Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts.
2023/12/26 22:37:02 ignoring optional flag "sandboxArg"="0"
2023/12/26 22:37:02 parsed 1 programs
[ 41.287907][ T30] audit: type=1400 audit(1703630222.175:157): avc: denied { mounton } for pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.313847][ T30] audit: type=1400 audit(1703630222.175:158): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.394899][ T30] audit: type=1400 audit(1703630222.285:159): avc: denied { unlink } for pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2023/12/26 22:37:02 executed programs: 0
[ 41.459508][ T341] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 41.522018][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.529175][ T347] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.537078][ T347] device bridge_slave_0 entered promiscuous mode
[ 41.544244][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.551352][ T347] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.559408][ T347] device bridge_slave_1 entered promiscuous mode
[ 41.607201][ T30] audit: type=1400 audit(1703630222.495:160): avc: denied { write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.612942][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.628646][ T30] audit: type=1400 audit(1703630222.495:161): avc: denied { read } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.635254][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.635377][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.670392][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.692846][ T60] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.700359][ T60] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.708664][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.717251][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.726580][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.734650][ T39] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.741826][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.754334][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.762289][ T39] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.769324][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.777034][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.794395][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.802786][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.810698][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.818661][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.826553][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.835577][ T347] device veth0_vlan entered promiscuous mode
[ 41.845724][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.854859][ T347] device veth1_macvtap entered promiscuous mode
[ 41.864739][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.875409][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.890704][ T30] audit: type=1400 audit(1703630222.775:162): avc: denied { mounton } for pid=347 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 41.924899][ T30] audit: type=1400 audit(1703630222.815:163): avc: denied { prog_load } for pid=353 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 41.944704][ T30] audit: type=1400 audit(1703630222.815:164): avc: denied { bpf } for pid=353 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 41.945921][ T354] FAULT_INJECTION: forcing a failure.
[ 41.945921][ T354] name failslab, interval 1, probability 0, space 0, times 1
[ 41.966302][ T30] audit: type=1400 audit(1703630222.815:165): avc: denied { perfmon } for pid=353 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 41.979058][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Not tainted 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 42.000673][ T30] audit: type=1400 audit(1703630222.835:166): avc: denied { prog_run } for pid=353 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.010219][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 42.010232][ T354] Call Trace:
[ 42.010238][ T354]
[ 42.010245][ T354] dump_stack_lvl+0x151/0x1b7
[ 42.010273][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.056049][ T354] dump_stack+0x15/0x17
[ 42.060029][ T354] should_fail+0x3c6/0x510
[ 42.064550][ T354] __should_failslab+0xa4/0xe0
[ 42.069276][ T354] should_failslab+0x9/0x20
[ 42.074140][ T354] slab_pre_alloc_hook+0x37/0xd0
[ 42.079148][ T354] kmem_cache_alloc_trace+0x48/0x210
[ 42.084531][ T354] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.090475][ T354] ? migrate_disable+0x190/0x190
[ 42.095477][ T354] sk_psock_skb_ingress_self+0x60/0x330
[ 42.100842][ T354] sk_psock_verdict_recv+0x66d/0x840
[ 42.105964][ T354] unix_read_sock+0x132/0x370
[ 42.110477][ T354] ? sk_psock_skb_redirect+0x440/0x440
[ 42.115905][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 42.121438][ T354] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.126850][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 42.132869][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.138770][ T354] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.144306][ T354] ? _raw_spin_lock+0xa4/0x1b0
[ 42.149215][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.154961][ T354] ? skb_queue_tail+0xfb/0x120
[ 42.159545][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.164587][ T354] ? unix_dgram_poll+0x710/0x710
[ 42.169522][ T354] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.174385][ T354] ? security_socket_sendmsg+0x82/0xb0
[ 42.179934][ T354] ? unix_dgram_poll+0x710/0x710
[ 42.184992][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 42.189652][ T354] ? __sys_sendmsg_sock+0x40/0x40
[ 42.194923][ T354] ? import_iovec+0xe5/0x120
[ 42.199712][ T354] ___sys_sendmsg+0x252/0x2e0
[ 42.204390][ T354] ? __sys_sendmsg+0x260/0x260
[ 42.209264][ T354] ? do_handle_mm_fault+0x1949/0x2330
[ 42.214486][ T354] ? __kasan_check_write+0x14/0x20
[ 42.219588][ T354] ? proc_fail_nth_write+0x20b/0x290
[ 42.224906][ T354] ? __fdget+0x1bc/0x240
[ 42.229105][ T354] __sys_sendmmsg+0x2bf/0x530
[ 42.233607][ T354] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.239298][ T354] ? mutex_unlock+0xb2/0x260
[ 42.243701][ T354] ? __kasan_check_write+0x14/0x20
[ 42.248972][ T354] ? debug_smp_processor_id+0x17/0x20
[ 42.254310][ T354] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.260280][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.265054][ T354] do_syscall_64+0x3d/0xb0
[ 42.269305][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.275124][ T354] RIP: 0033:0x7fdf3ce74ae9
[ 42.279485][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.299921][ T354] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.308259][ T354] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 42.316364][ T354] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.324346][ T354] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 42.332239][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.340145][ T354] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 42.347959][ T354]
[ 42.353255][ T353] ==================================================================
[ 42.361139][ T353] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 42.367993][ T353] Read of size 4 at addr ffff8881079855ec by task syz-executor.0/353
[ 42.375892][ T353]
[ 42.378148][ T353] CPU: 0 PID: 353 Comm: syz-executor.0 Not tainted 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 42.388305][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 42.398724][ T353] Call Trace:
[ 42.401841][ T353]
[ 42.404715][ T353] dump_stack_lvl+0x151/0x1b7
[ 42.409219][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.414686][ T353] ? panic+0x751/0x751
[ 42.418606][ T353] print_address_description+0x87/0x3b0
[ 42.424062][ T353] kasan_report+0x179/0x1c0
[ 42.428411][ T353] ? consume_skb+0x3c/0x250
[ 42.432914][ T353] ? consume_skb+0x3c/0x250
[ 42.437342][ T353] kasan_check_range+0x293/0x2a0
[ 42.442117][ T353] __kasan_check_read+0x11/0x20
[ 42.447056][ T353] consume_skb+0x3c/0x250
[ 42.451413][ T353] __sk_msg_free+0x2dd/0x370
[ 42.455858][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.461659][ T353] sk_psock_stop+0x44c/0x4d0
[ 42.466432][ T353] ? unix_peer_get+0xe0/0xe0
[ 42.471028][ T353] sock_map_close+0x2b9/0x4c0
[ 42.475653][ T353] ? sock_map_remove_links+0x570/0x570
[ 42.481014][ T353] ? rwsem_mark_wake+0x6b0/0x6b0
[ 42.486213][ T353] unix_release+0x82/0xc0
[ 42.490407][ T353] sock_close+0xdf/0x270
[ 42.494574][ T353] ? sock_mmap+0xa0/0xa0
[ 42.499022][ T353] __fput+0x3fe/0x910
[ 42.502993][ T353] ____fput+0x15/0x20
[ 42.506792][ T353] task_work_run+0x129/0x190
[ 42.511311][ T353] exit_to_user_mode_loop+0xc4/0xe0
[ 42.516521][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 42.521809][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 42.527683][ T353] do_syscall_64+0x49/0xb0
[ 42.532007][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.538032][ T353] RIP: 0033:0x7fdf3ce739da
[ 42.542734][ T353] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.562960][ T353] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.571827][ T353] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 42.579919][ T353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.588837][ T353] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 42.597120][ T353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a6f7
[ 42.604941][ T353] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000a3b6
[ 42.613067][ T353]
[ 42.615916][ T353]
[ 42.618175][ T353] Allocated by task 354:
[ 42.622427][ T353] __kasan_slab_alloc+0xb1/0xe0
[ 42.627134][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 42.632355][ T353] kmem_cache_alloc+0xf5/0x200
[ 42.637378][ T353] skb_clone+0x1d1/0x360
[ 42.641464][ T353] sk_psock_verdict_recv+0x53/0x840
[ 42.646672][ T353] unix_read_sock+0x132/0x370
[ 42.651268][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.657142][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.662127][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 42.666757][ T353] ___sys_sendmsg+0x252/0x2e0
[ 42.671427][ T353] __sys_sendmmsg+0x2bf/0x530
[ 42.676285][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.681838][ T353] do_syscall_64+0x3d/0xb0
[ 42.686311][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.692259][ T353]
[ 42.694417][ T353] Freed by task 6:
[ 42.697999][ T353] kasan_set_track+0x4b/0x70
[ 42.702409][ T353] kasan_set_free_info+0x23/0x40
[ 42.707362][ T353] ____kasan_slab_free+0x126/0x160
[ 42.712483][ T353] __kasan_slab_free+0x11/0x20
[ 42.717082][ T353] slab_free_freelist_hook+0xbd/0x190
[ 42.722273][ T353] kmem_cache_free+0x116/0x2e0
[ 42.726972][ T353] kfree_skbmem+0x104/0x170
[ 42.731387][ T353] kfree_skb+0xc2/0x360
[ 42.735386][ T353] sk_psock_backlog+0xc21/0xd90
[ 42.740066][ T353] process_one_work+0x6bb/0xc10
[ 42.744752][ T353] worker_thread+0xad5/0x12a0
[ 42.749268][ T353] kthread+0x421/0x510
[ 42.753740][ T353] ret_from_fork+0x1f/0x30
[ 42.758331][ T353]
[ 42.760764][ T353] The buggy address belongs to the object at ffff888107985500
[ 42.760764][ T353] which belongs to the cache skbuff_head_cache of size 248
[ 42.775441][ T353] The buggy address is located 236 bytes inside of
[ 42.775441][ T353] 248-byte region [ffff888107985500, ffff8881079855f8)
[ 42.789088][ T353] The buggy address belongs to the page:
[ 42.794730][ T353] page:ffffea00041e6140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107985
[ 42.805508][ T353] flags: 0x4000000000000200(slab|zone=1)
[ 42.810973][ T353] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 42.819567][ T353] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 42.828288][ T353] page dumped because: kasan: bad access detected
[ 42.834814][ T353] page_owner tracks the page as allocated
[ 42.840453][ T353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 352, ts 41924633670, free_ts 22262178775
[ 42.856356][ T353] post_alloc_hook+0x1a3/0x1b0
[ 42.860944][ T353] prep_new_page+0x1b/0x110
[ 42.865296][ T353] get_page_from_freelist+0x3550/0x35d0
[ 42.870759][ T353] __alloc_pages+0x27e/0x8f0
[ 42.875481][ T353] new_slab+0x9a/0x4e0
[ 42.879703][ T353] ___slab_alloc+0x39e/0x830
[ 42.884121][ T353] __slab_alloc+0x4a/0x90
[ 42.888287][ T353] kmem_cache_alloc+0x134/0x200
[ 42.892973][ T353] __alloc_skb+0xbe/0x550
[ 42.897398][ T353] alloc_skb_with_frags+0xa6/0x680
[ 42.902869][ T353] sock_alloc_send_pskb+0x915/0xa50
[ 42.907960][ T353] unix_dgram_sendmsg+0x6fd/0x2090
[ 42.912851][ T353] sock_write_iter+0x39b/0x530
[ 42.917447][ T353] vfs_write+0xd5d/0x1110
