683][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.976161][ T386] dump_stack+0x15/0x20
[ 53.980265][ T386] should_fail+0x3c6/0x510
[ 53.984522][ T386] __should_failslab+0xa4/0xe0
[ 53.989117][ T386] should_failslab+0x9/0x20
[ 53.993447][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 53.998224][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 54.003341][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.008894][ T386] ? migrate_disable+0x190/0x190
[ 54.013677][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 54.019061][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 54.024258][ T386] unix_read_sock+0x132/0x370
[ 54.028781][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 54.034064][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 54.039620][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.045009][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 54.050556][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.056199][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.061408][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 54.066005][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.071646][ T386] ? skb_queue_tail+0xfb/0x120
[ 54.076247][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.081285][ T386] ? unix_dgram_poll+0x690/0x690
[ 54.086052][ T386] ? __kasan_check_write+0x14/0x20
[ 54.090999][ T386] ? __cpuidle_text_end+0x2/0x2
[ 54.095698][ T386] ? cgroup_rstat_updated+0xe5/0x370
[ 54.100823][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 54.106103][ T386] ? unix_dgram_poll+0x690/0x690
[ 54.110894][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 54.115480][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 54.120338][ T386] ? import_iovec+0xe5/0x120
[ 54.124852][ T386] ___sys_sendmsg+0x252/0x2e0
[ 54.129367][ T386] ? __sys_sendmsg+0x260/0x260
[ 54.133966][ T386] ? __kasan_check_write+0x14/0x20
[ 54.138985][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 54.144031][ T386] ? __fdget+0x1bc/0x240
[ 54.148197][ T386] __sys_sendmmsg+0x2bf/0x530
[ 54.152713][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.157568][ T386] ? mutex_unlock+0xb2/0x260
[ 54.162001][ T386] ? __kasan_check_write+0x14/0x20
[ 54.166948][ T386] ? __ia32_sys_read+0x90/0x90
[ 54.171543][ T386] ? debug_smp_processor_id+0x17/0x20
[ 54.176923][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.182825][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.187517][ T386] x64_sys_call+0x81d/0x9a0
[ 54.191852][ T386] do_syscall_64+0x3b/0xb0
[ 54.196106][ T386] ? clear_bhb_loop+0x35/0x90
[ 54.200620][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.206344][ T386] RIP: 0033:0x7fea17f82da9
[ 54.210616][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.230040][ T386] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.238286][ T386] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 54.246098][ T386] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 54.253908][ T386] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 54.261726][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.269528][ T386] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 54.277346][ T386]
[ 54.280517][ T385] ==================================================================
[ 54.288404][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.296648][ T385]
[ 54.298812][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.310355][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.320248][ T385] Call Trace:
[ 54.323380][ T385]
[ 54.326159][ T385] dump_stack_lvl+0x151/0x1c0
[ 54.330668][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.336130][ T385] ? __wake_up_klogd+0xd5/0x110
[ 54.340824][ T385] ? panic+0x760/0x760
[ 54.344728][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.349509][ T385] print_address_description+0x87/0x3b0
[ 54.354890][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.359654][ T385] ? kmem_cache_free+0x116/0x2e0
[ 54.364427][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 54.369719][ T385] ____kasan_slab_free+0x13e/0x160
[ 54.374705][ T385] __kasan_slab_free+0x11/0x20
