Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts.
2024/02/02 05:34:14 ignoring optional flag "sandboxArg"="0"
2024/02/02 05:34:14 parsed 1 programs
[ 41.867556][ T30] audit: type=1400 audit(1706852054.812:159): avc: denied { mounton } for pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.892949][ T30] audit: type=1400 audit(1706852054.842:160): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.961293][ T30] audit: type=1400 audit(1706852054.912:161): avc: denied { unlink } for pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/02/02 05:34:14 executed programs: 0
[ 42.003734][ T342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 42.063343][ T348] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.070391][ T348] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.077988][ T348] device bridge_slave_0 entered promiscuous mode
[ 42.085600][ T348] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.092645][ T348] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.100482][ T348] device bridge_slave_1 entered promiscuous mode
[ 42.146316][ T30] audit: type=1400 audit(1706852055.092:162): avc: denied { write } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 42.151774][ T348] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.168861][ T30] audit: type=1400 audit(1706852055.092:163): avc: denied { read } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 42.175598][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.175706][ T348] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.211197][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.232814][ T26] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.241108][ T26] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.248928][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 42.256545][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 42.266134][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 42.274885][ T20] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.282665][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.301723][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 42.311417][ T26] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.319808][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.327935][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 42.336344][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 42.346423][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 42.358091][ T348] device veth0_vlan entered promiscuous mode
[ 42.364419][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 42.372609][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 42.380467][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 42.391854][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 42.401463][ T348] device veth1_macvtap entered promiscuous mode
[ 42.410737][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 42.423101][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.436617][ T30] audit: type=1400 audit(1706852055.382:164): avc: denied { mounton } for pid=348 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 42.471124][ T30] audit: type=1400 audit(1706852055.422:165): avc: denied { prog_load } for pid=353 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.490439][ T30] audit: type=1400 audit(1706852055.422:166): avc: denied { bpf } for pid=353 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.511789][ T30] audit: type=1400 audit(1706852055.422:167): avc: denied { perfmon } for pid=353 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.533475][ T30] audit: type=1400 audit(1706852055.482:168): avc: denied { prog_run } for pid=353 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.534469][ T354] FAULT_INJECTION: forcing a failure.
[ 42.534469][ T354] name failslab, interval 1, probability 0, space 0, times 1
[ 42.565815][ T354] CPU: 1 PID: 354 Comm: syz-executor.0 Not tainted 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 42.576779][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 42.586666][ T354] Call Trace:
[ 42.589829][ T354]
[ 42.592567][ T354] dump_stack_lvl+0x151/0x1b7
[ 42.597222][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.602925][ T354] dump_stack+0x15/0x17
[ 42.606977][ T354] should_fail+0x3c6/0x510
[ 42.611432][ T354] __should_failslab+0xa4/0xe0
[ 42.616216][ T354] should_failslab+0x9/0x20
[ 42.620627][ T354] slab_pre_alloc_hook+0x37/0xd0
[ 42.625658][ T354] kmem_cache_alloc_trace+0x48/0x210
[ 42.630774][ T354] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.636324][ T354] ? migrate_disable+0x190/0x190
[ 42.641242][ T354] sk_psock_skb_ingress_self+0x60/0x330
[ 42.646631][ T354] sk_psock_verdict_recv+0x66d/0x840
[ 42.652145][ T354] unix_read_sock+0x132/0x370
[ 42.656664][ T354] ? sk_psock_skb_redirect+0x440/0x440
[ 42.662042][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 42.667586][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.672881][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 42.678462][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.684090][ T354] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.689289][ T354] ? _raw_spin_lock+0xa4/0x1b0
[ 42.693886][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.699527][ T354] ? skb_queue_tail+0xfb/0x120
[ 42.704139][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.709338][ T354] ? unix_dgram_poll+0x710/0x710
[ 42.714191][ T354] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.719151][ T354] ? security_socket_sendmsg+0x82/0xb0
[ 42.724440][ T354] ? unix_dgram_poll+0x710/0x710
[ 42.729506][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 42.734242][ T354] ? __sys_sendmsg_sock+0x40/0x40
[ 42.739206][ T354] ? import_iovec+0xe5/0x120
[ 42.743791][ T354] ___sys_sendmsg+0x252/0x2e0
[ 42.748309][ T354] ? __sys_sendmsg+0x260/0x260
[ 42.752981][ T354] ? do_handle_mm_fault+0x1949/0x2330
[ 42.758349][ T354] ? __kasan_check_write+0x14/0x20
[ 42.763347][ T354] ? proc_fail_nth_write+0x20b/0x290
[ 42.768747][ T354] ? __fdget+0x1bc/0x240
[ 42.773143][ T354] __sys_sendmmsg+0x2bf/0x530
[ 42.777943][ T354] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.782767][ T354] ? mutex_unlock+0xb2/0x260
[ 42.787308][ T354] ? __kasan_check_write+0x14/0x20
[ 42.792476][ T354] ? debug_smp_processor_id+0x17/0x20
[ 42.797762][ T354] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.803836][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.808540][ T354] do_syscall_64+0x3d/0xb0
[ 42.812777][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.819060][ T354] RIP: 0033:0x7f12a3324da9
[ 42.823324][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.842950][ T354] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.851349][ T354] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 42.859207][ T354] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 42.867001][ T354] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 42.874803][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.882718][ T354] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 42.890629][ T354]
[ 42.896519][ T353] ==================================================================
[ 42.904522][ T353] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 42.911477][ T353] Read of size 4 at addr ffff88811fe38eac by task syz-executor.0/353
[ 42.920238][ T353]
[ 42.922750][ T353] CPU: 1 PID: 353 Comm: syz-executor.0 Not tainted 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 42.933234][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 42.943225][ T353] Call Trace:
[ 42.946453][ T353]
[ 42.949229][ T353] dump_stack_lvl+0x151/0x1b7
[ 42.953747][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.959561][ T353] ? panic+0x751/0x751
[ 42.963510][ T353] print_address_description+0x87/0x3b0
[ 42.969302][ T353] kasan_report+0x179/0x1c0
[ 42.973881][ T353] ? consume_skb+0x3c/0x250
[ 42.978264][ T353] ? consume_skb+0x3c/0x250
[ 42.982650][ T353] kasan_check_range+0x293/0x2a0
[ 42.987424][ T353] __kasan_check_read+0x11/0x20
[ 42.992105][ T353] consume_skb+0x3c/0x250
[ 42.996444][ T353] __sk_msg_free+0x2dd/0x370
[ 43.000878][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.006784][ T353] sk_psock_stop+0x44c/0x4d0
[ 43.011468][ T353] ? unix_peer_get+0xe0/0xe0
[ 43.015886][ T353] sock_map_close+0x2b9/0x4c0
[ 43.020402][ T353] ? sock_map_remove_links+0x570/0x570
[ 43.025817][ T353] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.030587][ T353] unix_release+0x82/0xc0
[ 43.034752][ T353] sock_close+0xdf/0x270
[ 43.039199][ T353] ? sock_mmap+0xa0/0xa0
[ 43.043350][ T353] __fput+0x3fe/0x910
[ 43.047180][ T353] ____fput+0x15/0x20
[ 43.050991][ T353] task_work_run+0x129/0x190
[ 43.055493][ T353] exit_to_user_mode_loop+0xc4/0xe0
[ 43.060556][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.065826][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 43.071220][ T353] do_syscall_64+0x49/0xb0
[ 43.075459][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.081282][ T353] RIP: 0033:0x7f12a3323c9a
[ 43.085536][ T353] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.104975][ T353] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.113220][ T353] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 43.121210][ T353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.129101][ T353] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 43.137026][ T353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a913
[ 43.144813][ T353] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000a5d2
[ 43.152729][ T353]
[ 43.155601][ T353]
[ 43.157752][ T353] Allocated by task 354:
[ 43.161832][ T353] __kasan_slab_alloc+0xb1/0xe0
[ 43.166690][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 43.171638][ T353] kmem_cache_alloc+0xf5/0x200
[ 43.176247][ T353] skb_clone+0x1d1/0x360
[ 43.180320][ T353] sk_psock_verdict_recv+0x53/0x840
[ 43.185352][ T353] unix_read_sock+0x132/0x370
[ 43.189865][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.195506][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.200555][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 43.205141][ T353] ___sys_sendmsg+0x252/0x2e0
[ 43.209657][ T353] __sys_sendmmsg+0x2bf/0x530
[ 43.214524][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.219300][ T353] do_syscall_64+0x3d/0xb0
[ 43.223560][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.229326][ T353]
[ 43.231451][ T353] Freed by task 292:
[ 43.235190][ T353] kasan_set_track+0x4b/0x70
[ 43.239611][ T353] kasan_set_free_info+0x23/0x40
[ 43.244393][ T353] ____kasan_slab_free+0x126/0x160
[ 43.249355][ T353] __kasan_slab_free+0x11/0x20
[ 43.254017][ T353] slab_free_freelist_hook+0xbd/0x190
[ 43.259230][ T353] kmem_cache_free+0x116/0x2e0
[ 43.264203][ T353] kfree_skbmem+0x104/0x170
[ 43.268522][ T353] kfree_skb+0xc2/0x360
[ 43.272512][ T353] sk_psock_backlog+0xc21/0xd90
[ 43.277204][ T353] process_one_work+0x6bb/0xc10
[ 43.281888][ T353] worker_thread+0xad5/0x12a0
[ 43.286399][ T353] kthread+0x421/0x510
[ 43.290389][ T353] ret_from_fork+0x1f/0x30
[ 43.294655][ T353]
[ 43.296810][ T353] The buggy address belongs to the object at ffff88811fe38dc0
[ 43.296810][ T353] which belongs to the cache skbuff_head_cache of size 248
[ 43.311313][ T353] The buggy address is located 236 bytes inside of
[ 43.311313][ T353] 248-byte region [ffff88811fe38dc0, ffff88811fe38eb8)
[ 43.324438][ T353] The buggy address belongs to the page:
[ 43.329992][ T353] page:ffffea00047f8e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fe38
[ 43.342242][ T353] flags: 0x4000000000000200(slab|zone=1)
[ 43.347769][ T353] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 43.356371][ T353] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.364958][ T353] page dumped because: kasan: bad access detected
[ 43.371208][ T353] page_owner tracks the page as allocated
[ 43.376762][ T353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 292, ts 42533265305, free_ts 22553383193
[ 43.394033][ T353] post_alloc_hook+0x1a3/0x1b0
[ 43.398643][ T353] prep_new_page+0x1b/0x110
[ 43.403236][ T353] get_page_from_freelist+0x3550/0x35d0
[ 43.410182][ T353] __alloc_pages+0x27e/0x8f0
[ 43.414598][ T353] new_slab+0x9a/0x4e0
[ 43.418505][ T353] ___slab_alloc+0x39e/0x830
[ 43.423062][ T353] __slab_alloc+0x4a/0x90
[ 43.427307][ T353] kmem_cache_alloc+0x134/0x200
[ 43.432158][ T353] __alloc_skb+0xbe/0x550
[ 43.436406][ T353] ndisc_alloc_skb+0xf3/0x2d0
[ 43.440936][ T353] ndisc_send_ns+0x29d/0x830
[ 43.445343][ T353] addrconf_dad_work+0xb29/0x1710
[ 43.450220][ T353] process_one_work+0x6bb/0xc10
[ 43.454985][ T353] worker_thread+0xad5/0x12a0
[ 43.459587][ T353] kthread+0x421/0x510
[ 43.463486][ T353] ret_from_fork+0x1f/0x30
[ 43.467998][ T353] page last free stack trace:
[ 43.472521][ T353] free_unref_page_prepare+0x7c8/0x7d0
[ 43.478892][ T353] free_unref_page+0xe8/0x750
[ 43.483658][ T353] __free_pages+0x61/0xf0
[ 43.488043][ T353] __vunmap+0x7bc/0x8f0
[ 43.492710][ T353] vfree+0x7f/0xb0
[ 43.496527][ T353] kcov_close+0x2b/0x50
[ 43.500590][ T353] __fput+0x3fe/0x910
[ 43.504725][ T353] ____fput+0x15/0x20
[ 43.508748][ T353] task_work_run+0x129/0x190
[ 43.513606][ T353] do_exit+0xc48/0x2ca0
[ 43.517599][ T353] do_group_exit+0x141/0x310
[ 43.522594][ T353] get_signal+0x7a3/0x1630
[ 43.526973][ T353] arch_do_signal_or_restart+0xbd/0x1680
[ 43.532442][ T353] exit_to_user_mode_loop+0xa0/0xe0
[ 43.537478][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.542791][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 43.548157][ T353]
[ 43.550346][ T353] Memory state around the buggy address:
[ 43.556258][ T353] ffff88811fe38d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.564323][ T353] ffff88811fe38e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.572912][ T353] >ffff88811fe38e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.581534][ T353] ^