[ 42.921625][ T353] ksys_write+0x199/0x2c0
[ 42.925790][ T353] __x64_sys_write+0x7b/0x90
[ 42.930293][ T353] page last free stack trace:
[ 42.935069][ T353] free_unref_page_prepare+0x7c8/0x7d0
[ 42.940795][ T353] free_unref_page+0xe8/0x750
[ 42.945312][ T353] __free_pages+0x61/0xf0
[ 42.949476][ T353] __free_slab+0xec/0x1d0
[ 42.953651][ T353] __unfreeze_partials+0x165/0x1a0
[ 42.958759][ T353] put_cpu_partial+0xc4/0x120
[ 42.963276][ T353] __slab_free+0x1c8/0x290
[ 42.967699][ T353] ___cache_free+0x109/0x120
[ 42.972316][ T353] qlink_free+0x4d/0x90
[ 42.976328][ T353] qlist_free_all+0x44/0xb0
[ 42.980723][ T353] kasan_quarantine_reduce+0x15a/0x180
[ 42.986368][ T353] __kasan_slab_alloc+0x2f/0xe0
[ 42.991065][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 42.996091][ T353] kmem_cache_alloc+0xf5/0x200
[ 43.000681][ T353] __alloc_skb+0xbe/0x550
[ 43.004890][ T353] inet6_netconf_notify_devconf+0xdd/0x190
[ 43.010753][ T353]
[ 43.013108][ T353] Memory state around the buggy address:
[ 43.018565][ T353] ffff888107985480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.026551][ T353] ffff888107985500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.034535][ T353] >ffff888107985580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.042429][ T353] ^
[ 43.049727][ T353] ffff888107985600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.057744][ T353] ffff888107985680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.065689][ T353] ==================================================================
[ 43.073677][ T353] Disabling lock debugging due to kernel taint
[ 43.079720][ T353] ==================================================================
[ 43.087839][ T353] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 43.096085][ T353]
[ 43.098252][ T353] CPU: 0 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 43.110022][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 43.120175][ T353] Call Trace:
[ 43.123291][ T353]
[ 43.126071][ T353] dump_stack_lvl+0x151/0x1b7
[ 43.130590][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.136143][ T353] ? __wake_up_klogd+0xd5/0x110
[ 43.141104][ T353] ? panic+0x751/0x751
[ 43.145081][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.149892][ T353] print_address_description+0x87/0x3b0
[ 43.155776][ T353] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.161927][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.166698][ T353] ? kmem_cache_free+0x116/0x2e0
[ 43.171570][ T353] kasan_report_invalid_free+0x6b/0xa0
[ 43.176854][ T353] ____kasan_slab_free+0x13e/0x160
[ 43.181802][ T353] __kasan_slab_free+0x11/0x20
[ 43.186411][ T353] slab_free_freelist_hook+0xbd/0x190
[ 43.191727][ T353] ? kfree_skbmem+0x104/0x170
[ 43.196322][ T353] kmem_cache_free+0x116/0x2e0
[ 43.201014][ T353] kfree_skbmem+0x104/0x170
[ 43.205343][ T353] consume_skb+0xb4/0x250
[ 43.209500][ T353] __sk_msg_free+0x2dd/0x370
[ 43.213940][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.219742][ T353] sk_psock_stop+0x44c/0x4d0
[ 43.224172][ T353] ? unix_peer_get+0xe0/0xe0
[ 43.228686][ T353] sock_map_close+0x2b9/0x4c0
[ 43.233279][ T353] ? sock_map_remove_links+0x570/0x570
[ 43.238664][ T353] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.243621][ T353] unix_release+0x82/0xc0
[ 43.247786][ T353] sock_close+0xdf/0x270
[ 43.251960][ T353] ? sock_mmap+0xa0/0xa0
[ 43.256059][ T353] __fput+0x3fe/0x910
[ 43.259874][ T353] ____fput+0x15/0x20
[ 43.263764][ T353] task_work_run+0x129/0x190
[ 43.268282][ T353] exit_to_user_mode_loop+0xc4/0xe0
[ 43.273339][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.278909][ T353] syscall_exit_to_user_mode+0x26/0x160
[ 43.284372][ T353] do_syscall_64+0x49/0xb0
[ 43.288713][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.294453][ T353] RIP: 0033:0x7fdf3ce739da
[ 43.298782][ T353] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.318297][ T353] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.326542][ T353] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 43.334437][ T353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.342433][ T353] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 43.350258][ T353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a6f7
[ 43.358071][ T353] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000a3b6
[ 43.365876][ T353]
[ 43.368734][ T353]
[ 43.370903][ T353] Allocated by task 354:
[ 43.374999][ T353] __kasan_slab_alloc+0xb1/0xe0
[ 43.380059][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 43.385490][ T353] kmem_cache_alloc+0xf5/0x200
[ 43.390264][ T353] skb_clone+0x1d1/0x360
[ 43.394318][ T353] sk_psock_verdict_recv+0x53/0x840
[ 43.399523][ T353] unix_read_sock+0x132/0x370
[ 43.404038][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.409783][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.415268][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 43.420034][ T353] ___sys_sendmsg+0x252/0x2e0
[ 43.424561][ T353] __sys_sendmmsg+0x2bf/0x530
[ 43.429104][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.433832][ T353] do_syscall_64+0x3d/0xb0
[ 43.438084][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.443900][ T353]
[ 43.446159][ T353] Freed by task 6:
[ 43.449716][ T353] kasan_set_track+0x4b/0x70
[ 43.454145][ T353] kasan_set_free_info+0x23/0x40
[ 43.458914][ T353] ____kasan_slab_free+0x126/0x160
[ 43.463918][ T353] __kasan_slab_free+0x11/0x20
[ 43.468646][ T353] slab_free_freelist_hook+0xbd/0x190
[ 43.473852][ T353] kmem_cache_free+0x116/0x2e0
[ 43.478464][ T353] kfree_skbmem+0x104/0x170
[ 43.482794][ T353] kfree_skb+0xc2/0x360
[ 43.486785][ T353] sk_psock_backlog+0xc21/0xd90
[ 43.491559][ T353] process_one_work+0x6bb/0xc10
[ 43.496331][ T353] worker_thread+0xad5/0x12a0
[ 43.500844][ T353] kthread+0x421/0x510
[ 43.504749][ T353] ret_from_fork+0x1f/0x30
[ 43.509100][ T353]
[ 43.511258][ T353] The buggy address belongs to the object at ffff888107985500
[ 43.511258][ T353] which belongs to the cache skbuff_head_cache of size 248
[ 43.526087][ T353] The buggy address is located 0 bytes inside of
[ 43.526087][ T353] 248-byte region [ffff888107985500, ffff8881079855f8)
[ 43.539620][ T353] The buggy address belongs to the page:
[ 43.545272][ T353] page:ffffea00041e6140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107985
[ 43.555511][ T353] flags: 0x4000000000000200(slab|zone=1)
[ 43.560984][ T353] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 43.569416][ T353] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.578080][ T353] page dumped because: kasan: bad access detected
[ 43.584532][ T353] page_owner tracks the page as allocated
[ 43.590255][ T353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 352, ts 41924633670, free_ts 22262178775
[ 43.606051][ T353] post_alloc_hook+0x1a3/0x1b0
[ 43.610653][ T353] prep_new_page+0x1b/0x110
[ 43.615005][ T353] get_page_from_freelist+0x3550/0x35d0
[ 43.620375][ T353] __alloc_pages+0x27e/0x8f0
[ 43.624810][ T353] new_slab+0x9a/0x4e0
[ 43.628707][ T353] ___slab_alloc+0x39e/0x830
[ 43.633142][ T353] __slab_alloc+0x4a/0x90
[ 43.637394][ T353] kmem_cache_alloc+0x134/0x200
[ 43.642071][ T353] __alloc_skb+0xbe/0x550
[ 43.646239][ T353] alloc_skb_with_frags+0xa6/0x680
[ 43.651183][ T353] sock_alloc_send_pskb+0x915/0xa50
[ 43.656218][ T353] unix_dgram_sendmsg+0x6fd/0x2090
[ 43.661164][ T353] sock_write_iter+0x39b/0x530
[ 43.665768][ T353] vfs_write+0xd5d/0x1110
[ 43.669930][ T353] ksys_write+0x199/0x2c0
[ 43.674197][ T353] __x64_sys_write+0x7b/0x90
[ 43.678615][ T353] page last free stack trace:
[ 43.683132][ T353] free_unref_page_prepare+0x7c8/0x7d0
[ 43.688430][ T353] free_unref_page+0xe8/0x750
[ 43.692934][ T353] __free_pages+0x61/0xf0
[ 43.697105][ T353] __free_slab+0xec/0x1d0
[ 43.701271][ T353] __unfreeze_partials+0x165/0x1a0
[ 43.706214][ T353] put_cpu_partial+0xc4/0x120
[ 43.710822][ T353] __slab_free+0x1c8/0x290
[ 43.715325][ T353] ___cache_free+0x109/0x120
[ 43.719761][ T353] qlink_free+0x4d/0x90
[ 43.723747][ T353] qlist_free_all+0x44/0xb0
[ 43.728114][ T353] kasan_quarantine_reduce+0x15a/0x180
[ 43.733382][ T353] __kasan_slab_alloc+0x2f/0xe0
[ 43.738073][ T353] slab_post_alloc_hook+0x53/0x2c0
[ 43.743278][ T353] kmem_cache_alloc+0xf5/0x200
[ 43.747872][ T353] __alloc_skb+0xbe/0x550
[ 43.752045][ T353] inet6_netconf_notify_devconf+0xdd/0x190
[ 43.757680][ T353]
[ 43.759853][ T353] Memory state around the buggy address:
[ 43.765325][ T353] ffff888107985400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.773217][ T353] ffff888107985480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.781477][ T353] >ffff888107985500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.789357][ T353] ^
[ 43.793541][ T353] ffff888107985580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.801523][ T353] ffff888107985600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.809693][ T353] ==================================================================
[ 43.836868][ T358] FAULT_INJECTION: forcing a failure.
[ 43.836868][ T358] name failslab, interval 1, probability 0, space 0, times 0
[ 43.849654][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 43.861487][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 43.871380][ T358] Call Trace:
[ 43.874683][ T358]
[ 43.877774][ T358] dump_stack_lvl+0x151/0x1b7
[ 43.882680][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.888137][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.893968][ T358] ? __skb_try_recv_datagram+0x495/0x6a0
[ 43.899539][ T358] dump_stack+0x15/0x17
[ 43.903519][ T358] should_fail+0x3c6/0x510
[ 43.907837][ T358] __should_failslab+0xa4/0xe0
[ 43.912466][ T358] ? skb_clone+0x1d1/0x360
[ 43.916718][ T358] should_failslab+0x9/0x20
[ 43.921184][ T358] slab_pre_alloc_hook+0x37/0xd0
[ 43.926220][ T358] ? skb_clone+0x1d1/0x360
[ 43.930596][ T358] kmem_cache_alloc+0x44/0x200
[ 43.935203][ T358] skb_clone+0x1d1/0x360
[ 43.939267][ T358] sk_psock_verdict_recv+0x53/0x840
[ 43.944394][ T358] ? avc_has_perm_noaudit+0x430/0x430
[ 43.949690][ T358] ? mntput_no_expire+0xfc/0x6b0
[ 43.954460][ T358] ? lockref_put_return+0x1b7/0x210
[ 43.959502][ T358] unix_read_sock+0x132/0x370
[ 43.964097][ T358] ? sk_psock_skb_redirect+0x440/0x440
[ 43.969863][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 43.975625][ T358] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 43.981018][ T358] ? unix_stream_splice_actor+0x120/0x120
[ 43.986972][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.992699][ T358] ? sk_psock_start_verdict+0xc0/0xc0
[ 43.998068][ T358] ? _raw_spin_lock+0xa4/0x1b0
[ 44.002667][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.008317][ T358] ? skb_queue_tail+0xfb/0x120
[ 44.012929][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.018057][ T358] ? unix_dgram_poll+0x710/0x710
[ 44.022821][ T358] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.027687][ T358] ? security_socket_sendmsg+0x82/0xb0
[ 44.033089][ T358] ? unix_dgram_poll+0x710/0x710
[ 44.037859][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 44.042446][ T358] ? __sys_sendmsg_sock+0x40/0x40
[ 44.047485][ T358] ? import_iovec+0xe5/0x120
[ 44.052042][ T358] ___sys_sendmsg+0x252/0x2e0
[ 44.056555][ T358] ? __sys_sendmsg+0x260/0x260
[ 44.061105][ T358] ? do_handle_mm_fault+0x1949/0x2330
[ 44.066526][ T358] ? __kasan_check_write+0x14/0x20
[ 44.071465][ T358] ? proc_fail_nth_write+0x20b/0x290
[ 44.076690][ T358] ? __fdget+0x1bc/0x240
[ 44.080846][ T358] __sys_sendmmsg+0x2bf/0x530
[ 44.085452][ T358] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.090405][ T358] ? mutex_unlock+0xb2/0x260
[ 44.095044][ T358] ? __kasan_check_write+0x14/0x20
[ 44.100255][ T358] ? debug_smp_processor_id+0x17/0x20
[ 44.105457][ T358] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.111438][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.116129][ T358] do_syscall_64+0x3d/0xb0
[ 44.120379][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.126109][ T358] RIP: 0033:0x7fdf3ce74ae9
[ 44.130350][ T358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.150390][ T358] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.159062][ T358] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 44.166977][ T358] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.174788][ T358] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 44.182810][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.190722][ T358] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 44.198736][ T358]
[ 44.217767][ T360] FAULT_INJECTION: forcing a failure.