[ 54.379539][ T385] slab_free_freelist_hook+0xbd/0x190
[ 54.384744][ T385] ? kfree_skbmem+0x104/0x170
[ 54.389246][ T385] kmem_cache_free+0x116/0x2e0
[ 54.393852][ T385] kfree_skbmem+0x104/0x170
[ 54.398185][ T385] consume_skb+0xb4/0x250
[ 54.402366][ T385] __sk_msg_free+0x2dd/0x370
[ 54.406783][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.412423][ T385] sk_psock_stop+0x44c/0x4d0
[ 54.416849][ T385] sk_psock_drop+0x219/0x310
[ 54.421274][ T385] sock_map_unref+0x48f/0x4d0
[ 54.425785][ T385] ? __local_bh_enable_ip+0x58/0x80
[ 54.430905][ T385] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.435857][ T385] sock_map_remove_links+0x41c/0x650
[ 54.440974][ T385] ? __kasan_record_aux_stack+0xd3/0xf0
[ 54.446355][ T385] ? kasan_record_aux_stack+0xe/0x10
[ 54.451575][ T385] ? task_work_add+0x27/0x1d0
[ 54.456098][ T385] ? sock_map_unhash+0x120/0x120
[ 54.460851][ T385] ? x64_sys_call+0x3d/0x9a0
[ 54.465364][ T385] ? locks_remove_posix+0x610/0x610
[ 54.470397][ T385] sock_map_close+0x114/0x530
[ 54.474920][ T385] ? unix_peer_get+0xe0/0xe0
[ 54.479332][ T385] ? sock_map_remove_links+0x650/0x650
[ 54.484630][ T385] ? rwsem_mark_wake+0x770/0x770
[ 54.489403][ T385] unix_release+0x82/0xc0
[ 54.493570][ T385] sock_close+0xdf/0x270
[ 54.497649][ T385] ? sock_mmap+0xa0/0xa0
[ 54.501728][ T385] __fput+0x228/0x8c0
[ 54.505547][ T385] ____fput+0x15/0x20
[ 54.509364][ T385] task_work_run+0x129/0x190
[ 54.513791][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 54.518827][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.524118][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 54.529502][ T385] do_syscall_64+0x47/0xb0
[ 54.533750][ T385] ? clear_bhb_loop+0x35/0x90
[ 54.538264][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.543996][ T385] RIP: 0033:0x7fea17f81c9a
[ 54.548246][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.567689][ T385] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.575934][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 54.583745][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.591557][ T385] RBP: 0000000000000032 R08: 0000001b31b60000 R09: 00007fea180b1f8c
[ 54.599366][ T385] R10: 00007ffd1d55a010 R11: 0000000000000293 R12: 00007fea17b071b0
[ 54.607175][ T385] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000d290
[ 54.614993][ T385]
[ 54.617869][ T385]
[ 54.620023][ T385] Allocated by task 386:
[ 54.624106][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 54.628792][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 54.633741][ T385] kmem_cache_alloc+0xf5/0x200
[ 54.638336][ T385] skb_clone+0x1d1/0x360
[ 54.642426][ T385] sk_psock_verdict_recv+0x53/0x840
[ 54.647448][ T385] unix_read_sock+0x132/0x370
[ 54.651962][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.657614][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.662643][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 54.667247][ T385] ___sys_sendmsg+0x252/0x2e0
[ 54.671752][ T385] __sys_sendmmsg+0x2bf/0x530
[ 54.676265][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.680957][ T385] x64_sys_call+0x81d/0x9a0
[ 54.685295][ T385] do_syscall_64+0x3b/0xb0
[ 54.689544][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.695269][ T385]
[ 54.697451][ T385] Freed by task 356:
[ 54.701263][ T385] kasan_set_track+0x4b/0x70
[ 54.705698][ T385] kasan_set_free_info+0x23/0x40
[ 54.710459][ T385] ____kasan_slab_free+0x126/0x160
[ 54.715409][ T385] __kasan_slab_free+0x11/0x20
[ 54.720012][ T385] slab_free_freelist_hook+0xbd/0x190
[ 54.725219][ T385] kmem_cache_free+0x116/0x2e0
[ 54.729820][ T385] kfree_skbmem+0x104/0x170
[ 54.734159][ T385] kfree_skb+0xc2/0x360
[ 54.738155][ T385] sk_psock_backlog+0xc21/0xd90
[ 54.742928][ T385] process_one_work+0x6bb/0xc10
[ 54.747615][ T385] worker_thread+0xad5/0x12a0
[ 54.752124][ T385] kthread+0x421/0x510
[ 54.756026][ T385] ret_from_fork+0x1f/0x30
[ 54.760278][ T385]
[ 54.762452][ T385] The buggy address belongs to the object at ffff88811e10cb40
[ 54.762452][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 54.776858][ T385] The buggy address is located 0 bytes inside of