[ 43.587174][ T353] ffff88811fe38f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.595472][ T353] ffff88811fe38f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.603539][ T353] ==================================================================
[ 43.611867][ T353] Disabling lock debugging due to kernel taint
[ 43.618615][ T353] ==================================================================
[ 43.626803][ T353] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 43.635702][ T353]
[ 43.637855][ T353] CPU: 1 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 43.650002][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 43.660451][ T353] Call Trace:
[ 43.663558][ T353]
[ 43.666398][ T353] dump_stack_lvl+0x151/0x1b7
[ 43.671277][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.676742][ T353] ? __wake_up_klogd+0xd5/0x110
[ 43.681428][ T353] ? panic+0x751/0x751
[ 43.685346][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.690287][ T353] print_address_description+0x87/0x3b0
[ 43.695663][ T353] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.702314][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.707126][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.711892][ T353] kasan_report_invalid_free+0x6b/0xa0
[ 43.717189][ T353] ____kasan_slab_free+0x13e/0x160
[ 43.722414][ T353] __kasan_slab_free+0x11/0x20
[ 43.727089][ T353] slab_free_freelist_hook+0xbd/0x190
[ 43.732378][ T353] ? kfree_skbmem+0x104/0x170
[ 43.736976][ T353] kmem_cache_free+0x116/0x2e0
[ 43.741666][ T353] kfree_skbmem+0x104/0x170
[ 43.746191][ T353] consume_skb+0xb4/0x250
[ 43.750438][ T353] __sk_msg_free+0x2dd/0x370
[ 43.755431][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.762232][ T353] sk_psock_stop+0x44c/0x4d0
[ 43.767583][ T353] ? unix_peer_get+0xe0/0xe0
[ 43.775275][ T353] sock_map_close+0x2b9/0x4c0
[ 43.780006][ T353] ? sock_map_remove_links+0x570/0x570
[ 43.785546][ T353] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.790411][ T353] unix_release+0x82/0xc0
[ 43.794568][ T353] sock_close+0xdf/0x270
[ 43.798645][ T353] ? sock_mmap+0xa0/0xa0
[ 43.802811][ T353] __fput+0x3fe/0x910
[ 43.806631][ T353] ____fput+0x15/0x20
[ 43.810463][ T353] task_work_run+0x129/0x190
[ 43.814888][ T353] exit_to_user_mode_loop+0xc4/0xe0
[ 43.819911][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.825288][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 43.830672][ T353] do_syscall_64+0x49/0xb0
[ 43.834936][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.840861][ T353] RIP: 0033:0x7f12a3323c9a
[ 43.845081][ T353] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.864626][ T353] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.872953][ T353] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 43.881681][ T353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.890329][ T353] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 43.898144][ T353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a913
[ 43.906173][ T353] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000a5d2
[ 43.914168][ T353]
[ 43.917017][ T353]
[ 43.919180][ T353] Allocated by task 354:
[ 43.923273][ T353] __kasan_slab_alloc+0xb1/0xe0
[ 43.928052][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 43.932997][ T353] kmem_cache_alloc+0xf5/0x200
[ 43.937587][ T353] skb_clone+0x1d1/0x360
[ 43.942121][ T353] sk_psock_verdict_recv+0x53/0x840
[ 43.947147][ T353] unix_read_sock+0x132/0x370
[ 43.951732][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.957369][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.962402][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 43.969428][ T353] ___sys_sendmsg+0x252/0x2e0
[ 43.973968][ T353] __sys_sendmmsg+0x2bf/0x530
[ 43.978570][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.983341][ T353] do_syscall_64+0x3d/0xb0
[ 43.987615][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.993511][ T353]
[ 43.995671][ T353] Freed by task 292:
[ 43.999400][ T353] kasan_set_track+0x4b/0x70
[ 44.003923][ T353] kasan_set_free_info+0x23/0x40
[ 44.008807][ T353] ____kasan_slab_free+0x126/0x160
[ 44.013821][ T353] __kasan_slab_free+0x11/0x20
[ 44.018604][ T353] slab_free_freelist_hook+0xbd/0x190
[ 44.023897][ T353] kmem_cache_free+0x116/0x2e0
[ 44.028609][ T353] kfree_skbmem+0x104/0x170
[ 44.032924][ T353] kfree_skb+0xc2/0x360
[ 44.037304][ T353] sk_psock_backlog+0xc21/0xd90
[ 44.041990][ T353] process_one_work+0x6bb/0xc10
[ 44.046666][ T353] worker_thread+0xad5/0x12a0
[ 44.051274][ T353] kthread+0x421/0x510
[ 44.055433][ T353] ret_from_fork+0x1f/0x30
[ 44.059688][ T353]
[ 44.061953][ T353] The buggy address belongs to the object at ffff88811fe38dc0
[ 44.061953][ T353] which belongs to the cache skbuff_head_cache of size 248
[ 44.077166][ T353] The buggy address is located 0 bytes inside of
[ 44.077166][ T353] 248-byte region [ffff88811fe38dc0, ffff88811fe38eb8)
[ 44.090556][ T353] The buggy address belongs to the page:
[ 44.096166][ T353] page:ffffea00047f8e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fe38
[ 44.106204][ T353] flags: 0x4000000000000200(slab|zone=1)
[ 44.111768][ T353] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 44.120174][ T353] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 44.128933][ T353] page dumped because: kasan: bad access detected
[ 44.135133][ T353] page_owner tracks the page as allocated
[ 44.140684][ T353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 292, ts 42533265305, free_ts 22553383193
[ 44.158155][ T353] post_alloc_hook+0x1a3/0x1b0
[ 44.162735][ T353] prep_new_page+0x1b/0x110
[ 44.167073][ T353] get_page_from_freelist+0x3550/0x35d0
[ 44.172550][ T353] __alloc_pages+0x27e/0x8f0
[ 44.177442][ T353] new_slab+0x9a/0x4e0
[ 44.181341][ T353] ___slab_alloc+0x39e/0x830
[ 44.186258][ T353] __slab_alloc+0x4a/0x90
[ 44.190425][ T353] kmem_cache_alloc+0x134/0x200
[ 44.195206][ T353] __alloc_skb+0xbe/0x550
[ 44.199370][ T353] ndisc_alloc_skb+0xf3/0x2d0
[ 44.203882][ T353] ndisc_send_ns+0x29d/0x830
[ 44.208325][ T353] addrconf_dad_work+0xb29/0x1710
[ 44.213171][ T353] process_one_work+0x6bb/0xc10
[ 44.217852][ T353] worker_thread+0xad5/0x12a0
[ 44.222506][ T353] kthread+0x421/0x510
[ 44.226362][ T353] ret_from_fork+0x1f/0x30
[ 44.230763][ T353] page last free stack trace:
[ 44.235406][ T353] free_unref_page_prepare+0x7c8/0x7d0
[ 44.240705][ T353] free_unref_page+0xe8/0x750
[ 44.245221][ T353] __free_pages+0x61/0xf0
[ 44.249562][ T353] __vunmap+0x7bc/0x8f0
[ 44.253544][ T353] vfree+0x7f/0xb0
[ 44.257108][ T353] kcov_close+0x2b/0x50
[ 44.261111][ T353] __fput+0x3fe/0x910
[ 44.265006][ T353] ____fput+0x15/0x20
[ 44.268917][ T353] task_work_run+0x129/0x190
[ 44.273343][ T353] do_exit+0xc48/0x2ca0
[ 44.277436][ T353] do_group_exit+0x141/0x310
[ 44.281944][ T353] get_signal+0x7a3/0x1630
[ 44.286195][ T353] arch_do_signal_or_restart+0xbd/0x1680
[ 44.291749][ T353] exit_to_user_mode_loop+0xa0/0xe0
[ 44.297059][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.302535][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 44.308375][ T353]
[ 44.310536][ T353] Memory state around the buggy address:
[ 44.316147][ T353] ffff88811fe38c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.324088][ T353] ffff88811fe38d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 44.332503][ T353] >ffff88811fe38d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 44.340519][ T353] ^
[ 44.346485][ T353] ffff88811fe38e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.354551][ T353] ffff88811fe38e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 44.363788][ T353] ==================================================================
[ 44.488442][ T360] FAULT_INJECTION: forcing a failure.
[ 44.488442][ T360] name failslab, interval 1, probability 0, space 0, times 0
[ 44.500939][ T360] CPU: 0 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 44.512414][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 44.522286][ T360] Call Trace:
[ 44.525413][ T360]
[ 44.528364][ T360] dump_stack_lvl+0x151/0x1b7
[ 44.532967][ T360] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.538430][ T360] ? irqentry_exit+0x30/0x40
[ 44.542858][ T360] ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 44.548505][ T360] dump_stack+0x15/0x17
[ 44.552502][ T360] should_fail+0x3c6/0x510
[ 44.556746][ T360] __should_failslab+0xa4/0xe0
[ 44.561351][ T360] should_failslab+0x9/0x20
[ 44.565684][ T360] slab_pre_alloc_hook+0x37/0xd0
[ 44.570565][ T360] kmem_cache_alloc_trace+0x48/0x210
[ 44.575750][ T360] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.581657][ T360] ? migrate_disable+0x190/0x190
[ 44.586441][ T360] sk_psock_skb_ingress_self+0x60/0x330
[ 44.591986][ T360] sk_psock_verdict_recv+0x66d/0x840
[ 44.597105][ T360] unix_read_sock+0x132/0x370
[ 44.601705][ T360] ? sk_psock_skb_redirect+0x440/0x440
[ 44.607008][ T360] ? unix_stream_splice_actor+0x120/0x120
[ 44.612639][ T360] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.617962][ T360] ? unix_stream_splice_actor+0x120/0x120
[ 44.623576][ T360] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.629306][ T360] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.634516][ T360] ? _raw_spin_lock+0xa4/0x1b0
[ 44.639119][ T360] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.644754][ T360] ? skb_queue_tail+0xfb/0x120
[ 44.649353][ T360] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.654489][ T360] ? unix_dgram_poll+0x710/0x710
[ 44.659279][ T360] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.664133][ T360] ? security_socket_sendmsg+0x82/0xb0
[ 44.669419][ T360] ? unix_dgram_poll+0x710/0x710
[ 44.674274][ T360] ____sys_sendmsg+0x59e/0x8f0
[ 44.678873][ T360] ? __sys_sendmsg_sock+0x40/0x40
[ 44.683735][ T360] ? import_iovec+0xe5/0x120
[ 44.688162][ T360] ___sys_sendmsg+0x252/0x2e0
[ 44.692761][ T360] ? __sys_sendmsg+0x260/0x260
[ 44.697360][ T360] ? do_handle_mm_fault+0x1949/0x2330
[ 44.702568][ T360] ? __kasan_check_write+0x14/0x20
[ 44.707526][ T360] ? proc_fail_nth_write+0x20b/0x290
[ 44.712725][ T360] ? __fdget+0x1bc/0x240
[ 44.716802][ T360] __sys_sendmmsg+0x2bf/0x530
[ 44.721314][ T360] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.726190][ T360] ? mutex_unlock+0xb2/0x260
[ 44.730601][ T360] ? __kasan_check_write+0x14/0x20
[ 44.735549][ T360] ? debug_smp_processor_id+0x17/0x20
[ 44.740756][ T360] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.746657][ T360] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.751435][ T360] do_syscall_64+0x3d/0xb0
[ 44.755875][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.761586][ T360] RIP: 0033:0x7f12a3324da9
[ 44.766099][ T360] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.786106][ T360] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.794343][ T360] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 44.802261][ T360] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 44.810066][ T360] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 44.817876][ T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.825913][ T360] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 44.833720][ T360]
[ 44.840209][ T359] ==================================================================
[ 44.848197][ T359] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.856615][ T359]
[ 44.858775][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 44.870322][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 44.880300][ T359] Call Trace:
[ 44.883511][ T359]
[ 44.886311][ T359] dump_stack_lvl+0x151/0x1b7
[ 44.890959][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.896383][ T359] ? __wake_up_klogd+0xd5/0x110
[ 44.901073][ T359] ? panic+0x751/0x751
[ 44.905166][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.910246][ T359] print_address_description+0x87/0x3b0
[ 44.915633][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.921012][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.926398][ T359] kasan_report_invalid_free+0x6b/0xa0
[ 44.932136][ T359] ____kasan_slab_free+0x13e/0x160
[ 44.937070][ T359] __kasan_slab_free+0x11/0x20
[ 44.941758][ T359] slab_free_freelist_hook+0xbd/0x190
[ 44.946990][ T359] ? kfree_skbmem+0x104/0x170
[ 44.951500][ T359] kmem_cache_free+0x116/0x2e0
[ 44.956189][ T359] kfree_skbmem+0x104/0x170
[ 44.960702][ T359] consume_skb+0xb4/0x250
[ 44.964932][ T359] __sk_msg_free+0x2dd/0x370
[ 44.969897][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.975631][ T359] sk_psock_stop+0x44c/0x4d0
[ 44.980148][ T359] ? unix_peer_get+0xe0/0xe0
[ 44.984665][ T359] sock_map_close+0x2b9/0x4c0
[ 44.989470][ T359] ? sock_map_remove_links+0x570/0x570
[ 44.994820][ T359] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.999598][ T359] unix_release+0x82/0xc0
[ 45.003862][ T359] sock_close+0xdf/0x270
[ 45.007939][ T359] ? sock_mmap+0xa0/0xa0
[ 45.012027][ T359] __fput+0x3fe/0x910
[ 45.015839][ T359] ____fput+0x15/0x20
[ 45.019741][ T359] task_work_run+0x129/0x190
[ 45.024170][ T359] exit_to_user_mode_loop+0xc4/0xe0
[ 45.029481][ T359] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.034872][ T359] syscall_exit_to_user_mode+0x26/0x160
[ 45.040242][ T359] do_syscall_64+0x49/0xb0
[ 45.044581][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.050307][ T359] RIP: 0033:0x7f12a3323c9a
[ 45.055001][ T359] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.074675][ T359] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.082910][ T359] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 45.090722][ T359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.098791][ T359] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 45.106706][ T359] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b0f0
[ 45.115554][ T359] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000adaf
[ 45.124260][ T359]
[ 45.127469][ T359]
[ 45.129727][ T359] Allocated by task 360:
[ 45.134114][ T359] __kasan_slab_alloc+0xb1/0xe0
[ 45.138953][ T359] slab_post_alloc_hook+0x53/0x2c0
[ 45.144165][ T359] kmem_cache_alloc+0xf5/0x200
[ 45.148765][ T359] skb_clone+0x1d1/0x360
[ 45.152957][ T359] sk_psock_verdict_recv+0x53/0x840