[ 44.217767][ T360] name failslab, interval 1, probability 0, space 0, times 0
[ 44.234058][ T360] CPU: 0 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 44.246227][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 44.256695][ T360] Call Trace:
[ 44.259993][ T360]
[ 44.262874][ T360] dump_stack_lvl+0x151/0x1b7
[ 44.267440][ T360] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.272938][ T360] dump_stack+0x15/0x17
[ 44.276921][ T360] should_fail+0x3c6/0x510
[ 44.281178][ T360] __should_failslab+0xa4/0xe0
[ 44.286042][ T360] should_failslab+0x9/0x20
[ 44.290389][ T360] slab_pre_alloc_hook+0x37/0xd0
[ 44.295260][ T360] kmem_cache_alloc_trace+0x48/0x210
[ 44.300651][ T360] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.306418][ T360] ? migrate_disable+0x190/0x190
[ 44.311277][ T360] sk_psock_skb_ingress_self+0x60/0x330
[ 44.316656][ T360] sk_psock_verdict_recv+0x66d/0x840
[ 44.321779][ T360] unix_read_sock+0x132/0x370
[ 44.326286][ T360] ? sk_psock_skb_redirect+0x440/0x440
[ 44.331643][ T360] ? unix_stream_splice_actor+0x120/0x120
[ 44.337389][ T360] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.342778][ T360] ? unix_stream_splice_actor+0x120/0x120
[ 44.348519][ T360] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.354261][ T360] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.359470][ T360] ? _raw_spin_lock+0xa4/0x1b0
[ 44.364084][ T360] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.369714][ T360] ? skb_queue_tail+0xfb/0x120
[ 44.374574][ T360] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.379718][ T360] ? unix_dgram_poll+0x710/0x710
[ 44.384555][ T360] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.389427][ T360] ? security_socket_sendmsg+0x82/0xb0
[ 44.394711][ T360] ? unix_dgram_poll+0x710/0x710
[ 44.399497][ T360] ____sys_sendmsg+0x59e/0x8f0
[ 44.404086][ T360] ? __sys_sendmsg_sock+0x40/0x40
[ 44.409026][ T360] ? import_iovec+0xe5/0x120
[ 44.413548][ T360] ___sys_sendmsg+0x252/0x2e0
[ 44.418053][ T360] ? __sys_sendmsg+0x260/0x260
[ 44.422741][ T360] ? do_handle_mm_fault+0x1949/0x2330
[ 44.427958][ T360] ? __kasan_check_write+0x14/0x20
[ 44.432903][ T360] ? proc_fail_nth_write+0x20b/0x290
[ 44.438019][ T360] ? __fdget+0x1bc/0x240
[ 44.442095][ T360] __sys_sendmmsg+0x2bf/0x530
[ 44.446698][ T360] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.451645][ T360] ? mutex_unlock+0xb2/0x260
[ 44.456167][ T360] ? __kasan_check_write+0x14/0x20
[ 44.461208][ T360] ? debug_smp_processor_id+0x17/0x20
[ 44.466424][ T360] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.472488][ T360] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.477412][ T360] do_syscall_64+0x3d/0xb0
[ 44.482049][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.488121][ T360] RIP: 0033:0x7fdf3ce74ae9
[ 44.492480][ T360] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.513836][ T360] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.522333][ T360] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 44.530285][ T360] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.538462][ T360] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 44.546634][ T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.554466][ T360] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 44.562691][ T360]
[ 44.566191][ T359] ==================================================================
[ 44.574348][ T359] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.582941][ T359]
[ 44.585108][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 44.597255][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 44.607668][ T359] Call Trace:
[ 44.610962][ T359]
[ 44.613832][ T359] dump_stack_lvl+0x151/0x1b7
[ 44.618334][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.623976][ T359] ? __wake_up_klogd+0xd5/0x110
[ 44.628676][ T359] ? panic+0x751/0x751
[ 44.632653][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.637717][ T359] print_address_description+0x87/0x3b0
[ 44.643352][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.648128][ T359] ? kmem_cache_free+0x116/0x2e0
[ 44.652950][ T359] kasan_report_invalid_free+0x6b/0xa0
[ 44.658280][ T359] ____kasan_slab_free+0x13e/0x160
[ 44.663231][ T359] __kasan_slab_free+0x11/0x20
[ 44.667824][ T359] slab_free_freelist_hook+0xbd/0x190
[ 44.673038][ T359] ? kfree_skbmem+0x104/0x170
[ 44.677828][ T359] kmem_cache_free+0x116/0x2e0
[ 44.682541][ T359] kfree_skbmem+0x104/0x170
[ 44.687152][ T359] consume_skb+0xb4/0x250
[ 44.691376][ T359] __sk_msg_free+0x2dd/0x370
[ 44.695969][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.702062][ T359] sk_psock_stop+0x44c/0x4d0
[ 44.706738][ T359] ? unix_peer_get+0xe0/0xe0
[ 44.711158][ T359] sock_map_close+0x2b9/0x4c0
[ 44.716045][ T359] ? sock_map_remove_links+0x570/0x570
[ 44.721618][ T359] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.726529][ T359] unix_release+0x82/0xc0
[ 44.730631][ T359] sock_close+0xdf/0x270
[ 44.735133][ T359] ? sock_mmap+0xa0/0xa0
[ 44.739263][ T359] __fput+0x3fe/0x910
[ 44.743073][ T359] ____fput+0x15/0x20
[ 44.747323][ T359] task_work_run+0x129/0x190
[ 44.751837][ T359] exit_to_user_mode_loop+0xc4/0xe0
[ 44.756886][ T359] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.762352][ T359] syscall_exit_to_user_mode+0x26/0x160
[ 44.768001][ T359] do_syscall_64+0x49/0xb0
[ 44.772796][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.778525][ T359] RIP: 0033:0x7fdf3ce739da
[ 44.782776][ T359] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.803090][ T359] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.811503][ T359] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 44.819427][ T359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.827823][ T359] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007fdf3cf93f8c
[ 44.835763][ T359] R10: 00007ffe7c7e0f00 R11: 0000000000000293 R12: 00007fdf3c9f90d0
[ 44.843531][ T359] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000acaa
[ 44.851348][ T359]
[ 44.854200][ T359]
[ 44.856375][ T359] Allocated by task 360:
[ 44.860639][ T359] __kasan_slab_alloc+0xb1/0xe0
[ 44.865324][ T359] slab_post_alloc_hook+0x53/0x2c0
[ 44.870279][ T359] kmem_cache_alloc+0xf5/0x200
[ 44.874879][ T359] skb_clone+0x1d1/0x360
[ 44.879040][ T359] sk_psock_verdict_recv+0x53/0x840
[ 44.884441][ T359] unix_read_sock+0x132/0x370
[ 44.888935][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.894848][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.899890][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 44.904471][ T359] ___sys_sendmsg+0x252/0x2e0
[ 44.908992][ T359] __sys_sendmmsg+0x2bf/0x530
[ 44.913592][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.918280][ T359] do_syscall_64+0x3d/0xb0
[ 44.922739][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.928430][ T359]
[ 44.930601][ T359] Freed by task 39:
[ 44.934243][ T359] kasan_set_track+0x4b/0x70
[ 44.938789][ T359] kasan_set_free_info+0x23/0x40
[ 44.943557][ T359] ____kasan_slab_free+0x126/0x160
[ 44.948505][ T359] __kasan_slab_free+0x11/0x20
[ 44.953117][ T359] slab_free_freelist_hook+0xbd/0x190
[ 44.958487][ T359] kmem_cache_free+0x116/0x2e0
[ 44.963180][ T359] kfree_skbmem+0x104/0x170
[ 44.967516][ T359] kfree_skb+0xc2/0x360
[ 44.971688][ T359] sk_psock_backlog+0xc21/0xd90
[ 44.976373][ T359] process_one_work+0x6bb/0xc10
[ 44.981053][ T359] worker_thread+0xad5/0x12a0
[ 44.985573][ T359] kthread+0x421/0x510
[ 44.990448][ T359] ret_from_fork+0x1f/0x30
[ 44.994850][ T359]
[ 44.997028][ T359] The buggy address belongs to the object at ffff88811f5718c0
[ 44.997028][ T359] which belongs to the cache skbuff_head_cache of size 248
[ 45.011528][ T359] The buggy address is located 0 bytes inside of
[ 45.011528][ T359] 248-byte region [ffff88811f5718c0, ffff88811f5719b8)
[ 45.024972][ T359] The buggy address belongs to the page:
[ 45.030442][ T359] page:ffffea00047d5c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f571
[ 45.040596][ T359] flags: 0x4000000000000200(slab|zone=1)
[ 45.046159][ T359] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 45.054671][ T359] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 45.063262][ T359] page dumped because: kasan: bad access detected
[ 45.070539][ T359] page_owner tracks the page as allocated
[ 45.076948][ T359] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 39, ts 44202553711, free_ts 43824073895
[ 45.093047][ T359] post_alloc_hook+0x1a3/0x1b0
[ 45.097756][ T359] prep_new_page+0x1b/0x110
[ 45.102236][ T359] get_page_from_freelist+0x3550/0x35d0
[ 45.107760][ T359] __alloc_pages+0x27e/0x8f0
[ 45.112518][ T359] new_slab+0x9a/0x4e0
[ 45.116410][ T359] ___slab_alloc+0x39e/0x830
[ 45.120923][ T359] __slab_alloc+0x4a/0x90
[ 45.125199][ T359] kmem_cache_alloc+0x134/0x200
[ 45.129861][ T359] __alloc_skb+0xbe/0x550
[ 45.134027][ T359] alloc_skb_with_frags+0xa6/0x680
[ 45.138977][ T359] sock_alloc_send_pskb+0x915/0xa50
[ 45.144018][ T359] sock_alloc_send_skb+0x32/0x40
[ 45.149241][ T359] mld_newpack+0x1b4/0xa20
[ 45.153728][ T359] add_grec+0xdc8/0x13a0
[ 45.157808][ T359] mld_dad_work+0x1f8/0x620
[ 45.162174][ T359] process_one_work+0x6bb/0xc10
[ 45.166850][ T359] page last free stack trace:
[ 45.171347][ T359] free_unref_page_prepare+0x7c8/0x7d0
[ 45.176759][ T359] free_unref_page_list+0x14b/0xa60
[ 45.181847][ T359] release_pages+0x1310/0x1370
[ 45.186634][ T359] free_pages_and_swap_cache+0x8a/0xa0
[ 45.191928][ T359] tlb_finish_mmu+0x177/0x320
[ 45.196429][ T359] exit_mmap+0x3ef/0x6f0
[ 45.200509][ T359] __mmput+0x95/0x310
[ 45.204340][ T359] mmput+0x5b/0x170
[ 45.207986][ T359] do_exit+0xb9c/0x2ca0
[ 45.212057][ T359] do_group_exit+0x141/0x310
[ 45.216578][ T359] get_signal+0x7a3/0x1630
[ 45.220827][ T359] arch_do_signal_or_restart+0xbd/0x1680
[ 45.226293][ T359] exit_to_user_mode_loop+0xa0/0xe0
[ 45.231592][ T359] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.236964][ T359] syscall_exit_to_user_mode+0x26/0x160
[ 45.242608][ T359] do_syscall_64+0x49/0xb0
[ 45.246860][ T359]
[ 45.249027][ T359] Memory state around the buggy address:
[ 45.254778][ T359] ffff88811f571780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.262918][ T359] ffff88811f571800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.270840][ T359] >ffff88811f571880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.278899][ T359] ^
[ 45.284890][ T359] ffff88811f571900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.293224][ T359] ffff88811f571980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.301375][ T359] ==================================================================
[ 45.322618][ T363] FAULT_INJECTION: forcing a failure.
[ 45.322618][ T363] name failslab, interval 1, probability 0, space 0, times 0
[ 45.335345][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 45.347066][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 45.357159][ T363] Call Trace:
[ 45.360279][ T363]
[ 45.363063][ T363] dump_stack_lvl+0x151/0x1b7
[ 45.367654][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.373268][ T363] dump_stack+0x15/0x17
[ 45.377426][ T363] should_fail+0x3c6/0x510
[ 45.381851][ T363] __should_failslab+0xa4/0xe0
[ 45.386547][ T363] should_failslab+0x9/0x20
[ 45.390887][ T363] slab_pre_alloc_hook+0x37/0xd0
[ 45.395817][ T363] kmem_cache_alloc_trace+0x48/0x210
[ 45.401180][ T363] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.406782][ T363] ? migrate_disable+0x190/0x190
[ 45.411770][ T363] sk_psock_skb_ingress_self+0x60/0x330
[ 45.417323][ T363] sk_psock_verdict_recv+0x66d/0x840
[ 45.422443][ T363] unix_read_sock+0x132/0x370
[ 45.427047][ T363] ? sk_psock_skb_redirect+0x440/0x440
[ 45.432425][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.438192][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.443578][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 45.449423][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.455209][ T363] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.460615][ T363] ? _raw_spin_lock+0xa4/0x1b0
[ 45.465327][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.471477][ T363] ? skb_queue_tail+0xfb/0x120
[ 45.476080][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.481547][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.487164][ T363] ? _raw_spin_trylock+0xcd/0x1a0
[ 45.492039][ T363] ? security_socket_sendmsg+0x82/0xb0
[ 45.497837][ T363] ? unix_dgram_poll+0x710/0x710
[ 45.502605][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 45.507302][ T363] ? __sys_sendmsg_sock+0x40/0x40
[ 45.512643][ T363] ? import_iovec+0xe5/0x120
[ 45.517176][ T363] ___sys_sendmsg+0x252/0x2e0
[ 45.521761][ T363] ? __sys_sendmsg+0x260/0x260
[ 45.526702][ T363] ? do_handle_mm_fault+0x1949/0x2330
[ 45.532123][ T363] ? __kasan_check_write+0x14/0x20
[ 45.537195][ T363] ? proc_fail_nth_write+0x20b/0x290
[ 45.542591][ T363] ? __fdget+0x1bc/0x240
[ 45.546721][ T363] __sys_sendmmsg+0x2bf/0x530
[ 45.551301][ T363] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.556432][ T363] ? mutex_unlock+0xb2/0x260
[ 45.561063][ T363] ? __kasan_check_write+0x14/0x20
[ 45.566143][ T363] ? debug_smp_processor_id+0x17/0x20
[ 45.571434][ T363] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.577605][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.582633][ T363] do_syscall_64+0x3d/0xb0
[ 45.587162][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.593554][ T363] RIP: 0033:0x7fdf3ce74ae9
[ 45.597893][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.617817][ T363] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.626220][ T363] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 45.634018][ T363] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.642008][ T363] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 45.650081][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.657984][ T363] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 45.665894][ T363]
[ 45.670797][ T362] ==================================================================
[ 45.679221][ T362] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 45.688102][ T362]
