Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts.
2024/03/20 06:56:38 ignoring optional flag "sandboxArg"="0"
2024/03/20 06:56:39 parsed 1 programs
[ 41.623935][ T30] audit: type=1400 audit(1710917799.106:157): avc: denied { mounton } for pid=340 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.649586][ T30] audit: type=1400 audit(1710917799.106:158): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2024/03/20 06:56:39 executed programs: 0
[ 41.701469][ T30] audit: type=1400 audit(1710917799.186:159): avc: denied { unlink } for pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 41.738981][ T340] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 41.796182][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.803932][ T347] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.811489][ T347] device bridge_slave_0 entered promiscuous mode
[ 41.819005][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.826551][ T347] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.834201][ T347] device bridge_slave_1 entered promiscuous mode
[ 41.877003][ T30] audit: type=1400 audit(1710917799.356:160): avc: denied { write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.882421][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.897620][ T30] audit: type=1400 audit(1710917799.356:161): avc: denied { read } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.904735][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.904847][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.940371][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.959683][ T302] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.967065][ T302] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.974681][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.982020][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.992182][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 42.000148][ T302] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.007131][ T302] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.014640][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 42.022881][ T302] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.029713][ T302] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.042071][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 42.059688][ T347] device veth0_vlan entered promiscuous mode
[ 42.066472][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 42.075053][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 42.082917][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 42.090246][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 42.097798][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 42.111511][ T347] device veth1_macvtap entered promiscuous mode
[ 42.122196][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 42.130492][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.138946][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 42.154353][ T30] audit: type=1400 audit(1710917799.636:162): avc: denied { mounton } for pid=347 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 42.185996][ T30] audit: type=1400 audit(1710917799.666:163): avc: denied { prog_load } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.206940][ T353] FAULT_INJECTION: forcing a failure.
[ 42.206940][ T353] name failslab, interval 1, probability 0, space 0, times 1
[ 42.209116][ T30] audit: type=1400 audit(1710917799.666:164): avc: denied { bpf } for pid=351 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.220116][ T353] CPU: 0 PID: 353 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.240016][ T30] audit: type=1400 audit(1710917799.666:165): avc: denied { perfmon } for pid=351 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.250089][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.250103][ T353] Call Trace:
[ 42.250108][ T353]
[ 42.250115][ T353] dump_stack_lvl+0x151/0x1b7
[ 42.250139][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.250158][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.271765][ T30] audit: type=1400 audit(1710917799.686:166): avc: denied { prog_run } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.280958][ T353] ? __skb_try_recv_datagram+0x495/0x6a0
[ 42.280994][ T353] dump_stack+0x15/0x17
[ 42.331027][ T353] should_fail+0x3c6/0x510
[ 42.335326][ T353] __should_failslab+0xa4/0xe0
[ 42.340025][ T353] ? skb_clone+0x1d1/0x360
[ 42.344643][ T353] should_failslab+0x9/0x20
[ 42.349156][ T353] slab_pre_alloc_hook+0x37/0xd0
[ 42.354099][ T353] ? skb_clone+0x1d1/0x360
[ 42.358447][ T353] kmem_cache_alloc+0x44/0x200
[ 42.363049][ T353] skb_clone+0x1d1/0x360
[ 42.367490][ T353] sk_psock_verdict_recv+0x53/0x840
[ 42.372691][ T353] ? avc_has_perm_noaudit+0x430/0x430
[ 42.377979][ T353] ? mntput_no_expire+0xfc/0x6b0
[ 42.382751][ T353] unix_read_sock+0x132/0x370
[ 42.387528][ T353] ? sk_psock_skb_redirect+0x440/0x440
[ 42.392928][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 42.398489][ T353] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.403890][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 42.409655][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.415288][ T353] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.420672][ T353] ? _raw_spin_lock+0xa4/0x1b0
[ 42.425272][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.430990][ T353] ? skb_queue_tail+0xfb/0x120
[ 42.435791][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.440974][ T353] ? unix_dgram_poll+0x710/0x710
[ 42.446838][ T353] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.452225][ T353] ? security_socket_sendmsg+0x82/0xb0
[ 42.457634][ T353] ? unix_dgram_poll+0x710/0x710
[ 42.462587][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 42.467369][ T353] ? __sys_sendmsg_sock+0x40/0x40
[ 42.472428][ T353] ? import_iovec+0xe5/0x120
[ 42.476849][ T353] ___sys_sendmsg+0x252/0x2e0
[ 42.481450][ T353] ? __sys_sendmsg+0x260/0x260
[ 42.486057][ T353] ? do_handle_mm_fault+0x1949/0x2330
[ 42.491440][ T353] ? __kasan_check_write+0x14/0x20
[ 42.496462][ T353] ? proc_fail_nth_write+0x20b/0x290
[ 42.502075][ T353] ? __fdget+0x1bc/0x240
[ 42.506107][ T353] __sys_sendmmsg+0x2bf/0x530
[ 42.510636][ T353] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.515661][ T353] ? mutex_unlock+0xb2/0x260
[ 42.520278][ T353] ? __kasan_check_write+0x14/0x20
[ 42.525209][ T353] ? debug_smp_processor_id+0x17/0x20
[ 42.530411][ T353] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.536320][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.541001][ T353] do_syscall_64+0x3d/0xb0
[ 42.545253][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.551089][ T353] RIP: 0033:0x7f57f085dae9
[ 42.555321][ T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.575552][ T353] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.584057][ T353] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 42.592831][ T353] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.600642][ T353] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 42.608552][ T353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.616762][ T353] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 42.624745][ T353]
[ 42.638171][ T355] FAULT_INJECTION: forcing a failure.
[ 42.638171][ T355] name failslab, interval 1, probability 0, space 0, times 0
[ 42.650872][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.661120][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.671480][ T355] Call Trace:
[ 42.674721][ T355]
[ 42.677560][ T355] dump_stack_lvl+0x151/0x1b7
[ 42.682541][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.688115][ T355] dump_stack+0x15/0x17
[ 42.692374][ T355] should_fail+0x3c6/0x510
[ 42.696598][ T355] __should_failslab+0xa4/0xe0
[ 42.701461][ T355] should_failslab+0x9/0x20
[ 42.705884][ T355] slab_pre_alloc_hook+0x37/0xd0
[ 42.710867][ T355] kmem_cache_alloc_trace+0x48/0x210
[ 42.716085][ T355] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.722179][ T355] ? migrate_disable+0x190/0x190
[ 42.726959][ T355] sk_psock_skb_ingress_self+0x60/0x330
[ 42.732634][ T355] sk_psock_verdict_recv+0x66d/0x840
[ 42.737818][ T355] unix_read_sock+0x132/0x370
[ 42.742347][ T355] ? sk_psock_skb_redirect+0x440/0x440
[ 42.747635][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 42.753360][ T355] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.758662][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 42.764291][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.770044][ T355] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.775232][ T355] ? _raw_spin_lock+0xa4/0x1b0
[ 42.780076][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.785917][ T355] ? skb_queue_tail+0xfb/0x120
[ 42.790591][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.795721][ T355] ? unix_dgram_poll+0x710/0x710
[ 42.800475][ T355] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.805440][ T355] ? security_socket_sendmsg+0x82/0xb0
[ 42.810726][ T355] ? unix_dgram_poll+0x710/0x710
[ 42.815505][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 42.820629][ T355] ? __sys_sendmsg_sock+0x40/0x40
[ 42.825687][ T355] ? import_iovec+0xe5/0x120
[ 42.830106][ T355] ___sys_sendmsg+0x252/0x2e0
[ 42.834620][ T355] ? __sys_sendmsg+0x260/0x260
[ 42.839217][ T355] ? do_handle_mm_fault+0x1949/0x2330
[ 42.844429][ T355] ? __kasan_check_write+0x14/0x20
[ 42.849739][ T355] ? proc_fail_nth_write+0x20b/0x290
[ 42.855067][ T355] ? __fdget+0x1bc/0x240
[ 42.859144][ T355] __sys_sendmmsg+0x2bf/0x530
[ 42.864066][ T355] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.869490][ T355] ? mutex_unlock+0xb2/0x260
[ 42.874003][ T355] ? __kasan_check_write+0x14/0x20
[ 42.878951][ T355] ? debug_smp_processor_id+0x17/0x20
[ 42.884364][ T355] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.890260][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.894956][ T355] do_syscall_64+0x3d/0xb0
[ 42.899306][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.905073][ T355] RIP: 0033:0x7f57f085dae9
[ 42.909293][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.928850][ T355] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.937170][ T355] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 42.944984][ T355] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.952803][ T355] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 42.960614][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.968424][ T355] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 42.976613][ T355]
[ 42.982581][ T354] ==================================================================
[ 42.990463][ T354] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 42.997235][ T354] Read of size 4 at addr ffff8881209c85ec by task syz-executor.0/354
[ 43.005213][ T354]
[ 43.007384][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.017682][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 43.027604][ T354] Call Trace:
[ 43.030731][ T354]
[ 43.033565][ T354] dump_stack_lvl+0x151/0x1b7
[ 43.038171][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.043625][ T354] ? panic+0x751/0x751
[ 43.047532][ T354] print_address_description+0x87/0x3b0
[ 43.053002][ T354] kasan_report+0x179/0x1c0
[ 43.057349][ T354] ? consume_skb+0x3c/0x250
[ 43.061768][ T354] ? consume_skb+0x3c/0x250
[ 43.066118][ T354] kasan_check_range+0x293/0x2a0
[ 43.071071][ T354] __kasan_check_read+0x11/0x20
[ 43.075752][ T354] consume_skb+0x3c/0x250
[ 43.080004][ T354] __sk_msg_free+0x2dd/0x370
[ 43.084620][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.090262][ T354] sk_psock_stop+0x44c/0x4d0
[ 43.094696][ T354] ? unix_peer_get+0xe0/0xe0
[ 43.099113][ T354] sock_map_close+0x2b9/0x4c0
[ 43.103630][ T354] ? sock_map_remove_links+0x570/0x570
[ 43.108918][ T354] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.113693][ T354] unix_release+0x82/0xc0
[ 43.117860][ T354] sock_close+0xdf/0x270
[ 43.121948][ T354] ? sock_mmap+0xa0/0xa0
[ 43.126018][ T354] __fput+0x3fe/0x910
[ 43.129838][ T354] ____fput+0x15/0x20
[ 43.133653][ T354] task_work_run+0x129/0x190
[ 43.138085][ T354] exit_to_user_mode_loop+0xc4/0xe0
[ 43.143113][ T354] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.148409][ T354] syscall_exit_to_user_mode+0x26/0x160
[ 43.153790][ T354] do_syscall_64+0x49/0xb0
[ 43.158046][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.163879][ T354] RIP: 0033:0x7f57f085c9da
