Warning: Permanently added '10.128.10.36' (ED25519) to the list of known hosts.
2024/12/12 12:49:02 ignoring optional flag "sandboxArg"="0"
2024/12/12 12:49:02 ignoring optional flag "type"="gce"
2024/12/12 12:49:02 parsed 1 programs
2024/12/12 12:49:02 executed programs: 0
[ 46.411013][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 46.411033][ T30] audit: type=1400 audit(1734007742.674:95): avc: denied { unlink } for pid=347 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 46.451087][ T347] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.507874][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.514750][ T353] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.522080][ T353] device bridge_slave_0 entered promiscuous mode
[ 46.528697][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.535589][ T353] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.542761][ T353] device bridge_slave_1 entered promiscuous mode
[ 46.587662][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.594539][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.601673][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.608513][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.627634][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.635212][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.642751][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.650129][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.658978][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 46.667057][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.673938][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.682561][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 46.690784][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.697618][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.709114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 46.718199][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 46.732724][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 46.744106][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 46.751948][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 46.759138][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 46.767281][ T353] device veth0_vlan entered promiscuous mode
[ 46.777150][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 46.786058][ T353] device veth1_macvtap entered promiscuous mode
[ 46.795183][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 46.805099][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 46.826218][ T30] audit: type=1400 audit(1734007743.084:96): avc: denied { prog_load } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.851612][ T30] audit: type=1400 audit(1734007743.084:97): avc: denied { bpf } for pid=357 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 46.880854][ T30] audit: type=1400 audit(1734007743.144:98): avc: denied { map_create } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.900099][ T30] audit: type=1400 audit(1734007743.144:99): avc: denied { map_read map_write } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 47.069777][ T30] audit: type=1400 audit(1734007743.324:100): avc: denied { perfmon } for pid=357 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 47.091390][ T30] audit: type=1400 audit(1734007743.354:101): avc: denied { prog_run } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 47.119767][ T363] FAULT_INJECTION: forcing a failure.
[ 47.119767][ T363] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 47.133043][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.143200][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.153102][ T363] Call Trace:
[ 47.156218][ T363]
[ 47.159002][ T363] dump_stack_lvl+0x151/0x1c0
[ 47.163518][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.168977][ T363] dump_stack+0x15/0x20
[ 47.172969][ T363] should_fail+0x3c6/0x510
[ 47.177223][ T363] should_fail_usercopy+0x1a/0x20
[ 47.182081][ T363] _copy_to_user+0x20/0x90
[ 47.186334][ T363] simple_read_from_buffer+0xc7/0x150
[ 47.191546][ T363] proc_fail_nth_read+0x1a3/0x210
[ 47.196401][ T363] ? proc_fault_inject_write+0x390/0x390
[ 47.201957][ T363] ? fsnotify_perm+0x269/0x5b0
[ 47.206567][ T363] ? security_file_permission+0x86/0xb0
[ 47.211941][ T363] ? proc_fault_inject_write+0x390/0x390
[ 47.217404][ T363] vfs_read+0x27d/0xd40
[ 47.221398][ T363] ? kernel_read+0x1f0/0x1f0
[ 47.225833][ T363] ? __kasan_check_write+0x14/0x20
[ 47.230772][ T363] ? mutex_lock+0xb6/0x1e0
[ 47.235051][ T363] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.241446][ T363] ? __fdget_pos+0x2e7/0x3a0
[ 47.245876][ T363] ? ksys_read+0x77/0x2c0
[ 47.250040][ T363] ksys_read+0x199/0x2c0
[ 47.254120][ T363] ? vfs_write+0x1110/0x1110
[ 47.258550][ T363] ? __kasan_check_write+0x14/0x20
[ 47.263499][ T363] ? switch_fpu_return+0x15f/0x2e0
[ 47.268485][ T363] __x64_sys_read+0x7b/0x90
[ 47.272779][ T363] x64_sys_call+0x28/0x9a0
[ 47.277030][ T363] do_syscall_64+0x3b/0xb0
[ 47.281291][ T363] ? clear_bhb_loop+0x35/0x90
[ 47.285796][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.291528][ T363] RIP: 0033:0x7f7d365d178c
[ 47.295775][ T363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.315217][ T363] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.323463][ T363] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 47.331285][ T363] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 47.339084][ T363] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 47.346932][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.354727][ T363] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 47.362528][ T363]
[ 47.375698][ T365] FAULT_INJECTION: forcing a failure.