[ 45.690648][ T362] CPU: 0 PID: 362 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 45.702500][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 45.713553][ T362] Call Trace:
[ 45.716848][ T362]
[ 45.719990][ T362] dump_stack_lvl+0x151/0x1b7
[ 45.724682][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.730525][ T362] ? __wake_up_klogd+0xd5/0x110
[ 45.735303][ T362] ? panic+0x751/0x751
[ 45.739205][ T362] ? kmem_cache_free+0x116/0x2e0
[ 45.743979][ T362] print_address_description+0x87/0x3b0
[ 45.749458][ T362] ? kmem_cache_free+0x116/0x2e0
[ 45.754527][ T362] ? kmem_cache_free+0x116/0x2e0
[ 45.759377][ T362] kasan_report_invalid_free+0x6b/0xa0
[ 45.764767][ T362] ____kasan_slab_free+0x13e/0x160
[ 45.769702][ T362] __kasan_slab_free+0x11/0x20
[ 45.774303][ T362] slab_free_freelist_hook+0xbd/0x190
[ 45.779699][ T362] ? kfree_skbmem+0x104/0x170
[ 45.784201][ T362] kmem_cache_free+0x116/0x2e0
[ 45.788902][ T362] kfree_skbmem+0x104/0x170
[ 45.793574][ T362] consume_skb+0xb4/0x250
[ 45.797741][ T362] __sk_msg_free+0x2dd/0x370
[ 45.802167][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.807835][ T362] sk_psock_stop+0x44c/0x4d0
[ 45.812859][ T362] ? unix_peer_get+0xe0/0xe0
[ 45.817356][ T362] sock_map_close+0x2b9/0x4c0
[ 45.821868][ T362] ? sock_map_remove_links+0x570/0x570
[ 45.827548][ T362] ? rwsem_mark_wake+0x6b0/0x6b0
[ 45.833070][ T362] unix_release+0x82/0xc0
[ 45.837481][ T362] sock_close+0xdf/0x270
[ 45.841714][ T362] ? sock_mmap+0xa0/0xa0
[ 45.845808][ T362] __fput+0x3fe/0x910
[ 45.849613][ T362] ____fput+0x15/0x20
[ 45.853958][ T362] task_work_run+0x129/0x190
[ 45.858821][ T362] exit_to_user_mode_loop+0xc4/0xe0
[ 45.864335][ T362] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.869804][ T362] syscall_exit_to_user_mode+0x26/0x160
[ 45.875525][ T362] do_syscall_64+0x49/0xb0
[ 45.880037][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.886153][ T362] RIP: 0033:0x7fdf3ce739da
[ 45.890418][ T362] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.910028][ T362] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.918960][ T362] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 45.927142][ T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.935413][ T362] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 45.943746][ T362] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b43c
[ 45.952280][ T362] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000b0fb
[ 45.960266][ T362]
[ 45.963210][ T362]
[ 45.965380][ T362] Allocated by task 363:
[ 45.969462][ T362] __kasan_slab_alloc+0xb1/0xe0
[ 45.974175][ T362] slab_post_alloc_hook+0x53/0x2c0
[ 45.979354][ T362] kmem_cache_alloc+0xf5/0x200
[ 45.983989][ T362] skb_clone+0x1d1/0x360
[ 45.988079][ T362] sk_psock_verdict_recv+0x53/0x840
[ 45.993171][ T362] unix_read_sock+0x132/0x370
[ 45.997684][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.003575][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.008957][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 46.013735][ T362] ___sys_sendmsg+0x252/0x2e0
[ 46.018417][ T362] __sys_sendmmsg+0x2bf/0x530
[ 46.022931][ T362] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.027616][ T362] do_syscall_64+0x3d/0xb0
[ 46.031868][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.037759][ T362]
[ 46.039857][ T362] Freed by task 20:
[ 46.043587][ T362] kasan_set_track+0x4b/0x70
[ 46.048108][ T362] kasan_set_free_info+0x23/0x40
[ 46.052979][ T362] ____kasan_slab_free+0x126/0x160
[ 46.057915][ T362] __kasan_slab_free+0x11/0x20
[ 46.062988][ T362] slab_free_freelist_hook+0xbd/0x190
[ 46.068148][ T362] kmem_cache_free+0x116/0x2e0
[ 46.072748][ T362] kfree_skbmem+0x104/0x170
[ 46.077145][ T362] kfree_skb+0xc2/0x360
[ 46.081358][ T362] sk_psock_backlog+0xc21/0xd90
[ 46.086294][ T362] process_one_work+0x6bb/0xc10
[ 46.091176][ T362] worker_thread+0xad5/0x12a0
[ 46.095675][ T362] kthread+0x421/0x510
[ 46.100200][ T362] ret_from_fork+0x1f/0x30
[ 46.104610][ T362]
[ 46.106881][ T362] The buggy address belongs to the object at ffff88810ccb6780
[ 46.106881][ T362] which belongs to the cache skbuff_head_cache of size 248
[ 46.121730][ T362] The buggy address is located 0 bytes inside of
[ 46.121730][ T362] 248-byte region [ffff88810ccb6780, ffff88810ccb6878)
[ 46.135719][ T362] The buggy address belongs to the page:
[ 46.141460][ T362] page:ffffea0004332d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ccb6
[ 46.151723][ T362] flags: 0x4000000000000200(slab|zone=1)
[ 46.157159][ T362] raw: 4000000000000200 ffffea0004332e00 0000000600000006 ffff888100351800
[ 46.165766][ T362] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.174361][ T362] page dumped because: kasan: bad access detected
[ 46.181187][ T362] page_owner tracks the page as allocated
[ 46.186781][ T362] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 3821688253, free_ts 3817932876
[ 46.202763][ T362] post_alloc_hook+0x1a3/0x1b0
[ 46.207384][ T362] prep_new_page+0x1b/0x110
[ 46.211707][ T362] get_page_from_freelist+0x3550/0x35d0
[ 46.217342][ T362] __alloc_pages+0x27e/0x8f0
[ 46.221766][ T362] new_slab+0x9a/0x4e0
[ 46.225780][ T362] ___slab_alloc+0x39e/0x830
[ 46.230360][ T362] __slab_alloc+0x4a/0x90
[ 46.234698][ T362] kmem_cache_alloc+0x134/0x200
[ 46.239471][ T362] __alloc_skb+0xbe/0x550
[ 46.243986][ T362] alloc_skb_with_frags+0xa6/0x680
[ 46.249193][ T362] sock_alloc_send_pskb+0x915/0xa50
[ 46.254461][ T362] unix_dgram_sendmsg+0x6fd/0x2090
[ 46.259357][ T362] __sys_sendto+0x564/0x720
[ 46.263772][ T362] __x64_sys_sendto+0xe5/0x100
[ 46.268462][ T362] do_syscall_64+0x3d/0xb0
[ 46.273005][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.279313][ T362] page last free stack trace:
[ 46.284087][ T362] free_unref_page_prepare+0x7c8/0x7d0
[ 46.289717][ T362] free_unref_page+0xe8/0x750
[ 46.294151][ T362] __free_pages+0x61/0xf0
[ 46.298753][ T362] __vunmap+0x7bc/0x8f0
[ 46.302831][ T362] free_work+0x5b/0x80
[ 46.306911][ T362] process_one_work+0x6bb/0xc10
[ 46.311769][ T362] worker_thread+0xad5/0x12a0
[ 46.316460][ T362] kthread+0x421/0x510
[ 46.320643][ T362] ret_from_fork+0x1f/0x30
[ 46.325115][ T362]
[ 46.327308][ T362] Memory state around the buggy address:
[ 46.332970][ T362] ffff88810ccb6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.340962][ T362] ffff88810ccb6700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.348837][ T362] >ffff88810ccb6780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.357185][ T362] ^
[ 46.361102][ T362] ffff88810ccb6800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.369402][ T362] ffff88810ccb6880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.377692][ T362] ==================================================================
[ 46.398120][ T366] FAULT_INJECTION: forcing a failure.
[ 46.398120][ T366] name failslab, interval 1, probability 0, space 0, times 0
[ 46.410884][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 46.422506][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 46.432390][ T366] Call Trace:
[ 46.435516][ T366]
[ 46.438290][ T366] dump_stack_lvl+0x151/0x1b7
[ 46.442805][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.448274][ T366] dump_stack+0x15/0x17
[ 46.452262][ T366] should_fail+0x3c6/0x510
[ 46.456690][ T366] __should_failslab+0xa4/0xe0
[ 46.461289][ T366] should_failslab+0x9/0x20
[ 46.465675][ T366] slab_pre_alloc_hook+0x37/0xd0
[ 46.470405][ T366] kmem_cache_alloc_trace+0x48/0x210
[ 46.475526][ T366] ? sk_psock_skb_ingress_self+0x60/0x330
[ 46.481083][ T366] ? migrate_disable+0x190/0x190
[ 46.485856][ T366] sk_psock_skb_ingress_self+0x60/0x330
[ 46.491342][ T366] sk_psock_verdict_recv+0x66d/0x840
[ 46.497057][ T366] unix_read_sock+0x132/0x370
[ 46.502074][ T366] ? sk_psock_skb_redirect+0x440/0x440
[ 46.507392][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 46.513113][ T366] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.518517][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 46.524053][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.529876][ T366] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.535333][ T366] ? _raw_spin_lock+0xa4/0x1b0
[ 46.541185][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.547450][ T366] ? skb_queue_tail+0xfb/0x120
[ 46.552137][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.557503][ T366] ? unix_dgram_poll+0x710/0x710
[ 46.562347][ T366] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.567540][ T366] ? security_socket_sendmsg+0x82/0xb0
[ 46.572972][ T366] ? unix_dgram_poll+0x710/0x710
[ 46.578278][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 46.583297][ T366] ? __sys_sendmsg_sock+0x40/0x40
[ 46.588603][ T366] ? import_iovec+0xe5/0x120
[ 46.593218][ T366] ___sys_sendmsg+0x252/0x2e0
[ 46.597999][ T366] ? __sys_sendmsg+0x260/0x260
[ 46.602590][ T366] ? do_handle_mm_fault+0x1949/0x2330
[ 46.607884][ T366] ? __kasan_check_write+0x14/0x20
[ 46.612921][ T366] ? proc_fail_nth_write+0x20b/0x290
[ 46.618222][ T366] ? __fdget+0x1bc/0x240
[ 46.622286][ T366] __sys_sendmmsg+0x2bf/0x530
[ 46.626806][ T366] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.631844][ T366] ? mutex_unlock+0xb2/0x260
[ 46.636422][ T366] ? __kasan_check_write+0x14/0x20
[ 46.641452][ T366] ? debug_smp_processor_id+0x17/0x20
[ 46.646655][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.652760][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.657415][ T366] do_syscall_64+0x3d/0xb0
[ 46.661901][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.667707][ T366] RIP: 0033:0x7fdf3ce74ae9
[ 46.672180][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.692436][ T366] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.700853][ T366] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 46.709062][ T366] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.717146][ T366] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 46.725578][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.733537][ T366] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 46.741631][ T366]
[ 46.746189][ T365] ==================================================================
[ 46.754179][ T365] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.762725][ T365]
[ 46.765074][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 46.777370][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 46.789870][ T365] Call Trace:
[ 46.793116][ T365]
[ 46.795883][ T365] dump_stack_lvl+0x151/0x1b7
[ 46.800743][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.806295][ T365] ? __wake_up_klogd+0xd5/0x110
[ 46.811443][ T365] ? panic+0x751/0x751
[ 46.815726][ T365] ? kmem_cache_free+0x116/0x2e0
[ 46.820880][ T365] print_address_description+0x87/0x3b0
[ 46.826321][ T365] ? kmem_cache_free+0x116/0x2e0
[ 46.831276][ T365] ? kmem_cache_free+0x116/0x2e0
[ 46.836179][ T365] kasan_report_invalid_free+0x6b/0xa0
[ 46.841745][ T365] ____kasan_slab_free+0x13e/0x160
[ 46.846673][ T365] __kasan_slab_free+0x11/0x20
[ 46.851258][ T365] slab_free_freelist_hook+0xbd/0x190
[ 46.856465][ T365] ? kfree_skbmem+0x104/0x170
[ 46.861146][ T365] kmem_cache_free+0x116/0x2e0
[ 46.865751][ T365] kfree_skbmem+0x104/0x170
[ 46.870551][ T365] consume_skb+0xb4/0x250
[ 46.874710][ T365] __sk_msg_free+0x2dd/0x370
[ 46.879433][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.885246][ T365] sk_psock_stop+0x44c/0x4d0
[ 46.889818][ T365] ? unix_peer_get+0xe0/0xe0
[ 46.894413][ T365] sock_map_close+0x2b9/0x4c0
[ 46.898922][ T365] ? sock_map_remove_links+0x570/0x570
[ 46.904236][ T365] ? rwsem_mark_wake+0x6b0/0x6b0
[ 46.908989][ T365] unix_release+0x82/0xc0
[ 46.913221][ T365] sock_close+0xdf/0x270
[ 46.917249][ T365] ? sock_mmap+0xa0/0xa0
[ 46.921326][ T365] __fput+0x3fe/0x910
[ 46.925326][ T365] ____fput+0x15/0x20
[ 46.929218][ T365] task_work_run+0x129/0x190
[ 46.933682][ T365] exit_to_user_mode_loop+0xc4/0xe0
[ 46.938683][ T365] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.943971][ T365] syscall_exit_to_user_mode+0x26/0x160
[ 46.949352][ T365] do_syscall_64+0x49/0xb0
[ 46.953607][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.959420][ T365] RIP: 0033:0x7fdf3ce739da
[ 46.963681][ T365] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.983731][ T365] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.991979][ T365] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 46.999781][ T365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.007746][ T365] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 47.015555][ T365] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b870
[ 47.023360][ T365] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000b52f
[ 47.031175][ T365]
[ 47.034120][ T365]
[ 47.036340][ T365] Allocated by task 366:
[ 47.040407][ T365] __kasan_slab_alloc+0xb1/0xe0
[ 47.045230][ T365] slab_post_alloc_hook+0x53/0x2c0
[ 47.050190][ T365] kmem_cache_alloc+0xf5/0x200
[ 47.054971][ T365] skb_clone+0x1d1/0x360
[ 47.059130][ T365] sk_psock_verdict_recv+0x53/0x840
[ 47.064424][ T365] unix_read_sock+0x132/0x370
[ 47.069034][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.074847][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.079877][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 47.084483][ T365] ___sys_sendmsg+0x252/0x2e0
[ 47.088990][ T365] __sys_sendmmsg+0x2bf/0x530
[ 47.093507][ T365] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.098208][ T365] do_syscall_64+0x3d/0xb0
[ 47.102598][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.108338][ T365]
[ 47.110491][ T365] Freed by task 6:
[ 47.114139][ T365] kasan_set_track+0x4b/0x70
[ 47.119001][ T365] kasan_set_free_info+0x23/0x40
[ 47.123949][ T365] ____kasan_slab_free+0x126/0x160
[ 47.129693][ T365] __kasan_slab_free+0x11/0x20
[ 47.134388][ T365] slab_free_freelist_hook+0xbd/0x190
[ 47.139597][ T365] kmem_cache_free+0x116/0x2e0
[ 47.144200][ T365] kfree_skbmem+0x104/0x170
[ 47.148705][ T365] kfree_skb+0xc2/0x360
[ 47.152788][ T365] sk_psock_backlog+0xc21/0xd90
[ 47.157480][ T365] process_one_work+0x6bb/0xc10
[ 47.162165][ T365] worker_thread+0xad5/0x12a0