[ 54.776858][ T385] 248-byte region [ffff88811e10cb40, ffff88811e10cc38)
[ 54.789788][ T385] The buggy address belongs to the page:
[ 54.795258][ T385] page:ffffea0004784300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e10c
[ 54.805322][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 54.810801][ T385] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab500
[ 54.819216][ T385] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.827635][ T385] page dumped because: kasan: bad access detected
[ 54.833878][ T385] page_owner tracks the page as allocated
[ 54.839432][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 53919243593, free_ts 51235346710
[ 54.855055][ T385] post_alloc_hook+0x1a3/0x1b0
[ 54.859652][ T385] prep_new_page+0x1b/0x110
[ 54.863993][ T385] get_page_from_freelist+0x3550/0x35d0
[ 54.869493][ T385] __alloc_pages+0x27e/0x8f0
[ 54.873889][ T385] new_slab+0x9a/0x4e0
[ 54.878234][ T385] ___slab_alloc+0x39e/0x830
[ 54.882652][ T385] __slab_alloc+0x4a/0x90
[ 54.886827][ T385] kmem_cache_alloc+0x134/0x200
[ 54.891505][ T385] __alloc_skb+0xbe/0x550
[ 54.895673][ T385] alloc_skb_with_frags+0xa6/0x680
[ 54.900623][ T385] sock_alloc_send_pskb+0x915/0xa50
[ 54.905652][ T385] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.910736][ T385] __sys_sendto+0x564/0x720
[ 54.915170][ T385] __x64_sys_sendto+0xe5/0x100
[ 54.919761][ T385] x64_sys_call+0x15c/0x9a0
[ 54.924097][ T385] do_syscall_64+0x3b/0xb0
[ 54.928361][ T385] page last free stack trace:
[ 54.932956][ T385] free_unref_page_prepare+0x7c8/0x7d0
[ 54.938243][ T385] free_unref_page_list+0x14b/0xa60
[ 54.943276][ T385] release_pages+0x1310/0x1370
[ 54.947878][ T385] free_pages_and_swap_cache+0x8a/0xa0
[ 54.953171][ T385] tlb_finish_mmu+0x177/0x320
[ 54.957684][ T385] exit_mmap+0x40d/0x940
[ 54.961760][ T385] __mmput+0x95/0x310
[ 54.965582][ T385] mmput+0x5b/0x170
[ 54.969225][ T385] do_exit+0xb9c/0x2ca0
[ 54.973230][ T385] do_group_exit+0x141/0x310
[ 54.977646][ T385] get_signal+0x7a3/0x1630
[ 54.981898][ T385] arch_do_signal_or_restart+0xbd/0x1680
[ 54.987364][ T385] exit_to_user_mode_loop+0xa0/0xe0
[ 54.992406][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.997699][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 55.003074][ T385] do_syscall_64+0x47/0xb0
[ 55.007329][ T385]
[ 55.009500][ T385] Memory state around the buggy address:
[ 55.014971][ T385] ffff88811e10ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.022867][ T385] ffff88811e10ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.030764][ T385] >ffff88811e10cb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.039016][ T385] ^
[ 55.044998][ T385] ffff88811e10cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.052895][ T385] ffff88811e10cc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.060795][ T385] ==================================================================
[ 55.082425][ T389] FAULT_INJECTION: forcing a failure.
[ 55.082425][ T389] name failslab, interval 1, probability 0, space 0, times 0
[ 55.094886][ T389] CPU: 1 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.106368][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.116263][ T389] Call Trace:
[ 55.119399][ T389]
[ 55.122256][ T389] dump_stack_lvl+0x151/0x1c0
[ 55.126767][ T389] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.132234][ T389] dump_stack+0x15/0x20
[ 55.136222][ T389] should_fail+0x3c6/0x510
[ 55.140482][ T389] __should_failslab+0xa4/0xe0
[ 55.145082][ T389] should_failslab+0x9/0x20
[ 55.149503][ T389] slab_pre_alloc_hook+0x37/0xd0
[ 55.154279][ T389] kmem_cache_alloc_trace+0x48/0x210
[ 55.159398][ T389] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.164955][ T389] ? migrate_disable+0x190/0x190
[ 55.169728][ T389] sk_psock_skb_ingress_self+0x60/0x330
[ 55.175116][ T389] sk_psock_verdict_recv+0x66d/0x840
[ 55.180227][ T389] unix_read_sock+0x132/0x370
[ 55.184739][ T389] ? sk_psock_skb_redirect+0x440/0x440
[ 55.190204][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 55.195759][ T389] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 55.201055][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 55.206613][ T389] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.212274][ T389] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.217599][ T389] ? _raw_spin_lock+0xa4/0x1b0