[ 47.375698][ T365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 47.388741][ T365] CPU: 0 PID: 365 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.398888][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.408799][ T365] Call Trace:
[ 47.411904][ T365]
[ 47.414684][ T365] dump_stack_lvl+0x151/0x1c0
[ 47.419216][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.424672][ T365] dump_stack+0x15/0x20
[ 47.428663][ T365] should_fail+0x3c6/0x510
[ 47.432913][ T365] should_fail_usercopy+0x1a/0x20
[ 47.437769][ T365] _copy_to_user+0x20/0x90
[ 47.442022][ T365] simple_read_from_buffer+0xc7/0x150
[ 47.447231][ T365] proc_fail_nth_read+0x1a3/0x210
[ 47.452091][ T365] ? proc_fault_inject_write+0x390/0x390
[ 47.457558][ T365] ? fsnotify_perm+0x269/0x5b0
[ 47.462157][ T365] ? security_file_permission+0x86/0xb0
[ 47.467540][ T365] ? proc_fault_inject_write+0x390/0x390
[ 47.473012][ T365] vfs_read+0x27d/0xd40
[ 47.477003][ T365] ? kernel_read+0x1f0/0x1f0
[ 47.481521][ T365] ? __kasan_check_write+0x14/0x20
[ 47.486472][ T365] ? mutex_lock+0xb6/0x1e0
[ 47.490719][ T365] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.497163][ T365] ? __fdget_pos+0x2e7/0x3a0
[ 47.501571][ T365] ? ksys_read+0x77/0x2c0
[ 47.505736][ T365] ksys_read+0x199/0x2c0
[ 47.509820][ T365] ? vfs_write+0x1110/0x1110
[ 47.514331][ T365] ? __kasan_check_write+0x14/0x20
[ 47.519289][ T365] ? switch_fpu_return+0x15f/0x2e0
[ 47.524224][ T365] __x64_sys_read+0x7b/0x90
[ 47.528566][ T365] x64_sys_call+0x28/0x9a0
[ 47.532818][ T365] do_syscall_64+0x3b/0xb0
[ 47.537067][ T365] ? clear_bhb_loop+0x35/0x90
[ 47.541868][ T365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.547588][ T365] RIP: 0033:0x7f7d365d178c
[ 47.551823][ T365] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.571262][ T365] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.579506][ T365] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 47.587363][ T365] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 47.595128][ T365] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 47.602940][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.610842][ T365] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 47.618749][ T365]
[ 47.631341][ T367] FAULT_INJECTION: forcing a failure.