[ 43.168205][ T354] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.187655][ T354] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.195886][ T354] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 43.203703][ T354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.211526][ T354] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 43.219503][ T354] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a9c2
[ 43.227309][ T354] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000a681
[ 43.235398][ T354]
[ 43.238250][ T354]
[ 43.240400][ T354] Allocated by task 355:
[ 43.244467][ T354] __kasan_slab_alloc+0xb1/0xe0
[ 43.249157][ T354] slab_post_alloc_hook+0x53/0x2c0
[ 43.254281][ T354] kmem_cache_alloc+0xf5/0x200
[ 43.258884][ T354] skb_clone+0x1d1/0x360
[ 43.263015][ T354] sk_psock_verdict_recv+0x53/0x840
[ 43.268178][ T354] unix_read_sock+0x132/0x370
[ 43.272675][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.278316][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.283352][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 43.287961][ T354] ___sys_sendmsg+0x252/0x2e0
[ 43.292724][ T354] __sys_sendmmsg+0x2bf/0x530
[ 43.297247][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.301934][ T354] do_syscall_64+0x3d/0xb0
[ 43.306355][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.312081][ T354]
[ 43.314252][ T354] Freed by task 60:
[ 43.318100][ T354] kasan_set_track+0x4b/0x70
[ 43.322543][ T354] kasan_set_free_info+0x23/0x40
[ 43.327302][ T354] ____kasan_slab_free+0x126/0x160
[ 43.332335][ T354] __kasan_slab_free+0x11/0x20
[ 43.336940][ T354] slab_free_freelist_hook+0xbd/0x190
[ 43.342144][ T354] kmem_cache_free+0x116/0x2e0
[ 43.346749][ T354] kfree_skbmem+0x104/0x170
[ 43.351083][ T354] kfree_skb+0xc2/0x360
[ 43.355159][ T354] sk_psock_backlog+0xc21/0xd90
[ 43.359852][ T354] process_one_work+0x6bb/0xc10
[ 43.364545][ T354] worker_thread+0xad5/0x12a0
[ 43.369168][ T354] kthread+0x421/0x510
[ 43.373084][ T354] ret_from_fork+0x1f/0x30
[ 43.377326][ T354]
[ 43.379498][ T354] The buggy address belongs to the object at ffff8881209c8500
[ 43.379498][ T354] which belongs to the cache skbuff_head_cache of size 248
[ 43.394079][ T354] The buggy address is located 236 bytes inside of
[ 43.394079][ T354] 248-byte region [ffff8881209c8500, ffff8881209c85f8)
[ 43.407393][ T354] The buggy address belongs to the page:
[ 43.412865][ T354] page:ffffea0004827200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1209c8
[ 43.423192][ T354] flags: 0x4000000000000200(slab|zone=1)
[ 43.428698][ T354] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 43.437165][ T354] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.445734][ T354] page dumped because: kasan: bad access detected
[ 43.451966][ T354] page_owner tracks the page as allocated
[ 43.457794][ T354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 42631868518, free_ts 42630713100
[ 43.473499][ T354] post_alloc_hook+0x1a3/0x1b0
[ 43.478121][ T354] prep_new_page+0x1b/0x110
[ 43.482534][ T354] get_page_from_freelist+0x3550/0x35d0
[ 43.487990][ T354] __alloc_pages+0x27e/0x8f0
[ 43.492419][ T354] new_slab+0x9a/0x4e0
[ 43.496324][ T354] ___slab_alloc+0x39e/0x830
[ 43.501110][ T354] __slab_alloc+0x4a/0x90
[ 43.505438][ T354] kmem_cache_alloc+0x134/0x200
[ 43.510307][ T354] __alloc_skb+0xbe/0x550
[ 43.514638][ T354] alloc_skb_with_frags+0xa6/0x680
[ 43.519847][ T354] sock_alloc_send_pskb+0x915/0xa50
[ 43.525052][ T354] unix_dgram_sendmsg+0x6fd/0x2090
[ 43.530282][ T354] __sys_sendto+0x564/0x720
[ 43.534783][ T354] __x64_sys_sendto+0xe5/0x100
[ 43.539374][ T354] do_syscall_64+0x3d/0xb0
[ 43.543629][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.549579][ T354] page last free stack trace:
[ 43.554182][ T354] free_unref_page_prepare+0x7c8/0x7d0
[ 43.559726][ T354] free_unref_page+0xe8/0x750
[ 43.564413][ T354] __free_pages+0x61/0xf0
[ 43.568796][ T354] free_pages+0x7c/0x90
[ 43.572775][ T354] tlb_finish_mmu+0x253/0x320
[ 43.577424][ T354] exit_mmap+0x3ef/0x6f0
[ 43.581554][ T354] __mmput+0x95/0x310
[ 43.585469][ T354] mmput+0x5b/0x170
[ 43.589558][ T354] do_exit+0xb9c/0x2ca0
[ 43.593818][ T354] do_group_exit+0x141/0x310
[ 43.598235][ T354] get_signal+0x7a3/0x1630
[ 43.602765][ T354] arch_do_signal_or_restart+0xbd/0x1680
[ 43.608412][ T354] exit_to_user_mode_loop+0xa0/0xe0
[ 43.613439][ T354] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.618733][ T354] syscall_exit_to_user_mode+0x26/0x160
[ 43.624112][ T354] do_syscall_64+0x49/0xb0
[ 43.628365][ T354]
[ 43.630543][ T354] Memory state around the buggy address:
[ 43.636183][ T354] ffff8881209c8480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.644263][ T354] ffff8881209c8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.652744][ T354] >ffff8881209c8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.660747][ T354] ^
[ 43.668035][ T354] ffff8881209c8600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.676361][ T354] ffff8881209c8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.684276][ T354] ==================================================================
[ 43.692447][ T354] Disabling lock debugging due to kernel taint
[ 43.698504][ T354] ==================================================================
[ 43.706338][ T354] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 43.714663][ T354]
[ 43.716858][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.728467][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 43.738725][ T354] Call Trace:
[ 43.741933][ T354]
[ 43.744964][ T354] dump_stack_lvl+0x151/0x1b7
[ 43.749470][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.754951][ T354] ? __wake_up_klogd+0xd5/0x110
[ 43.759636][ T354] ? panic+0x751/0x751
[ 43.763626][ T354] ? kmem_cache_free+0x116/0x2e0
[ 43.768475][ T354] print_address_description+0x87/0x3b0
[ 43.773923][ T354] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.779933][ T354] ? kmem_cache_free+0x116/0x2e0
[ 43.784796][ T354] ? kmem_cache_free+0x116/0x2e0
[ 43.789658][ T354] kasan_report_invalid_free+0x6b/0xa0
[ 43.795125][ T354] ____kasan_slab_free+0x13e/0x160
[ 43.800420][ T354] __kasan_slab_free+0x11/0x20
[ 43.805109][ T354] slab_free_freelist_hook+0xbd/0x190
[ 43.810404][ T354] ? kfree_skbmem+0x104/0x170
[ 43.814939][ T354] kmem_cache_free+0x116/0x2e0
[ 43.819712][ T354] kfree_skbmem+0x104/0x170
[ 43.824050][ T354] consume_skb+0xb4/0x250
[ 43.828215][ T354] __sk_msg_free+0x2dd/0x370
[ 43.832643][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.838282][ T354] sk_psock_stop+0x44c/0x4d0
[ 43.842715][ T354] ? unix_peer_get+0xe0/0xe0
[ 43.847221][ T354] sock_map_close+0x2b9/0x4c0
[ 43.852291][ T354] ? sock_map_remove_links+0x570/0x570
[ 43.858282][ T354] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.863172][ T354] unix_release+0x82/0xc0
[ 43.867679][ T354] sock_close+0xdf/0x270
[ 43.871933][ T354] ? sock_mmap+0xa0/0xa0
[ 43.876009][ T354] __fput+0x3fe/0x910
[ 43.879833][ T354] ____fput+0x15/0x20
[ 43.883762][ T354] task_work_run+0x129/0x190
[ 43.888270][ T354] exit_to_user_mode_loop+0xc4/0xe0
[ 43.893371][ T354] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.898765][ T354] syscall_exit_to_user_mode+0x26/0x160
[ 43.904135][ T354] do_syscall_64+0x49/0xb0
[ 43.908389][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.914384][ T354] RIP: 0033:0x7f57f085c9da
[ 43.918811][ T354] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.938777][ T354] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.947209][ T354] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 43.955176][ T354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.963190][ T354] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 43.970969][ T354] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a9c2
[ 43.978950][ T354] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000a681
[ 43.987219][ T354]
[ 43.990156][ T354]
[ 43.992568][ T354] Allocated by task 355:
[ 43.996605][ T354] __kasan_slab_alloc+0xb1/0xe0
[ 44.001284][ T354] slab_post_alloc_hook+0x53/0x2c0
[ 44.006527][ T354] kmem_cache_alloc+0xf5/0x200
[ 44.011128][ T354] skb_clone+0x1d1/0x360
[ 44.015391][ T354] sk_psock_verdict_recv+0x53/0x840
[ 44.020716][ T354] unix_read_sock+0x132/0x370
[ 44.025320][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.031048][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.036077][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 44.040687][ T354] ___sys_sendmsg+0x252/0x2e0
[ 44.045279][ T354] __sys_sendmmsg+0x2bf/0x530
[ 44.049966][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.054654][ T354] do_syscall_64+0x3d/0xb0
[ 44.058910][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.064722][ T354]
[ 44.066894][ T354] Freed by task 60:
[ 44.070544][ T354] kasan_set_track+0x4b/0x70
[ 44.074976][ T354] kasan_set_free_info+0x23/0x40
[ 44.079736][ T354] ____kasan_slab_free+0x126/0x160
[ 44.084771][ T354] __kasan_slab_free+0x11/0x20
[ 44.089455][ T354] slab_free_freelist_hook+0xbd/0x190
[ 44.094671][ T354] kmem_cache_free+0x116/0x2e0
[ 44.099355][ T354] kfree_skbmem+0x104/0x170
[ 44.103779][ T354] kfree_skb+0xc2/0x360
[ 44.107772][ T354] sk_psock_backlog+0xc21/0xd90
[ 44.112467][ T354] process_one_work+0x6bb/0xc10
[ 44.117247][ T354] worker_thread+0xad5/0x12a0
[ 44.121934][ T354] kthread+0x421/0x510
[ 44.125840][ T354] ret_from_fork+0x1f/0x30
[ 44.130220][ T354]
[ 44.132526][ T354] The buggy address belongs to the object at ffff8881209c8500
[ 44.132526][ T354] which belongs to the cache skbuff_head_cache of size 248
[ 44.147296][ T354] The buggy address is located 0 bytes inside of
[ 44.147296][ T354] 248-byte region [ffff8881209c8500, ffff8881209c85f8)
[ 44.160579][ T354] The buggy address belongs to the page:
[ 44.166077][ T354] page:ffffea0004827200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1209c8
[ 44.176115][ T354] flags: 0x4000000000000200(slab|zone=1)
[ 44.181773][ T354] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 44.190270][ T354] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 44.198877][ T354] page dumped because: kasan: bad access detected
[ 44.205236][ T354] page_owner tracks the page as allocated
[ 44.210781][ T354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 42631868518, free_ts 42630713100
[ 44.226587][ T354] post_alloc_hook+0x1a3/0x1b0
[ 44.231291][ T354] prep_new_page+0x1b/0x110
[ 44.235876][ T354] get_page_from_freelist+0x3550/0x35d0
[ 44.241248][ T354] __alloc_pages+0x27e/0x8f0
[ 44.245673][ T354] new_slab+0x9a/0x4e0
[ 44.249664][ T354] ___slab_alloc+0x39e/0x830
[ 44.254278][ T354] __slab_alloc+0x4a/0x90
[ 44.258596][ T354] kmem_cache_alloc+0x134/0x200
[ 44.263475][ T354] __alloc_skb+0xbe/0x550
[ 44.267733][ T354] alloc_skb_with_frags+0xa6/0x680
[ 44.272765][ T354] sock_alloc_send_pskb+0x915/0xa50
[ 44.278070][ T354] unix_dgram_sendmsg+0x6fd/0x2090
[ 44.283288][ T354] __sys_sendto+0x564/0x720
[ 44.287807][ T354] __x64_sys_sendto+0xe5/0x100
[ 44.292484][ T354] do_syscall_64+0x3d/0xb0
[ 44.296751][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.302635][ T354] page last free stack trace:
[ 44.307433][ T354] free_unref_page_prepare+0x7c8/0x7d0
[ 44.312716][ T354] free_unref_page+0xe8/0x750
[ 44.317314][ T354] __free_pages+0x61/0xf0
[ 44.321572][ T354] free_pages+0x7c/0x90
[ 44.325563][ T354] tlb_finish_mmu+0x253/0x320
[ 44.330172][ T354] exit_mmap+0x3ef/0x6f0
[ 44.334335][ T354] __mmput+0x95/0x310
[ 44.338153][ T354] mmput+0x5b/0x170
[ 44.342225][ T354] do_exit+0xb9c/0x2ca0
[ 44.346218][ T354] do_group_exit+0x141/0x310
[ 44.350744][ T354] get_signal+0x7a3/0x1630
[ 44.354996][ T354] arch_do_signal_or_restart+0xbd/0x1680
[ 44.360538][ T354] exit_to_user_mode_loop+0xa0/0xe0
[ 44.365576][ T354] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.370960][ T354] syscall_exit_to_user_mode+0x26/0x160
[ 44.376432][ T354] do_syscall_64+0x49/0xb0
[ 44.380690][ T354]
[ 44.382933][ T354] Memory state around the buggy address:
[ 44.388407][ T354] ffff8881209c8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.397016][ T354] ffff8881209c8480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 44.405433][ T354] >ffff8881209c8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.413587][ T354] ^
[ 44.417669][ T354] ffff8881209c8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 44.425566][ T354] ffff8881209c8600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 44.433468][ T354] ==================================================================
[ 44.474569][ T359] FAULT_INJECTION: forcing a failure.