[ 45.157973][ T359] unix_read_sock+0x132/0x370
[ 45.162479][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.168203][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.173256][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 45.177941][ T359] ___sys_sendmsg+0x252/0x2e0
[ 45.182816][ T359] __sys_sendmmsg+0x2bf/0x530
[ 45.187504][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.192278][ T359] do_syscall_64+0x3d/0xb0
[ 45.196701][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.202437][ T359]
[ 45.204612][ T359] Freed by task 20:
[ 45.208413][ T359] kasan_set_track+0x4b/0x70
[ 45.212946][ T359] kasan_set_free_info+0x23/0x40
[ 45.217713][ T359] ____kasan_slab_free+0x126/0x160
[ 45.222952][ T359] __kasan_slab_free+0x11/0x20
[ 45.227541][ T359] slab_free_freelist_hook+0xbd/0x190
[ 45.232831][ T359] kmem_cache_free+0x116/0x2e0
[ 45.237420][ T359] kfree_skbmem+0x104/0x170
[ 45.241761][ T359] kfree_skb+0xc2/0x360
[ 45.245759][ T359] sk_psock_backlog+0xc21/0xd90
[ 45.250441][ T359] process_one_work+0x6bb/0xc10
[ 45.255304][ T359] worker_thread+0xad5/0x12a0
[ 45.259822][ T359] kthread+0x421/0x510
[ 45.263726][ T359] ret_from_fork+0x1f/0x30
[ 45.267981][ T359]
[ 45.270232][ T359] The buggy address belongs to the object at ffff88811d6008c0
[ 45.270232][ T359] which belongs to the cache skbuff_head_cache of size 248
[ 45.284901][ T359] The buggy address is located 0 bytes inside of
[ 45.284901][ T359] 248-byte region [ffff88811d6008c0, ffff88811d6009b8)
[ 45.298353][ T359] The buggy address belongs to the page:
[ 45.304020][ T359] page:ffffea0004758000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d600
[ 45.314347][ T359] flags: 0x4000000000000200(slab|zone=1)
[ 45.320018][ T359] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 45.329074][ T359] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 45.339100][ T359] page dumped because: kasan: bad access detected
[ 45.345706][ T359] page_owner tracks the page as allocated
[ 45.351506][ T359] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 44477562609, free_ts 44410397777
[ 45.367904][ T359] post_alloc_hook+0x1a3/0x1b0
[ 45.372518][ T359] prep_new_page+0x1b/0x110
[ 45.377301][ T359] get_page_from_freelist+0x3550/0x35d0
[ 45.383184][ T359] __alloc_pages+0x27e/0x8f0
[ 45.387690][ T359] new_slab+0x9a/0x4e0
[ 45.392283][ T359] ___slab_alloc+0x39e/0x830
[ 45.396712][ T359] __slab_alloc+0x4a/0x90
[ 45.400868][ T359] kmem_cache_alloc+0x134/0x200
[ 45.405568][ T359] skb_clone+0x1d1/0x360
[ 45.409635][ T359] netlink_broadcast_filtered+0x692/0x1220
[ 45.415884][ T359] netlink_broadcast+0x3a/0x50
[ 45.421005][ T359] kobject_uevent_net_broadcast+0x3a1/0x590
[ 45.426820][ T359] kobject_uevent_env+0x525/0x700
[ 45.431740][ T359] kobject_synth_uevent+0x4eb/0xae0
[ 45.437151][ T359] uevent_store+0x25/0x60
[ 45.441321][ T359] dev_attr_store+0x5c/0x80
[ 45.445886][ T359] page last free stack trace:
[ 45.451472][ T359] free_unref_page_prepare+0x7c8/0x7d0
[ 45.457202][ T359] free_unref_page+0xe8/0x750
[ 45.461838][ T359] __free_pages+0x61/0xf0
[ 45.466144][ T359] __vunmap+0x7bc/0x8f0
[ 45.470217][ T359] vfree+0x7f/0xb0
[ 45.473782][ T359] bpf_jit_free+0x1e3/0x240
[ 45.478747][ T359] bpf_prog_free_deferred+0x61e/0x730
[ 45.483932][ T359] process_one_work+0x6bb/0xc10
[ 45.488616][ T359] worker_thread+0xad5/0x12a0
[ 45.493334][ T359] kthread+0x421/0x510
[ 45.497233][ T359] ret_from_fork+0x1f/0x30
[ 45.501576][ T359]
[ 45.503746][ T359] Memory state around the buggy address:
[ 45.509219][ T359] ffff88811d600780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.517121][ T359] ffff88811d600800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.525371][ T359] >ffff88811d600880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.533609][ T359] ^
[ 45.539694][ T359] ffff88811d600900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.547846][ T359] ffff88811d600980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.555924][ T359] ==================================================================
[ 45.579002][ T363] FAULT_INJECTION: forcing a failure.
[ 45.579002][ T363] name failslab, interval 1, probability 0, space 0, times 0
[ 45.591533][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 45.603225][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 45.613205][ T363] Call Trace:
[ 45.616435][ T363]
[ 45.619206][ T363] dump_stack_lvl+0x151/0x1b7
[ 45.623859][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.629571][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.635203][ T363] ? __skb_try_recv_datagram+0x495/0x6a0
[ 45.640766][ T363] dump_stack+0x15/0x17
[ 45.644759][ T363] should_fail+0x3c6/0x510
[ 45.649013][ T363] __should_failslab+0xa4/0xe0
[ 45.654044][ T363] ? skb_clone+0x1d1/0x360
[ 45.658392][ T363] should_failslab+0x9/0x20
[ 45.662851][ T363] slab_pre_alloc_hook+0x37/0xd0
[ 45.667617][ T363] ? skb_clone+0x1d1/0x360
[ 45.671867][ T363] kmem_cache_alloc+0x44/0x200
[ 45.677044][ T363] skb_clone+0x1d1/0x360
[ 45.681077][ T363] sk_psock_verdict_recv+0x53/0x840
[ 45.686105][ T363] ? avc_has_perm_noaudit+0x430/0x430
[ 45.691420][ T363] ? mntput_no_expire+0xfc/0x6b0
[ 45.696193][ T363] unix_read_sock+0x132/0x370
[ 45.700712][ T363] ? sk_psock_skb_redirect+0x440/0x440
[ 45.706087][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.711995][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.717378][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.723231][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.729663][ T363] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.735440][ T363] ? _raw_spin_lock+0xa4/0x1b0
[ 45.740162][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.746062][ T363] ? skb_queue_tail+0xfb/0x120
[ 45.751087][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.756550][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.761567][ T363] ? _raw_spin_trylock+0xcd/0x1a0
[ 45.766580][ T363] ? security_socket_sendmsg+0x82/0xb0
[ 45.771958][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.776823][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 45.781504][ T363] ? __sys_sendmsg_sock+0x40/0x40
[ 45.786457][ T363] ? import_iovec+0xe5/0x120
[ 45.790969][ T363] ___sys_sendmsg+0x252/0x2e0
[ 45.795483][ T363] ? __sys_sendmsg+0x260/0x260
[ 45.800092][ T363] ? do_handle_mm_fault+0x1949/0x2330
[ 45.805481][ T363] ? __kasan_check_write+0x14/0x20
[ 45.810551][ T363] ? proc_fail_nth_write+0x20b/0x290
[ 45.815787][ T363] ? __fdget+0x1bc/0x240
[ 45.820086][ T363] __sys_sendmmsg+0x2bf/0x530
[ 45.824670][ T363] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.829541][ T363] ? mutex_unlock+0xb2/0x260
[ 45.834104][ T363] ? __kasan_check_write+0x14/0x20
[ 45.839349][ T363] ? debug_smp_processor_id+0x17/0x20
[ 45.844540][ T363] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.850628][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.855350][ T363] do_syscall_64+0x3d/0xb0
[ 45.859654][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.865389][ T363] RIP: 0033:0x7f12a3324da9
[ 45.869623][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.889357][ T363] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.899829][ T363] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 45.907732][ T363] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 45.915640][ T363] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 45.923614][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.931681][ T363] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 45.939692][ T363]
[ 45.953572][ T365] FAULT_INJECTION: forcing a failure.
[ 45.953572][ T365] name failslab, interval 1, probability 0, space 0, times 0
[ 45.967343][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 45.979082][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 45.989053][ T365] Call Trace:
[ 45.992180][ T365]
[ 45.994959][ T365] dump_stack_lvl+0x151/0x1b7
[ 45.999471][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.005201][ T365] dump_stack+0x15/0x17
[ 46.009331][ T365] should_fail+0x3c6/0x510
[ 46.013634][ T365] __should_failslab+0xa4/0xe0
[ 46.018306][ T365] should_failslab+0x9/0x20
[ 46.022847][ T365] slab_pre_alloc_hook+0x37/0xd0
[ 46.027941][ T365] kmem_cache_alloc_trace+0x48/0x210
[ 46.033553][ T365] ? sk_psock_skb_ingress_self+0x60/0x330
[ 46.039170][ T365] ? migrate_disable+0x190/0x190
[ 46.043966][ T365] sk_psock_skb_ingress_self+0x60/0x330
[ 46.050337][ T365] sk_psock_verdict_recv+0x66d/0x840
[ 46.055545][ T365] unix_read_sock+0x132/0x370
[ 46.060141][ T365] ? sk_psock_skb_redirect+0x440/0x440
[ 46.065454][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 46.071093][ T365] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.076477][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 46.082413][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.088107][ T365] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.093843][ T365] ? _raw_spin_lock+0xa4/0x1b0
[ 46.098448][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.104087][ T365] ? skb_queue_tail+0xfb/0x120
[ 46.108675][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.113813][ T365] ? unix_dgram_poll+0x710/0x710
[ 46.118567][ T365] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.123440][ T365] ? security_socket_sendmsg+0x82/0xb0
[ 46.128993][ T365] ? unix_dgram_poll+0x710/0x710
[ 46.133798][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 46.138713][ T365] ? __sys_sendmsg_sock+0x40/0x40
[ 46.143613][ T365] ? import_iovec+0xe5/0x120
[ 46.148188][ T365] ___sys_sendmsg+0x252/0x2e0
[ 46.152677][ T365] ? __sys_sendmsg+0x260/0x260
[ 46.157288][ T365] ? do_handle_mm_fault+0x1949/0x2330
[ 46.162499][ T365] ? __kasan_check_write+0x14/0x20
[ 46.167697][ T365] ? proc_fail_nth_write+0x20b/0x290
[ 46.172817][ T365] ? __fdget+0x1bc/0x240
[ 46.176894][ T365] __sys_sendmmsg+0x2bf/0x530
[ 46.181438][ T365] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.186632][ T365] ? mutex_unlock+0xb2/0x260
[ 46.191476][ T365] ? __kasan_check_write+0x14/0x20
[ 46.196422][ T365] ? debug_smp_processor_id+0x17/0x20
[ 46.202289][ T365] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.208233][ T365] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.212941][ T365] do_syscall_64+0x3d/0xb0
[ 46.217251][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.222987][ T365] RIP: 0033:0x7f12a3324da9
[ 46.227235][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.247766][ T365] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.256176][ T365] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 46.264185][ T365] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 46.272136][ T365] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 46.280124][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.287944][ T365] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 46.296010][ T365]
[ 46.301926][ T364] ==================================================================
[ 46.309924][ T364] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.318263][ T364]
[ 46.320426][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 46.332482][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 46.342466][ T364] Call Trace:
[ 46.345769][ T364]
[ 46.348649][ T364] dump_stack_lvl+0x151/0x1b7
[ 46.353301][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.358740][ T364] ? __wake_up_klogd+0xd5/0x110
[ 46.363603][ T364] ? panic+0x751/0x751
[ 46.367520][ T364] ? kmem_cache_free+0x116/0x2e0
[ 46.372374][ T364] print_address_description+0x87/0x3b0
[ 46.377833][ T364] ? kmem_cache_free+0x116/0x2e0
[ 46.382605][ T364] ? kmem_cache_free+0x116/0x2e0
[ 46.387380][ T364] kasan_report_invalid_free+0x6b/0xa0
[ 46.392806][ T364] ____kasan_slab_free+0x13e/0x160
[ 46.397742][ T364] __kasan_slab_free+0x11/0x20
[ 46.402626][ T364] slab_free_freelist_hook+0xbd/0x190
[ 46.407827][ T364] ? kfree_skbmem+0x104/0x170
[ 46.412386][ T364] kmem_cache_free+0x116/0x2e0
[ 46.417049][ T364] kfree_skbmem+0x104/0x170
[ 46.421625][ T364] consume_skb+0xb4/0x250
[ 46.426022][ T364] __sk_msg_free+0x2dd/0x370
[ 46.430439][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.436212][ T364] sk_psock_stop+0x44c/0x4d0
[ 46.440639][ T364] ? unix_peer_get+0xe0/0xe0
[ 46.445091][ T364] sock_map_close+0x2b9/0x4c0
[ 46.450287][ T364] ? sock_map_remove_links+0x570/0x570
[ 46.455620][ T364] ? rwsem_mark_wake+0x6b0/0x6b0
[ 46.460802][ T364] unix_release+0x82/0xc0
[ 46.464965][ T364] sock_close+0xdf/0x270
[ 46.469142][ T364] ? sock_mmap+0xa0/0xa0
[ 46.473210][ T364] __fput+0x3fe/0x910
[ 46.477135][ T364] ____fput+0x15/0x20
[ 46.480938][ T364] task_work_run+0x129/0x190
[ 46.485370][ T364] exit_to_user_mode_loop+0xc4/0xe0
[ 46.490675][ T364] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.495969][ T364] syscall_exit_to_user_mode+0x26/0x160
[ 46.501417][ T364] do_syscall_64+0x49/0xb0
[ 46.505610][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.511529][ T364] RIP: 0033:0x7f12a3323c9a
[ 46.515783][ T364] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.535430][ T364] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.543863][ T364] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 46.552023][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.559987][ T364] RBP: 0000000000000032 R08: 0000001b31760000 R09: 00007f12a3453f8c
[ 46.568110][ T364] R10: 00007fff5eaf0d70 R11: 0000000000000293 R12: 00007f12a2ea91b0
[ 46.576971][ T364] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000b36c
[ 46.584873][ T364]
[ 46.587825][ T364]
[ 46.589998][ T364] Allocated by task 365:
[ 46.594081][ T364] __kasan_slab_alloc+0xb1/0xe0
[ 46.599015][ T364] slab_post_alloc_hook+0x53/0x2c0
[ 46.604734][ T364] kmem_cache_alloc+0xf5/0x200
[ 46.609431][ T364] skb_clone+0x1d1/0x360
[ 46.613500][ T364] sk_psock_verdict_recv+0x53/0x840
[ 46.618712][ T364] unix_read_sock+0x132/0x370
[ 46.623230][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.629743][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.634776][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 46.639810][ T364] ___sys_sendmsg+0x252/0x2e0