[ 47.631341][ T367] name failslab, interval 1, probability 0, space 0, times 1
[ 47.643843][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.653920][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.663815][ T367] Call Trace:
[ 47.666935][ T367]
[ 47.669722][ T367] dump_stack_lvl+0x151/0x1c0
[ 47.674224][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.679691][ T367] dump_stack+0x15/0x20
[ 47.683682][ T367] should_fail+0x3c6/0x510
[ 47.687937][ T367] __should_failslab+0xa4/0xe0
[ 47.692532][ T367] should_failslab+0x9/0x20
[ 47.697096][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 47.701901][ T367] kmem_cache_alloc_trace+0x48/0x210
[ 47.706990][ T367] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.712546][ T367] ? migrate_disable+0x190/0x190
[ 47.717320][ T367] sk_psock_skb_ingress_self+0x60/0x330
[ 47.722717][ T367] sk_psock_verdict_recv+0x66d/0x840
[ 47.727911][ T367] unix_read_sock+0x132/0x370
[ 47.732423][ T367] ? sk_psock_skb_redirect+0x440/0x440
[ 47.737985][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 47.743538][ T367] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.748832][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 47.754395][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.760029][ T367] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.765234][ T367] ? _raw_spin_lock+0xa4/0x1b0
[ 47.769834][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.775489][ T367] ? skb_queue_tail+0xfb/0x120
[ 47.780198][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.785223][ T367] ? unix_dgram_poll+0x690/0x690
[ 47.789988][ T367] ? __kasan_check_write+0x14/0x20
[ 47.794943][ T367] ? __cpuidle_text_end+0x2/0x2
[ 47.799621][ T367] ? cgroup_rstat_updated+0xe5/0x370
[ 47.804915][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 47.810213][ T367] ? unix_dgram_poll+0x690/0x690
[ 47.814985][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 47.819592][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 47.824443][ T367] ? import_iovec+0xe5/0x120
[ 47.828962][ T367] ___sys_sendmsg+0x252/0x2e0
[ 47.833472][ T367] ? __sys_sendmsg+0x260/0x260
[ 47.838077][ T367] ? __kasan_check_write+0x14/0x20
[ 47.843079][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 47.848147][ T367] ? __fdget+0x1bc/0x240
[ 47.852223][ T367] __sys_sendmmsg+0x2bf/0x530
[ 47.856732][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.861587][ T367] ? mutex_unlock+0xb2/0x260
[ 47.866051][ T367] ? __kasan_check_write+0x14/0x20
[ 47.870970][ T367] ? __ia32_sys_read+0x90/0x90
[ 47.875567][ T367] ? debug_smp_processor_id+0x17/0x20
[ 47.881122][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.887178][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.891864][ T367] x64_sys_call+0x81d/0x9a0
[ 47.896195][ T367] do_syscall_64+0x3b/0xb0
[ 47.900450][ T367] ? clear_bhb_loop+0x35/0x90
[ 47.904959][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.910686][ T367] RIP: 0033:0x7f7d365d2ae9
[ 47.915118][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.934557][ T367] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.942801][ T367] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 47.950610][ T367] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.958431][ T367] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 47.966240][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.974046][ T367] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 47.981864][ T367]
[ 47.985721][ T30] audit: type=1400 audit(1734007744.244:102): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.987916][ T366] ==================================================================