[ 44.474569][ T359] name failslab, interval 1, probability 0, space 0, times 0
[ 44.491049][ T359] CPU: 0 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.502700][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 44.513227][ T359] Call Trace:
[ 44.516353][ T359]
[ 44.519301][ T359] dump_stack_lvl+0x151/0x1b7
[ 44.524399][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.530055][ T359] dump_stack+0x15/0x17
[ 44.534141][ T359] should_fail+0x3c6/0x510
[ 44.538386][ T359] __should_failslab+0xa4/0xe0
[ 44.543156][ T359] should_failslab+0x9/0x20
[ 44.547610][ T359] slab_pre_alloc_hook+0x37/0xd0
[ 44.552466][ T359] kmem_cache_alloc_trace+0x48/0x210
[ 44.558011][ T359] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.563658][ T359] ? migrate_disable+0x190/0x190
[ 44.568393][ T359] sk_psock_skb_ingress_self+0x60/0x330
[ 44.573893][ T359] sk_psock_verdict_recv+0x66d/0x840
[ 44.579109][ T359] unix_read_sock+0x132/0x370
[ 44.583582][ T359] ? sk_psock_skb_redirect+0x440/0x440
[ 44.589336][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 44.594901][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.600274][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 44.605915][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.611586][ T359] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.616765][ T359] ? _raw_spin_lock+0xa4/0x1b0
[ 44.621480][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.627298][ T359] ? skb_queue_tail+0xfb/0x120
[ 44.631898][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.636994][ T359] ? unix_dgram_poll+0x710/0x710
[ 44.641820][ T359] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.646682][ T359] ? security_socket_sendmsg+0x82/0xb0
[ 44.651987][ T359] ? unix_dgram_poll+0x710/0x710
[ 44.656939][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 44.661522][ T359] ? __sys_sendmsg_sock+0x40/0x40
[ 44.666645][ T359] ? import_iovec+0xe5/0x120
[ 44.671167][ T359] ___sys_sendmsg+0x252/0x2e0
[ 44.675971][ T359] ? __sys_sendmsg+0x260/0x260
[ 44.680552][ T359] ? do_handle_mm_fault+0x1949/0x2330
[ 44.685865][ T359] ? __kasan_check_write+0x14/0x20
[ 44.690803][ T359] ? proc_fail_nth_write+0x20b/0x290
[ 44.695933][ T359] ? __fdget+0x1bc/0x240
[ 44.700174][ T359] __sys_sendmmsg+0x2bf/0x530
[ 44.704787][ T359] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.710155][ T359] ? mutex_unlock+0xb2/0x260
[ 44.714720][ T359] ? __kasan_check_write+0x14/0x20
[ 44.719649][ T359] ? debug_smp_processor_id+0x17/0x20
[ 44.725004][ T359] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.731123][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.735993][ T359] do_syscall_64+0x3d/0xb0
[ 44.740338][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.746233][ T359] RIP: 0033:0x7f57f085dae9
[ 44.750660][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.770802][ T359] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.779054][ T359] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 44.787113][ T359] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.794927][ T359] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 44.802826][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.810638][ T359] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 44.818548][ T359]
[ 44.823694][ T358] ==================================================================
[ 44.832105][ T358] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.840713][ T358]
[ 44.842952][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.854913][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 44.864843][ T358] Call Trace:
[ 44.867924][ T358]
[ 44.870702][ T358] dump_stack_lvl+0x151/0x1b7
[ 44.875222][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.880775][ T358] ? __wake_up_klogd+0xd5/0x110
[ 44.885454][ T358] ? panic+0x751/0x751
[ 44.889360][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.894135][ T358] print_address_description+0x87/0x3b0
[ 44.899514][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.904290][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.909065][ T358] kasan_report_invalid_free+0x6b/0xa0
[ 44.914517][ T358] ____kasan_slab_free+0x13e/0x160
[ 44.919457][ T358] __kasan_slab_free+0x11/0x20
[ 44.924046][ T358] slab_free_freelist_hook+0xbd/0x190
[ 44.929342][ T358] ? kfree_skbmem+0x104/0x170
[ 44.933986][ T358] kmem_cache_free+0x116/0x2e0
[ 44.938822][ T358] kfree_skbmem+0x104/0x170
[ 44.943167][ T358] consume_skb+0xb4/0x250
[ 44.947410][ T358] __sk_msg_free+0x2dd/0x370
[ 44.951940][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.957689][ T358] sk_psock_stop+0x44c/0x4d0
[ 44.962089][ T358] ? unix_peer_get+0xe0/0xe0
[ 44.966611][ T358] sock_map_close+0x2b9/0x4c0
[ 44.971322][ T358] ? sock_map_remove_links+0x570/0x570
[ 44.976629][ T358] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.981492][ T358] unix_release+0x82/0xc0
[ 44.985649][ T358] sock_close+0xdf/0x270
[ 44.989816][ T358] ? sock_mmap+0xa0/0xa0
[ 44.993918][ T358] __fput+0x3fe/0x910
[ 44.997724][ T358] ____fput+0x15/0x20
[ 45.001534][ T358] task_work_run+0x129/0x190
[ 45.005958][ T358] exit_to_user_mode_loop+0xc4/0xe0
[ 45.011086][ T358] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.016381][ T358] syscall_exit_to_user_mode+0x26/0x160
[ 45.021842][ T358] do_syscall_64+0x49/0xb0
[ 45.026141][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.032013][ T358] RIP: 0033:0x7f57f085c9da
[ 45.036462][ T358] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.056705][ T358] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.064980][ T358] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 45.073112][ T358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.080921][ T358] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 45.088830][ T358] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b0ed
[ 45.096632][ T358] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000adac
[ 45.104442][ T358]
[ 45.107326][ T358]
[ 45.109475][ T358] Allocated by task 359:
[ 45.113646][ T358] __kasan_slab_alloc+0xb1/0xe0
[ 45.118340][ T358] slab_post_alloc_hook+0x53/0x2c0
[ 45.123280][ T358] kmem_cache_alloc+0xf5/0x200
[ 45.127898][ T358] skb_clone+0x1d1/0x360
[ 45.131963][ T358] sk_psock_verdict_recv+0x53/0x840
[ 45.136991][ T358] unix_read_sock+0x132/0x370
[ 45.141604][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.147916][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.153264][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 45.157937][ T358] ___sys_sendmsg+0x252/0x2e0
[ 45.162751][ T358] __sys_sendmmsg+0x2bf/0x530
[ 45.167262][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.171936][ T358] do_syscall_64+0x3d/0xb0
[ 45.176455][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.182367][ T358]
[ 45.184532][ T358] Freed by task 301:
[ 45.188616][ T358] kasan_set_track+0x4b/0x70
[ 45.193042][ T358] kasan_set_free_info+0x23/0x40
[ 45.197980][ T358] ____kasan_slab_free+0x126/0x160
[ 45.203113][ T358] __kasan_slab_free+0x11/0x20
[ 45.209043][ T358] slab_free_freelist_hook+0xbd/0x190
[ 45.214308][ T358] kmem_cache_free+0x116/0x2e0
[ 45.219080][ T358] kfree_skbmem+0x104/0x170
[ 45.223851][ T358] kfree_skb+0xc2/0x360
[ 45.227927][ T358] sk_psock_backlog+0xc21/0xd90
[ 45.232616][ T358] process_one_work+0x6bb/0xc10
[ 45.237303][ T358] worker_thread+0xad5/0x12a0
[ 45.241820][ T358] kthread+0x421/0x510
[ 45.245721][ T358] ret_from_fork+0x1f/0x30
[ 45.250161][ T358]
[ 45.252406][ T358] The buggy address belongs to the object at ffff88810cdcb3c0
[ 45.252406][ T358] which belongs to the cache skbuff_head_cache of size 248
[ 45.267426][ T358] The buggy address is located 0 bytes inside of
[ 45.267426][ T358] 248-byte region [ffff88810cdcb3c0, ffff88810cdcb4b8)
[ 45.280366][ T358] The buggy address belongs to the page:
[ 45.285826][ T358] page:ffffea00043372c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cdcb
[ 45.296515][ T358] flags: 0x4000000000000200(slab|zone=1)
[ 45.302070][ T358] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100351680
[ 45.310574][ T358] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 45.318988][ T358] page dumped because: kasan: bad access detected
[ 45.325274][ T358] page_owner tracks the page as allocated
[ 45.330795][ T358] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4366743526, free_ts 4366505606
[ 45.346417][ T358] post_alloc_hook+0x1a3/0x1b0
[ 45.351039][ T358] prep_new_page+0x1b/0x110
[ 45.355708][ T358] get_page_from_freelist+0x3550/0x35d0
[ 45.361090][ T358] __alloc_pages+0x27e/0x8f0
[ 45.365508][ T358] new_slab+0x9a/0x4e0
[ 45.369416][ T358] ___slab_alloc+0x39e/0x830
[ 45.373841][ T358] __slab_alloc+0x4a/0x90
[ 45.378010][ T358] kmem_cache_alloc+0x134/0x200
[ 45.382697][ T358] __alloc_skb+0xbe/0x550
[ 45.386871][ T358] alloc_uevent_skb+0x80/0x230
[ 45.391555][ T358] kobject_uevent_net_broadcast+0x311/0x590
[ 45.397284][ T358] kobject_uevent_env+0x525/0x700
[ 45.402260][ T358] kobject_synth_uevent+0x4eb/0xae0
[ 45.407301][ T358] bus_uevent_store+0x4f/0x70
[ 45.412052][ T358] bus_attr_store+0x78/0x90
[ 45.416397][ T358] sysfs_kf_write+0x123/0x140
[ 45.421001][ T358] page last free stack trace:
[ 45.425509][ T358] free_unref_page_prepare+0x7c8/0x7d0
[ 45.430803][ T358] free_unref_page+0xe8/0x750
[ 45.435314][ T358] __free_pages+0x61/0xf0
[ 45.439480][ T358] free_pages+0x7c/0x90
[ 45.443484][ T358] selinux_genfs_get_sid+0x24d/0x2a0
[ 45.448901][ T358] inode_doinit_with_dentry+0x8d2/0x1070
[ 45.457161][ T358] selinux_d_instantiate+0x27/0x40
[ 45.462475][ T358] security_d_instantiate+0x9f/0x100
[ 45.467585][ T358] d_splice_alias+0x6d/0x390
[ 45.472024][ T358] kernfs_iop_lookup+0x29e/0x2f0
[ 45.477243][ T358] path_openat+0x1194/0x2f40
[ 45.481911][ T358] do_filp_open+0x21c/0x460
[ 45.486415][ T358] do_sys_openat2+0x13f/0x830
[ 45.490929][ T358] __x64_sys_openat+0x243/0x290
[ 45.496212][ T358] do_syscall_64+0x3d/0xb0
[ 45.500575][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.506295][ T358]
[ 45.508473][ T358] Memory state around the buggy address:
[ 45.513966][ T358] ffff88810cdcb280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.522190][ T358] ffff88810cdcb300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.530361][ T358] >ffff88810cdcb380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.538585][ T358] ^
[ 45.544756][ T358] ffff88810cdcb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.553172][ T358] ffff88810cdcb480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.561238][ T358] ==================================================================
[ 45.580391][ T363] FAULT_INJECTION: forcing a failure.
[ 45.580391][ T363] name failslab, interval 1, probability 0, space 0, times 0
[ 45.592926][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.604735][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 45.614822][ T363] Call Trace:
[ 45.618062][ T363]
[ 45.620901][ T363] dump_stack_lvl+0x151/0x1b7
[ 45.625425][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.631052][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.637253][ T363] ? __skb_try_recv_datagram+0x495/0x6a0
[ 45.643054][ T363] dump_stack+0x15/0x17
[ 45.647283][ T363] should_fail+0x3c6/0x510
[ 45.651530][ T363] __should_failslab+0xa4/0xe0
[ 45.656541][ T363] ? skb_clone+0x1d1/0x360
[ 45.660784][ T363] should_failslab+0x9/0x20
[ 45.665121][ T363] slab_pre_alloc_hook+0x37/0xd0
[ 45.670005][ T363] ? skb_clone+0x1d1/0x360
[ 45.674364][ T363] kmem_cache_alloc+0x44/0x200
[ 45.678961][ T363] skb_clone+0x1d1/0x360
[ 45.683063][ T363] sk_psock_verdict_recv+0x53/0x840
[ 45.688102][ T363] ? avc_has_perm_noaudit+0x430/0x430
[ 45.693293][ T363] ? mntput_no_expire+0xfc/0x6b0
[ 45.698519][ T363] unix_read_sock+0x132/0x370
[ 45.703028][ T363] ? sk_psock_skb_redirect+0x440/0x440
[ 45.708310][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.713954][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.719347][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.724905][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.730649][ T363] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.735832][ T363] ? _raw_spin_lock+0xa4/0x1b0
[ 45.740707][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.746706][ T363] ? skb_queue_tail+0xfb/0x120
[ 45.751569][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.756665][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.761865][ T363] ? _raw_spin_trylock+0xcd/0x1a0
[ 45.766969][ T363] ? security_socket_sendmsg+0x82/0xb0
[ 45.772451][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.777313][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 45.781995][ T363] ? __sys_sendmsg_sock+0x40/0x40
[ 45.786875][ T363] ? import_iovec+0xe5/0x120
[ 45.791474][ T363] ___sys_sendmsg+0x252/0x2e0
[ 45.796073][ T363] ? __sys_sendmsg+0x260/0x260
[ 45.800673][ T363] ? do_handle_mm_fault+0x1949/0x2330
[ 45.805972][ T363] ? __kasan_check_write+0x14/0x20
[ 45.810917][ T363] ? proc_fail_nth_write+0x20b/0x290
[ 45.816220][ T363] ? __fdget+0x1bc/0x240
[ 45.820307][ T363] __sys_sendmmsg+0x2bf/0x530
[ 45.824813][ T363] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.829745][ T363] ? mutex_unlock+0xb2/0x260
[ 45.834192][ T363] ? __kasan_check_write+0x14/0x20
[ 45.839384][ T363] ? debug_smp_processor_id+0x17/0x20
[ 45.844724][ T363] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.850783][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.856469][ T363] do_syscall_64+0x3d/0xb0
[ 45.861112][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.867353][ T363] RIP: 0033:0x7f57f085dae9
[ 45.871870][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.891586][ T363] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.900115][ T363] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 45.908141][ T363] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.915920][ T363] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 45.923882][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.931630][ T363] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 45.940312][ T363]
[ 45.952407][ T365] FAULT_INJECTION: forcing a failure.