[ 47.166671][ T365] kthread+0x421/0x510
[ 47.170687][ T365] ret_from_fork+0x1f/0x30
[ 47.174920][ T365]
[ 47.177087][ T365] The buggy address belongs to the object at ffff88810cd39280
[ 47.177087][ T365] which belongs to the cache skbuff_head_cache of size 248
[ 47.191494][ T365] The buggy address is located 0 bytes inside of
[ 47.191494][ T365] 248-byte region [ffff88810cd39280, ffff88810cd39378)
[ 47.204432][ T365] The buggy address belongs to the page:
[ 47.209986][ T365] page:ffffea0004334e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cd39
[ 47.220314][ T365] flags: 0x4000000000000200(slab|zone=1)
[ 47.225959][ T365] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 47.234465][ T365] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.242879][ T365] page dumped because: kasan: bad access detected
[ 47.249129][ T365] page_owner tracks the page as allocated
[ 47.254764][ T365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 362, ts 46386092418, free_ts 45317056662
[ 47.272153][ T365] post_alloc_hook+0x1a3/0x1b0
[ 47.276840][ T365] prep_new_page+0x1b/0x110
[ 47.281620][ T365] get_page_from_freelist+0x3550/0x35d0
[ 47.287367][ T365] __alloc_pages+0x27e/0x8f0
[ 47.291837][ T365] new_slab+0x9a/0x4e0
[ 47.295715][ T365] ___slab_alloc+0x39e/0x830
[ 47.300209][ T365] __slab_alloc+0x4a/0x90
[ 47.304383][ T365] kmem_cache_alloc+0x134/0x200
[ 47.309060][ T365] __alloc_skb+0xbe/0x550
[ 47.313241][ T365] ndisc_alloc_skb+0xf3/0x2d0
[ 47.317738][ T365] ndisc_send_rs+0x26c/0x6a0
[ 47.322447][ T365] addrconf_rs_timer+0x2d1/0x600
[ 47.327222][ T365] call_timer_fn+0x3b/0x2d0
[ 47.331562][ T365] __run_timers+0x72a/0xa10
[ 47.335902][ T365] run_timer_softirq+0x69/0xf0
[ 47.340588][ T365] __do_softirq+0x26d/0x5bf
[ 47.345014][ T365] page last free stack trace:
[ 47.349865][ T365] free_unref_page_prepare+0x7c8/0x7d0
[ 47.355160][ T365] free_unref_page+0xe8/0x750
[ 47.359758][ T365] __free_pages+0x61/0xf0
[ 47.364098][ T365] __free_slab+0xec/0x1d0
[ 47.368341][ T365] discard_slab+0x29/0x40
[ 47.372905][ T365] __slab_free+0x205/0x290
[ 47.377246][ T365] ___cache_free+0x109/0x120
[ 47.382210][ T365] qlink_free+0x4d/0x90
[ 47.386215][ T365] qlist_free_all+0x44/0xb0
[ 47.390718][ T365] kasan_quarantine_reduce+0x15a/0x180
[ 47.396009][ T365] __kasan_slab_alloc+0x2f/0xe0
[ 47.400693][ T365] slab_post_alloc_hook+0x53/0x2c0
[ 47.405647][ T365] kmem_cache_alloc+0xf5/0x200
[ 47.410325][ T365] getname_flags+0xba/0x520
[ 47.414689][ T365] user_path_at_empty+0x2d/0x1a0
[ 47.419438][ T365] vfs_statx+0xfd/0x720
[ 47.423604][ T365]
[ 47.425863][ T365] Memory state around the buggy address:
[ 47.431337][ T365] ffff88810cd39180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.439242][ T365] ffff88810cd39200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
2023/12/26 22:37:08 executed programs: 5
[ 47.447320][ T365] >ffff88810cd39280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.455568][ T365] ^
[ 47.459489][ T365] ffff88810cd39300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.467777][ T365] ffff88810cd39380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.476973][ T365] ==================================================================
[ 47.495037][ T369] FAULT_INJECTION: forcing a failure.
[ 47.495037][ T369] name failslab, interval 1, probability 0, space 0, times 0
[ 47.495941][ T30] kauditd_printk_skb: 2 callbacks suppressed
[ 47.495955][ T30] audit: type=1400 audit(1703630228.385:169): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.508014][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 47.517539][ T30] audit: type=1400 audit(1703630228.405:170): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.536559][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.536575][ T369] Call Trace:
[ 47.536582][ T369]
[ 47.536590][ T369] dump_stack_lvl+0x151/0x1b7
[ 47.536618][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.536641][ T369] dump_stack+0x15/0x17
[ 47.536661][ T369] should_fail+0x3c6/0x510
[ 47.536681][ T369] __should_failslab+0xa4/0xe0
[ 47.549303][ T30] audit: type=1400 audit(1703630228.405:171): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.570789][ T369] should_failslab+0x9/0x20
[ 47.570822][ T369] slab_pre_alloc_hook+0x37/0xd0
[ 47.570843][ T369] kmem_cache_alloc_trace+0x48/0x210
[ 47.570880][ T369] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.653707][ T369] ? migrate_disable+0x190/0x190
[ 47.658463][ T369] sk_psock_skb_ingress_self+0x60/0x330
[ 47.664024][ T369] sk_psock_verdict_recv+0x66d/0x840
[ 47.669282][ T369] unix_read_sock+0x132/0x370
[ 47.674052][ T369] ? sk_psock_skb_redirect+0x440/0x440
[ 47.679457][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 47.685499][ T369] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.690980][ T369] ? unix_stream_splice_actor+0x120/0x120
[ 47.696615][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.702503][ T369] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.707770][ T369] ? _raw_spin_lock+0xa4/0x1b0
[ 47.712371][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.718110][ T369] ? skb_queue_tail+0xfb/0x120
[ 47.723074][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.728143][ T369] ? unix_dgram_poll+0x710/0x710
[ 47.732995][ T369] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.737974][ T369] ? security_socket_sendmsg+0x82/0xb0
[ 47.743320][ T369] ? unix_dgram_poll+0x710/0x710
[ 47.748307][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 47.752997][ T369] ? __sys_sendmsg_sock+0x40/0x40
[ 47.757970][ T369] ? import_iovec+0xe5/0x120
[ 47.762389][ T369] ___sys_sendmsg+0x252/0x2e0
[ 47.766999][ T369] ? __sys_sendmsg+0x260/0x260
[ 47.771676][ T369] ? do_handle_mm_fault+0x1949/0x2330
[ 47.777194][ T369] ? __kasan_check_write+0x14/0x20
[ 47.782114][ T369] ? proc_fail_nth_write+0x20b/0x290
[ 47.787378][ T369] ? __fdget+0x1bc/0x240
[ 47.791444][ T369] __sys_sendmmsg+0x2bf/0x530
[ 47.795973][ T369] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.800944][ T369] ? mutex_unlock+0xb2/0x260
[ 47.805362][ T369] ? __kasan_check_write+0x14/0x20
[ 47.810306][ T369] ? debug_smp_processor_id+0x17/0x20
[ 47.815517][ T369] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.821648][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.826291][ T369] do_syscall_64+0x3d/0xb0
[ 47.830709][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.836430][ T369] RIP: 0033:0x7fdf3ce74ae9
[ 47.840886][ T369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.860612][ T369] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.869114][ T369] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 47.877252][ T369] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.885316][ T369] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 47.893456][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.901317][ T369] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 47.909123][ T369]
[ 47.914507][ T368] ==================================================================
[ 47.922375][ T368] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 47.930751][ T368]
[ 47.933004][ T368] CPU: 0 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 47.944645][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.955073][ T368] Call Trace:
[ 47.958185][ T368]
[ 47.961047][ T368] dump_stack_lvl+0x151/0x1b7
[ 47.965565][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.971244][ T368] ? __wake_up_klogd+0xd5/0x110
[ 47.975955][ T368] ? panic+0x751/0x751
[ 47.979880][ T368] ? kmem_cache_free+0x116/0x2e0
[ 47.984830][ T368] print_address_description+0x87/0x3b0
[ 47.990427][ T368] ? kmem_cache_free+0x116/0x2e0
[ 47.995241][ T368] ? kmem_cache_free+0x116/0x2e0
[ 48.000025][ T368] kasan_report_invalid_free+0x6b/0xa0
[ 48.005327][ T368] ____kasan_slab_free+0x13e/0x160
[ 48.010257][ T368] __kasan_slab_free+0x11/0x20
[ 48.014865][ T368] slab_free_freelist_hook+0xbd/0x190
[ 48.020158][ T368] ? kfree_skbmem+0x104/0x170
[ 48.024874][ T368] kmem_cache_free+0x116/0x2e0
[ 48.029485][ T368] kfree_skbmem+0x104/0x170
[ 48.033815][ T368] consume_skb+0xb4/0x250
[ 48.038066][ T368] __sk_msg_free+0x2dd/0x370
[ 48.042588][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.048224][ T368] sk_psock_stop+0x44c/0x4d0
[ 48.052647][ T368] ? unix_peer_get+0xe0/0xe0
[ 48.057170][ T368] sock_map_close+0x2b9/0x4c0
[ 48.061682][ T368] ? sock_map_remove_links+0x570/0x570
[ 48.067062][ T368] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.071847][ T368] unix_release+0x82/0xc0
[ 48.077046][ T368] sock_close+0xdf/0x270
[ 48.081229][ T368] ? sock_mmap+0xa0/0xa0
[ 48.085282][ T368] __fput+0x3fe/0x910
[ 48.089098][ T368] ____fput+0x15/0x20
[ 48.092915][ T368] task_work_run+0x129/0x190
[ 48.097345][ T368] exit_to_user_mode_loop+0xc4/0xe0
[ 48.102377][ T368] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.107671][ T368] syscall_exit_to_user_mode+0x26/0x160
[ 48.113052][ T368] do_syscall_64+0x49/0xb0
[ 48.117309][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.123040][ T368] RIP: 0033:0x7fdf3ce739da
[ 48.127307][ T368] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.147309][ T368] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.156135][ T368] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 48.164320][ T368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.172132][ T368] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 48.180137][ T368] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bcb8
[ 48.187921][ T368] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000b977
[ 48.195997][ T368]
[ 48.198942][ T368]
[ 48.201115][ T368] Allocated by task 369:
[ 48.205206][ T368] __kasan_slab_alloc+0xb1/0xe0
[ 48.209978][ T368] slab_post_alloc_hook+0x53/0x2c0
[ 48.214928][ T368] kmem_cache_alloc+0xf5/0x200
[ 48.219692][ T368] skb_clone+0x1d1/0x360
[ 48.223786][ T368] sk_psock_verdict_recv+0x53/0x840
[ 48.228908][ T368] unix_read_sock+0x132/0x370
[ 48.233593][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.239235][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.244465][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 48.249140][ T368] ___sys_sendmsg+0x252/0x2e0
[ 48.253846][ T368] __sys_sendmmsg+0x2bf/0x530
[ 48.258482][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.263321][ T368] do_syscall_64+0x3d/0xb0
[ 48.267558][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.274148][ T368]
[ 48.276324][ T368] Freed by task 6:
[ 48.279967][ T368] kasan_set_track+0x4b/0x70
[ 48.284393][ T368] kasan_set_free_info+0x23/0x40
[ 48.289214][ T368] ____kasan_slab_free+0x126/0x160
[ 48.294201][ T368] __kasan_slab_free+0x11/0x20
[ 48.298983][ T368] slab_free_freelist_hook+0xbd/0x190
[ 48.304277][ T368] kmem_cache_free+0x116/0x2e0
[ 48.308877][ T368] kfree_skbmem+0x104/0x170
[ 48.313223][ T368] kfree_skb+0xc2/0x360
[ 48.317223][ T368] sk_psock_backlog+0xc21/0xd90
[ 48.321994][ T368] process_one_work+0x6bb/0xc10
[ 48.326682][ T368] worker_thread+0xad5/0x12a0
[ 48.331192][ T368] kthread+0x421/0x510
[ 48.335114][ T368] ret_from_fork+0x1f/0x30
[ 48.339351][ T368]
[ 48.341611][ T368] The buggy address belongs to the object at ffff88810cbb3780
[ 48.341611][ T368] which belongs to the cache skbuff_head_cache of size 248
[ 48.356708][ T368] The buggy address is located 0 bytes inside of
[ 48.356708][ T368] 248-byte region [ffff88810cbb3780, ffff88810cbb3878)
[ 48.370464][ T368] The buggy address belongs to the page:
[ 48.376193][ T368] page:ffffea000432ecc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cbb3
[ 48.386606][ T368] flags: 0x4000000000000200(slab|zone=1)
[ 48.392345][ T368] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 48.401113][ T368] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.410595][ T368] page dumped because: kasan: bad access detected
[ 48.417040][ T368] page_owner tracks the page as allocated
[ 48.422792][ T368] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 47485742926, free_ts 46390254196
[ 48.438529][ T368] post_alloc_hook+0x1a3/0x1b0
[ 48.443108][ T368] prep_new_page+0x1b/0x110
[ 48.447442][ T368] get_page_from_freelist+0x3550/0x35d0
[ 48.452820][ T368] __alloc_pages+0x27e/0x8f0
[ 48.457254][ T368] new_slab+0x9a/0x4e0
[ 48.461502][ T368] ___slab_alloc+0x39e/0x830
[ 48.465925][ T368] __slab_alloc+0x4a/0x90
[ 48.470273][ T368] kmem_cache_alloc+0x134/0x200
[ 48.475495][ T368] __alloc_skb+0xbe/0x550
[ 48.479827][ T368] alloc_skb_with_frags+0xa6/0x680
[ 48.484787][ T368] sock_alloc_send_pskb+0x915/0xa50
[ 48.490730][ T368] unix_dgram_sendmsg+0x6fd/0x2090
[ 48.496162][ T368] __sys_sendto+0x564/0x720
[ 48.500754][ T368] __x64_sys_sendto+0xe5/0x100
[ 48.505438][ T368] do_syscall_64+0x3d/0xb0
[ 48.509690][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.515438][ T368] page last free stack trace:
[ 48.520247][ T368] free_unref_page_prepare+0x7c8/0x7d0
[ 48.526307][ T368] free_unref_page_list+0x14b/0xa60
[ 48.531478][ T368] release_pages+0x1310/0x1370
[ 48.536089][ T368] free_pages_and_swap_cache+0x8a/0xa0
[ 48.541561][ T368] tlb_finish_mmu+0x177/0x320
[ 48.546318][ T368] exit_mmap+0x3ef/0x6f0
[ 48.550617][ T368] __mmput+0x95/0x310
[ 48.554946][ T368] mmput+0x5b/0x170
[ 48.558683][ T368] do_exit+0xb9c/0x2ca0
[ 48.562946][ T368] do_group_exit+0x141/0x310
[ 48.567440][ T368] __x64_sys_exit_group+0x3f/0x40
[ 48.572307][ T368] do_syscall_64+0x3d/0xb0
[ 48.576557][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.582284][ T368]
[ 48.584451][ T368] Memory state around the buggy address:
[ 48.590799][ T368] ffff88810cbb3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.598653][ T368] ffff88810cbb3700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.606552][ T368] >ffff88810cbb3780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.614453][ T368] ^
[ 48.618404][ T368] ffff88810cbb3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.626702][ T368] ffff88810cbb3880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.634670][ T368] ==================================================================
[ 48.655898][ T372] FAULT_INJECTION: forcing a failure.