[ 48.015143][ T366] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 48.021830][ T366] Read of size 4 at addr ffff88810fd2ed6c by task syz-executor.0/366
[ 48.029808][ T366]
[ 48.031980][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 48.042137][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.052173][ T366] Call Trace:
[ 48.055249][ T366]
[ 48.058048][ T366] dump_stack_lvl+0x151/0x1c0
[ 48.062542][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.068007][ T366] ? panic+0x760/0x760
[ 48.071912][ T366] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 48.077381][ T366] print_address_description+0x87/0x3b0
[ 48.082763][ T366] kasan_report+0x179/0x1c0
[ 48.087098][ T366] ? consume_skb+0x3c/0x250
[ 48.091440][ T366] ? consume_skb+0x3c/0x250
[ 48.095781][ T366] kasan_check_range+0x293/0x2a0
[ 48.100641][ T366] __kasan_check_read+0x11/0x20
[ 48.105328][ T366] consume_skb+0x3c/0x250
[ 48.109490][ T366] __sk_msg_free+0x2dd/0x370
[ 48.113920][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.119560][ T366] sk_psock_stop+0x44c/0x4d0
[ 48.124001][ T366] sk_psock_drop+0x219/0x310
[ 48.128416][ T366] sock_map_unref+0x48f/0x4d0
[ 48.132931][ T366] ? __local_bh_enable_ip+0x58/0x80
[ 48.137986][ T366] ? _raw_spin_unlock_bh+0x51/0x60
[ 48.142907][ T366] sock_map_remove_links+0x41c/0x650
[ 48.148028][ T366] ? __kasan_record_aux_stack+0xd3/0xf0
[ 48.153407][ T366] ? kasan_record_aux_stack+0xe/0x10
[ 48.158527][ T366] ? task_work_add+0x27/0x1d0
[ 48.163042][ T366] ? sock_map_unhash+0x120/0x120
[ 48.167812][ T366] ? x64_sys_call+0x3d/0x9a0
[ 48.172260][ T366] ? locks_remove_posix+0x610/0x610
[ 48.177286][ T366] sock_map_close+0x114/0x530
[ 48.181794][ T366] ? unix_peer_get+0xe0/0xe0
[ 48.186216][ T366] ? sock_map_remove_links+0x650/0x650
[ 48.191509][ T366] ? rwsem_mark_wake+0x770/0x770
[ 48.196282][ T366] unix_release+0x82/0xc0
[ 48.200451][ T366] sock_close+0xdf/0x270
[ 48.204616][ T366] ? sock_mmap+0xa0/0xa0
[ 48.208702][ T366] __fput+0x228/0x8c0
[ 48.212514][ T366] ____fput+0x15/0x20
[ 48.216332][ T366] task_work_run+0x129/0x190
[ 48.220770][ T366] exit_to_user_mode_loop+0xc4/0xe0
[ 48.225795][ T366] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.231129][ T366] syscall_exit_to_user_mode+0x26/0x160
[ 48.236468][ T366] do_syscall_64+0x47/0xb0
[ 48.240718][ T366] ? clear_bhb_loop+0x35/0x90
[ 48.245754][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.251481][ T366] RIP: 0033:0x7f7d365d19da
[ 48.255737][ T366] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.275265][ T366] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.283515][ T366] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 48.291320][ T366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.299129][ T366] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 48.306946][ T366] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bd39
[ 48.314809][ T366] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000b9f8
[ 48.322569][ T366]
[ 48.325426][ T366]
[ 48.327599][ T366] Allocated by task 367:
[ 48.331680][ T366] __kasan_slab_alloc+0xb1/0xe0
[ 48.336363][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 48.341317][ T366] kmem_cache_alloc+0xf5/0x200
[ 48.345909][ T366] skb_clone+0x1d1/0x360
[ 48.349989][ T366] sk_psock_verdict_recv+0x53/0x840
[ 48.355020][ T366] unix_read_sock+0x132/0x370
[ 48.359539][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.365324][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.370350][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 48.374951][ T366] ___sys_sendmsg+0x252/0x2e0
[ 48.379470][ T366] __sys_sendmmsg+0x2bf/0x530
[ 48.383995][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.388807][ T366] x64_sys_call+0x81d/0x9a0
[ 48.393143][ T366] do_syscall_64+0x3b/0xb0