[ 46.644426][ T364] __sys_sendmmsg+0x2bf/0x530
[ 46.649205][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.654199][ T364] do_syscall_64+0x3d/0xb0
[ 46.658449][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.664398][ T364]
[ 46.666561][ T364] Freed by task 60:
[ 46.670201][ T364] kasan_set_track+0x4b/0x70
[ 46.674646][ T364] kasan_set_free_info+0x23/0x40
[ 46.679700][ T364] ____kasan_slab_free+0x126/0x160
[ 46.684757][ T364] __kasan_slab_free+0x11/0x20
[ 46.689355][ T364] slab_free_freelist_hook+0xbd/0x190
[ 46.694770][ T364] kmem_cache_free+0x116/0x2e0
[ 46.699354][ T364] kfree_skbmem+0x104/0x170
[ 46.703690][ T364] kfree_skb+0xc2/0x360
[ 46.707725][ T364] sk_psock_backlog+0xc21/0xd90
[ 46.712376][ T364] process_one_work+0x6bb/0xc10
[ 46.717056][ T364] worker_thread+0xad5/0x12a0
[ 46.721699][ T364] kthread+0x421/0x510
[ 46.725817][ T364] ret_from_fork+0x1f/0x30
[ 46.730275][ T364]
[ 46.732531][ T364] The buggy address belongs to the object at ffff88811fe11b40
[ 46.732531][ T364] which belongs to the cache skbuff_head_cache of size 248
[ 46.748589][ T364] The buggy address is located 0 bytes inside of
[ 46.748589][ T364] 248-byte region [ffff88811fe11b40, ffff88811fe11c38)
[ 46.762551][ T364] The buggy address belongs to the page:
[ 46.768203][ T364] page:ffffea00047f8440 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fe11
[ 46.778741][ T364] flags: 0x4000000000000200(slab|zone=1)
[ 46.784324][ T364] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 46.792816][ T364] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.801682][ T364] page dumped because: kasan: bad access detected
[ 46.808690][ T364] page_owner tracks the page as allocated
[ 46.814765][ T364] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 45572222808, free_ts 22553253934
[ 46.830735][ T364] post_alloc_hook+0x1a3/0x1b0
[ 46.835379][ T364] prep_new_page+0x1b/0x110
[ 46.839680][ T364] get_page_from_freelist+0x3550/0x35d0
[ 46.845050][ T364] __alloc_pages+0x27e/0x8f0
[ 46.849482][ T364] new_slab+0x9a/0x4e0
[ 46.853383][ T364] ___slab_alloc+0x39e/0x830
[ 46.857819][ T364] __slab_alloc+0x4a/0x90
[ 46.861982][ T364] kmem_cache_alloc+0x134/0x200
[ 46.866677][ T364] __alloc_skb+0xbe/0x550
[ 46.870836][ T364] alloc_skb_with_frags+0xa6/0x680
[ 46.875776][ T364] sock_alloc_send_pskb+0x915/0xa50
[ 46.880911][ T364] unix_dgram_sendmsg+0x6fd/0x2090
[ 46.885859][ T364] __sys_sendto+0x564/0x720
[ 46.890197][ T364] __x64_sys_sendto+0xe5/0x100
[ 46.894898][ T364] do_syscall_64+0x3d/0xb0
[ 46.899139][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.905053][ T364] page last free stack trace:
[ 46.909651][ T364] free_unref_page_prepare+0x7c8/0x7d0
[ 46.915116][ T364] free_unref_page+0xe8/0x750
[ 46.919844][ T364] __free_pages+0x61/0xf0
[ 46.924012][ T364] __vunmap+0x7bc/0x8f0
[ 46.928667][ T364] vfree+0x7f/0xb0
[ 46.932450][ T364] kcov_close+0x2b/0x50
[ 46.936452][ T364] __fput+0x3fe/0x910
[ 46.940267][ T364] ____fput+0x15/0x20
[ 46.944082][ T364] task_work_run+0x129/0x190
[ 46.948509][ T364] do_exit+0xc48/0x2ca0
[ 46.952594][ T364] do_group_exit+0x141/0x310
[ 46.957110][ T364] get_signal+0x7a3/0x1630
[ 46.961361][ T364] arch_do_signal_or_restart+0xbd/0x1680
[ 46.966827][ T364] exit_to_user_mode_loop+0xa0/0xe0
[ 46.971861][ T364] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.977339][ T364] syscall_exit_to_user_mode+0x26/0x160
[ 46.982716][ T364]
[ 46.984883][ T364] Memory state around the buggy address:
[ 46.990424][ T364] ffff88811fe11a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.998788][ T364] ffff88811fe11a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2024/02/02 05:34:20 executed programs: 4
[ 47.007056][ T364] >ffff88811fe11b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.014926][ T364] ^
[ 47.020905][ T364] ffff88811fe11b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.028891][ T364] ffff88811fe11c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.036826][ T364] ==================================================================
[ 47.061975][ T368] FAULT_INJECTION: forcing a failure.
[ 47.061975][ T368] name failslab, interval 1, probability 0, space 0, times 0
[ 47.074651][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 47.086529][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.096459][ T368] Call Trace:
[ 47.099589][ T368]
[ 47.102450][ T368] dump_stack_lvl+0x151/0x1b7
[ 47.107133][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.113366][ T368] dump_stack+0x15/0x17
[ 47.117772][ T368] should_fail+0x3c6/0x510
[ 47.122107][ T368] __should_failslab+0xa4/0xe0
[ 47.127271][ T368] should_failslab+0x9/0x20
[ 47.131973][ T368] slab_pre_alloc_hook+0x37/0xd0
[ 47.137036][ T368] kmem_cache_alloc_trace+0x48/0x210
[ 47.142133][ T368] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.147686][ T368] ? migrate_disable+0x190/0x190
[ 47.152453][ T368] sk_psock_skb_ingress_self+0x60/0x330
[ 47.157991][ T368] sk_psock_verdict_recv+0x66d/0x840
[ 47.163057][ T368] unix_read_sock+0x132/0x370
[ 47.167563][ T368] ? sk_psock_skb_redirect+0x440/0x440
[ 47.172864][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 47.178415][ T368] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.183700][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 47.189273][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.195355][ T368] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.200656][ T368] ? _raw_spin_lock+0xa4/0x1b0
[ 47.205635][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.211959][ T368] ? skb_queue_tail+0xfb/0x120
[ 47.216547][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.221699][ T368] ? unix_dgram_poll+0x710/0x710
[ 47.226611][ T368] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.231738][ T368] ? security_socket_sendmsg+0x82/0xb0
[ 47.237313][ T368] ? unix_dgram_poll+0x710/0x710
[ 47.242076][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 47.246673][ T368] ? __sys_sendmsg_sock+0x40/0x40
[ 47.251537][ T368] ? import_iovec+0xe5/0x120
[ 47.256007][ T368] ___sys_sendmsg+0x252/0x2e0
[ 47.260501][ T368] ? __sys_sendmsg+0x260/0x260
[ 47.265238][ T368] ? do_handle_mm_fault+0x1949/0x2330
[ 47.271155][ T368] ? __kasan_check_write+0x14/0x20
[ 47.276163][ T368] ? proc_fail_nth_write+0x20b/0x290
[ 47.281437][ T368] ? __fdget+0x1bc/0x240
[ 47.285539][ T368] __sys_sendmmsg+0x2bf/0x530
[ 47.289992][ T368] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.294862][ T368] ? mutex_unlock+0xb2/0x260
[ 47.299561][ T368] ? __kasan_check_write+0x14/0x20
[ 47.304608][ T368] ? debug_smp_processor_id+0x17/0x20
[ 47.310070][ T368] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.316207][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.321140][ T368] do_syscall_64+0x3d/0xb0
[ 47.325564][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.331610][ T368] RIP: 0033:0x7f12a3324da9
[ 47.336217][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.356464][ T368] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.364766][ T368] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 47.372785][ T368] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 47.380607][ T368] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 47.388418][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.396414][ T368] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 47.404200][ T368]
[ 47.408092][ T367] ==================================================================
[ 47.416072][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 47.424316][ T367]
[ 47.426488][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 47.438025][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.447919][ T367] Call Trace:
[ 47.451046][ T367]
[ 47.453824][ T367] dump_stack_lvl+0x151/0x1b7
[ 47.458354][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.463805][ T367] ? __wake_up_klogd+0xd5/0x110
[ 47.468490][ T367] ? panic+0x751/0x751
[ 47.472399][ T367] ? kmem_cache_free+0x116/0x2e0
[ 47.477167][ T367] print_address_description+0x87/0x3b0
[ 47.482551][ T367] ? kmem_cache_free+0x116/0x2e0
[ 47.487323][ T367] ? kmem_cache_free+0x116/0x2e0
[ 47.492110][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 47.497400][ T367] ____kasan_slab_free+0x13e/0x160
[ 47.502353][ T367] __kasan_slab_free+0x11/0x20
[ 47.506942][ T367] slab_free_freelist_hook+0xbd/0x190
[ 47.512149][ T367] ? kfree_skbmem+0x104/0x170
[ 47.516678][ T367] kmem_cache_free+0x116/0x2e0
[ 47.521262][ T367] kfree_skbmem+0x104/0x170
[ 47.525610][ T367] consume_skb+0xb4/0x250
[ 47.529770][ T367] __sk_msg_free+0x2dd/0x370
[ 47.534192][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.539921][ T367] sk_psock_stop+0x44c/0x4d0
[ 47.544609][ T367] ? unix_peer_get+0xe0/0xe0
[ 47.549033][ T367] sock_map_close+0x2b9/0x4c0
[ 47.553550][ T367] ? sock_map_remove_links+0x570/0x570
[ 47.558843][ T367] ? rwsem_mark_wake+0x6b0/0x6b0
[ 47.563627][ T367] unix_release+0x82/0xc0
[ 47.567805][ T367] sock_close+0xdf/0x270
[ 47.571865][ T367] ? sock_mmap+0xa0/0xa0
[ 47.575941][ T367] __fput+0x3fe/0x910
[ 47.579866][ T367] ____fput+0x15/0x20
[ 47.583685][ T367] task_work_run+0x129/0x190
[ 47.588112][ T367] exit_to_user_mode_loop+0xc4/0xe0
[ 47.593144][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.598441][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 47.603906][ T367] do_syscall_64+0x49/0xb0
[ 47.608240][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.614155][ T367] RIP: 0033:0x7f12a3323c9a
[ 47.618514][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.638668][ T367] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.646909][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 47.659857][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.667933][ T367] RBP: 0000000000000032 R08: 0000001b31760000 R09: 00007f12a3453f8c
[ 47.675756][ T367] R10: 00007fff5eaf0d70 R11: 0000000000000293 R12: 00007f12a2ea91b0
[ 47.683562][ T367] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000b7c0
[ 47.691452][ T367]
[ 47.694477][ T367]
[ 47.696732][ T367] Allocated by task 368:
[ 47.702821][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 47.707502][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 47.712717][ T367] kmem_cache_alloc+0xf5/0x200
[ 47.717312][ T367] skb_clone+0x1d1/0x360
[ 47.721392][ T367] sk_psock_verdict_recv+0x53/0x840
[ 47.728169][ T367] unix_read_sock+0x132/0x370
[ 47.732683][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.738410][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.743556][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 47.749021][ T367] ___sys_sendmsg+0x252/0x2e0
[ 47.753814][ T367] __sys_sendmmsg+0x2bf/0x530
[ 47.758358][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.763016][ T367] do_syscall_64+0x3d/0xb0
[ 47.767288][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.773279][ T367]
[ 47.775428][ T367] Freed by task 60:
[ 47.779080][ T367] kasan_set_track+0x4b/0x70
[ 47.783683][ T367] kasan_set_free_info+0x23/0x40
[ 47.788625][ T367] ____kasan_slab_free+0x126/0x160
[ 47.793604][ T367] __kasan_slab_free+0x11/0x20
[ 47.798270][ T367] slab_free_freelist_hook+0xbd/0x190
[ 47.803475][ T367] kmem_cache_free+0x116/0x2e0
[ 47.808336][ T367] kfree_skbmem+0x104/0x170
[ 47.812936][ T367] kfree_skb+0xc2/0x360
[ 47.817080][ T367] sk_psock_backlog+0xc21/0xd90
[ 47.821961][ T367] process_one_work+0x6bb/0xc10
[ 47.826826][ T367] worker_thread+0xad5/0x12a0
[ 47.831599][ T367] kthread+0x421/0x510
[ 47.835506][ T367] ret_from_fork+0x1f/0x30
[ 47.839852][ T367]
[ 47.842022][ T367] The buggy address belongs to the object at ffff88810de23b40
[ 47.842022][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 47.856862][ T367] The buggy address is located 0 bytes inside of
[ 47.856862][ T367] 248-byte region [ffff88810de23b40, ffff88810de23c38)
[ 47.870172][ T367] The buggy address belongs to the page:
[ 47.875736][ T367] page:ffffea00043788c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de23
[ 47.885873][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 47.891723][ T367] raw: 4000000000000200 ffffea000436d600 0000000d0000000d ffff888100351980
[ 47.900205][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.908921][ T367] page dumped because: kasan: bad access detected
[ 47.915248][ T367] page_owner tracks the page as allocated
[ 47.921031][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4391084247, free_ts 0
[ 47.936417][ T367] post_alloc_hook+0x1a3/0x1b0
[ 47.941118][ T367] prep_new_page+0x1b/0x110
[ 47.945462][ T367] get_page_from_freelist+0x3550/0x35d0
[ 47.950831][ T367] __alloc_pages+0x27e/0x8f0
[ 47.955361][ T367] new_slab+0x9a/0x4e0
[ 47.959334][ T367] ___slab_alloc+0x39e/0x830
[ 47.963760][ T367] __slab_alloc+0x4a/0x90
[ 47.968475][ T367] kmem_cache_alloc+0x134/0x200
[ 47.973160][ T367] __alloc_skb+0xbe/0x550
[ 47.977329][ T367] alloc_skb_with_frags+0xa6/0x680
[ 47.982276][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 47.987307][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 47.992267][ T367] sock_write_iter+0x39b/0x530
[ 47.996858][ T367] vfs_write+0xd5d/0x1110
[ 48.001028][ T367] ksys_write+0x199/0x2c0
[ 48.005200][ T367] __x64_sys_write+0x7b/0x90
[ 48.009702][ T367] page_owner free stack trace missing
[ 48.015003][ T367]
[ 48.017175][ T367] Memory state around the buggy address:
[ 48.022653][ T367] ffff88810de23a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.031502][ T367] ffff88810de23a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.040086][ T367] >ffff88810de23b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.048065][ T367] ^
[ 48.054420][ T367] ffff88810de23b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.062308][ T367] ffff88810de23c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.070391][ T367] ==================================================================
[ 48.088596][ T371] FAULT_INJECTION: forcing a failure.