[ 48.655898][ T372] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 48.669258][ T372] CPU: 0 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 48.681067][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 48.691491][ T372] Call Trace:
[ 48.694636][ T372]
[ 48.697485][ T372] dump_stack_lvl+0x151/0x1b7
[ 48.702205][ T372] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.707767][ T372] dump_stack+0x15/0x17
[ 48.711839][ T372] should_fail+0x3c6/0x510
[ 48.716701][ T372] should_fail_alloc_page+0x5a/0x80
[ 48.722158][ T372] prepare_alloc_pages+0x15c/0x700
[ 48.727104][ T372] ? __alloc_pages_bulk+0xe40/0xe40
[ 48.732410][ T372] __alloc_pages+0x18c/0x8f0
[ 48.736833][ T372] ? prep_new_page+0x110/0x110
[ 48.741906][ T372] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.747626][ T372] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 48.753263][ T372] new_slab+0x9a/0x4e0
[ 48.757166][ T372] ___slab_alloc+0x39e/0x830
[ 48.761684][ T372] ? skb_clone+0x1d1/0x360
[ 48.765938][ T372] ? skb_clone+0x1d1/0x360
[ 48.771577][ T372] __slab_alloc+0x4a/0x90
[ 48.775762][ T372] ? skb_clone+0x1d1/0x360
[ 48.780134][ T372] kmem_cache_alloc+0x134/0x200
[ 48.785333][ T372] skb_clone+0x1d1/0x360
[ 48.789499][ T372] sk_psock_verdict_recv+0x53/0x840
[ 48.794630][ T372] ? avc_has_perm_noaudit+0x430/0x430
[ 48.799837][ T372] ? mntput_no_expire+0xfc/0x6b0
[ 48.804696][ T372] ? lockref_put_return+0x1b7/0x210
[ 48.809732][ T372] unix_read_sock+0x132/0x370
[ 48.814513][ T372] ? sk_psock_skb_redirect+0x440/0x440
[ 48.819888][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 48.825543][ T372] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.830832][ T372] ? unix_stream_splice_actor+0x120/0x120
[ 48.836384][ T372] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.842018][ T372] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.847399][ T372] ? _raw_spin_lock+0xa4/0x1b0
[ 48.852009][ T372] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.857638][ T372] ? skb_queue_tail+0xfb/0x120
[ 48.862237][ T372] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.867291][ T372] ? unix_dgram_poll+0x710/0x710
[ 48.872135][ T372] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.876997][ T372] ? security_socket_sendmsg+0x82/0xb0
[ 48.882594][ T372] ? unix_dgram_poll+0x710/0x710
[ 48.887358][ T372] ____sys_sendmsg+0x59e/0x8f0
[ 48.891968][ T372] ? __sys_sendmsg_sock+0x40/0x40
[ 48.896913][ T372] ? import_iovec+0xe5/0x120
[ 48.901484][ T372] ___sys_sendmsg+0x252/0x2e0
[ 48.905942][ T372] ? __sys_sendmsg+0x260/0x260
[ 48.910876][ T372] ? do_handle_mm_fault+0x1949/0x2330
[ 48.916067][ T372] ? __kasan_check_write+0x14/0x20
[ 48.921035][ T372] ? proc_fail_nth_write+0x20b/0x290
[ 48.926138][ T372] ? __fdget+0x1bc/0x240
[ 48.930223][ T372] __sys_sendmmsg+0x2bf/0x530
[ 48.934735][ T372] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.939592][ T372] ? mutex_unlock+0xb2/0x260
[ 48.944019][ T372] ? __kasan_check_write+0x14/0x20
[ 48.949074][ T372] ? debug_smp_processor_id+0x17/0x20
[ 48.954340][ T372] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.960241][ T372] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.964937][ T372] do_syscall_64+0x3d/0xb0
[ 48.969270][ T372] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.974997][ T372] RIP: 0033:0x7fdf3ce74ae9
[ 48.979351][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.998794][ T372] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.007108][ T372] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 49.014920][ T372] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.022730][ T372] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 49.030639][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.040349][ T372] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 49.048166][ T372]
[ 49.061984][ T374] FAULT_INJECTION: forcing a failure.
[ 49.061984][ T374] name failslab, interval 1, probability 0, space 0, times 0
[ 49.074656][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 49.087255][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.097520][ T374] Call Trace:
[ 49.100906][ T374]
[ 49.104064][ T374] dump_stack_lvl+0x151/0x1b7
[ 49.109252][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.114794][ T374] dump_stack+0x15/0x17
[ 49.119007][ T374] should_fail+0x3c6/0x510
[ 49.123206][ T374] __should_failslab+0xa4/0xe0
[ 49.127894][ T374] should_failslab+0x9/0x20
[ 49.132736][ T374] slab_pre_alloc_hook+0x37/0xd0
[ 49.137835][ T374] kmem_cache_alloc_trace+0x48/0x210
[ 49.142955][ T374] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.148510][ T374] ? migrate_disable+0x190/0x190
[ 49.153650][ T374] sk_psock_skb_ingress_self+0x60/0x330
[ 49.159034][ T374] sk_psock_verdict_recv+0x66d/0x840
[ 49.164255][ T374] unix_read_sock+0x132/0x370
[ 49.169043][ T374] ? sk_psock_skb_redirect+0x440/0x440
[ 49.174609][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 49.180411][ T374] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.185705][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 49.191435][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.197350][ T374] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.202633][ T374] ? _raw_spin_lock+0xa4/0x1b0
[ 49.207234][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.212875][ T374] ? skb_queue_tail+0xfb/0x120
[ 49.217475][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.222509][ T374] ? unix_dgram_poll+0x710/0x710
[ 49.227457][ T374] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.232404][ T374] ? security_socket_sendmsg+0x82/0xb0
[ 49.237965][ T374] ? unix_dgram_poll+0x710/0x710
[ 49.242836][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 49.247427][ T374] ? __sys_sendmsg_sock+0x40/0x40
[ 49.252497][ T374] ? import_iovec+0xe5/0x120
[ 49.257105][ T374] ___sys_sendmsg+0x252/0x2e0
[ 49.261924][ T374] ? __sys_sendmsg+0x260/0x260
[ 49.266655][ T374] ? do_handle_mm_fault+0x1949/0x2330
[ 49.271967][ T374] ? __kasan_check_write+0x14/0x20
[ 49.276916][ T374] ? proc_fail_nth_write+0x20b/0x290
[ 49.282208][ T374] ? __fdget+0x1bc/0x240
[ 49.286367][ T374] __sys_sendmmsg+0x2bf/0x530
[ 49.290969][ T374] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.296008][ T374] ? mutex_unlock+0xb2/0x260
[ 49.300609][ T374] ? __kasan_check_write+0x14/0x20
[ 49.305561][ T374] ? debug_smp_processor_id+0x17/0x20
[ 49.310847][ T374] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.316940][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.321698][ T374] do_syscall_64+0x3d/0xb0
[ 49.326274][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.332095][ T374] RIP: 0033:0x7fdf3ce74ae9
[ 49.336508][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.356579][ T374] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.364935][ T374] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 49.373044][ T374] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.380973][ T374] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 49.388814][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.396618][ T374] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 49.404451][ T374]
[ 49.418548][ T376] FAULT_INJECTION: forcing a failure.