[ 48.397400][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.403129][ T366]
[ 48.405395][ T366] Freed by task 20:
[ 48.409023][ T366] kasan_set_track+0x4b/0x70
[ 48.413449][ T366] kasan_set_free_info+0x23/0x40
[ 48.418224][ T366] ____kasan_slab_free+0x126/0x160
[ 48.423168][ T366] __kasan_slab_free+0x11/0x20
[ 48.427865][ T366] slab_free_freelist_hook+0xbd/0x190
[ 48.433073][ T366] kmem_cache_free+0x116/0x2e0
[ 48.437675][ T366] kfree_skbmem+0x104/0x170
[ 48.442013][ T366] kfree_skb+0xc2/0x360
[ 48.446003][ T366] sk_psock_backlog+0xc21/0xd90
[ 48.450788][ T366] process_one_work+0x6bb/0xc10
[ 48.455477][ T366] worker_thread+0xad5/0x12a0
[ 48.459985][ T366] kthread+0x421/0x510
[ 48.463891][ T366] ret_from_fork+0x1f/0x30
[ 48.468143][ T366]
[ 48.470315][ T366] The buggy address belongs to the object at ffff88810fd2ec80
[ 48.470315][ T366] which belongs to the cache skbuff_head_cache of size 248
[ 48.484722][ T366] The buggy address is located 236 bytes inside of
[ 48.484722][ T366] 248-byte region [ffff88810fd2ec80, ffff88810fd2ed78)
[ 48.497834][ T366] The buggy address belongs to the page:
[ 48.503314][ T366] page:ffffea00043f4b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fd2e
[ 48.513366][ T366] flags: 0x4000000000000200(slab|zone=1)
[ 48.518840][ T366] raw: 4000000000000200 ffffea00043da240 0000000700000007 ffff8881081aa780
[ 48.527264][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.535668][ T366] page dumped because: kasan: bad access detected
[ 48.542033][ T366] page_owner tracks the page as allocated
[ 48.547576][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 107, ts 4605743320, free_ts 0
[ 48.562511][ T366] post_alloc_hook+0x1a3/0x1b0
[ 48.567112][ T366] prep_new_page+0x1b/0x110
[ 48.571530][ T366] get_page_from_freelist+0x3550/0x35d0
[ 48.576911][ T366] __alloc_pages+0x27e/0x8f0
[ 48.581341][ T366] new_slab+0x9a/0x4e0
[ 48.585381][ T366] ___slab_alloc+0x39e/0x830
[ 48.589789][ T366] __slab_alloc+0x4a/0x90
[ 48.593955][ T366] kmem_cache_alloc+0x134/0x200
[ 48.598735][ T366] __alloc_skb+0xbe/0x550
[ 48.602900][ T366] alloc_skb_with_frags+0xa6/0x680
[ 48.607840][ T366] sock_alloc_send_pskb+0x915/0xa50
[ 48.612873][ T366] unix_dgram_sendmsg+0x6fd/0x2090
[ 48.617822][ T366] sock_write_iter+0x39b/0x530
[ 48.622420][ T366] vfs_write+0xd5d/0x1110
[ 48.626584][ T366] ksys_write+0x199/0x2c0
[ 48.630753][ T366] __x64_sys_write+0x7b/0x90
[ 48.635177][ T366] page_owner free stack trace missing
[ 48.640386][ T366]
[ 48.642567][ T366] Memory state around the buggy address:
[ 48.648049][ T366] ffff88810fd2ec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.656044][ T366] ffff88810fd2ec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.663910][ T366] >ffff88810fd2ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.671805][ T366] ^
[ 48.679111][ T366] ffff88810fd2ed80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.687096][ T366] ffff88810fd2ee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.694978][ T366] ==================================================================
[ 48.702881][ T366] Disabling lock debugging due to kernel taint
[ 48.708924][ T366] ==================================================================
[ 48.716761][ T366] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.725009][ T366]
[ 48.727178][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 48.738724][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.748625][ T366] Call Trace:
[ 48.751916][ T366]
[ 48.754696][ T366] dump_stack_lvl+0x151/0x1c0
[ 48.759203][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.764672][ T366] ? __wake_up_klogd+0xd5/0x110
[ 48.769358][ T366] ? panic+0x760/0x760
[ 48.773272][ T366] ? kmem_cache_free+0x116/0x2e0