[ 48.088596][ T371] name failslab, interval 1, probability 0, space 0, times 0
[ 48.094018][ T30] kauditd_printk_skb: 2 callbacks suppressed
[ 48.094035][ T30] audit: type=1400 audit(1706852061.032:171): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 48.101518][ T371] CPU: 1 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 48.109889][ T30] audit: type=1400 audit(1706852061.052:172): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 48.129351][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 48.129366][ T371] Call Trace:
[ 48.129372][ T371]
[ 48.129378][ T371] dump_stack_lvl+0x151/0x1b7
[ 48.129408][ T371] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.129431][ T371] dump_stack+0x15/0x17
[ 48.129451][ T371] should_fail+0x3c6/0x510
[ 48.142566][ T30] audit: type=1400 audit(1706852061.052:173): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 48.163184][ T371] __should_failslab+0xa4/0xe0
[ 48.163215][ T371] should_failslab+0x9/0x20
[ 48.163235][ T371] slab_pre_alloc_hook+0x37/0xd0
[ 48.233199][ T371] kmem_cache_alloc_trace+0x48/0x210
[ 48.239000][ T371] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.244657][ T371] ? migrate_disable+0x190/0x190
[ 48.249415][ T371] sk_psock_skb_ingress_self+0x60/0x330
[ 48.254795][ T371] sk_psock_verdict_recv+0x66d/0x840
[ 48.259928][ T371] unix_read_sock+0x132/0x370
[ 48.264690][ T371] ? sk_psock_skb_redirect+0x440/0x440
[ 48.270080][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 48.276340][ T371] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.281716][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 48.287459][ T371] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.293094][ T371] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.298305][ T371] ? _raw_spin_lock+0xa4/0x1b0
[ 48.303180][ T371] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.308970][ T371] ? skb_queue_tail+0xfb/0x120
[ 48.313659][ T371] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.319054][ T371] ? unix_dgram_poll+0x710/0x710
[ 48.323893][ T371] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.329466][ T371] ? security_socket_sendmsg+0x82/0xb0
[ 48.335270][ T371] ? unix_dgram_poll+0x710/0x710
[ 48.340101][ T371] ____sys_sendmsg+0x59e/0x8f0
[ 48.344705][ T371] ? __sys_sendmsg_sock+0x40/0x40
[ 48.349553][ T371] ? import_iovec+0xe5/0x120
[ 48.354109][ T371] ___sys_sendmsg+0x252/0x2e0
[ 48.358639][ T371] ? __sys_sendmsg+0x260/0x260
[ 48.363227][ T371] ? do_handle_mm_fault+0x1949/0x2330
[ 48.368423][ T371] ? __kasan_check_write+0x14/0x20
[ 48.373371][ T371] ? proc_fail_nth_write+0x20b/0x290
[ 48.378502][ T371] ? __fdget+0x1bc/0x240
[ 48.382578][ T371] __sys_sendmmsg+0x2bf/0x530
[ 48.387232][ T371] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.392077][ T371] ? mutex_unlock+0xb2/0x260
[ 48.396590][ T371] ? __kasan_check_write+0x14/0x20
[ 48.401541][ T371] ? debug_smp_processor_id+0x17/0x20
[ 48.406737][ T371] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.412733][ T371] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.417423][ T371] do_syscall_64+0x3d/0xb0
[ 48.421682][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.427713][ T371] RIP: 0033:0x7f12a3324da9
[ 48.431955][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.451407][ T371] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.459942][ T371] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 48.467919][ T371] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 48.475719][ T371] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 48.483537][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.491345][ T371] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 48.499160][ T371]
[ 48.504781][ T370] ==================================================================
[ 48.513094][ T370] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.521366][ T370]
[ 48.523508][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 48.535145][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 48.545306][ T370] Call Trace:
[ 48.548433][ T370]
[ 48.551219][ T370] dump_stack_lvl+0x151/0x1b7
[ 48.555720][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.561199][ T370] ? __wake_up_klogd+0xd5/0x110
[ 48.565892][ T370] ? panic+0x751/0x751
[ 48.569778][ T370] ? kmem_cache_free+0x116/0x2e0
[ 48.574552][ T370] print_address_description+0x87/0x3b0
[ 48.580027][ T370] ? kmem_cache_free+0x116/0x2e0
[ 48.584886][ T370] ? kmem_cache_free+0x116/0x2e0
[ 48.589656][ T370] kasan_report_invalid_free+0x6b/0xa0
[ 48.595040][ T370] ____kasan_slab_free+0x13e/0x160
[ 48.599985][ T370] __kasan_slab_free+0x11/0x20
[ 48.604580][ T370] slab_free_freelist_hook+0xbd/0x190
[ 48.609792][ T370] ? kfree_skbmem+0x104/0x170
[ 48.614390][ T370] kmem_cache_free+0x116/0x2e0
[ 48.618989][ T370] kfree_skbmem+0x104/0x170
[ 48.623331][ T370] consume_skb+0xb4/0x250
[ 48.627804][ T370] __sk_msg_free+0x2dd/0x370
[ 48.632205][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.637942][ T370] sk_psock_stop+0x44c/0x4d0
[ 48.642375][ T370] ? unix_peer_get+0xe0/0xe0
[ 48.646965][ T370] sock_map_close+0x2b9/0x4c0
[ 48.651586][ T370] ? sock_map_remove_links+0x570/0x570
[ 48.656880][ T370] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.661654][ T370] unix_release+0x82/0xc0
[ 48.666252][ T370] sock_close+0xdf/0x270
[ 48.670332][ T370] ? sock_mmap+0xa0/0xa0
[ 48.674410][ T370] __fput+0x3fe/0x910
[ 48.678245][ T370] ____fput+0x15/0x20
[ 48.682061][ T370] task_work_run+0x129/0x190
[ 48.686501][ T370] exit_to_user_mode_loop+0xc4/0xe0
[ 48.691520][ T370] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.696808][ T370] syscall_exit_to_user_mode+0x26/0x160
[ 48.702188][ T370] do_syscall_64+0x49/0xb0
[ 48.706437][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.712166][ T370] RIP: 0033:0x7f12a3323c9a
[ 48.716422][ T370] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.736512][ T370] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.744747][ T370] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 48.752682][ T370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.760614][ T370] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 48.768639][ T370] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bf04
[ 48.776538][ T370] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000bbc3
[ 48.784443][ T370]
[ 48.787324][ T370]
[ 48.789483][ T370] Allocated by task 371:
[ 48.793565][ T370] __kasan_slab_alloc+0xb1/0xe0
[ 48.798236][ T370] slab_post_alloc_hook+0x53/0x2c0
[ 48.803190][ T370] kmem_cache_alloc+0xf5/0x200
[ 48.807868][ T370] skb_clone+0x1d1/0x360
[ 48.811945][ T370] sk_psock_verdict_recv+0x53/0x840
[ 48.816989][ T370] unix_read_sock+0x132/0x370
[ 48.821592][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.827323][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.832361][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 48.836960][ T370] ___sys_sendmsg+0x252/0x2e0
[ 48.841461][ T370] __sys_sendmmsg+0x2bf/0x530
[ 48.846067][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.850745][ T370] do_syscall_64+0x3d/0xb0
[ 48.854999][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.860732][ T370]
[ 48.862906][ T370] Freed by task 292:
[ 48.866728][ T370] kasan_set_track+0x4b/0x70
[ 48.871229][ T370] kasan_set_free_info+0x23/0x40
[ 48.876001][ T370] ____kasan_slab_free+0x126/0x160
[ 48.881556][ T370] __kasan_slab_free+0x11/0x20
[ 48.886171][ T370] slab_free_freelist_hook+0xbd/0x190
[ 48.891369][ T370] kmem_cache_free+0x116/0x2e0
[ 48.896407][ T370] kfree_skbmem+0x104/0x170
[ 48.901011][ T370] kfree_skb+0xc2/0x360
[ 48.905039][ T370] sk_psock_backlog+0xc21/0xd90
[ 48.909767][ T370] process_one_work+0x6bb/0xc10
[ 48.914884][ T370] worker_thread+0xad5/0x12a0
[ 48.919397][ T370] kthread+0x421/0x510
[ 48.923307][ T370] ret_from_fork+0x1f/0x30
[ 48.927641][ T370]
[ 48.929859][ T370] The buggy address belongs to the object at ffff88810db568c0
[ 48.929859][ T370] which belongs to the cache skbuff_head_cache of size 248
[ 48.944585][ T370] The buggy address is located 0 bytes inside of
[ 48.944585][ T370] 248-byte region [ffff88810db568c0, ffff88810db569b8)
[ 48.957678][ T370] The buggy address belongs to the page:
[ 48.963191][ T370] page:ffffea000436d580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10db56
[ 48.973299][ T370] flags: 0x4000000000000200(slab|zone=1)
[ 48.978863][ T370] raw: 4000000000000200 ffffea0004378800 0000000900000009 ffff888100351980
[ 48.987280][ T370] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.995781][ T370] page dumped because: kasan: bad access detected
[ 49.002028][ T370] page_owner tracks the page as allocated
[ 49.007756][ T370] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4349926966, free_ts 4349856271
[ 49.023379][ T370] post_alloc_hook+0x1a3/0x1b0
[ 49.027991][ T370] prep_new_page+0x1b/0x110
[ 49.032326][ T370] get_page_from_freelist+0x3550/0x35d0
[ 49.037789][ T370] __alloc_pages+0x27e/0x8f0
[ 49.042224][ T370] new_slab+0x9a/0x4e0
[ 49.046117][ T370] ___slab_alloc+0x39e/0x830
[ 49.050549][ T370] __slab_alloc+0x4a/0x90
[ 49.054796][ T370] kmem_cache_alloc+0x134/0x200
[ 49.059483][ T370] __alloc_skb+0xbe/0x550
[ 49.063744][ T370] alloc_uevent_skb+0x80/0x230
[ 49.068340][ T370] kobject_uevent_net_broadcast+0x311/0x590
[ 49.074240][ T370] kobject_uevent_env+0x525/0x700
[ 49.079185][ T370] kobject_synth_uevent+0x4eb/0xae0
[ 49.084220][ T370] uevent_store+0x4b/0x70
[ 49.088390][ T370] drv_attr_store+0x78/0xa0
[ 49.092725][ T370] sysfs_kf_write+0x123/0x140
[ 49.097245][ T370] page last free stack trace:
[ 49.101754][ T370] free_unref_page_prepare+0x7c8/0x7d0
[ 49.107140][ T370] free_unref_page+0xe8/0x750
[ 49.111680][ T370] __free_pages+0x61/0xf0
[ 49.115823][ T370] free_pages+0x7c/0x90
[ 49.119838][ T370] selinux_genfs_get_sid+0x24d/0x2a0
[ 49.125025][ T370] inode_doinit_with_dentry+0x8d2/0x1070
[ 49.130484][ T370] selinux_d_instantiate+0x27/0x40
[ 49.135442][ T370] security_d_instantiate+0x9f/0x100
[ 49.140634][ T370] d_splice_alias+0x6d/0x390
[ 49.145060][ T370] kernfs_iop_lookup+0x215/0x260
[ 49.149848][ T370] path_openat+0x1194/0x2f40
[ 49.154349][ T370] do_filp_open+0x21c/0x460
[ 49.158787][ T370] do_sys_openat2+0x13f/0x830
[ 49.163320][ T370] __x64_sys_openat+0x243/0x290
[ 49.167986][ T370] do_syscall_64+0x3d/0xb0
[ 49.173038][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.179050][ T370]
[ 49.181233][ T370] Memory state around the buggy address:
[ 49.186691][ T370] ffff88810db56780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.194647][ T370] ffff88810db56800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.202831][ T370] >ffff88810db56880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.210735][ T370] ^
[ 49.217272][ T370] ffff88810db56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.225343][ T370] ffff88810db56980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.233232][ T370] ==================================================================
[ 49.255649][ T374] FAULT_INJECTION: forcing a failure.