[ 49.418548][ T376] name failslab, interval 1, probability 0, space 0, times 0
[ 49.431123][ T376] CPU: 0 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 49.442645][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.452559][ T376] Call Trace:
[ 49.455666][ T376]
[ 49.458443][ T376] dump_stack_lvl+0x151/0x1b7
[ 49.462954][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.468525][ T376] dump_stack+0x15/0x17
[ 49.472530][ T376] should_fail+0x3c6/0x510
[ 49.476782][ T376] __should_failslab+0xa4/0xe0
[ 49.481513][ T376] should_failslab+0x9/0x20
[ 49.485953][ T376] slab_pre_alloc_hook+0x37/0xd0
[ 49.490750][ T376] kmem_cache_alloc_trace+0x48/0x210
[ 49.495922][ T376] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.501741][ T376] ? migrate_disable+0x190/0x190
[ 49.506782][ T376] sk_psock_skb_ingress_self+0x60/0x330
[ 49.512273][ T376] sk_psock_verdict_recv+0x66d/0x840
[ 49.517571][ T376] unix_read_sock+0x132/0x370
[ 49.522246][ T376] ? sk_psock_skb_redirect+0x440/0x440
[ 49.527829][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 49.533819][ T376] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.539391][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 49.546079][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.552033][ T376] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.559121][ T376] ? _raw_spin_lock+0xa4/0x1b0
[ 49.564133][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.570056][ T376] ? skb_queue_tail+0xfb/0x120
[ 49.575367][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.580774][ T376] ? unix_dgram_poll+0x710/0x710
[ 49.586592][ T376] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.591453][ T376] ? security_socket_sendmsg+0x82/0xb0
[ 49.596841][ T376] ? unix_dgram_poll+0x710/0x710
[ 49.601866][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 49.606904][ T376] ? __sys_sendmsg_sock+0x40/0x40
[ 49.611757][ T376] ? import_iovec+0xe5/0x120
[ 49.616364][ T376] ___sys_sendmsg+0x252/0x2e0
[ 49.621045][ T376] ? __sys_sendmsg+0x260/0x260
[ 49.625940][ T376] ? do_handle_mm_fault+0x1949/0x2330
[ 49.631594][ T376] ? __kasan_check_write+0x14/0x20
[ 49.636582][ T376] ? proc_fail_nth_write+0x20b/0x290
[ 49.641962][ T376] ? __fdget+0x1bc/0x240
[ 49.646317][ T376] __sys_sendmmsg+0x2bf/0x530
[ 49.650907][ T376] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.655771][ T376] ? mutex_unlock+0xb2/0x260
[ 49.660194][ T376] ? __kasan_check_write+0x14/0x20
[ 49.665151][ T376] ? debug_smp_processor_id+0x17/0x20
[ 49.670368][ T376] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.676951][ T376] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.682566][ T376] do_syscall_64+0x3d/0xb0
[ 49.687200][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.693114][ T376] RIP: 0033:0x7fdf3ce74ae9
[ 49.697444][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.717372][ T376] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.725811][ T376] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 49.734377][ T376] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.742912][ T376] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 49.750919][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.759498][ T376] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 49.768200][ T376]
[ 49.774370][ T375] ==================================================================
[ 49.782940][ T375] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.792196][ T375]
[ 49.794466][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 49.806597][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.817507][ T375] Call Trace:
[ 49.820776][ T375]
[ 49.824013][ T375] dump_stack_lvl+0x151/0x1b7
[ 49.828707][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.834335][ T375] ? __wake_up_klogd+0xd5/0x110
[ 49.839031][ T375] ? panic+0x751/0x751
[ 49.843102][ T375] ? kmem_cache_free+0x116/0x2e0
[ 49.848256][ T375] print_address_description+0x87/0x3b0
[ 49.853796][ T375] ? kmem_cache_free+0x116/0x2e0
[ 49.858651][ T375] ? kmem_cache_free+0x116/0x2e0
[ 49.863712][ T375] kasan_report_invalid_free+0x6b/0xa0
[ 49.869458][ T375] ____kasan_slab_free+0x13e/0x160
[ 49.874612][ T375] __kasan_slab_free+0x11/0x20
[ 49.879213][ T375] slab_free_freelist_hook+0xbd/0x190
[ 49.884701][ T375] ? kfree_skbmem+0x104/0x170
[ 49.889283][ T375] kmem_cache_free+0x116/0x2e0
[ 49.893886][ T375] kfree_skbmem+0x104/0x170
[ 49.898225][ T375] consume_skb+0xb4/0x250
[ 49.902573][ T375] __sk_msg_free+0x2dd/0x370
[ 49.907085][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.913094][ T375] sk_psock_stop+0x44c/0x4d0
[ 49.917519][ T375] ? unix_peer_get+0xe0/0xe0
[ 49.922196][ T375] sock_map_close+0x2b9/0x4c0
[ 49.926835][ T375] ? sock_map_remove_links+0x570/0x570
[ 49.932103][ T375] ? rwsem_mark_wake+0x6b0/0x6b0
[ 49.936882][ T375] unix_release+0x82/0xc0
[ 49.941216][ T375] sock_close+0xdf/0x270
[ 49.945284][ T375] ? sock_mmap+0xa0/0xa0
[ 49.949372][ T375] __fput+0x3fe/0x910
[ 49.953213][ T375] ____fput+0x15/0x20
[ 49.957681][ T375] task_work_run+0x129/0x190
[ 49.962049][ T375] exit_to_user_mode_loop+0xc4/0xe0
[ 49.967176][ T375] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.972585][ T375] syscall_exit_to_user_mode+0x26/0x160
[ 49.977962][ T375] do_syscall_64+0x49/0xb0
[ 49.982628][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.988960][ T375] RIP: 0033:0x7fdf3ce739da
[ 49.993710][ T375] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.013306][ T375] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.021726][ T375] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 50.029537][ T375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.037346][ T375] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 50.045250][ T375] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c43c
[ 50.053162][ T375] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000c0fb
[ 50.060964][ T375]
[ 50.063818][ T375]
[ 50.065998][ T375] Allocated by task 376:
[ 50.070067][ T375] __kasan_slab_alloc+0xb1/0xe0
[ 50.074946][ T375] slab_post_alloc_hook+0x53/0x2c0
[ 50.080220][ T375] kmem_cache_alloc+0xf5/0x200
[ 50.084919][ T375] skb_clone+0x1d1/0x360
[ 50.088990][ T375] sk_psock_verdict_recv+0x53/0x840
[ 50.094024][ T375] unix_read_sock+0x132/0x370
[ 50.098567][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.104449][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.109475][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 50.114432][ T375] ___sys_sendmsg+0x252/0x2e0
[ 50.118952][ T375] __sys_sendmmsg+0x2bf/0x530
[ 50.123472][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.128288][ T375] do_syscall_64+0x3d/0xb0
[ 50.132838][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.138839][ T375]
[ 50.141004][ T375] Freed by task 6:
[ 50.144904][ T375] kasan_set_track+0x4b/0x70
[ 50.149508][ T375] kasan_set_free_info+0x23/0x40
[ 50.154280][ T375] ____kasan_slab_free+0x126/0x160
[ 50.159312][ T375] __kasan_slab_free+0x11/0x20
[ 50.164208][ T375] slab_free_freelist_hook+0xbd/0x190
[ 50.169616][ T375] kmem_cache_free+0x116/0x2e0
[ 50.174301][ T375] kfree_skbmem+0x104/0x170
[ 50.178639][ T375] kfree_skb+0xc2/0x360
[ 50.182721][ T375] sk_psock_backlog+0xc21/0xd90
[ 50.187542][ T375] process_one_work+0x6bb/0xc10
[ 50.192273][ T375] worker_thread+0xad5/0x12a0
[ 50.196787][ T375] kthread+0x421/0x510
[ 50.200696][ T375] ret_from_fork+0x1f/0x30
[ 50.204941][ T375]
[ 50.207109][ T375] The buggy address belongs to the object at ffff88811f510b40
[ 50.207109][ T375] which belongs to the cache skbuff_head_cache of size 248
[ 50.221610][ T375] The buggy address is located 0 bytes inside of
[ 50.221610][ T375] 248-byte region [ffff88811f510b40, ffff88811f510c38)
[ 50.234721][ T375] The buggy address belongs to the page:
[ 50.240325][ T375] page:ffffea00047d4400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f510
[ 50.250819][ T375] flags: 0x4000000000000200(slab|zone=1)
[ 50.256544][ T375] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351800
[ 50.265068][ T375] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.274775][ T375] page dumped because: kasan: bad access detected
[ 50.281238][ T375] page_owner tracks the page as allocated
[ 50.286826][ T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 49410390153, free_ts 21736445108
[ 50.303078][ T375] post_alloc_hook+0x1a3/0x1b0
[ 50.307768][ T375] prep_new_page+0x1b/0x110
[ 50.312270][ T375] get_page_from_freelist+0x3550/0x35d0
[ 50.317648][ T375] __alloc_pages+0x27e/0x8f0
[ 50.322085][ T375] new_slab+0x9a/0x4e0
[ 50.325999][ T375] ___slab_alloc+0x39e/0x830
[ 50.330506][ T375] __slab_alloc+0x4a/0x90
[ 50.334663][ T375] kmem_cache_alloc+0x134/0x200
[ 50.339434][ T375] __alloc_skb+0xbe/0x550
[ 50.343712][ T375] alloc_skb_with_frags+0xa6/0x680
[ 50.348655][ T375] sock_alloc_send_pskb+0x915/0xa50
[ 50.353687][ T375] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.358727][ T375] __sys_sendto+0x564/0x720
[ 50.363094][ T375] __x64_sys_sendto+0xe5/0x100
[ 50.367863][ T375] do_syscall_64+0x3d/0xb0
[ 50.372287][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.378082][ T375] page last free stack trace:
[ 50.382683][ T375] free_unref_page_prepare+0x7c8/0x7d0
[ 50.387977][ T375] free_unref_page+0xe8/0x750
[ 50.392488][ T375] __free_pages+0x61/0xf0
[ 50.396673][ T375] __vunmap+0x7bc/0x8f0
[ 50.400786][ T375] vfree+0x7f/0xb0
[ 50.404424][ T375] kcov_close+0x2b/0x50
[ 50.408543][ T375] __fput+0x3fe/0x910
[ 50.412430][ T375] ____fput+0x15/0x20
[ 50.416236][ T375] task_work_run+0x129/0x190
[ 50.420836][ T375] do_exit+0xc48/0x2ca0
[ 50.425442][ T375] do_group_exit+0x141/0x310
[ 50.429872][ T375] get_signal+0x7a3/0x1630
[ 50.434140][ T375] arch_do_signal_or_restart+0xbd/0x1680
[ 50.439821][ T375] exit_to_user_mode_loop+0xa0/0xe0
[ 50.444928][ T375] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.450353][ T375] syscall_exit_to_user_mode+0x26/0x160
[ 50.455693][ T375]
[ 50.457866][ T375] Memory state around the buggy address:
[ 50.463511][ T375] ffff88811f510a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.471848][ T375] ffff88811f510a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.480449][ T375] >ffff88811f510b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.488434][ T375] ^
[ 50.494504][ T375] ffff88811f510b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.502491][ T375] ffff88811f510c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.510482][ T375] ==================================================================
[ 50.530749][ T379] FAULT_INJECTION: forcing a failure.
[ 50.530749][ T379] name failslab, interval 1, probability 0, space 0, times 0
[ 50.543458][ T379] CPU: 0 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 50.555088][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 50.565056][ T379] Call Trace:
[ 50.568178][ T379]
[ 50.570970][ T379] dump_stack_lvl+0x151/0x1b7
[ 50.575591][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.581165][ T379] dump_stack+0x15/0x17
[ 50.585160][ T379] should_fail+0x3c6/0x510
[ 50.589491][ T379] __should_failslab+0xa4/0xe0
[ 50.594094][ T379] should_failslab+0x9/0x20
[ 50.598436][ T379] slab_pre_alloc_hook+0x37/0xd0
[ 50.603319][ T379] kmem_cache_alloc_trace+0x48/0x210
[ 50.608432][ T379] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.613976][ T379] ? migrate_disable+0x190/0x190
[ 50.618752][ T379] sk_psock_skb_ingress_self+0x60/0x330
[ 50.624171][ T379] sk_psock_verdict_recv+0x66d/0x840
[ 50.629257][ T379] unix_read_sock+0x132/0x370
[ 50.633875][ T379] ? sk_psock_skb_redirect+0x440/0x440
[ 50.639250][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 50.644806][ T379] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.650101][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 50.655753][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.661483][ T379] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.666694][ T379] ? _raw_spin_lock+0xa4/0x1b0
[ 50.671407][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.677440][ T379] ? skb_queue_tail+0xfb/0x120
[ 50.682033][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.687065][ T379] ? unix_dgram_poll+0x710/0x710
[ 50.691838][ T379] ? _raw_spin_trylock+0xcd/0x1a0
[ 50.696700][ T379] ? security_socket_sendmsg+0x82/0xb0
[ 50.702093][ T379] ? unix_dgram_poll+0x710/0x710
[ 50.706858][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 50.711462][ T379] ? __sys_sendmsg_sock+0x40/0x40
[ 50.716418][ T379] ? import_iovec+0xe5/0x120
[ 50.721130][ T379] ___sys_sendmsg+0x252/0x2e0
[ 50.725726][ T379] ? __sys_sendmsg+0x260/0x260
[ 50.730590][ T379] ? do_handle_mm_fault+0x1949/0x2330
[ 50.735922][ T379] ? __kasan_check_write+0x14/0x20
[ 50.740866][ T379] ? proc_fail_nth_write+0x20b/0x290
[ 50.746252][ T379] ? __fdget+0x1bc/0x240
[ 50.750344][ T379] __sys_sendmmsg+0x2bf/0x530
[ 50.754845][ T379] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.759701][ T379] ? mutex_unlock+0xb2/0x260
[ 50.764125][ T379] ? __kasan_check_write+0x14/0x20
[ 50.769364][ T379] ? debug_smp_processor_id+0x17/0x20
[ 50.774730][ T379] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.780763][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.785533][ T379] do_syscall_64+0x3d/0xb0
[ 50.789775][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.795601][ T379] RIP: 0033:0x7fdf3ce74ae9
[ 50.799941][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.820490][ T379] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.828736][ T379] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 50.836803][ T379] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.844623][ T379] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 50.852426][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.860234][ T379] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 50.868052][ T379]
[ 50.873583][ T378] ==================================================================
[ 50.881717][ T378] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.890334][ T378]
[ 50.892584][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 50.904211][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 50.914109][ T378] Call Trace:
[ 50.917233][ T378]
[ 50.920008][ T378] dump_stack_lvl+0x151/0x1b7
[ 50.924537][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.930085][ T378] ? __wake_up_klogd+0xd5/0x110