[ 48.778037][ T366] print_address_description+0x87/0x3b0
[ 48.783416][ T366] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.789507][ T366] ? kmem_cache_free+0x116/0x2e0
[ 48.794278][ T366] ? kmem_cache_free+0x116/0x2e0
[ 48.799055][ T366] kasan_report_invalid_free+0x6b/0xa0
[ 48.804362][ T366] ____kasan_slab_free+0x13e/0x160
[ 48.809301][ T366] __kasan_slab_free+0x11/0x20
[ 48.813895][ T366] slab_free_freelist_hook+0xbd/0x190
[ 48.819144][ T366] ? kfree_skbmem+0x104/0x170
[ 48.823701][ T366] kmem_cache_free+0x116/0x2e0
[ 48.828408][ T366] kfree_skbmem+0x104/0x170
[ 48.832746][ T366] consume_skb+0xb4/0x250
[ 48.836904][ T366] __sk_msg_free+0x2dd/0x370
[ 48.841329][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.846974][ T366] sk_psock_stop+0x44c/0x4d0
[ 48.851402][ T366] sk_psock_drop+0x219/0x310
[ 48.855828][ T366] sock_map_unref+0x48f/0x4d0
[ 48.860339][ T366] ? __local_bh_enable_ip+0x58/0x80
[ 48.865373][ T366] ? _raw_spin_unlock_bh+0x51/0x60
[ 48.870339][ T366] sock_map_remove_links+0x41c/0x650
[ 48.875443][ T366] ? __kasan_record_aux_stack+0xd3/0xf0
[ 48.880825][ T366] ? kasan_record_aux_stack+0xe/0x10
[ 48.885945][ T366] ? task_work_add+0x27/0x1d0
[ 48.890464][ T366] ? sock_map_unhash+0x120/0x120
[ 48.895228][ T366] ? x64_sys_call+0x3d/0x9a0
[ 48.899661][ T366] ? locks_remove_posix+0x610/0x610
[ 48.904697][ T366] sock_map_close+0x114/0x530
[ 48.909213][ T366] ? unix_peer_get+0xe0/0xe0
[ 48.913628][ T366] ? sock_map_remove_links+0x650/0x650
[ 48.918924][ T366] ? rwsem_mark_wake+0x770/0x770
[ 48.923699][ T366] unix_release+0x82/0xc0
[ 48.927863][ T366] sock_close+0xdf/0x270
[ 48.931942][ T366] ? sock_mmap+0xa0/0xa0
[ 48.936025][ T366] __fput+0x228/0x8c0
[ 48.939842][ T366] ____fput+0x15/0x20
[ 48.943658][ T366] task_work_run+0x129/0x190
[ 48.948098][ T366] exit_to_user_mode_loop+0xc4/0xe0
[ 48.953131][ T366] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.958504][ T366] syscall_exit_to_user_mode+0x26/0x160
[ 48.963882][ T366] do_syscall_64+0x47/0xb0
[ 48.968154][ T366] ? clear_bhb_loop+0x35/0x90
[ 48.972650][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.978377][ T366] RIP: 0033:0x7f7d365d19da
[ 48.982631][ T366] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.002070][ T366] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.010313][ T366] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 49.018129][ T366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.026023][ T366] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 49.033937][ T366] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bd39
[ 49.041751][ T366] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000b9f8
[ 49.049589][ T366]
[ 49.052422][ T366]
[ 49.054634][ T366] Allocated by task 367:
[ 49.058679][ T366] __kasan_slab_alloc+0xb1/0xe0
[ 49.063358][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 49.068307][ T366] kmem_cache_alloc+0xf5/0x200
[ 49.072903][ T366] skb_clone+0x1d1/0x360
[ 49.076983][ T366] sk_psock_verdict_recv+0x53/0x840
[ 49.082017][ T366] unix_read_sock+0x132/0x370
[ 49.086528][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.092172][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.097206][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 49.101809][ T366] ___sys_sendmsg+0x252/0x2e0
[ 49.106321][ T366] __sys_sendmmsg+0x2bf/0x530
[ 49.110833][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.115518][ T366] x64_sys_call+0x81d/0x9a0
[ 49.119856][ T366] do_syscall_64+0x3b/0xb0
[ 49.124110][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.129838][ T366]
[ 49.132006][ T366] Freed by task 20:
[ 49.135838][ T366] kasan_set_track+0x4b/0x70
[ 49.140389][ T366] kasan_set_free_info+0x23/0x40