[ 49.255649][ T374] name failslab, interval 1, probability 0, space 0, times 0
[ 49.268324][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 49.279901][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.290485][ T374] Call Trace:
[ 49.293569][ T374]
[ 49.296354][ T374] dump_stack_lvl+0x151/0x1b7
[ 49.300860][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.306334][ T374] dump_stack+0x15/0x17
[ 49.310406][ T374] should_fail+0x3c6/0x510
[ 49.314782][ T374] __should_failslab+0xa4/0xe0
[ 49.319377][ T374] should_failslab+0x9/0x20
[ 49.323832][ T374] slab_pre_alloc_hook+0x37/0xd0
[ 49.328597][ T374] kmem_cache_alloc_trace+0x48/0x210
[ 49.334004][ T374] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.340339][ T374] ? migrate_disable+0x190/0x190
[ 49.345288][ T374] sk_psock_skb_ingress_self+0x60/0x330
[ 49.350841][ T374] sk_psock_verdict_recv+0x66d/0x840
[ 49.355961][ T374] unix_read_sock+0x132/0x370
[ 49.360486][ T374] ? sk_psock_skb_redirect+0x440/0x440
[ 49.366150][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 49.371702][ T374] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.377406][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 49.382999][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.388977][ T374] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.394629][ T374] ? _raw_spin_lock+0xa4/0x1b0
[ 49.399752][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.405391][ T374] ? skb_queue_tail+0xfb/0x120
[ 49.410197][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.415687][ T374] ? unix_dgram_poll+0x710/0x710
[ 49.420428][ T374] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.425423][ T374] ? security_socket_sendmsg+0x82/0xb0
[ 49.430699][ T374] ? unix_dgram_poll+0x710/0x710
[ 49.435470][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 49.440074][ T374] ? __sys_sendmsg_sock+0x40/0x40
[ 49.444955][ T374] ? import_iovec+0xe5/0x120
[ 49.449461][ T374] ___sys_sendmsg+0x252/0x2e0
[ 49.454075][ T374] ? __sys_sendmsg+0x260/0x260
[ 49.458662][ T374] ? do_handle_mm_fault+0x1949/0x2330
[ 49.463975][ T374] ? __kasan_check_write+0x14/0x20
[ 49.469005][ T374] ? proc_fail_nth_write+0x20b/0x290
[ 49.474142][ T374] ? __fdget+0x1bc/0x240
[ 49.478291][ T374] __sys_sendmmsg+0x2bf/0x530
[ 49.482808][ T374] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.487671][ T374] ? mutex_unlock+0xb2/0x260
[ 49.492112][ T374] ? __kasan_check_write+0x14/0x20
[ 49.497042][ T374] ? debug_smp_processor_id+0x17/0x20
[ 49.502339][ T374] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.508235][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.513201][ T374] do_syscall_64+0x3d/0xb0
[ 49.517462][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.523360][ T374] RIP: 0033:0x7f12a3324da9
[ 49.527606][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.547224][ T374] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.555470][ T374] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 49.563284][ T374] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 49.571367][ T374] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 49.579184][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.587191][ T374] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 49.594998][ T374]
[ 49.599170][ T373] ==================================================================
[ 49.607184][ T373] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.615403][ T373]
[ 49.617569][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 49.629893][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.639915][ T373] Call Trace:
[ 49.642999][ T373]
[ 49.645805][ T373] dump_stack_lvl+0x151/0x1b7
[ 49.650296][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.655778][ T373] ? __wake_up_klogd+0xd5/0x110
[ 49.660576][ T373] ? panic+0x751/0x751
[ 49.664629][ T373] ? kmem_cache_free+0x116/0x2e0
[ 49.669448][ T373] print_address_description+0x87/0x3b0
[ 49.674877][ T373] ? kmem_cache_free+0x116/0x2e0
[ 49.679656][ T373] ? kmem_cache_free+0x116/0x2e0
[ 49.684517][ T373] kasan_report_invalid_free+0x6b/0xa0
[ 49.689811][ T373] ____kasan_slab_free+0x13e/0x160
[ 49.694762][ T373] __kasan_slab_free+0x11/0x20
[ 49.699357][ T373] slab_free_freelist_hook+0xbd/0x190
[ 49.704748][ T373] ? kfree_skbmem+0x104/0x170
[ 49.709250][ T373] kmem_cache_free+0x116/0x2e0
[ 49.713861][ T373] kfree_skbmem+0x104/0x170
[ 49.718192][ T373] consume_skb+0xb4/0x250
[ 49.722356][ T373] __sk_msg_free+0x2dd/0x370
[ 49.726785][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.732427][ T373] sk_psock_stop+0x44c/0x4d0
[ 49.736939][ T373] ? unix_peer_get+0xe0/0xe0
[ 49.741467][ T373] sock_map_close+0x2b9/0x4c0
[ 49.746094][ T373] ? sock_map_remove_links+0x570/0x570
[ 49.751348][ T373] ? rwsem_mark_wake+0x6b0/0x6b0
[ 49.756135][ T373] unix_release+0x82/0xc0
[ 49.760287][ T373] sock_close+0xdf/0x270
[ 49.764456][ T373] ? sock_mmap+0xa0/0xa0
[ 49.768745][ T373] __fput+0x3fe/0x910
[ 49.772640][ T373] ____fput+0x15/0x20
[ 49.776649][ T373] task_work_run+0x129/0x190
[ 49.781058][ T373] exit_to_user_mode_loop+0xc4/0xe0
[ 49.786269][ T373] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.791645][ T373] syscall_exit_to_user_mode+0x26/0x160
[ 49.797056][ T373] do_syscall_64+0x49/0xb0
[ 49.801282][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.807008][ T373] RIP: 0033:0x7f12a3323c9a
[ 49.811277][ T373] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.830882][ T373] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.839122][ T373] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 49.846930][ T373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.855882][ T373] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 49.863693][ T373] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c392
[ 49.871501][ T373] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000c051
[ 49.879313][ T373]
[ 49.882171][ T373]
[ 49.884362][ T373] Allocated by task 374:
[ 49.888514][ T373] __kasan_slab_alloc+0xb1/0xe0
[ 49.893198][ T373] slab_post_alloc_hook+0x53/0x2c0
[ 49.898347][ T373] kmem_cache_alloc+0xf5/0x200
[ 49.902945][ T373] skb_clone+0x1d1/0x360
[ 49.907014][ T373] sk_psock_verdict_recv+0x53/0x840
[ 49.912050][ T373] unix_read_sock+0x132/0x370
[ 49.916611][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.922221][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.927509][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 49.932188][ T373] ___sys_sendmsg+0x252/0x2e0
[ 49.937243][ T373] __sys_sendmmsg+0x2bf/0x530
[ 49.941918][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.946590][ T373] do_syscall_64+0x3d/0xb0
[ 49.950843][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.956585][ T373]
[ 49.958753][ T373] Freed by task 60:
[ 49.962400][ T373] kasan_set_track+0x4b/0x70
[ 49.966819][ T373] kasan_set_free_info+0x23/0x40
[ 49.971596][ T373] ____kasan_slab_free+0x126/0x160
[ 49.976536][ T373] __kasan_slab_free+0x11/0x20
[ 49.981143][ T373] slab_free_freelist_hook+0xbd/0x190
[ 49.986351][ T373] kmem_cache_free+0x116/0x2e0
[ 49.990946][ T373] kfree_skbmem+0x104/0x170
[ 49.995420][ T373] kfree_skb+0xc2/0x360
[ 49.999415][ T373] sk_psock_backlog+0xc21/0xd90
[ 50.004327][ T373] process_one_work+0x6bb/0xc10
[ 50.009925][ T373] worker_thread+0xad5/0x12a0
[ 50.014437][ T373] kthread+0x421/0x510
[ 50.018875][ T373] ret_from_fork+0x1f/0x30
[ 50.023262][ T373]
[ 50.025654][ T373] The buggy address belongs to the object at ffff88811fe47b40
[ 50.025654][ T373] which belongs to the cache skbuff_head_cache of size 248
[ 50.040212][ T373] The buggy address is located 0 bytes inside of
[ 50.040212][ T373] 248-byte region [ffff88811fe47b40, ffff88811fe47c38)
[ 50.053904][ T373] The buggy address belongs to the page:
[ 50.059371][ T373] page:ffffea00047f91c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fe47
[ 50.070073][ T373] flags: 0x4000000000000200(slab|zone=1)
[ 50.075471][ T373] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 50.084166][ T373] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.092758][ T373] page dumped because: kasan: bad access detected
[ 50.098985][ T373] page_owner tracks the page as allocated
[ 50.104649][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 372, ts 49242843477, free_ts 47050724038
[ 50.120633][ T373] post_alloc_hook+0x1a3/0x1b0
[ 50.125304][ T373] prep_new_page+0x1b/0x110
[ 50.129910][ T373] get_page_from_freelist+0x3550/0x35d0
[ 50.135275][ T373] __alloc_pages+0x27e/0x8f0
[ 50.139702][ T373] new_slab+0x9a/0x4e0
[ 50.143690][ T373] ___slab_alloc+0x39e/0x830
[ 50.148131][ T373] __slab_alloc+0x4a/0x90
[ 50.152285][ T373] kmem_cache_alloc+0x134/0x200
[ 50.156973][ T373] __alloc_skb+0xbe/0x550
[ 50.161197][ T373] alloc_skb_with_frags+0xa6/0x680
[ 50.166086][ T373] sock_alloc_send_pskb+0x915/0xa50
[ 50.171123][ T373] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.176176][ T373] __sys_sendto+0x564/0x720
[ 50.180494][ T373] __x64_sys_sendto+0xe5/0x100
[ 50.185208][ T373] do_syscall_64+0x3d/0xb0
[ 50.189431][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.195176][ T373] page last free stack trace:
[ 50.199760][ T373] free_unref_page_prepare+0x7c8/0x7d0
[ 50.205194][ T373] free_unref_page+0xe8/0x750
[ 50.209877][ T373] __free_pages+0x61/0xf0
[ 50.214059][ T373] __vunmap+0x7bc/0x8f0
[ 50.218037][ T373] free_work+0x5b/0x80
[ 50.221955][ T373] process_one_work+0x6bb/0xc10
[ 50.226628][ T373] worker_thread+0xad5/0x12a0
[ 50.231153][ T373] kthread+0x421/0x510
[ 50.235049][ T373] ret_from_fork+0x1f/0x30
[ 50.239311][ T373]
[ 50.241470][ T373] Memory state around the buggy address:
[ 50.246946][ T373] ffff88811fe47a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.254843][ T373] ffff88811fe47a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.262752][ T373] >ffff88811fe47b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.270638][ T373] ^
[ 50.276628][ T373] ffff88811fe47b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.284712][ T373] ffff88811fe47c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.292689][ T373] ==================================================================
[ 50.310055][ T377] FAULT_INJECTION: forcing a failure.