[ 45.952407][ T365] name failslab, interval 1, probability 0, space 0, times 0
[ 45.965727][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.977455][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 45.988043][ T365] Call Trace:
[ 45.991172][ T365]
[ 45.993948][ T365] dump_stack_lvl+0x151/0x1b7
[ 45.998457][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.004112][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.009844][ T365] ? __skb_try_recv_datagram+0x495/0x6a0
[ 46.015430][ T365] dump_stack+0x15/0x17
[ 46.019410][ T365] should_fail+0x3c6/0x510
[ 46.023795][ T365] __should_failslab+0xa4/0xe0
[ 46.028494][ T365] ? skb_clone+0x1d1/0x360
[ 46.032726][ T365] should_failslab+0x9/0x20
[ 46.037496][ T365] slab_pre_alloc_hook+0x37/0xd0
[ 46.042473][ T365] ? skb_clone+0x1d1/0x360
[ 46.046705][ T365] kmem_cache_alloc+0x44/0x200
[ 46.051566][ T365] skb_clone+0x1d1/0x360
[ 46.055812][ T365] sk_psock_verdict_recv+0x53/0x840
[ 46.060945][ T365] ? avc_has_perm_noaudit+0x430/0x430
[ 46.066228][ T365] ? mntput_no_expire+0xfc/0x6b0
[ 46.071116][ T365] unix_read_sock+0x132/0x370
[ 46.075616][ T365] ? sk_psock_skb_redirect+0x440/0x440
[ 46.081084][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 46.086634][ T365] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.092091][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 46.097645][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.103285][ T365] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.108599][ T365] ? _raw_spin_lock+0xa4/0x1b0
[ 46.113546][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.119363][ T365] ? skb_queue_tail+0xfb/0x120
[ 46.123944][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.129069][ T365] ? unix_dgram_poll+0x710/0x710
[ 46.134022][ T365] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.139144][ T365] ? security_socket_sendmsg+0x82/0xb0
[ 46.144960][ T365] ? unix_dgram_poll+0x710/0x710
[ 46.149815][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 46.154675][ T365] ? __sys_sendmsg_sock+0x40/0x40
[ 46.159636][ T365] ? import_iovec+0xe5/0x120
[ 46.164134][ T365] ___sys_sendmsg+0x252/0x2e0
[ 46.168844][ T365] ? __sys_sendmsg+0x260/0x260
[ 46.173450][ T365] ? do_handle_mm_fault+0x1949/0x2330
[ 46.179025][ T365] ? __kasan_check_write+0x14/0x20
[ 46.184028][ T365] ? proc_fail_nth_write+0x20b/0x290
[ 46.189171][ T365] ? __fdget+0x1bc/0x240
[ 46.193229][ T365] __sys_sendmmsg+0x2bf/0x530
[ 46.197755][ T365] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.202873][ T365] ? mutex_unlock+0xb2/0x260
[ 46.207304][ T365] ? __kasan_check_write+0x14/0x20
[ 46.212427][ T365] ? debug_smp_processor_id+0x17/0x20
[ 46.217707][ T365] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.223695][ T365] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.228381][ T365] do_syscall_64+0x3d/0xb0
[ 46.232634][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.238468][ T365] RIP: 0033:0x7f57f085dae9
[ 46.242880][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.262853][ T365] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.271198][ T365] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 46.279293][ T365] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.287083][ T365] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 46.294894][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.302847][ T365] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 46.310622][ T365]
[ 46.322952][ T367] FAULT_INJECTION: forcing a failure.
[ 46.322952][ T367] name failslab, interval 1, probability 0, space 0, times 0
[ 46.335423][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.347508][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 46.357842][ T367] Call Trace:
[ 46.361344][ T367]
[ 46.364120][ T367] dump_stack_lvl+0x151/0x1b7
[ 46.368826][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.374472][ T367] ? __kasan_kmalloc+0x9/0x10
[ 46.379148][ T367] ? __kmalloc_track_caller+0x139/0x260
[ 46.384534][ T367] dump_stack+0x15/0x17
[ 46.388849][ T367] should_fail+0x3c6/0x510
[ 46.393296][ T367] __should_failslab+0xa4/0xe0
[ 46.397915][ T367] ? getname_kernel+0x59/0x2e0
[ 46.402654][ T367] should_failslab+0x9/0x20
[ 46.406986][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 46.411854][ T367] ? getname_kernel+0x59/0x2e0
[ 46.416446][ T367] kmem_cache_alloc+0x44/0x200
[ 46.421838][ T367] getname_kernel+0x59/0x2e0
[ 46.426424][ T367] kern_path+0x23/0x1a0
[ 46.430516][ T367] unix_find_other+0xdb/0x860
[ 46.435117][ T367] ? sock_kzfree_s+0x60/0x60
[ 46.439771][ T367] ? __unix_set_addr+0x3c0/0x3c0
[ 46.444537][ T367] unix_dgram_sendmsg+0xd1d/0x2090
[ 46.449494][ T367] ? unix_dgram_poll+0x710/0x710
[ 46.454643][ T367] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.459626][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 46.465060][ T367] ? unix_dgram_poll+0x710/0x710
[ 46.470043][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 46.475146][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 46.480023][ T367] ? import_iovec+0xe5/0x120
[ 46.484464][ T367] ___sys_sendmsg+0x252/0x2e0
[ 46.489037][ T367] ? __sys_sendmsg+0x260/0x260
[ 46.493635][ T367] ? do_handle_mm_fault+0x1949/0x2330
[ 46.499668][ T367] ? __kasan_check_write+0x14/0x20
[ 46.504776][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 46.509969][ T367] ? __fdget+0x1bc/0x240
[ 46.514358][ T367] __sys_sendmmsg+0x2bf/0x530
[ 46.519951][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.524802][ T367] ? mutex_unlock+0xb2/0x260
[ 46.529200][ T367] ? __kasan_check_write+0x14/0x20
[ 46.534165][ T367] ? debug_smp_processor_id+0x17/0x20
[ 46.539571][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.545639][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.550410][ T367] do_syscall_64+0x3d/0xb0
[ 46.554956][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.560688][ T367] RIP: 0033:0x7f57f085dae9
[ 46.565171][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.585020][ T367] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.593255][ T367] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 46.601208][ T367] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.609139][ T367] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 46.617039][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.624989][ T367] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 46.632752][ T367]
[ 46.655064][ T370] FAULT_INJECTION: forcing a failure.
[ 46.655064][ T370] name failslab, interval 1, probability 0, space 0, times 0
[ 46.667727][ T370] CPU: 0 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.679484][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 46.690156][ T370] Call Trace:
[ 46.693705][ T370]
[ 46.696493][ T370] dump_stack_lvl+0x151/0x1b7
[ 46.700999][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.706564][ T370] dump_stack+0x15/0x17
[ 46.710540][ T370] should_fail+0x3c6/0x510
[ 46.714968][ T370] __should_failslab+0xa4/0xe0
[ 46.719669][ T370] should_failslab+0x9/0x20
[ 46.723997][ T370] slab_pre_alloc_hook+0x37/0xd0
[ 46.728771][ T370] kmem_cache_alloc_trace+0x48/0x210
[ 46.733894][ T370] ? sk_psock_skb_ingress_self+0x60/0x330
[ 46.739713][ T370] ? migrate_disable+0x190/0x190
[ 46.744598][ T370] sk_psock_skb_ingress_self+0x60/0x330
[ 46.750152][ T370] sk_psock_verdict_recv+0x66d/0x840
[ 46.755420][ T370] unix_read_sock+0x132/0x370
[ 46.760027][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 46.765353][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 46.771262][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.776560][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 46.782128][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.787936][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.793382][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 46.797915][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.803832][ T370] ? skb_queue_tail+0xfb/0x120
[ 46.808444][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.813741][ T370] ? unix_dgram_poll+0x710/0x710
[ 46.818672][ T370] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.823624][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 46.828917][ T370] ? unix_dgram_poll+0x710/0x710
[ 46.833788][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 46.838564][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 46.843523][ T370] ? import_iovec+0xe5/0x120
[ 46.847934][ T370] ___sys_sendmsg+0x252/0x2e0
[ 46.852843][ T370] ? __sys_sendmsg+0x260/0x260
[ 46.857427][ T370] ? do_handle_mm_fault+0x1949/0x2330
[ 46.862635][ T370] ? __kasan_check_write+0x14/0x20
[ 46.867714][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 46.872816][ T370] ? __fdget+0x1bc/0x240
[ 46.877013][ T370] __sys_sendmmsg+0x2bf/0x530
[ 46.881514][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.886453][ T370] ? mutex_unlock+0xb2/0x260
[ 46.890969][ T370] ? __kasan_check_write+0x14/0x20
[ 46.895912][ T370] ? debug_smp_processor_id+0x17/0x20
[ 46.901204][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.907547][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.912227][ T370] do_syscall_64+0x3d/0xb0
[ 46.916569][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.922404][ T370] RIP: 0033:0x7f57f085dae9
[ 46.926655][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.946369][ T370] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.955125][ T370] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 46.963021][ T370] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.970928][ T370] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 46.978818][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.987020][ T370] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 46.995181][ T370]
[ 46.999375][ T369] ==================================================================
[ 47.007345][ T369] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 47.015686][ T369]
[ 47.017857][ T369] CPU: 1 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.029643][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 47.039882][ T369] Call Trace:
[ 47.043109][ T369]
[ 47.045902][ T369] dump_stack_lvl+0x151/0x1b7
[ 47.050675][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.056235][ T369] ? __wake_up_klogd+0xd5/0x110
[ 47.060928][ T369] ? panic+0x751/0x751
[ 47.065341][ T369] ? kmem_cache_free+0x116/0x2e0
[ 47.070112][ T369] print_address_description+0x87/0x3b0
[ 47.075905][ T369] ? kmem_cache_free+0x116/0x2e0
[ 47.080842][ T369] ? kmem_cache_free+0x116/0x2e0
[ 47.085615][ T369] kasan_report_invalid_free+0x6b/0xa0
[ 47.091187][ T369] ____kasan_slab_free+0x13e/0x160
[ 47.096383][ T369] __kasan_slab_free+0x11/0x20
[ 47.100982][ T369] slab_free_freelist_hook+0xbd/0x190
[ 47.106360][ T369] ? kfree_skbmem+0x104/0x170
[ 47.111198][ T369] kmem_cache_free+0x116/0x2e0
[ 47.115811][ T369] kfree_skbmem+0x104/0x170
[ 47.120131][ T369] consume_skb+0xb4/0x250
[ 47.124298][ T369] __sk_msg_free+0x2dd/0x370
[ 47.129165][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.135062][ T369] sk_psock_stop+0x44c/0x4d0
[ 47.139610][ T369] ? unix_peer_get+0xe0/0xe0
[ 47.144217][ T369] sock_map_close+0x2b9/0x4c0
[ 47.148836][ T369] ? sock_map_remove_links+0x570/0x570
[ 47.155040][ T369] ? rwsem_mark_wake+0x6b0/0x6b0
[ 47.160047][ T369] unix_release+0x82/0xc0
[ 47.164984][ T369] sock_close+0xdf/0x270
[ 47.169082][ T369] ? sock_mmap+0xa0/0xa0
[ 47.173131][ T369] __fput+0x3fe/0x910
[ 47.177143][ T369] ____fput+0x15/0x20
[ 47.181137][ T369] task_work_run+0x129/0x190
[ 47.185691][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 47.190778][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.196071][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 47.202016][ T369] do_syscall_64+0x49/0xb0
[ 47.206949][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.213743][ T369] RIP: 0033:0x7f57f085c9da
[ 47.218534][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.238215][ T369] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.246448][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 47.254608][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.262533][ T369] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 47.270701][ T369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b973
[ 47.278598][ T369] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000b632
[ 47.286483][ T369]
[ 47.289284][ T369]
[ 47.291442][ T369] Allocated by task 370:
[ 47.295522][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 47.300207][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 47.305160][ T369] kmem_cache_alloc+0xf5/0x200
[ 47.309759][ T369] skb_clone+0x1d1/0x360
[ 47.313835][ T369] sk_psock_verdict_recv+0x53/0x840
[ 47.319049][ T369] unix_read_sock+0x132/0x370
[ 47.323596][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.329440][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.334445][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 47.339063][ T369] ___sys_sendmsg+0x252/0x2e0
[ 47.343647][ T369] __sys_sendmmsg+0x2bf/0x530
[ 47.348314][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.353071][ T369] do_syscall_64+0x3d/0xb0
[ 47.357401][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.363316][ T369]
[ 47.365483][ T369] Freed by task 39:
[ 47.369131][ T369] kasan_set_track+0x4b/0x70
[ 47.373557][ T369] kasan_set_free_info+0x23/0x40
[ 47.378452][ T369] ____kasan_slab_free+0x126/0x160
[ 47.383477][ T369] __kasan_slab_free+0x11/0x20
[ 47.388080][ T369] slab_free_freelist_hook+0xbd/0x190
[ 47.393287][ T369] kmem_cache_free+0x116/0x2e0
[ 47.397891][ T369] kfree_skbmem+0x104/0x170
[ 47.402319][ T369] kfree_skb+0xc2/0x360
[ 47.406392][ T369] sk_psock_backlog+0xc21/0xd90
[ 47.411099][ T369] process_one_work+0x6bb/0xc10
[ 47.415857][ T369] worker_thread+0xad5/0x12a0
[ 47.420373][ T369] kthread+0x421/0x510
[ 47.424276][ T369] ret_from_fork+0x1f/0x30
[ 47.428532][ T369]
[ 47.430783][ T369] The buggy address belongs to the object at ffff88810de7e140
[ 47.430783][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 47.445532][ T369] The buggy address is located 0 bytes inside of
[ 47.445532][ T369] 248-byte region [ffff88810de7e140, ffff88810de7e238)
[ 47.458969][ T369] The buggy address belongs to the page:
[ 47.464493][ T369] page:ffffea0004379f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de7e
[ 47.474738][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 47.480221][ T369] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100351680
[ 47.489495][ T369] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.498394][ T369] page dumped because: kasan: bad access detected
[ 47.504739][ T369] page_owner tracks the page as allocated
[ 47.510318][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4401543690, free_ts 4401482194
[ 47.526366][ T369] post_alloc_hook+0x1a3/0x1b0
[ 47.530961][ T369] prep_new_page+0x1b/0x110
[ 47.535303][ T369] get_page_from_freelist+0x3550/0x35d0
[ 47.540791][ T369] __alloc_pages+0x27e/0x8f0
[ 47.545302][ T369] new_slab+0x9a/0x4e0
[ 47.549213][ T369] ___slab_alloc+0x39e/0x830
[ 47.553629][ T369] __slab_alloc+0x4a/0x90
[ 47.557991][ T369] kmem_cache_alloc+0x134/0x200
[ 47.562656][ T369] __alloc_skb+0xbe/0x550
[ 47.566823][ T369] alloc_uevent_skb+0x80/0x230
[ 47.571539][ T369] kobject_uevent_net_broadcast+0x311/0x590
[ 47.577257][ T369] kobject_uevent_env+0x525/0x700
[ 47.582097][ T369] kobject_synth_uevent+0x4eb/0xae0
[ 47.587131][ T369] uevent_store+0x4b/0x70
[ 47.591299][ T369] drv_attr_store+0x78/0xa0
[ 47.595733][ T369] sysfs_kf_write+0x123/0x140
[ 47.600373][ T369] page last free stack trace:
[ 47.604869][ T369] free_unref_page_prepare+0x7c8/0x7d0
[ 47.610162][ T369] free_unref_page+0xe8/0x750
[ 47.614707][ T369] __free_pages+0x61/0xf0
[ 47.618857][ T369] free_pages+0x7c/0x90
[ 47.622841][ T369] selinux_genfs_get_sid+0x24d/0x2a0
[ 47.627953][ T369] inode_doinit_with_dentry+0x8d2/0x1070
[ 47.633421][ T369] selinux_d_instantiate+0x27/0x40
[ 47.638383][ T369] security_d_instantiate+0x9f/0x100
[ 47.643503][ T369] d_splice_alias+0x6d/0x390
[ 47.648052][ T369] kernfs_iop_lookup+0x29e/0x2f0
[ 47.652825][ T369] path_openat+0x1194/0x2f40
[ 47.657202][ T369] do_filp_open+0x21c/0x460
[ 47.661716][ T369] do_sys_openat2+0x13f/0x830
[ 47.666333][ T369] __x64_sys_openat+0x243/0x290
[ 47.671223][ T369] do_syscall_64+0x3d/0xb0
[ 47.675546][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.681811][ T369]
[ 47.684101][ T369] Memory state around the buggy address:
[ 47.689569][ T369] ffff88810de7e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.697840][ T369] ffff88810de7e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.706023][ T369] >ffff88810de7e100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.714219][ T369] ^
[ 47.720348][ T369] ffff88810de7e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.728409][ T369] ffff88810de7e200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.736411][ T369] ==================================================================
[ 47.749362][ T30] kauditd_printk_skb: 2 callbacks suppressed
2024/03/20 06:56:45 executed programs: 7
[ 47.749377][ T30] audit: type=1400 audit(1710917805.226:169): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.778161][ T30] audit: type=1400 audit(1710917805.226:170): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.778893][ T373] FAULT_INJECTION: forcing a failure.