[ 55.222180][ T389] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.227938][ T389] ? skb_queue_tail+0xfb/0x120
[ 55.232537][ T389] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.237576][ T389] ? unix_dgram_poll+0x690/0x690
[ 55.242342][ T389] ? __kasan_check_write+0x14/0x20
[ 55.247287][ T389] ? __cpuidle_text_end+0x2/0x2
[ 55.252405][ T389] ? cgroup_rstat_updated+0xe5/0x370
[ 55.257528][ T389] ? security_socket_sendmsg+0x82/0xb0
[ 55.262820][ T389] ? unix_dgram_poll+0x690/0x690
[ 55.267601][ T389] ____sys_sendmsg+0x59e/0x8f0
[ 55.272196][ T389] ? __sys_sendmsg_sock+0x40/0x40
[ 55.277057][ T389] ? import_iovec+0xe5/0x120
[ 55.281487][ T389] ___sys_sendmsg+0x252/0x2e0
[ 55.286001][ T389] ? __sys_sendmsg+0x260/0x260
[ 55.290604][ T389] ? __kasan_check_write+0x14/0x20
[ 55.295552][ T389] ? proc_fail_nth_write+0x20b/0x290
[ 55.300667][ T389] ? __fdget+0x1bc/0x240
[ 55.304744][ T389] __sys_sendmmsg+0x2bf/0x530
[ 55.309265][ T389] ? __ia32_sys_sendmsg+0x90/0x90
[ 55.314120][ T389] ? mutex_unlock+0xb2/0x260
[ 55.318571][ T389] ? __kasan_check_write+0x14/0x20
[ 55.323491][ T389] ? __ia32_sys_read+0x90/0x90
[ 55.328092][ T389] ? debug_smp_processor_id+0x17/0x20
[ 55.334048][ T389] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.339953][ T389] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.344639][ T389] x64_sys_call+0x81d/0x9a0
[ 55.348971][ T389] do_syscall_64+0x3b/0xb0
[ 55.353225][ T389] ? clear_bhb_loop+0x35/0x90
[ 55.357737][ T389] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.363463][ T389] RIP: 0033:0x7fea17f82da9
[ 55.367716][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.387158][ T389] RSP: 002b:00007fea17b050c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.395405][ T389] RAX: ffffffffffffffda RBX: 00007fea180b1f80 RCX: 00007fea17f82da9
[ 55.403408][ T389] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 55.411225][ T389] RBP: 00007fea17b05120 R08: 0000000000000000 R09: 0000000000000000
[ 55.419034][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.426867][ T389] R13: 000000000000000b R14: 00007fea180b1f80 R15: 00007ffd1d559df8
[ 55.434749][ T389]
[ 55.440777][ T388] ==================================================================
[ 55.448668][ T388] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.456906][ T388]
[ 55.459070][ T388] CPU: 0 PID: 388 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.470700][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.480617][ T388] Call Trace:
[ 55.483722][ T388]
[ 55.486499][ T388] dump_stack_lvl+0x151/0x1c0
[ 55.491018][ T388] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.496493][ T388] ? __wake_up_klogd+0xd5/0x110
[ 55.501164][ T388] ? panic+0x760/0x760
[ 55.505068][ T388] ? kvm_sched_clock_read+0x18/0x40
[ 55.510103][ T388] ? kmem_cache_free+0x116/0x2e0
[ 55.514877][ T388] print_address_description+0x87/0x3b0
[ 55.520375][ T388] ? kmem_cache_free+0x116/0x2e0
[ 55.525140][ T388] ? kmem_cache_free+0x116/0x2e0
[ 55.530347][ T388] kasan_report_invalid_free+0x6b/0xa0
[ 55.535641][ T388] ____kasan_slab_free+0x13e/0x160
[ 55.540631][ T388] __kasan_slab_free+0x11/0x20
[ 55.545189][ T388] slab_free_freelist_hook+0xbd/0x190
[ 55.550400][ T388] ? kfree_skbmem+0x104/0x170
[ 55.554908][ T388] kmem_cache_free+0x116/0x2e0
[ 55.559539][ T388] kfree_skbmem+0x104/0x170
[ 55.563849][ T388] consume_skb+0xb4/0x250
[ 55.568014][ T388] __sk_msg_free+0x2dd/0x370
[ 55.572485][ T388] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.578169][ T388] sk_psock_stop+0x44c/0x4d0
[ 55.582597][ T388] sk_psock_drop+0x219/0x310
[ 55.587118][ T388] sock_map_unref+0x48f/0x4d0
[ 55.591623][ T388] ? __local_bh_enable_ip+0x58/0x80
[ 55.596660][ T388] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.601606][ T388] sock_map_remove_links+0x41c/0x650
[ 55.606729][ T388] ? __kasan_record_aux_stack+0xd3/0xf0
[ 55.612202][ T388] ? kasan_record_aux_stack+0xe/0x10
[ 55.617315][ T388] ? task_work_add+0x27/0x1d0
[ 55.621829][ T388] ? sock_map_unhash+0x120/0x120