[ 50.310055][ T377] name failslab, interval 1, probability 0, space 0, times 0
[ 50.322799][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 50.334513][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 50.344587][ T377] Call Trace:
[ 50.347735][ T377]
[ 50.350482][ T377] dump_stack_lvl+0x151/0x1b7
[ 50.354993][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.360476][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.366181][ T377] ? __skb_try_recv_datagram+0x495/0x6a0
[ 50.371575][ T377] dump_stack+0x15/0x17
[ 50.375560][ T377] should_fail+0x3c6/0x510
[ 50.379813][ T377] __should_failslab+0xa4/0xe0
[ 50.384415][ T377] ? skb_clone+0x1d1/0x360
[ 50.388752][ T377] should_failslab+0x9/0x20
[ 50.393100][ T377] slab_pre_alloc_hook+0x37/0xd0
[ 50.397954][ T377] ? skb_clone+0x1d1/0x360
[ 50.402209][ T377] kmem_cache_alloc+0x44/0x200
[ 50.406806][ T377] skb_clone+0x1d1/0x360
[ 50.411006][ T377] sk_psock_verdict_recv+0x53/0x840
[ 50.416156][ T377] ? avc_has_perm_noaudit+0x430/0x430
[ 50.421342][ T377] ? mntput_no_expire+0xfc/0x6b0
[ 50.426100][ T377] unix_read_sock+0x132/0x370
[ 50.430623][ T377] ? sk_psock_skb_redirect+0x440/0x440
[ 50.435908][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 50.441464][ T377] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.446756][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 50.452310][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.457954][ T377] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.463341][ T377] ? _raw_spin_lock+0xa4/0x1b0
[ 50.467941][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.473575][ T377] ? skb_queue_tail+0xfb/0x120
[ 50.478777][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.483797][ T377] ? unix_dgram_poll+0x710/0x710
[ 50.488556][ T377] ? _raw_spin_trylock+0xcd/0x1a0
[ 50.493582][ T377] ? security_socket_sendmsg+0x82/0xb0
[ 50.498855][ T377] ? unix_dgram_poll+0x710/0x710
[ 50.503791][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 50.508397][ T377] ? __sys_sendmsg_sock+0x40/0x40
[ 50.513446][ T377] ? import_iovec+0xe5/0x120
[ 50.517940][ T377] ___sys_sendmsg+0x252/0x2e0
[ 50.522455][ T377] ? __sys_sendmsg+0x260/0x260
[ 50.527197][ T377] ? do_handle_mm_fault+0x1949/0x2330
[ 50.532460][ T377] ? __kasan_check_write+0x14/0x20
[ 50.537401][ T377] ? proc_fail_nth_write+0x20b/0x290
[ 50.542525][ T377] ? __fdget+0x1bc/0x240
[ 50.546603][ T377] __sys_sendmmsg+0x2bf/0x530
[ 50.551116][ T377] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.556138][ T377] ? mutex_unlock+0xb2/0x260
[ 50.560731][ T377] ? __kasan_check_write+0x14/0x20
[ 50.565680][ T377] ? debug_smp_processor_id+0x17/0x20
[ 50.570883][ T377] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.576784][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.581474][ T377] do_syscall_64+0x3d/0xb0
[ 50.585725][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.591454][ T377] RIP: 0033:0x7f12a3324da9
[ 50.595706][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.615146][ T377] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.623625][ T377] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 50.631441][ T377] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.639323][ T377] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 50.647137][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.654950][ T377] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 50.662792][ T377]
[ 50.684105][ T379] FAULT_INJECTION: forcing a failure.
[ 50.684105][ T379] name failslab, interval 1, probability 0, space 0, times 0
[ 50.696721][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 50.708336][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 50.719122][ T379] Call Trace:
[ 50.722329][ T379]
[ 50.725084][ T379] dump_stack_lvl+0x151/0x1b7
[ 50.729627][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.735427][ T379] dump_stack+0x15/0x17
[ 50.739493][ T379] should_fail+0x3c6/0x510
[ 50.743920][ T379] __should_failslab+0xa4/0xe0
[ 50.748649][ T379] should_failslab+0x9/0x20
[ 50.752957][ T379] slab_pre_alloc_hook+0x37/0xd0
[ 50.758108][ T379] kmem_cache_alloc_trace+0x48/0x210
[ 50.763340][ T379] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.769112][ T379] ? migrate_disable+0x190/0x190
[ 50.773841][ T379] sk_psock_skb_ingress_self+0x60/0x330
[ 50.779398][ T379] sk_psock_verdict_recv+0x66d/0x840
[ 50.784607][ T379] unix_read_sock+0x132/0x370
[ 50.789238][ T379] ? sk_psock_skb_redirect+0x440/0x440
[ 50.794761][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 50.800512][ T379] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.806041][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 50.812056][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.818122][ T379] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.823712][ T379] ? _raw_spin_lock+0xa4/0x1b0
[ 50.829396][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.835409][ T379] ? skb_queue_tail+0xfb/0x120
[ 50.840033][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.845493][ T379] ? unix_dgram_poll+0x710/0x710
[ 50.850421][ T379] ? _raw_spin_trylock+0xcd/0x1a0
[ 50.855239][ T379] ? security_socket_sendmsg+0x82/0xb0
[ 50.860596][ T379] ? unix_dgram_poll+0x710/0x710
[ 50.865362][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 50.870049][ T379] ? __sys_sendmsg_sock+0x40/0x40
[ 50.874908][ T379] ? import_iovec+0xe5/0x120
[ 50.879351][ T379] ___sys_sendmsg+0x252/0x2e0
[ 50.883849][ T379] ? __sys_sendmsg+0x260/0x260
[ 50.888555][ T379] ? do_handle_mm_fault+0x1949/0x2330
[ 50.893846][ T379] ? __kasan_check_write+0x14/0x20
[ 50.898879][ T379] ? proc_fail_nth_write+0x20b/0x290
[ 50.904000][ T379] ? __fdget+0x1bc/0x240
[ 50.908074][ T379] __sys_sendmmsg+0x2bf/0x530
[ 50.912726][ T379] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.918247][ T379] ? mutex_unlock+0xb2/0x260
[ 50.922852][ T379] ? __kasan_check_write+0x14/0x20
[ 50.927809][ T379] ? debug_smp_processor_id+0x17/0x20
[ 50.933002][ T379] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.939028][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.943813][ T379] do_syscall_64+0x3d/0xb0
[ 50.948151][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.954122][ T379] RIP: 0033:0x7f12a3324da9
[ 50.958387][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.979546][ T379] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.988059][ T379] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 50.995877][ T379] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 51.003783][ T379] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 51.011815][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.020941][ T379] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 51.029273][ T379]
[ 51.034678][ T378] ==================================================================
[ 51.043931][ T378] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.052569][ T378]
[ 51.054737][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 51.067105][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 51.077009][ T378] Call Trace:
[ 51.080122][ T378]
[ 51.082987][ T378] dump_stack_lvl+0x151/0x1b7
[ 51.087518][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.092973][ T378] ? __wake_up_klogd+0xd5/0x110
[ 51.097682][ T378] ? panic+0x751/0x751
[ 51.101559][ T378] ? kmem_cache_free+0x116/0x2e0
[ 51.106615][ T378] print_address_description+0x87/0x3b0
[ 51.112038][ T378] ? kmem_cache_free+0x116/0x2e0
[ 51.116851][ T378] ? kmem_cache_free+0x116/0x2e0
[ 51.122321][ T378] kasan_report_invalid_free+0x6b/0xa0
[ 51.127797][ T378] ____kasan_slab_free+0x13e/0x160
[ 51.132825][ T378] __kasan_slab_free+0x11/0x20
[ 51.137723][ T378] slab_free_freelist_hook+0xbd/0x190
[ 51.142920][ T378] ? kfree_skbmem+0x104/0x170
[ 51.147657][ T378] kmem_cache_free+0x116/0x2e0
[ 51.152329][ T378] kfree_skbmem+0x104/0x170
[ 51.156683][ T378] consume_skb+0xb4/0x250
[ 51.160948][ T378] __sk_msg_free+0x2dd/0x370
[ 51.165346][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.170988][ T378] sk_psock_stop+0x44c/0x4d0
[ 51.175538][ T378] ? unix_peer_get+0xe0/0xe0
[ 51.180151][ T378] sock_map_close+0x2b9/0x4c0
[ 51.184840][ T378] ? sock_map_remove_links+0x570/0x570
[ 51.190391][ T378] ? rwsem_mark_wake+0x6b0/0x6b0
[ 51.195181][ T378] unix_release+0x82/0xc0
[ 51.199530][ T378] sock_close+0xdf/0x270
[ 51.203608][ T378] ? sock_mmap+0xa0/0xa0
[ 51.207839][ T378] __fput+0x3fe/0x910
[ 51.211805][ T378] ____fput+0x15/0x20
[ 51.215573][ T378] task_work_run+0x129/0x190
[ 51.220487][ T378] exit_to_user_mode_loop+0xc4/0xe0
[ 51.225600][ T378] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.230993][ T378] syscall_exit_to_user_mode+0x26/0x160
[ 51.236349][ T378] do_syscall_64+0x49/0xb0
[ 51.240611][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.246343][ T378] RIP: 0033:0x7f12a3323c9a
[ 51.250601][ T378] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.270751][ T378] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.279130][ T378] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 51.287204][ T378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.295398][ T378] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 51.303643][ T378] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c927
[ 51.311869][ T378] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000c5e6
[ 51.320165][ T378]
[ 51.323023][ T378]
[ 51.325198][ T378] Allocated by task 379:
[ 51.329605][ T378] __kasan_slab_alloc+0xb1/0xe0
[ 51.334382][ T378] slab_post_alloc_hook+0x53/0x2c0
[ 51.340365][ T378] kmem_cache_alloc+0xf5/0x200
[ 51.345202][ T378] skb_clone+0x1d1/0x360
[ 51.349525][ T378] sk_psock_verdict_recv+0x53/0x840
[ 51.354933][ T378] unix_read_sock+0x132/0x370
[ 51.359547][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.365160][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.370195][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 51.374894][ T378] ___sys_sendmsg+0x252/0x2e0
[ 51.379808][ T378] __sys_sendmmsg+0x2bf/0x530
[ 51.385007][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.389686][ T378] do_syscall_64+0x3d/0xb0
[ 51.393935][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.399665][ T378]
[ 51.401838][ T378] Freed by task 39:
[ 51.405475][ T378] kasan_set_track+0x4b/0x70
[ 51.409903][ T378] kasan_set_free_info+0x23/0x40
[ 51.414677][ T378] ____kasan_slab_free+0x126/0x160
[ 51.419745][ T378] __kasan_slab_free+0x11/0x20
[ 51.424488][ T378] slab_free_freelist_hook+0xbd/0x190
[ 51.430345][ T378] kmem_cache_free+0x116/0x2e0
[ 51.434950][ T378] kfree_skbmem+0x104/0x170
[ 51.439420][ T378] kfree_skb+0xc2/0x360
[ 51.443506][ T378] sk_psock_backlog+0xc21/0xd90
[ 51.448188][ T378] process_one_work+0x6bb/0xc10
[ 51.453050][ T378] worker_thread+0xad5/0x12a0
[ 51.457556][ T378] kthread+0x421/0x510
[ 51.461471][ T378] ret_from_fork+0x1f/0x30
[ 51.465853][ T378]
[ 51.467997][ T378] The buggy address belongs to the object at ffff88811fdd4500
[ 51.467997][ T378] which belongs to the cache skbuff_head_cache of size 248
[ 51.482746][ T378] The buggy address is located 0 bytes inside of
[ 51.482746][ T378] 248-byte region [ffff88811fdd4500, ffff88811fdd45f8)
[ 51.495761][ T378] The buggy address belongs to the page:
[ 51.501704][ T378] page:ffffea00047f7500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fdd4
[ 51.512828][ T378] flags: 0x4000000000000200(slab|zone=1)
[ 51.518301][ T378] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351980
[ 51.526716][ T378] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.535529][ T378] page dumped because: kasan: bad access detected
[ 51.541774][ T378] page_owner tracks the page as allocated
[ 51.547341][ T378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 292, ts 49680009253, free_ts 22553044611
[ 51.564753][ T378] post_alloc_hook+0x1a3/0x1b0
[ 51.569350][ T378] prep_new_page+0x1b/0x110
[ 51.573947][ T378] get_page_from_freelist+0x3550/0x35d0
[ 51.579422][ T378] __alloc_pages+0x27e/0x8f0
[ 51.583979][ T378] new_slab+0x9a/0x4e0
[ 51.587878][ T378] ___slab_alloc+0x39e/0x830
[ 51.592310][ T378] __slab_alloc+0x4a/0x90
[ 51.596489][ T378] kmem_cache_alloc+0x134/0x200
[ 51.601162][ T378] __alloc_skb+0xbe/0x550
[ 51.605551][ T378] ndisc_alloc_skb+0xf3/0x2d0
[ 51.610053][ T378] ndisc_send_rs+0x26c/0x6a0
[ 51.614517][ T378] addrconf_rs_timer+0x2d1/0x600
[ 51.619245][ T378] call_timer_fn+0x3b/0x2d0
[ 51.623583][ T378] __run_timers+0x72a/0xa10
[ 51.627962][ T378] run_timer_softirq+0x69/0xf0
[ 51.632888][ T378] __do_softirq+0x26d/0x5bf
[ 51.637220][ T378] page last free stack trace:
[ 51.641726][ T378] free_unref_page_prepare+0x7c8/0x7d0
[ 51.647138][ T378] free_unref_page+0xe8/0x750
[ 51.651732][ T378] __free_pages+0x61/0xf0
[ 51.656050][ T378] __vunmap+0x7bc/0x8f0
[ 51.660129][ T378] vfree+0x7f/0xb0
[ 51.663805][ T378] kcov_close+0x2b/0x50
[ 51.667799][ T378] __fput+0x3fe/0x910
[ 51.671703][ T378] ____fput+0x15/0x20
[ 51.675650][ T378] task_work_run+0x129/0x190
[ 51.680083][ T378] do_exit+0xc48/0x2ca0
[ 51.684069][ T378] do_group_exit+0x141/0x310
[ 51.688516][ T378] get_signal+0x7a3/0x1630
[ 51.692851][ T378] arch_do_signal_or_restart+0xbd/0x1680
[ 51.698510][ T378] exit_to_user_mode_loop+0xa0/0xe0
[ 51.703596][ T378] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.709456][ T378] syscall_exit_to_user_mode+0x26/0x160
[ 51.715079][ T378]
[ 51.717247][ T378] Memory state around the buggy address:
[ 51.723083][ T378] ffff88811fdd4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.731234][ T378] ffff88811fdd4480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.740091][ T378] >ffff88811fdd4500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.748780][ T378] ^
[ 51.752775][ T378] ffff88811fdd4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.761142][ T378] ffff88811fdd4600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.770181][ T378] ==================================================================
[ 51.795034][ T382] FAULT_INJECTION: forcing a failure.