[ 47.778893][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 47.801240][ T30] audit: type=1400 audit(1710917805.226:171): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.814442][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.846530][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 47.856876][ T373] Call Trace:
[ 47.860132][ T373]
[ 47.863022][ T373] dump_stack_lvl+0x151/0x1b7
[ 47.868058][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.873810][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.879438][ T373] ? __skb_try_recv_datagram+0x495/0x6a0
[ 47.884913][ T373] dump_stack+0x15/0x17
[ 47.889006][ T373] should_fail+0x3c6/0x510
[ 47.893352][ T373] __should_failslab+0xa4/0xe0
[ 47.898119][ T373] ? skb_clone+0x1d1/0x360
[ 47.902764][ T373] should_failslab+0x9/0x20
[ 47.907525][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 47.912581][ T373] ? skb_clone+0x1d1/0x360
[ 47.917344][ T373] kmem_cache_alloc+0x44/0x200
[ 47.922462][ T373] skb_clone+0x1d1/0x360
[ 47.926675][ T373] sk_psock_verdict_recv+0x53/0x840
[ 47.932396][ T373] ? avc_has_perm_noaudit+0x430/0x430
[ 47.938534][ T373] ? mntput_no_expire+0xfc/0x6b0
[ 47.943843][ T373] unix_read_sock+0x132/0x370
[ 47.948707][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 47.954183][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 47.959721][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.965245][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 47.970877][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.976519][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.981763][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 47.986321][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.992051][ T373] ? skb_queue_tail+0xfb/0x120
[ 47.996650][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.001803][ T373] ? unix_dgram_poll+0x710/0x710
[ 48.006683][ T373] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.011540][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 48.016946][ T373] ? unix_dgram_poll+0x710/0x710
[ 48.021791][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 48.026591][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 48.031538][ T373] ? import_iovec+0xe5/0x120
[ 48.036301][ T373] ___sys_sendmsg+0x252/0x2e0
[ 48.040806][ T373] ? __sys_sendmsg+0x260/0x260
[ 48.045566][ T373] ? do_handle_mm_fault+0x1949/0x2330
[ 48.050768][ T373] ? __kasan_check_write+0x14/0x20
[ 48.055909][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 48.061030][ T373] ? __fdget+0x1bc/0x240
[ 48.065117][ T373] __sys_sendmmsg+0x2bf/0x530
[ 48.069615][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.074470][ T373] ? mutex_unlock+0xb2/0x260
[ 48.078904][ T373] ? __kasan_check_write+0x14/0x20
[ 48.083848][ T373] ? debug_smp_processor_id+0x17/0x20
[ 48.089055][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.094957][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.099644][ T373] do_syscall_64+0x3d/0xb0
[ 48.103895][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.109625][ T373] RIP: 0033:0x7f57f085dae9
[ 48.113876][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.133527][ T373] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.141858][ T373] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 48.150146][ T373] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.158383][ T373] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 48.166275][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.174191][ T373] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 48.182024][ T373]
[ 48.196137][ T375] FAULT_INJECTION: forcing a failure.
[ 48.196137][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 48.209051][ T375] CPU: 1 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.220838][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 48.230884][ T375] Call Trace:
[ 48.234152][ T375]
[ 48.236930][ T375] dump_stack_lvl+0x151/0x1b7
[ 48.241443][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.247087][ T375] dump_stack+0x15/0x17
[ 48.251536][ T375] should_fail+0x3c6/0x510
[ 48.256188][ T375] __should_failslab+0xa4/0xe0
[ 48.260870][ T375] should_failslab+0x9/0x20
[ 48.265387][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 48.270160][ T375] kmem_cache_alloc_trace+0x48/0x210
[ 48.275286][ T375] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.280919][ T375] ? migrate_disable+0x190/0x190
[ 48.285695][ T375] sk_psock_skb_ingress_self+0x60/0x330
[ 48.291166][ T375] sk_psock_verdict_recv+0x66d/0x840
[ 48.296907][ T375] unix_read_sock+0x132/0x370
[ 48.301408][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 48.306964][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 48.312730][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.317953][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 48.323621][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.329359][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.334839][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 48.339429][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.345541][ T375] ? skb_queue_tail+0xfb/0x120
[ 48.350374][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.355458][ T375] ? unix_dgram_poll+0x710/0x710
[ 48.360177][ T375] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.365053][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 48.370427][ T375] ? unix_dgram_poll+0x710/0x710
[ 48.375368][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 48.380315][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 48.385175][ T375] ? import_iovec+0xe5/0x120
[ 48.389606][ T375] ___sys_sendmsg+0x252/0x2e0
[ 48.394114][ T375] ? __sys_sendmsg+0x260/0x260
[ 48.398718][ T375] ? do_handle_mm_fault+0x1949/0x2330
[ 48.404013][ T375] ? __kasan_check_write+0x14/0x20
[ 48.408956][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 48.414080][ T375] ? __fdget+0x1bc/0x240
[ 48.418329][ T375] __sys_sendmmsg+0x2bf/0x530
[ 48.422852][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.427842][ T375] ? mutex_unlock+0xb2/0x260
[ 48.432251][ T375] ? __kasan_check_write+0x14/0x20
[ 48.437207][ T375] ? debug_smp_processor_id+0x17/0x20
[ 48.442405][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.448495][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.453359][ T375] do_syscall_64+0x3d/0xb0
[ 48.457614][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.463627][ T375] RIP: 0033:0x7f57f085dae9
[ 48.467871][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.487602][ T375] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.496492][ T375] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 48.504326][ T375] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.512163][ T375] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 48.520591][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.528589][ T375] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 48.536747][ T375]
[ 48.540096][ T374] ==================================================================
[ 48.548164][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.556489][ T374]
[ 48.558660][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.570632][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 48.580713][ T374] Call Trace:
[ 48.584004][ T374]
[ 48.586865][ T374] dump_stack_lvl+0x151/0x1b7
[ 48.591378][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.596947][ T374] ? __wake_up_klogd+0xd5/0x110
[ 48.601791][ T374] ? panic+0x751/0x751
[ 48.605696][ T374] ? kmem_cache_free+0x116/0x2e0
[ 48.610456][ T374] print_address_description+0x87/0x3b0
[ 48.615840][ T374] ? kmem_cache_free+0x116/0x2e0
[ 48.620624][ T374] ? kmem_cache_free+0x116/0x2e0
[ 48.625925][ T374] kasan_report_invalid_free+0x6b/0xa0
[ 48.631232][ T374] ____kasan_slab_free+0x13e/0x160
[ 48.636273][ T374] __kasan_slab_free+0x11/0x20
[ 48.640850][ T374] slab_free_freelist_hook+0xbd/0x190
[ 48.646283][ T374] ? kfree_skbmem+0x104/0x170
[ 48.650786][ T374] kmem_cache_free+0x116/0x2e0
[ 48.655642][ T374] kfree_skbmem+0x104/0x170
[ 48.660230][ T374] consume_skb+0xb4/0x250
[ 48.664506][ T374] __sk_msg_free+0x2dd/0x370
[ 48.668907][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.674646][ T374] sk_psock_stop+0x44c/0x4d0
[ 48.679082][ T374] ? unix_peer_get+0xe0/0xe0
[ 48.683578][ T374] sock_map_close+0x2b9/0x4c0
[ 48.688485][ T374] ? sock_map_remove_links+0x570/0x570
[ 48.693930][ T374] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.698700][ T374] unix_release+0x82/0xc0
[ 48.703135][ T374] sock_close+0xdf/0x270
[ 48.707379][ T374] ? sock_mmap+0xa0/0xa0
[ 48.711743][ T374] __fput+0x3fe/0x910
[ 48.715736][ T374] ____fput+0x15/0x20
[ 48.719543][ T374] task_work_run+0x129/0x190
[ 48.723973][ T374] exit_to_user_mode_loop+0xc4/0xe0
[ 48.729205][ T374] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.734558][ T374] syscall_exit_to_user_mode+0x26/0x160
[ 48.739943][ T374] do_syscall_64+0x49/0xb0
[ 48.744455][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.750442][ T374] RIP: 0033:0x7f57f085c9da
[ 48.754698][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.774682][ T374] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.783252][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 48.791590][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.799956][ T374] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007f57f097cf8c
[ 48.807818][ T374] R10: 00007ffd4e30e230 R11: 0000000000000293 R12: 00007f57f03e20d0
[ 48.815624][ T374] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000bc37
[ 48.823714][ T374]
[ 48.826581][ T374]
[ 48.828735][ T374] Allocated by task 375:
[ 48.832934][ T374] __kasan_slab_alloc+0xb1/0xe0
[ 48.837611][ T374] slab_post_alloc_hook+0x53/0x2c0
[ 48.842905][ T374] kmem_cache_alloc+0xf5/0x200
[ 48.847507][ T374] skb_clone+0x1d1/0x360
[ 48.851587][ T374] sk_psock_verdict_recv+0x53/0x840
[ 48.857154][ T374] unix_read_sock+0x132/0x370
[ 48.862597][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.868639][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.874234][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 48.879026][ T374] ___sys_sendmsg+0x252/0x2e0
[ 48.883551][ T374] __sys_sendmmsg+0x2bf/0x530
[ 48.888489][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.893265][ T374] do_syscall_64+0x3d/0xb0
[ 48.897794][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.903533][ T374]
[ 48.905699][ T374] Freed by task 20:
[ 48.909433][ T374] kasan_set_track+0x4b/0x70
[ 48.913865][ T374] kasan_set_free_info+0x23/0x40
[ 48.918621][ T374] ____kasan_slab_free+0x126/0x160
[ 48.923656][ T374] __kasan_slab_free+0x11/0x20
[ 48.928254][ T374] slab_free_freelist_hook+0xbd/0x190
[ 48.933461][ T374] kmem_cache_free+0x116/0x2e0
[ 48.938072][ T374] kfree_skbmem+0x104/0x170
[ 48.942501][ T374] kfree_skb+0xc2/0x360
[ 48.946492][ T374] sk_psock_backlog+0xc21/0xd90
[ 48.951448][ T374] process_one_work+0x6bb/0xc10
[ 48.956299][ T374] worker_thread+0xad5/0x12a0
[ 48.960932][ T374] kthread+0x421/0x510
[ 48.964893][ T374] ret_from_fork+0x1f/0x30
[ 48.969230][ T374]
[ 48.971574][ T374] The buggy address belongs to the object at ffff88810df2c640
[ 48.971574][ T374] which belongs to the cache skbuff_head_cache of size 248
[ 48.986365][ T374] The buggy address is located 0 bytes inside of
[ 48.986365][ T374] 248-byte region [ffff88810df2c640, ffff88810df2c738)
[ 48.999728][ T374] The buggy address belongs to the page:
[ 49.005380][ T374] page:ffffea000437cb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df2c
[ 49.015526][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 49.021261][ T374] raw: 4000000000000200 ffffea0004379700 0000000700000007 ffff888100351680
[ 49.030208][ T374] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.038984][ T374] page dumped because: kasan: bad access detected
[ 49.045323][ T374] page_owner tracks the page as allocated
[ 49.051058][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4405274430, free_ts 4405224111
[ 49.067286][ T374] post_alloc_hook+0x1a3/0x1b0
[ 49.072151][ T374] prep_new_page+0x1b/0x110
[ 49.076502][ T374] get_page_from_freelist+0x3550/0x35d0
[ 49.081878][ T374] __alloc_pages+0x27e/0x8f0
[ 49.086301][ T374] new_slab+0x9a/0x4e0
[ 49.090206][ T374] ___slab_alloc+0x39e/0x830
[ 49.094851][ T374] __slab_alloc+0x4a/0x90
[ 49.098994][ T374] kmem_cache_alloc+0x134/0x200
[ 49.103690][ T374] __alloc_skb+0xbe/0x550
[ 49.107936][ T374] alloc_uevent_skb+0x80/0x230
[ 49.112534][ T374] kobject_uevent_net_broadcast+0x311/0x590
[ 49.118348][ T374] kobject_uevent_env+0x525/0x700
[ 49.123300][ T374] kobject_synth_uevent+0x4eb/0xae0
[ 49.128504][ T374] uevent_store+0x4b/0x70
[ 49.132937][ T374] drv_attr_store+0x78/0xa0
[ 49.137283][ T374] sysfs_kf_write+0x123/0x140
[ 49.141985][ T374] page last free stack trace:
[ 49.146575][ T374] free_unref_page_prepare+0x7c8/0x7d0
[ 49.152044][ T374] free_unref_page+0xe8/0x750
[ 49.156687][ T374] __free_pages+0x61/0xf0
[ 49.160861][ T374] free_pages+0x7c/0x90
[ 49.164826][ T374] selinux_genfs_get_sid+0x24d/0x2a0
[ 49.170127][ T374] inode_doinit_with_dentry+0x8d2/0x1070
[ 49.175681][ T374] selinux_d_instantiate+0x27/0x40
[ 49.180943][ T374] security_d_instantiate+0x9f/0x100
[ 49.186040][ T374] d_splice_alias+0x6d/0x390
[ 49.190459][ T374] kernfs_iop_lookup+0x29e/0x2f0
[ 49.195229][ T374] path_openat+0x1194/0x2f40
[ 49.199670][ T374] do_filp_open+0x21c/0x460
[ 49.204089][ T374] do_sys_openat2+0x13f/0x830
[ 49.208770][ T374] __x64_sys_openat+0x243/0x290
[ 49.213472][ T374] do_syscall_64+0x3d/0xb0
[ 49.217824][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.223532][ T374]
[ 49.225697][ T374] Memory state around the buggy address:
[ 49.231171][ T374] ffff88810df2c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.239097][ T374] ffff88810df2c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.247767][ T374] >ffff88810df2c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.255891][ T374] ^
[ 49.262069][ T374] ffff88810df2c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.270041][ T374] ffff88810df2c700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.277928][ T374] ==================================================================
[ 49.300330][ T378] FAULT_INJECTION: forcing a failure.