[ 55.626602][ T388] ? x64_sys_call+0x3d/0x9a0
[ 55.631036][ T388] ? locks_remove_posix+0x610/0x610
[ 55.636158][ T388] sock_map_close+0x114/0x530
[ 55.640662][ T388] ? unix_peer_get+0xe0/0xe0
[ 55.645096][ T388] ? sock_map_remove_links+0x650/0x650
[ 55.650382][ T388] ? rwsem_mark_wake+0x770/0x770
[ 55.655160][ T388] unix_release+0x82/0xc0
[ 55.659327][ T388] sock_close+0xdf/0x270
[ 55.663401][ T388] ? sock_mmap+0xa0/0xa0
[ 55.667488][ T388] __fput+0x228/0x8c0
[ 55.671298][ T388] ____fput+0x15/0x20
[ 55.675118][ T388] task_work_run+0x129/0x190
[ 55.679544][ T388] exit_to_user_mode_loop+0xc4/0xe0
[ 55.684663][ T388] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.689958][ T388] syscall_exit_to_user_mode+0x26/0x160
[ 55.695340][ T388] do_syscall_64+0x47/0xb0
[ 55.699722][ T388] ? clear_bhb_loop+0x35/0x90
[ 55.704197][ T388] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.710007][ T388] RIP: 0033:0x7fea17f81c9a
[ 55.714435][ T388] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.733877][ T388] RSP: 002b:00007ffd1d559ec0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 55.742213][ T388] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fea17f81c9a
[ 55.750108][ T388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 55.757914][ T388] RBP: 00007fea180b3980 R08: 0000001b31b60000 R09: 00007ffd1d5770b0
[ 55.765773][ T388] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000da56
[ 55.773537][ T388] R13: ffffffffffffffff R14: 00007fea17b06000 R15: 000000000000d715
[ 55.781355][ T388]
[ 55.784220][ T388]
[ 55.786384][ T388] Allocated by task 389:
[ 55.790463][ T388] __kasan_slab_alloc+0xb1/0xe0
[ 55.795151][ T388] slab_post_alloc_hook+0x53/0x2c0
[ 55.800096][ T388] kmem_cache_alloc+0xf5/0x200
[ 55.804693][ T388] skb_clone+0x1d1/0x360
[ 55.808772][ T388] sk_psock_verdict_recv+0x53/0x840
[ 55.813812][ T388] unix_read_sock+0x132/0x370
[ 55.818456][ T388] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.824050][ T388] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.829082][ T388] ____sys_sendmsg+0x59e/0x8f0
[ 55.833699][ T388] ___sys_sendmsg+0x252/0x2e0
[ 55.838195][ T388] __sys_sendmmsg+0x2bf/0x530
[ 55.842708][ T388] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.847402][ T388] x64_sys_call+0x81d/0x9a0
[ 55.851739][ T388] do_syscall_64+0x3b/0xb0
[ 55.856024][ T388] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.862152][ T388]
[ 55.864407][ T388] Freed by task 298:
[ 55.868138][ T388] kasan_set_track+0x4b/0x70
[ 55.872572][ T388] kasan_set_free_info+0x23/0x40
[ 55.877344][ T388] ____kasan_slab_free+0x126/0x160
[ 55.882292][ T388] __kasan_slab_free+0x11/0x20
[ 55.886887][ T388] slab_free_freelist_hook+0xbd/0x190
[ 55.892100][ T388] kmem_cache_free+0x116/0x2e0
[ 55.896714][ T388] kfree_skbmem+0x104/0x170
[ 55.901032][ T388] kfree_skb+0xc2/0x360
[ 55.905037][ T388] sk_psock_backlog+0xc21/0xd90
[ 55.909729][ T388] process_one_work+0x6bb/0xc10
[ 55.914400][ T388] worker_thread+0xad5/0x12a0
[ 55.918913][ T388] kthread+0x421/0x510
[ 55.922818][ T388] ret_from_fork+0x1f/0x30
[ 55.927158][ T388]
[ 55.929328][ T388] The buggy address belongs to the object at ffff88811e10ba00
[ 55.929328][ T388] which belongs to the cache skbuff_head_cache of size 248
[ 55.943742][ T388] The buggy address is located 0 bytes inside of
[ 55.943742][ T388] 248-byte region [ffff88811e10ba00, ffff88811e10baf8)
[ 55.956674][ T388] The buggy address belongs to the page:
[ 55.962148][ T388] page:ffffea00047842c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e10b
[ 55.972212][ T388] flags: 0x4000000000000200(slab|zone=1)
[ 55.977682][ T388] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab500
[ 55.986097][ T388] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 55.994508][ T388] page dumped because: kasan: bad access detected
[ 56.000771][ T388] page_owner tracks the page as allocated
[ 56.006313][ T388] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 55078979590, free_ts 55075913018
[ 56.021935][ T388] post_alloc_hook+0x1a3/0x1b0
[ 56.026549][ T388] prep_new_page+0x1b/0x110
[ 56.030884][ T388] get_page_from_freelist+0x3550/0x35d0