[ 51.795034][ T382] name failslab, interval 1, probability 0, space 0, times 0
[ 51.808370][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 51.820340][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 51.830406][ T382] Call Trace:
[ 51.833533][ T382]
[ 51.836313][ T382] dump_stack_lvl+0x151/0x1b7
[ 51.840829][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.846288][ T382] dump_stack+0x15/0x17
[ 51.850277][ T382] should_fail+0x3c6/0x510
[ 51.854795][ T382] __should_failslab+0xa4/0xe0
[ 51.859607][ T382] should_failslab+0x9/0x20
[ 51.863941][ T382] slab_pre_alloc_hook+0x37/0xd0
[ 51.868817][ T382] kmem_cache_alloc_trace+0x48/0x210
[ 51.874202][ T382] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.879845][ T382] ? migrate_disable+0x190/0x190
[ 51.884636][ T382] sk_psock_skb_ingress_self+0x60/0x330
[ 51.890010][ T382] sk_psock_verdict_recv+0x66d/0x840
[ 51.895117][ T382] unix_read_sock+0x132/0x370
[ 51.899633][ T382] ? sk_psock_skb_redirect+0x440/0x440
[ 51.905053][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 51.910566][ T382] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.916060][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 51.921761][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.927843][ T382] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.933099][ T382] ? _raw_spin_lock+0xa4/0x1b0
[ 51.937791][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.943542][ T382] ? skb_queue_tail+0xfb/0x120
[ 51.948232][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.953387][ T382] ? unix_dgram_poll+0x710/0x710
[ 51.958355][ T382] ? _raw_spin_trylock+0xcd/0x1a0
[ 51.963959][ T382] ? security_socket_sendmsg+0x82/0xb0
[ 51.969878][ T382] ? unix_dgram_poll+0x710/0x710
[ 51.974842][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 51.979446][ T382] ? __sys_sendmsg_sock+0x40/0x40
[ 51.984429][ T382] ? import_iovec+0xe5/0x120
[ 51.989226][ T382] ___sys_sendmsg+0x252/0x2e0
[ 51.993822][ T382] ? __sys_sendmsg+0x260/0x260
[ 51.998458][ T382] ? do_handle_mm_fault+0x1949/0x2330
[ 52.003719][ T382] ? __kasan_check_write+0x14/0x20
[ 52.009670][ T382] ? proc_fail_nth_write+0x20b/0x290
[ 52.014976][ T382] ? __fdget+0x1bc/0x240
[ 52.019381][ T382] __sys_sendmmsg+0x2bf/0x530
[ 52.023985][ T382] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.028959][ T382] ? mutex_unlock+0xb2/0x260
[ 52.033558][ T382] ? __kasan_check_write+0x14/0x20
[ 52.038495][ T382] ? debug_smp_processor_id+0x17/0x20
[ 52.044206][ T382] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.050299][ T382] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.054991][ T382] do_syscall_64+0x3d/0xb0
[ 52.059257][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.065350][ T382] RIP: 0033:0x7f12a3324da9
[ 52.069602][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.090017][ T382] RSP: 002b:00007f12a2ea70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.098347][ T382] RAX: ffffffffffffffda RBX: 00007f12a3453f80 RCX: 00007f12a3324da9
[ 52.107746][ T382] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 52.115570][ T382] RBP: 00007f12a2ea7120 R08: 0000000000000000 R09: 0000000000000000
[ 52.123670][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.131993][ T382] R13: 000000000000000b R14: 00007f12a3453f80 R15: 00007fff5eaf0b58
[ 52.139993][ T382]
[ 52.144846][ T381] ==================================================================
[ 52.152942][ T381] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.161435][ T381]
[ 52.163591][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 52.175316][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 52.185623][ T381] Call Trace:
[ 52.188878][ T381]
[ 52.191680][ T381] dump_stack_lvl+0x151/0x1b7
[ 52.196255][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.201725][ T381] ? __wake_up_klogd+0xd5/0x110
[ 52.206410][ T381] ? panic+0x751/0x751
[ 52.210323][ T381] ? kmem_cache_free+0x116/0x2e0
[ 52.215191][ T381] print_address_description+0x87/0x3b0
[ 52.220554][ T381] ? kmem_cache_free+0x116/0x2e0
[ 52.225322][ T381] ? kmem_cache_free+0x116/0x2e0
[ 52.230096][ T381] kasan_report_invalid_free+0x6b/0xa0
[ 52.235548][ T381] ____kasan_slab_free+0x13e/0x160
[ 52.240590][ T381] __kasan_slab_free+0x11/0x20
[ 52.245440][ T381] slab_free_freelist_hook+0xbd/0x190
[ 52.250834][ T381] ? kfree_skbmem+0x104/0x170
[ 52.255469][ T381] kmem_cache_free+0x116/0x2e0
[ 52.260203][ T381] kfree_skbmem+0x104/0x170
[ 52.265363][ T381] consume_skb+0xb4/0x250
[ 52.270263][ T381] __sk_msg_free+0x2dd/0x370
[ 52.274637][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.280941][ T381] sk_psock_stop+0x44c/0x4d0
[ 52.285660][ T381] ? unix_peer_get+0xe0/0xe0
[ 52.290284][ T381] sock_map_close+0x2b9/0x4c0
[ 52.295024][ T381] ? sock_map_remove_links+0x570/0x570
[ 52.300394][ T381] ? rwsem_mark_wake+0x6b0/0x6b0
[ 52.305376][ T381] unix_release+0x82/0xc0
[ 52.309666][ T381] sock_close+0xdf/0x270
[ 52.313716][ T381] ? sock_mmap+0xa0/0xa0
[ 52.317799][ T381] __fput+0x3fe/0x910
[ 52.321737][ T381] ____fput+0x15/0x20
[ 52.325534][ T381] task_work_run+0x129/0x190
[ 52.330093][ T381] exit_to_user_mode_loop+0xc4/0xe0
[ 52.335087][ T381] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.340564][ T381] syscall_exit_to_user_mode+0x26/0x160
[ 52.345912][ T381] do_syscall_64+0x49/0xb0
[ 52.350172][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.356161][ T381] RIP: 0033:0x7f12a3323c9a
[ 52.360537][ T381] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.380117][ T381] RSP: 002b:00007fff5eaf0c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.388466][ T381] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f12a3323c9a
[ 52.396253][ T381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.404193][ T381] RBP: 00007f12a3455980 R08: 0000001b31760000 R09: 00007fff5eb4c0b0
[ 52.412177][ T381] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cd7e
[ 52.420162][ T381] R13: ffffffffffffffff R14: 00007f12a2ea8000 R15: 000000000000ca3d
[ 52.428001][ T381]
[ 52.430828][ T381]
[ 52.433016][ T381] Allocated by task 382:
[ 52.437086][ T381] __kasan_slab_alloc+0xb1/0xe0
[ 52.441761][ T381] slab_post_alloc_hook+0x53/0x2c0
[ 52.446725][ T381] kmem_cache_alloc+0xf5/0x200
[ 52.451306][ T381] skb_clone+0x1d1/0x360
[ 52.455397][ T381] sk_psock_verdict_recv+0x53/0x840
[ 52.460421][ T381] unix_read_sock+0x132/0x370
[ 52.464937][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.470576][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.475609][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 52.480298][ T381] ___sys_sendmsg+0x252/0x2e0
[ 52.484818][ T381] __sys_sendmmsg+0x2bf/0x530
[ 52.489325][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.494047][ T381] do_syscall_64+0x3d/0xb0
[ 52.498349][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.504083][ T381]
[ 52.506250][ T381] Freed by task 300:
[ 52.509980][ T381] kasan_set_track+0x4b/0x70
[ 52.514408][ T381] kasan_set_free_info+0x23/0x40
[ 52.519184][ T381] ____kasan_slab_free+0x126/0x160
[ 52.524240][ T381] __kasan_slab_free+0x11/0x20
[ 52.528840][ T381] slab_free_freelist_hook+0xbd/0x190
[ 52.534044][ T381] kmem_cache_free+0x116/0x2e0
[ 52.538644][ T381] kfree_skbmem+0x104/0x170
[ 52.542989][ T381] kfree_skb+0xc2/0x360
[ 52.546973][ T381] sk_psock_backlog+0xc21/0xd90
[ 52.551814][ T381] process_one_work+0x6bb/0xc10
[ 52.556483][ T381] worker_thread+0xad5/0x12a0
[ 52.561065][ T381] kthread+0x421/0x510
[ 52.565026][ T381] ret_from_fork+0x1f/0x30
[ 52.569389][ T381]
[ 52.571559][ T381] The buggy address belongs to the object at ffff88810de323c0
[ 52.571559][ T381] which belongs to the cache skbuff_head_cache of size 248
[ 52.586049][ T381] The buggy address is located 0 bytes inside of
[ 52.586049][ T381] 248-byte region [ffff88810de323c0, ffff88810de324b8)
[ 52.598979][ T381] The buggy address belongs to the page:
[ 52.604452][ T381] page:ffffea0004378c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de32
[ 52.614515][ T381] flags: 0x4000000000000200(slab|zone=1)
[ 52.620112][ T381] raw: 4000000000000200 ffffea000436dac0 0000000a0000000a ffff888100351980
[ 52.628708][ T381] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 52.637202][ T381] page dumped because: kasan: bad access detected
[ 52.643456][ T381] page_owner tracks the page as allocated
[ 52.649124][ T381] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4417171215, free_ts 0
[ 52.664316][ T381] post_alloc_hook+0x1a3/0x1b0
[ 52.669137][ T381] prep_new_page+0x1b/0x110
[ 52.673473][ T381] get_page_from_freelist+0x3550/0x35d0
[ 52.678846][ T381] __alloc_pages+0x27e/0x8f0
[ 52.683823][ T381] new_slab+0x9a/0x4e0
[ 52.687782][ T381] ___slab_alloc+0x39e/0x830
[ 52.692206][ T381] __slab_alloc+0x4a/0x90
[ 52.696370][ T381] kmem_cache_alloc+0x134/0x200
[ 52.701064][ T381] __alloc_skb+0xbe/0x550
[ 52.705221][ T381] alloc_skb_with_frags+0xa6/0x680
[ 52.710167][ T381] sock_alloc_send_pskb+0x915/0xa50
[ 52.715218][ T381] unix_dgram_sendmsg+0x6fd/0x2090
[ 52.720153][ T381] sock_write_iter+0x39b/0x530
[ 52.724942][ T381] vfs_write+0xd5d/0x1110
[ 52.729223][ T381] ksys_write+0x199/0x2c0
[ 52.733817][ T381] __x64_sys_write+0x7b/0x90
[ 52.739574][ T381] page_owner free stack trace missing
[ 52.744942][ T381]
[ 52.747142][ T381] Memory state around the buggy address:
[ 52.752976][ T381] ffff88810de32280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.761586][ T381] ffff88810de32300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.769845][ T381] >ffff88810de32380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.777895][ T381] ^
[ 52.784678][ T381] ffff88810de32400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/02/02 05:34:25 executed programs: 10
[ 52.793863][ T381] ffff88810de32480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.802884][ T381] ==================================================================
[ 52.848134][ T385] FAULT_INJECTION: forcing a failure.
[ 52.848134][ T385] name failslab, interval 1, probability 0, space 0, times 0
[ 52.860889][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.147-syzkaller-1068928-g1c3a1f32bcbd #0
[ 52.872532][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 52.882511][ T385] Call Trace:
[ 52.885727][ T385]
[ 52.888499][ T385] dump_stack_lvl+0x151/0x1b7
[ 52.893110][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.898747][ T385] dump_stack+0x15/0x17
[ 52.902764][ T385] should_fail+0x3c6/0x510
[ 52.907136][ T385] __should_failslab+0xa4/0xe0
[ 52.911835][ T385] should_failslab+0x9/0x20
[ 52.916391][ T385] slab_pre_alloc_hook+0x37/0xd0
[ 52.921165][ T385] kmem_cache_alloc_trace+0x48/0x210
[ 52.926580][ T385] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.932129][ T385] ? migrate_disable+0x190/0x190
[ 52.937167][ T385] sk_psock_skb_ingress_self+0x60/0x330
[ 52.942543][ T385] sk_psock_verdict_recv+0x66d/0x840