[ 49.300330][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 49.314596][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.326211][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 49.336312][ T378] Call Trace:
[ 49.339421][ T378]
[ 49.342184][ T378] dump_stack_lvl+0x151/0x1b7
[ 49.346869][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.352710][ T378] dump_stack+0x15/0x17
[ 49.356750][ T378] should_fail+0x3c6/0x510
[ 49.360955][ T378] __should_failslab+0xa4/0xe0
[ 49.365714][ T378] should_failslab+0x9/0x20
[ 49.370157][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 49.375122][ T378] kmem_cache_alloc_trace+0x48/0x210
[ 49.380216][ T378] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.385982][ T378] ? migrate_disable+0x190/0x190
[ 49.390754][ T378] sk_psock_skb_ingress_self+0x60/0x330
[ 49.396227][ T378] sk_psock_verdict_recv+0x66d/0x840
[ 49.401424][ T378] unix_read_sock+0x132/0x370
[ 49.406031][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 49.411493][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 49.417076][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.422436][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 49.428166][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.433805][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.439022][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 49.443704][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.449423][ T378] ? skb_queue_tail+0xfb/0x120
[ 49.454047][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.459080][ T378] ? unix_dgram_poll+0x710/0x710
[ 49.463853][ T378] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.468886][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 49.474262][ T378] ? unix_dgram_poll+0x710/0x710
[ 49.479268][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 49.483847][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 49.488702][ T378] ? import_iovec+0xe5/0x120
[ 49.493132][ T378] ___sys_sendmsg+0x252/0x2e0
[ 49.497645][ T378] ? __sys_sendmsg+0x260/0x260
[ 49.502537][ T378] ? do_handle_mm_fault+0x1949/0x2330
[ 49.507737][ T378] ? __kasan_check_write+0x14/0x20
[ 49.512916][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 49.518271][ T378] ? __fdget+0x1bc/0x240
[ 49.522685][ T378] __sys_sendmmsg+0x2bf/0x530
[ 49.527421][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.532365][ T378] ? mutex_unlock+0xb2/0x260
[ 49.537027][ T378] ? __kasan_check_write+0x14/0x20
[ 49.542088][ T378] ? debug_smp_processor_id+0x17/0x20
[ 49.547319][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.553403][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.558257][ T378] do_syscall_64+0x3d/0xb0
[ 49.562909][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.568636][ T378] RIP: 0033:0x7f57f085dae9
[ 49.573158][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.592631][ T378] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.600925][ T378] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 49.609025][ T378] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.616939][ T378] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 49.624822][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.632639][ T378] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 49.640451][ T378]
[ 49.645490][ T377] ==================================================================
[ 49.653380][ T377] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.661907][ T377]
[ 49.664182][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.676046][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 49.686814][ T377] Call Trace:
[ 49.690066][ T377]
[ 49.692930][ T377] dump_stack_lvl+0x151/0x1b7
[ 49.697438][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.703120][ T377] ? __wake_up_klogd+0xd5/0x110
[ 49.707818][ T377] ? panic+0x751/0x751
[ 49.711708][ T377] ? kmem_cache_free+0x116/0x2e0
[ 49.717026][ T377] print_address_description+0x87/0x3b0
[ 49.722400][ T377] ? kmem_cache_free+0x116/0x2e0
[ 49.727169][ T377] ? kmem_cache_free+0x116/0x2e0
[ 49.732396][ T377] kasan_report_invalid_free+0x6b/0xa0
[ 49.737672][ T377] ____kasan_slab_free+0x13e/0x160
[ 49.742893][ T377] __kasan_slab_free+0x11/0x20
[ 49.747487][ T377] slab_free_freelist_hook+0xbd/0x190
[ 49.752698][ T377] ? kfree_skbmem+0x104/0x170
[ 49.757374][ T377] kmem_cache_free+0x116/0x2e0
[ 49.762072][ T377] kfree_skbmem+0x104/0x170
[ 49.766409][ T377] consume_skb+0xb4/0x250
[ 49.770571][ T377] __sk_msg_free+0x2dd/0x370
[ 49.775002][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.780643][ T377] sk_psock_stop+0x44c/0x4d0
[ 49.785331][ T377] ? unix_peer_get+0xe0/0xe0
[ 49.789859][ T377] sock_map_close+0x2b9/0x4c0
[ 49.794362][ T377] ? sock_map_remove_links+0x570/0x570
[ 49.799818][ T377] ? rwsem_mark_wake+0x6b0/0x6b0
[ 49.804591][ T377] unix_release+0x82/0xc0
[ 49.809034][ T377] sock_close+0xdf/0x270
[ 49.813224][ T377] ? sock_mmap+0xa0/0xa0
[ 49.817382][ T377] __fput+0x3fe/0x910
[ 49.821202][ T377] ____fput+0x15/0x20
[ 49.825029][ T377] task_work_run+0x129/0x190
[ 49.829444][ T377] exit_to_user_mode_loop+0xc4/0xe0
[ 49.834575][ T377] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.839883][ T377] syscall_exit_to_user_mode+0x26/0x160
[ 49.845425][ T377] do_syscall_64+0x49/0xb0
[ 49.849889][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.855939][ T377] RIP: 0033:0x7f57f085c9da
[ 49.860449][ T377] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.880659][ T377] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.889412][ T377] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 49.898104][ T377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.906265][ T377] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 49.914290][ T377] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c3c9
[ 49.922235][ T377] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000c088
[ 49.930343][ T377]
[ 49.933182][ T377]
[ 49.935361][ T377] Allocated by task 378:
[ 49.939519][ T377] __kasan_slab_alloc+0xb1/0xe0
[ 49.944334][ T377] slab_post_alloc_hook+0x53/0x2c0
[ 49.949625][ T377] kmem_cache_alloc+0xf5/0x200
[ 49.954328][ T377] skb_clone+0x1d1/0x360
[ 49.958409][ T377] sk_psock_verdict_recv+0x53/0x840
[ 49.963435][ T377] unix_read_sock+0x132/0x370
[ 49.967957][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.973674][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.978918][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 49.983481][ T377] ___sys_sendmsg+0x252/0x2e0
[ 49.987998][ T377] __sys_sendmmsg+0x2bf/0x530
[ 49.992771][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.997544][ T377] do_syscall_64+0x3d/0xb0
[ 50.001796][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.007550][ T377]
[ 50.010287][ T377] Freed by task 20:
[ 50.013949][ T377] kasan_set_track+0x4b/0x70
[ 50.018484][ T377] kasan_set_free_info+0x23/0x40
[ 50.023329][ T377] ____kasan_slab_free+0x126/0x160
[ 50.028472][ T377] __kasan_slab_free+0x11/0x20
[ 50.033282][ T377] slab_free_freelist_hook+0xbd/0x190
[ 50.039368][ T377] kmem_cache_free+0x116/0x2e0
[ 50.044126][ T377] kfree_skbmem+0x104/0x170
[ 50.048661][ T377] kfree_skb+0xc2/0x360
[ 50.052974][ T377] sk_psock_backlog+0xc21/0xd90
[ 50.057926][ T377] process_one_work+0x6bb/0xc10
[ 50.062898][ T377] worker_thread+0xad5/0x12a0
[ 50.067481][ T377] kthread+0x421/0x510
[ 50.071640][ T377] ret_from_fork+0x1f/0x30
[ 50.076488][ T377]
[ 50.078998][ T377] The buggy address belongs to the object at ffff88810df50640
[ 50.078998][ T377] which belongs to the cache skbuff_head_cache of size 248
[ 50.094545][ T377] The buggy address is located 0 bytes inside of
[ 50.094545][ T377] 248-byte region [ffff88810df50640, ffff88810df50738)
[ 50.108464][ T377] The buggy address belongs to the page:
[ 50.113947][ T377] page:ffffea000437d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df50
[ 50.124107][ T377] flags: 0x4000000000000200(slab|zone=1)
[ 50.129674][ T377] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100351680
[ 50.138089][ T377] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.146584][ T377] page dumped because: kasan: bad access detected
[ 50.153123][ T377] page_owner tracks the page as allocated
[ 50.158745][ T377] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4433533608, free_ts 4433478258
[ 50.174767][ T377] post_alloc_hook+0x1a3/0x1b0
[ 50.179367][ T377] prep_new_page+0x1b/0x110
[ 50.183713][ T377] get_page_from_freelist+0x3550/0x35d0
[ 50.189086][ T377] __alloc_pages+0x27e/0x8f0
[ 50.193512][ T377] new_slab+0x9a/0x4e0
[ 50.197416][ T377] ___slab_alloc+0x39e/0x830
[ 50.201960][ T377] __slab_alloc+0x4a/0x90
[ 50.206144][ T377] kmem_cache_alloc+0x134/0x200
[ 50.210917][ T377] __alloc_skb+0xbe/0x550
[ 50.215165][ T377] alloc_uevent_skb+0x80/0x230
[ 50.219755][ T377] kobject_uevent_net_broadcast+0x311/0x590
[ 50.225498][ T377] kobject_uevent_env+0x525/0x700
[ 50.230552][ T377] kobject_synth_uevent+0x4eb/0xae0
[ 50.235584][ T377] uevent_store+0x4b/0x70
[ 50.239744][ T377] drv_attr_store+0x78/0xa0
[ 50.244088][ T377] sysfs_kf_write+0x123/0x140
[ 50.248650][ T377] page last free stack trace:
[ 50.253611][ T377] free_unref_page_prepare+0x7c8/0x7d0
[ 50.258995][ T377] free_unref_page+0xe8/0x750
[ 50.263699][ T377] __free_pages+0x61/0xf0
[ 50.267952][ T377] free_pages+0x7c/0x90
[ 50.271946][ T377] selinux_genfs_get_sid+0x24d/0x2a0
[ 50.277151][ T377] inode_doinit_with_dentry+0x8d2/0x1070
[ 50.282619][ T377] selinux_d_instantiate+0x27/0x40
[ 50.287616][ T377] security_d_instantiate+0x9f/0x100
[ 50.292813][ T377] d_splice_alias+0x6d/0x390
[ 50.297239][ T377] kernfs_iop_lookup+0x29e/0x2f0
[ 50.302002][ T377] path_openat+0x1194/0x2f40
[ 50.306516][ T377] do_filp_open+0x21c/0x460
[ 50.311125][ T377] do_sys_openat2+0x13f/0x830
[ 50.315724][ T377] __x64_sys_openat+0x243/0x290
[ 50.320663][ T377] do_syscall_64+0x3d/0xb0
[ 50.324924][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.330645][ T377]
[ 50.332814][ T377] Memory state around the buggy address:
[ 50.338287][ T377] ffff88810df50500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.346534][ T377] ffff88810df50580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.354820][ T377] >ffff88810df50600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.363146][ T377] ^
[ 50.369215][ T377] ffff88810df50680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.377219][ T377] ffff88810df50700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.385124][ T377] ==================================================================
[ 50.406285][ T381] FAULT_INJECTION: forcing a failure.