[ 50.934859][ T378] ? panic+0x751/0x751
[ 50.938826][ T378] ? kmem_cache_free+0x116/0x2e0
[ 50.943542][ T378] print_address_description+0x87/0x3b0
[ 50.949743][ T378] ? kmem_cache_free+0x116/0x2e0
[ 50.954769][ T378] ? kmem_cache_free+0x116/0x2e0
[ 50.959653][ T378] kasan_report_invalid_free+0x6b/0xa0
[ 50.965179][ T378] ____kasan_slab_free+0x13e/0x160
[ 50.970124][ T378] __kasan_slab_free+0x11/0x20
[ 50.974743][ T378] slab_free_freelist_hook+0xbd/0x190
[ 50.980278][ T378] ? kfree_skbmem+0x104/0x170
[ 50.984883][ T378] kmem_cache_free+0x116/0x2e0
[ 50.989742][ T378] kfree_skbmem+0x104/0x170
[ 50.994355][ T378] consume_skb+0xb4/0x250
[ 50.998717][ T378] __sk_msg_free+0x2dd/0x370
[ 51.003137][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.008771][ T378] sk_psock_stop+0x44c/0x4d0
[ 51.013633][ T378] ? unix_peer_get+0xe0/0xe0
[ 51.018051][ T378] sock_map_close+0x2b9/0x4c0
[ 51.022563][ T378] ? sock_map_remove_links+0x570/0x570
[ 51.028033][ T378] ? rwsem_mark_wake+0x6b0/0x6b0
[ 51.032996][ T378] unix_release+0x82/0xc0
[ 51.037266][ T378] sock_close+0xdf/0x270
[ 51.041319][ T378] ? sock_mmap+0xa0/0xa0
[ 51.045659][ T378] __fput+0x3fe/0x910
[ 51.049484][ T378] ____fput+0x15/0x20
[ 51.053296][ T378] task_work_run+0x129/0x190
[ 51.057742][ T378] exit_to_user_mode_loop+0xc4/0xe0
[ 51.062761][ T378] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.068053][ T378] syscall_exit_to_user_mode+0x26/0x160
[ 51.073532][ T378] do_syscall_64+0x49/0xb0
[ 51.077889][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.083858][ T378] RIP: 0033:0x7fdf3ce739da
[ 51.088043][ T378] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.107692][ T378] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.115925][ T378] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 51.123738][ T378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.131551][ T378] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 51.139358][ T378] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c894
[ 51.147256][ T378] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000c553
[ 51.155160][ T378]
[ 51.158021][ T378]
[ 51.160253][ T378] Allocated by task 379:
[ 51.164269][ T378] __kasan_slab_alloc+0xb1/0xe0
[ 51.168999][ T378] slab_post_alloc_hook+0x53/0x2c0
[ 51.173988][ T378] kmem_cache_alloc+0xf5/0x200
[ 51.179369][ T378] skb_clone+0x1d1/0x360
[ 51.183542][ T378] sk_psock_verdict_recv+0x53/0x840
[ 51.188569][ T378] unix_read_sock+0x132/0x370
[ 51.193081][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.198819][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.203950][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 51.208539][ T378] ___sys_sendmsg+0x252/0x2e0
[ 51.213144][ T378] __sys_sendmmsg+0x2bf/0x530
[ 51.217742][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.222626][ T378] do_syscall_64+0x3d/0xb0
[ 51.226860][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.232584][ T378]
[ 51.234752][ T378] Freed by task 20:
[ 51.238400][ T378] kasan_set_track+0x4b/0x70
[ 51.242859][ T378] kasan_set_free_info+0x23/0x40
[ 51.247597][ T378] ____kasan_slab_free+0x126/0x160
[ 51.252630][ T378] __kasan_slab_free+0x11/0x20
[ 51.257231][ T378] slab_free_freelist_hook+0xbd/0x190
[ 51.262440][ T378] kmem_cache_free+0x116/0x2e0
[ 51.267039][ T378] kfree_skbmem+0x104/0x170
[ 51.271561][ T378] kfree_skb+0xc2/0x360
[ 51.275544][ T378] sk_psock_backlog+0xc21/0xd90
[ 51.280328][ T378] process_one_work+0x6bb/0xc10
[ 51.285007][ T378] worker_thread+0xad5/0x12a0
[ 51.289520][ T378] kthread+0x421/0x510
[ 51.293512][ T378] ret_from_fork+0x1f/0x30
[ 51.297776][ T378]
[ 51.300021][ T378] The buggy address belongs to the object at ffff88810de3f640
[ 51.300021][ T378] which belongs to the cache skbuff_head_cache of size 248
[ 51.314860][ T378] The buggy address is located 0 bytes inside of
[ 51.314860][ T378] 248-byte region [ffff88810de3f640, ffff88810de3f738)
[ 51.327804][ T378] The buggy address belongs to the page:
[ 51.333439][ T378] page:ffffea0004378fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de3f
[ 51.343597][ T378] flags: 0x4000000000000200(slab|zone=1)
[ 51.349160][ T378] raw: 4000000000000200 ffffea0004347200 0000000e0000000e ffff888100351800
[ 51.357578][ T378] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 51.365993][ T378] page dumped because: kasan: bad access detected
[ 51.372242][ T378] page_owner tracks the page as allocated
[ 51.377896][ T378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 4022311731, free_ts 0
[ 51.392822][ T378] post_alloc_hook+0x1a3/0x1b0
[ 51.397419][ T378] prep_new_page+0x1b/0x110
[ 51.401759][ T378] get_page_from_freelist+0x3550/0x35d0
[ 51.407144][ T378] __alloc_pages+0x27e/0x8f0
[ 51.411682][ T378] new_slab+0x9a/0x4e0
[ 51.415550][ T378] ___slab_alloc+0x39e/0x830
[ 51.419987][ T378] __slab_alloc+0x4a/0x90
[ 51.424142][ T378] kmem_cache_alloc+0x134/0x200
[ 51.428925][ T378] __alloc_skb+0xbe/0x550
[ 51.433083][ T378] netlink_sendmsg+0x797/0xd20
[ 51.437681][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 51.442542][ T378] ___sys_sendmsg+0x252/0x2e0
[ 51.447381][ T378] __se_sys_sendmsg+0x19a/0x260
[ 51.452187][ T378] __x64_sys_sendmsg+0x7b/0x90
[ 51.456770][ T378] do_syscall_64+0x3d/0xb0
[ 51.461092][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.466820][ T378] page_owner free stack trace missing
[ 51.472025][ T378]
[ 51.474282][ T378] Memory state around the buggy address:
[ 51.479848][ T378] ffff88810de3f500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.487740][ T378] ffff88810de3f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.495994][ T378] >ffff88810de3f600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.504056][ T378] ^
[ 51.510046][ T378] ffff88810de3f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.518994][ T378] ffff88810de3f700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.526898][ T378] ==================================================================
[ 51.545815][ T382] FAULT_INJECTION: forcing a failure.
[ 51.545815][ T382] name failslab, interval 1, probability 0, space 0, times 0
[ 51.558469][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 51.570237][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 51.580183][ T382] Call Trace:
[ 51.583565][ T382]
[ 51.586568][ T382] dump_stack_lvl+0x151/0x1b7
[ 51.591043][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.596789][ T382] dump_stack+0x15/0x17
[ 51.601123][ T382] should_fail+0x3c6/0x510
[ 51.605374][ T382] __should_failslab+0xa4/0xe0
[ 51.609965][ T382] should_failslab+0x9/0x20
[ 51.614314][ T382] slab_pre_alloc_hook+0x37/0xd0
[ 51.619086][ T382] kmem_cache_alloc_trace+0x48/0x210
[ 51.624378][ T382] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.630052][ T382] ? migrate_disable+0x190/0x190
[ 51.634815][ T382] sk_psock_skb_ingress_self+0x60/0x330
[ 51.640295][ T382] sk_psock_verdict_recv+0x66d/0x840
[ 51.645432][ T382] unix_read_sock+0x132/0x370
[ 51.650114][ T382] ? sk_psock_skb_redirect+0x440/0x440
[ 51.655564][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 51.661209][ T382] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.666672][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 51.672397][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.678175][ T382] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.683535][ T382] ? _raw_spin_lock+0xa4/0x1b0
[ 51.688441][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.694216][ T382] ? skb_queue_tail+0xfb/0x120
[ 51.698927][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.704051][ T382] ? unix_dgram_poll+0x710/0x710
[ 51.709083][ T382] ? _raw_spin_trylock+0xcd/0x1a0
[ 51.713956][ T382] ? security_socket_sendmsg+0x82/0xb0
[ 51.719332][ T382] ? unix_dgram_poll+0x710/0x710
[ 51.724253][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 51.728971][ T382] ? __sys_sendmsg_sock+0x40/0x40
[ 51.734003][ T382] ? import_iovec+0xe5/0x120
[ 51.738871][ T382] ___sys_sendmsg+0x252/0x2e0
[ 51.743394][ T382] ? __sys_sendmsg+0x260/0x260
[ 51.747994][ T382] ? do_handle_mm_fault+0x1949/0x2330
[ 51.753372][ T382] ? __kasan_check_write+0x14/0x20
[ 51.758658][ T382] ? proc_fail_nth_write+0x20b/0x290
[ 51.763871][ T382] ? __fdget+0x1bc/0x240
[ 51.768217][ T382] __sys_sendmmsg+0x2bf/0x530
[ 51.772724][ T382] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.777775][ T382] ? mutex_unlock+0xb2/0x260
[ 51.782484][ T382] ? __kasan_check_write+0x14/0x20
[ 51.787481][ T382] ? debug_smp_processor_id+0x17/0x20
[ 51.792702][ T382] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.798958][ T382] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.803688][ T382] do_syscall_64+0x3d/0xb0
[ 51.808069][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.813902][ T382] RIP: 0033:0x7fdf3ce74ae9
[ 51.818317][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.838956][ T382] RSP: 002b:00007fdf3c9f70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.847475][ T382] RAX: ffffffffffffffda RBX: 00007fdf3cf93f80 RCX: 00007fdf3ce74ae9
[ 51.855707][ T382] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.863514][ T382] RBP: 00007fdf3c9f7120 R08: 0000000000000000 R09: 0000000000000000
[ 51.872968][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.880874][ T382] R13: 000000000000000b R14: 00007fdf3cf93f80 R15: 00007ffe7c7e0ce8
[ 51.889125][ T382]
[ 51.894916][ T381] ==================================================================
[ 51.902893][ T381] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.911632][ T381]
[ 51.913813][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.141-syzkaller-1068904-g28e3f5851a99 #0
[ 51.925882][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 51.935745][ T381] Call Trace:
[ 51.938860][ T381]
[ 51.941639][ T381] dump_stack_lvl+0x151/0x1b7
[ 51.946239][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.951706][ T381] ? __wake_up_klogd+0xd5/0x110
[ 51.956392][ T381] ? panic+0x751/0x751
[ 51.960307][ T381] ? kmem_cache_free+0x116/0x2e0
[ 51.965075][ T381] print_address_description+0x87/0x3b0
[ 51.970545][ T381] ? kmem_cache_free+0x116/0x2e0
[ 51.975451][ T381] ? kmem_cache_free+0x116/0x2e0
[ 51.980327][ T381] kasan_report_invalid_free+0x6b/0xa0
[ 51.985956][ T381] ____kasan_slab_free+0x13e/0x160
[ 51.990985][ T381] __kasan_slab_free+0x11/0x20
[ 51.995752][ T381] slab_free_freelist_hook+0xbd/0x190
[ 52.000955][ T381] ? kfree_skbmem+0x104/0x170
[ 52.005655][ T381] kmem_cache_free+0x116/0x2e0
[ 52.010246][ T381] kfree_skbmem+0x104/0x170
[ 52.014710][ T381] consume_skb+0xb4/0x250
[ 52.018861][ T381] __sk_msg_free+0x2dd/0x370
[ 52.023298][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.028947][ T381] sk_psock_stop+0x44c/0x4d0
[ 52.033448][ T381] ? unix_peer_get+0xe0/0xe0
[ 52.037870][ T381] sock_map_close+0x2b9/0x4c0
[ 52.042381][ T381] ? sock_map_remove_links+0x570/0x570
[ 52.047866][ T381] ? rwsem_mark_wake+0x6b0/0x6b0
[ 52.052640][ T381] unix_release+0x82/0xc0
[ 52.056824][ T381] sock_close+0xdf/0x270
[ 52.060870][ T381] ? sock_mmap+0xa0/0xa0
[ 52.064961][ T381] __fput+0x3fe/0x910
[ 52.068866][ T381] ____fput+0x15/0x20
[ 52.072763][ T381] task_work_run+0x129/0x190
[ 52.077192][ T381] exit_to_user_mode_loop+0xc4/0xe0
[ 52.082568][ T381] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.087991][ T381] syscall_exit_to_user_mode+0x26/0x160
[ 52.093430][ T381] do_syscall_64+0x49/0xb0
[ 52.097670][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.103487][ T381] RIP: 0033:0x7fdf3ce739da
[ 52.107938][ T381] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.127543][ T381] RSP: 002b:00007ffe7c7e0db0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.135958][ T381] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fdf3ce739da
[ 52.144027][ T381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.151842][ T381] RBP: 00007fdf3cf95980 R08: 0000001b31660000 R09: 00007ffe7c7f80b0
[ 52.159666][ T381] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cc8b
[ 52.168342][ T381] R13: ffffffffffffffff R14: 00007fdf3c9f8000 R15: 000000000000c94a
[ 52.176800][ T381]
[ 52.179644][ T381]
[ 52.181937][ T381] Allocated by task 382:
[ 52.186151][ T381] __kasan_slab_alloc+0xb1/0xe0
[ 52.191007][ T381] slab_post_alloc_hook+0x53/0x2c0
[ 52.195954][ T381] kmem_cache_alloc+0xf5/0x200
[ 52.200636][ T381] skb_clone+0x1d1/0x360
[ 52.204815][ T381] sk_psock_verdict_recv+0x53/0x840
[ 52.210103][ T381] unix_read_sock+0x132/0x370
[ 52.214725][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.220754][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.227012][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 52.231597][ T381] ___sys_sendmsg+0x252/0x2e0
[ 52.236109][ T381] __sys_sendmmsg+0x2bf/0x530
[ 52.240721][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.245417][ T381] do_syscall_64+0x3d/0xb0
[ 52.249648][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.255376][ T381]
[ 52.257634][ T381] Freed by task 20:
[ 52.261324][ T381] kasan_set_track+0x4b/0x70
[ 52.265719][ T381] kasan_set_free_info+0x23/0x40
[ 52.270651][ T381] ____kasan_slab_free+0x126/0x160
[ 52.275536][ T381] __kasan_slab_free+0x11/0x20
[ 52.280212][ T381] slab_free_freelist_hook+0xbd/0x190
[ 52.285504][ T381] kmem_cache_free+0x116/0x2e0
[ 52.290292][ T381] kfree_skbmem+0x104/0x170
[ 52.294628][ T381] kfree_skb+0xc2/0x360
[ 52.298613][ T381] sk_psock_backlog+0xc21/0xd90
[ 52.303387][ T381] process_one_work+0x6bb/0xc10
[ 52.308071][ T381] worker_thread+0xad5/0x12a0
[ 52.312595][ T381] kthread+0x421/0x510
[ 52.316489][ T381] ret_from_fork+0x1f/0x30
[ 52.320741][ T381]
[ 52.322911][ T381] The buggy address belongs to the object at ffff88810de3e500
[ 52.322911][ T381] which belongs to the cache skbuff_head_cache of size 248
[ 52.337400][ T381] The buggy address is located 0 bytes inside of
[ 52.337400][ T381] 248-byte region [ffff88810de3e500, ffff88810de3e5f8)
[ 52.350426][ T381] The buggy address belongs to the page:
[ 52.355898][ T381] page:ffffea0004378f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de3e
[ 52.365961][ T381] flags: 0x4000000000000200(slab|zone=1)
[ 52.371448][ T381] raw: 4000000000000200 ffffea0004347140 0000000c0000000c ffff888100351800
[ 52.379859][ T381] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.388374][ T381] page dumped because: kasan: bad access detected