[ 50.406285][ T381] name failslab, interval 1, probability 0, space 0, times 0
[ 50.419026][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 50.430869][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 50.440756][ T381] Call Trace:
[ 50.444062][ T381]
[ 50.446826][ T381] dump_stack_lvl+0x151/0x1b7
[ 50.452068][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.458520][ T381] dump_stack+0x15/0x17
[ 50.462788][ T381] should_fail+0x3c6/0x510
[ 50.467102][ T381] __should_failslab+0xa4/0xe0
[ 50.471723][ T381] should_failslab+0x9/0x20
[ 50.477001][ T381] slab_pre_alloc_hook+0x37/0xd0
[ 50.481884][ T381] kmem_cache_alloc_trace+0x48/0x210
[ 50.486957][ T381] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.492738][ T381] ? migrate_disable+0x190/0x190
[ 50.497853][ T381] sk_psock_skb_ingress_self+0x60/0x330
[ 50.504637][ T381] sk_psock_verdict_recv+0x66d/0x840
[ 50.509964][ T381] unix_read_sock+0x132/0x370
[ 50.515011][ T381] ? sk_psock_skb_redirect+0x440/0x440
[ 50.520381][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 50.526207][ T381] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.531693][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 50.537241][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.542882][ T381] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.548093][ T381] ? _raw_spin_lock+0xa4/0x1b0
[ 50.553402][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.560184][ T381] ? skb_queue_tail+0xfb/0x120
[ 50.565442][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.570498][ T381] ? unix_dgram_poll+0x710/0x710
[ 50.575442][ T381] ? _raw_spin_trylock+0xcd/0x1a0
[ 50.580635][ T381] ? security_socket_sendmsg+0x82/0xb0
[ 50.586014][ T381] ? unix_dgram_poll+0x710/0x710
[ 50.590909][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 50.595620][ T381] ? __sys_sendmsg_sock+0x40/0x40
[ 50.600554][ T381] ? import_iovec+0xe5/0x120
[ 50.605149][ T381] ___sys_sendmsg+0x252/0x2e0
[ 50.609832][ T381] ? __sys_sendmsg+0x260/0x260
[ 50.614434][ T381] ? do_handle_mm_fault+0x1949/0x2330
[ 50.619656][ T381] ? __kasan_check_write+0x14/0x20
[ 50.624592][ T381] ? proc_fail_nth_write+0x20b/0x290
[ 50.629975][ T381] ? __fdget+0x1bc/0x240
[ 50.634084][ T381] __sys_sendmmsg+0x2bf/0x530
[ 50.638659][ T381] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.643515][ T381] ? mutex_unlock+0xb2/0x260
[ 50.648201][ T381] ? __kasan_check_write+0x14/0x20
[ 50.653584][ T381] ? debug_smp_processor_id+0x17/0x20
[ 50.659178][ T381] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.665044][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.669746][ T381] do_syscall_64+0x3d/0xb0
[ 50.674064][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.680300][ T381] RIP: 0033:0x7f57f085dae9
[ 50.684605][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.705855][ T381] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.714932][ T381] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 50.723267][ T381] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.731346][ T381] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 50.739437][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.747358][ T381] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 50.755411][ T381]
[ 50.759230][ T380] ==================================================================
[ 50.767804][ T380] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.776019][ T380]
[ 50.778185][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 50.790186][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 50.800451][ T380] Call Trace:
[ 50.804144][ T380]
[ 50.806899][ T380] dump_stack_lvl+0x151/0x1b7
[ 50.811414][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.817086][ T380] ? __wake_up_klogd+0xd5/0x110
[ 50.821768][ T380] ? panic+0x751/0x751
[ 50.825667][ T380] ? kmem_cache_free+0x116/0x2e0
[ 50.830653][ T380] print_address_description+0x87/0x3b0
[ 50.836038][ T380] ? kmem_cache_free+0x116/0x2e0
[ 50.840812][ T380] ? kmem_cache_free+0x116/0x2e0
[ 50.845824][ T380] kasan_report_invalid_free+0x6b/0xa0
[ 50.851195][ T380] ____kasan_slab_free+0x13e/0x160
[ 50.856320][ T380] __kasan_slab_free+0x11/0x20
[ 50.861007][ T380] slab_free_freelist_hook+0xbd/0x190
[ 50.866427][ T380] ? kfree_skbmem+0x104/0x170
[ 50.871254][ T380] kmem_cache_free+0x116/0x2e0
[ 50.875971][ T380] kfree_skbmem+0x104/0x170
[ 50.880398][ T380] consume_skb+0xb4/0x250
[ 50.884556][ T380] __sk_msg_free+0x2dd/0x370
[ 50.889066][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.894868][ T380] sk_psock_stop+0x44c/0x4d0
[ 50.899375][ T380] ? unix_peer_get+0xe0/0xe0
[ 50.903888][ T380] sock_map_close+0x2b9/0x4c0
[ 50.908518][ T380] ? sock_map_remove_links+0x570/0x570
[ 50.914137][ T380] ? rwsem_mark_wake+0x6b0/0x6b0
[ 50.918891][ T380] unix_release+0x82/0xc0
[ 50.923420][ T380] sock_close+0xdf/0x270
[ 50.928103][ T380] ? sock_mmap+0xa0/0xa0
[ 50.932180][ T380] __fput+0x3fe/0x910
[ 50.935992][ T380] ____fput+0x15/0x20
[ 50.939808][ T380] task_work_run+0x129/0x190
[ 50.944234][ T380] exit_to_user_mode_loop+0xc4/0xe0
[ 50.949274][ T380] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.954566][ T380] syscall_exit_to_user_mode+0x26/0x160
[ 50.959944][ T380] do_syscall_64+0x49/0xb0
[ 50.964212][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.969935][ T380] RIP: 0033:0x7f57f085c9da
[ 50.974180][ T380] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.993622][ T380] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.002041][ T380] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 51.010380][ T380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.018270][ T380] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007f57f097cf8c
[ 51.026197][ T380] R10: 00007ffd4e30e230 R11: 0000000000000293 R12: 00007f57f03e20d0
[ 51.034101][ T380] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000c4da
[ 51.042229][ T380]
[ 51.045087][ T380]
[ 51.047345][ T380] Allocated by task 381:
[ 51.051597][ T380] __kasan_slab_alloc+0xb1/0xe0
[ 51.056702][ T380] slab_post_alloc_hook+0x53/0x2c0
[ 51.061703][ T380] kmem_cache_alloc+0xf5/0x200
[ 51.067174][ T380] skb_clone+0x1d1/0x360
[ 51.071521][ T380] sk_psock_verdict_recv+0x53/0x840
[ 51.076801][ T380] unix_read_sock+0x132/0x370
[ 51.082188][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.088548][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.094126][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 51.098738][ T380] ___sys_sendmsg+0x252/0x2e0
[ 51.103296][ T380] __sys_sendmmsg+0x2bf/0x530
[ 51.107875][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.112583][ T380] do_syscall_64+0x3d/0xb0
[ 51.116808][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.122711][ T380]
[ 51.124876][ T380] Freed by task 302:
[ 51.128615][ T380] kasan_set_track+0x4b/0x70
[ 51.133034][ T380] kasan_set_free_info+0x23/0x40
[ 51.138521][ T380] ____kasan_slab_free+0x126/0x160
[ 51.144393][ T380] __kasan_slab_free+0x11/0x20
[ 51.149004][ T380] slab_free_freelist_hook+0xbd/0x190
[ 51.154888][ T380] kmem_cache_free+0x116/0x2e0
[ 51.159484][ T380] kfree_skbmem+0x104/0x170
[ 51.163917][ T380] kfree_skb+0xc2/0x360
[ 51.167980][ T380] sk_psock_backlog+0xc21/0xd90
[ 51.172843][ T380] process_one_work+0x6bb/0xc10
[ 51.177537][ T380] worker_thread+0xad5/0x12a0
[ 51.182046][ T380] kthread+0x421/0x510
[ 51.186046][ T380] ret_from_fork+0x1f/0x30
[ 51.190316][ T380]
[ 51.192634][ T380] The buggy address belongs to the object at ffff88810dac18c0
[ 51.192634][ T380] which belongs to the cache skbuff_head_cache of size 248
[ 51.207671][ T380] The buggy address is located 0 bytes inside of
[ 51.207671][ T380] 248-byte region [ffff88810dac18c0, ffff88810dac19b8)
[ 51.220603][ T380] The buggy address belongs to the page:
[ 51.226145][ T380] page:ffffea000436b040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dac1
[ 51.236552][ T380] flags: 0x4000000000000200(slab|zone=1)
[ 51.242032][ T380] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100351680
[ 51.250525][ T380] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.258943][ T380] page dumped because: kasan: bad access detected
[ 51.265184][ T380] page_owner tracks the page as allocated
[ 51.270825][ T380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4382291626, free_ts 4382237429
[ 51.286535][ T380] post_alloc_hook+0x1a3/0x1b0
[ 51.291134][ T380] prep_new_page+0x1b/0x110
[ 51.295582][ T380] get_page_from_freelist+0x3550/0x35d0
[ 51.301119][ T380] __alloc_pages+0x27e/0x8f0
[ 51.305541][ T380] new_slab+0x9a/0x4e0
[ 51.309446][ T380] ___slab_alloc+0x39e/0x830
[ 51.313883][ T380] __slab_alloc+0x4a/0x90
[ 51.318129][ T380] kmem_cache_alloc+0x134/0x200
[ 51.322818][ T380] __alloc_skb+0xbe/0x550
[ 51.326979][ T380] alloc_uevent_skb+0x80/0x230
[ 51.331770][ T380] kobject_uevent_net_broadcast+0x311/0x590
[ 51.337522][ T380] kobject_uevent_env+0x525/0x700
[ 51.342377][ T380] kobject_synth_uevent+0x4eb/0xae0
[ 51.347673][ T380] uevent_store+0x4b/0x70
[ 51.351893][ T380] drv_attr_store+0x78/0xa0
[ 51.356321][ T380] sysfs_kf_write+0x123/0x140
[ 51.360830][ T380] page last free stack trace:
[ 51.365339][ T380] free_unref_page_prepare+0x7c8/0x7d0
[ 51.370641][ T380] free_unref_page+0xe8/0x750
[ 51.375148][ T380] __free_pages+0x61/0xf0
[ 51.379311][ T380] free_pages+0x7c/0x90
[ 51.383402][ T380] selinux_genfs_get_sid+0x24d/0x2a0
[ 51.388513][ T380] inode_doinit_with_dentry+0x8d2/0x1070
[ 51.394106][ T380] selinux_d_instantiate+0x27/0x40
[ 51.399047][ T380] security_d_instantiate+0x9f/0x100
[ 51.404255][ T380] d_splice_alias+0x6d/0x390
[ 51.408969][ T380] kernfs_iop_lookup+0x29e/0x2f0
[ 51.413818][ T380] path_openat+0x1194/0x2f40
[ 51.418583][ T380] do_filp_open+0x21c/0x460
[ 51.423112][ T380] do_sys_openat2+0x13f/0x830
[ 51.427895][ T380] __x64_sys_openat+0x243/0x290
[ 51.432870][ T380] do_syscall_64+0x3d/0xb0
[ 51.437118][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.442836][ T380]
[ 51.445004][ T380] Memory state around the buggy address:
[ 51.450654][ T380] ffff88810dac1780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.458941][ T380] ffff88810dac1800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.467096][ T380] >ffff88810dac1880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.474979][ T380] ^
[ 51.480974][ T380] ffff88810dac1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.488867][ T380] ffff88810dac1980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.496938][ T380] ==================================================================
[ 51.516628][ T384] FAULT_INJECTION: forcing a failure.
[ 51.516628][ T384] name failslab, interval 1, probability 0, space 0, times 0
[ 51.530428][ T384] CPU: 1 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 51.543360][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 51.554789][ T384] Call Trace:
[ 51.558017][ T384]
[ 51.560864][ T384] dump_stack_lvl+0x151/0x1b7
[ 51.565804][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.571457][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.577298][ T384] ? __skb_try_recv_datagram+0x495/0x6a0
[ 51.583120][ T384] dump_stack+0x15/0x17
[ 51.587444][ T384] should_fail+0x3c6/0x510
[ 51.591715][ T384] __should_failslab+0xa4/0xe0
[ 51.596304][ T384] ? skb_clone+0x1d1/0x360
[ 51.600573][ T384] should_failslab+0x9/0x20
[ 51.604883][ T384] slab_pre_alloc_hook+0x37/0xd0
[ 51.609735][ T384] ? skb_clone+0x1d1/0x360
[ 51.613994][ T384] kmem_cache_alloc+0x44/0x200
[ 51.618590][ T384] skb_clone+0x1d1/0x360
[ 51.622772][ T384] sk_psock_verdict_recv+0x53/0x840
[ 51.627917][ T384] ? avc_has_perm_noaudit+0x430/0x430
[ 51.633126][ T384] ? mntput_no_expire+0xfc/0x6b0
[ 51.637914][ T384] unix_read_sock+0x132/0x370
[ 51.642423][ T384] ? sk_psock_skb_redirect+0x440/0x440
[ 51.647711][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 51.653583][ T384] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.658859][ T384] ? unix_stream_splice_actor+0x120/0x120
[ 51.664579][ T384] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.670306][ T384] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.676209][ T384] ? _raw_spin_lock+0xa4/0x1b0
[ 51.680951][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.686981][ T384] ? skb_queue_tail+0xfb/0x120
[ 51.692180][ T384] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.697548][ T384] ? unix_dgram_poll+0x710/0x710
[ 51.702422][ T384] ? _raw_spin_trylock+0xcd/0x1a0
[ 51.707439][ T384] ? security_socket_sendmsg+0x82/0xb0
[ 51.712813][ T384] ? unix_dgram_poll+0x710/0x710
[ 51.718366][ T384] ____sys_sendmsg+0x59e/0x8f0
[ 51.722961][ T384] ? __sys_sendmsg_sock+0x40/0x40
[ 51.727833][ T384] ? import_iovec+0xe5/0x120
[ 51.732257][ T384] ___sys_sendmsg+0x252/0x2e0
[ 51.736847][ T384] ? __sys_sendmsg+0x260/0x260
[ 51.742090][ T384] ? do_handle_mm_fault+0x1949/0x2330
[ 51.747478][ T384] ? __kasan_check_write+0x14/0x20
[ 51.752440][ T384] ? proc_fail_nth_write+0x20b/0x290
[ 51.757640][ T384] ? __fdget+0x1bc/0x240
[ 51.761885][ T384] __sys_sendmmsg+0x2bf/0x530
[ 51.766489][ T384] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.771337][ T384] ? mutex_unlock+0xb2/0x260
[ 51.775766][ T384] ? __kasan_check_write+0x14/0x20
[ 51.780714][ T384] ? debug_smp_processor_id+0x17/0x20
[ 51.785925][ T384] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.792010][ T384] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.796683][ T384] do_syscall_64+0x3d/0xb0
[ 51.801112][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.806838][ T384] RIP: 0033:0x7f57f085dae9
[ 51.811350][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.831319][ T384] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.839683][ T384] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 51.847519][ T384] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.855398][ T384] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 51.863816][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.872588][ T384] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 51.880862][ T384]
[ 51.894447][ T386] FAULT_INJECTION: forcing a failure.
[ 51.894447][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 51.907143][ T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 51.918862][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 51.928760][ T386] Call Trace:
[ 51.931969][ T386]
[ 51.934756][ T386] dump_stack_lvl+0x151/0x1b7
[ 51.939265][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.944841][ T386] dump_stack+0x15/0x17
[ 51.949103][ T386] should_fail+0x3c6/0x510
[ 51.953435][ T386] __should_failslab+0xa4/0xe0
[ 51.958027][ T386] should_failslab+0x9/0x20
[ 51.962381][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 51.967414][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 51.972786][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.978510][ T386] ? migrate_disable+0x190/0x190
[ 51.983314][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 51.989102][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 51.994585][ T386] unix_read_sock+0x132/0x370
[ 51.999168][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 52.004507][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 52.010273][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.015661][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 52.021226][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.026852][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.032238][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 52.036919][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.042590][ T386] ? skb_queue_tail+0xfb/0x120
[ 52.047347][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.052389][ T386] ? unix_dgram_poll+0x710/0x710
[ 52.057317][ T386] ? _raw_spin_trylock+0xcd/0x1a0
[ 52.062177][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 52.067480][ T386] ? unix_dgram_poll+0x710/0x710
[ 52.072513][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 52.077111][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 52.082139][ T386] ? import_iovec+0xe5/0x120
[ 52.086768][ T386] ___sys_sendmsg+0x252/0x2e0
[ 52.091379][ T386] ? __sys_sendmsg+0x260/0x260
[ 52.096222][ T386] ? do_handle_mm_fault+0x1949/0x2330
[ 52.101469][ T386] ? __kasan_check_write+0x14/0x20
[ 52.106977][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 52.112197][ T386] ? __fdget+0x1bc/0x240
[ 52.116271][ T386] __sys_sendmmsg+0x2bf/0x530
[ 52.120797][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.125643][ T386] ? mutex_unlock+0xb2/0x260
[ 52.130077][ T386] ? __kasan_check_write+0x14/0x20
[ 52.135021][ T386] ? debug_smp_processor_id+0x17/0x20
[ 52.140654][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.146560][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.151245][ T386] do_syscall_64+0x3d/0xb0
[ 52.155868][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.161682][ T386] RIP: 0033:0x7f57f085dae9
[ 52.166119][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.186402][ T386] RSP: 002b:00007f57f03e00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.194723][ T386] RAX: ffffffffffffffda RBX: 00007f57f097cf80 RCX: 00007f57f085dae9
[ 52.203173][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.211060][ T386] RBP: 00007f57f03e0120 R08: 0000000000000000 R09: 0000000000000000
[ 52.219237][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.227202][ T386] R13: 000000000000000b R14: 00007f57f097cf80 R15: 00007ffd4e30e018
[ 52.235290][ T386]
[ 52.239725][ T385] ==================================================================
[ 52.247699][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.256072][ T385]
[ 52.258196][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 52.270541][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 52.280897][ T385] Call Trace:
[ 52.284093][ T385]
[ 52.286881][ T385] dump_stack_lvl+0x151/0x1b7
[ 52.291383][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.297151][ T385] ? __wake_up_klogd+0xd5/0x110
[ 52.302369][ T385] ? panic+0x751/0x751
[ 52.306295][ T385] ? kmem_cache_free+0x116/0x2e0
[ 52.311169][ T385] print_address_description+0x87/0x3b0
[ 52.316815][ T385] ? kmem_cache_free+0x116/0x2e0
[ 52.321582][ T385] ? kmem_cache_free+0x116/0x2e0
[ 52.326574][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 52.331847][ T385] ____kasan_slab_free+0x13e/0x160
[ 52.336799][ T385] __kasan_slab_free+0x11/0x20
[ 52.341483][ T385] slab_free_freelist_hook+0xbd/0x190
[ 52.346690][ T385] ? kfree_skbmem+0x104/0x170
[ 52.351465][ T385] kmem_cache_free+0x116/0x2e0
[ 52.356335][ T385] kfree_skbmem+0x104/0x170
[ 52.360755][ T385] consume_skb+0xb4/0x250
[ 52.364940][ T385] __sk_msg_free+0x2dd/0x370
[ 52.369443][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.375293][ T385] sk_psock_stop+0x44c/0x4d0
[ 52.380348][ T385] ? unix_peer_get+0xe0/0xe0
[ 52.385186][ T385] sock_map_close+0x2b9/0x4c0
[ 52.389814][ T385] ? sock_map_remove_links+0x570/0x570
[ 52.395285][ T385] ? rwsem_mark_wake+0x6b0/0x6b0
[ 52.400083][ T385] unix_release+0x82/0xc0
[ 52.404336][ T385] sock_close+0xdf/0x270
[ 52.408437][ T385] ? sock_mmap+0xa0/0xa0
[ 52.412575][ T385] __fput+0x3fe/0x910
[ 52.416370][ T385] ____fput+0x15/0x20
[ 52.420445][ T385] task_work_run+0x129/0x190
[ 52.424864][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 52.429896][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.435184][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 52.440571][ T385] do_syscall_64+0x49/0xb0
[ 52.445242][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.450891][ T385] RIP: 0033:0x7f57f085c9da
[ 52.455356][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.475313][ T385] RSP: 002b:00007ffd4e30e0e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.483651][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f57f085c9da
[ 52.491557][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.499633][ T385] RBP: 00007f57f097e980 R08: 0000001b31660000 R09: 00007ffd4e3200b0
[ 52.507764][ T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cdeb
[ 52.516849][ T385] R13: ffffffffffffffff R14: 00007f57f03e1000 R15: 000000000000caaa
[ 52.525291][ T385]
[ 52.528136][ T385]
[ 52.530310][ T385] Allocated by task 386:
[ 52.534531][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 52.539333][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 52.544588][ T385] kmem_cache_alloc+0xf5/0x200
[ 52.549262][ T385] skb_clone+0x1d1/0x360
[ 52.553623][ T385] sk_psock_verdict_recv+0x53/0x840
[ 52.559435][ T385] unix_read_sock+0x132/0x370
[ 52.564069][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.569698][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.574741][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 52.579500][ T385] ___sys_sendmsg+0x252/0x2e0
[ 52.584118][ T385] __sys_sendmmsg+0x2bf/0x530
[ 52.588615][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.593387][ T385] do_syscall_64+0x3d/0xb0
[ 52.597733][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.603542][ T385]
[ 52.606102][ T385] Freed by task 20:
[ 52.609937][ T385] kasan_set_track+0x4b/0x70
[ 52.614368][ T385] kasan_set_free_info+0x23/0x40
[ 52.619140][ T385] ____kasan_slab_free+0x126/0x160
[ 52.624249][ T385] __kasan_slab_free+0x11/0x20
[ 52.628851][ T385] slab_free_freelist_hook+0xbd/0x190
[ 52.634253][ T385] kmem_cache_free+0x116/0x2e0
[ 52.639123][ T385] kfree_skbmem+0x104/0x170
[ 52.643448][ T385] kfree_skb+0xc2/0x360
[ 52.647443][ T385] sk_psock_backlog+0xc21/0xd90
[ 52.652480][ T385] process_one_work+0x6bb/0xc10
[ 52.657288][ T385] worker_thread+0xad5/0x12a0
[ 52.662089][ T385] kthread+0x421/0x510
[ 52.665991][ T385] ret_from_fork+0x1f/0x30
[ 52.670321][ T385]
[ 52.672705][ T385] The buggy address belongs to the object at ffff88810de6e3c0
[ 52.672705][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 52.687509][ T385] The buggy address is located 0 bytes inside of
[ 52.687509][ T385] 248-byte region [ffff88810de6e3c0, ffff88810de6e4b8)
[ 52.701152][ T385] The buggy address belongs to the page:
[ 52.706840][ T385] page:ffffea0004379b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de6e
[ 52.717225][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 52.723365][ T385] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100351680
[ 52.732055][ T385] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 52.740639][ T385] page dumped because: kasan: bad access detected
[ 52.747420][ T385] page_owner tracks the page as allocated
[ 52.753237][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 103, ts 4437311701, free_ts 0
[ 52.768182][ T385] post_alloc_hook+0x1a3/0x1b0
[ 52.772779][ T385] prep_new_page+0x1b/0x110
[ 52.777293][ T385] get_page_from_freelist+0x3550/0x35d0
[ 52.782932][ T385] __alloc_pages+0x27e/0x8f0
[ 52.787400][ T385] new_slab+0x9a/0x4e0
[ 52.791270][ T385] ___slab_alloc+0x39e/0x830
[ 52.795693][ T385] __slab_alloc+0x4a/0x90
[ 52.799860][ T385] kmem_cache_alloc+0x134/0x200
[ 52.804558][ T385] __alloc_skb+0xbe/0x550
[ 52.808828][ T385] alloc_skb_with_frags+0xa6/0x680
[ 52.813834][ T385] sock_alloc_send_pskb+0x915/0xa50
[ 52.818869][ T385] unix_dgram_sendmsg+0x6fd/0x2090
[ 52.823811][ T385] sock_write_iter+0x39b/0x530
[ 52.828438][ T385] vfs_write+0xd5d/0x1110
[ 52.833205][ T385] ksys_write+0x199/0x2c0
[ 52.837517][ T385] __x64_sys_write+0x7b/0x90
[ 52.842682][ T385] page_owner free stack trace missing
[ 52.848444][ T385]
[ 52.850768][ T385] Memory state around the buggy address:
[ 52.857063][ T385] ffff88810de6e280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.865634][ T385] ffff88810de6e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2024/03/20 06:56:50 executed programs: 13
[ 52.874629][ T385] >ffff88810de6e380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.882916][ T385] ^
[ 52.889048][ T385] ffff88810de6e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.897073][ T385] ffff88810de6e480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.906144][ T385] ==================================================================
[ 52.985890][ T389] FAULT_INJECTION: forcing a failure.
[ 52.985890][ T389] name failslab, interval 1, probability 0, space 0, times 0
[ 52.998609][ T389] CPU: 0 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 53.010663][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 53.020623][ T389] Call Trace:
[ 53.023899][ T389]
[ 53.026764][ T389] dump_stack_lvl+0x151/0x1b7