[ 49.145168][ T366] ____kasan_slab_free+0x126/0x160
[ 49.150226][ T366] __kasan_slab_free+0x11/0x20
[ 49.154823][ T366] slab_free_freelist_hook+0xbd/0x190
[ 49.160026][ T366] kmem_cache_free+0x116/0x2e0
[ 49.164625][ T366] kfree_skbmem+0x104/0x170
[ 49.168976][ T366] kfree_skb+0xc2/0x360
[ 49.172965][ T366] sk_psock_backlog+0xc21/0xd90
[ 49.177642][ T366] process_one_work+0x6bb/0xc10
[ 49.182331][ T366] worker_thread+0xad5/0x12a0
[ 49.186852][ T366] kthread+0x421/0x510
[ 49.190751][ T366] ret_from_fork+0x1f/0x30
[ 49.195001][ T366]
[ 49.197174][ T366] The buggy address belongs to the object at ffff88810fd2ec80
[ 49.197174][ T366] which belongs to the cache skbuff_head_cache of size 248
[ 49.211581][ T366] The buggy address is located 0 bytes inside of
[ 49.211581][ T366] 248-byte region [ffff88810fd2ec80, ffff88810fd2ed78)
[ 49.224548][ T366] The buggy address belongs to the page:
[ 49.229984][ T366] page:ffffea00043f4b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fd2e
[ 49.240047][ T366] flags: 0x4000000000000200(slab|zone=1)
[ 49.245525][ T366] raw: 4000000000000200 ffffea00043da240 0000000700000007 ffff8881081aa780
[ 49.253943][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.262369][ T366] page dumped because: kasan: bad access detected
[ 49.268603][ T366] page_owner tracks the page as allocated
[ 49.274155][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 107, ts 4605743320, free_ts 0
[ 49.289007][ T366] post_alloc_hook+0x1a3/0x1b0
[ 49.293598][ T366] prep_new_page+0x1b/0x110
[ 49.297944][ T366] get_page_from_freelist+0x3550/0x35d0
[ 49.303325][ T366] __alloc_pages+0x27e/0x8f0
[ 49.307742][ T366] new_slab+0x9a/0x4e0
[ 49.311648][ T366] ___slab_alloc+0x39e/0x830
[ 49.316073][ T366] __slab_alloc+0x4a/0x90
[ 49.320242][ T366] kmem_cache_alloc+0x134/0x200
[ 49.324930][ T366] __alloc_skb+0xbe/0x550
[ 49.329120][ T366] alloc_skb_with_frags+0xa6/0x680
[ 49.334040][ T366] sock_alloc_send_pskb+0x915/0xa50
[ 49.339073][ T366] unix_dgram_sendmsg+0x6fd/0x2090
[ 49.344025][ T366] sock_write_iter+0x39b/0x530
[ 49.348620][ T366] vfs_write+0xd5d/0x1110
[ 49.352801][ T366] ksys_write+0x199/0x2c0
[ 49.356952][ T366] __x64_sys_write+0x7b/0x90
[ 49.361387][ T366] page_owner free stack trace missing
[ 49.366589][ T366]
[ 49.368756][ T366] Memory state around the buggy address:
[ 49.374318][ T366] ffff88810fd2eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.382214][ T366] ffff88810fd2ec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.390126][ T366] >ffff88810fd2ec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.398007][ T366] ^
[ 49.401916][ T366] ffff88810fd2ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.409902][ T366] ffff88810fd2ed80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.417795][ T366] ==================================================================
[ 49.449705][ T371] FAULT_INJECTION: forcing a failure.
[ 49.449705][ T371] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 49.462669][ T371] CPU: 1 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.474319][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.484205][ T371] Call Trace:
[ 49.487328][ T371]
[ 49.490282][ T371] dump_stack_lvl+0x151/0x1c0
[ 49.494801][ T371] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.500262][ T371] dump_stack+0x15/0x20
[ 49.504261][ T371] should_fail+0x3c6/0x510
[ 49.508505][ T371] should_fail_usercopy+0x1a/0x20
[ 49.513365][ T371] _copy_to_user+0x20/0x90
[ 49.517627][ T371] simple_read_from_buffer+0xc7/0x150
[ 49.522830][ T371] proc_fail_nth_read+0x1a3/0x210
[ 49.527685][ T371] ? proc_fault_inject_write+0x390/0x390
[ 49.533152][ T371] ? fsnotify_perm+0x269/0x5b0
[ 49.537753][ T371] ? security_file_permission+0x86/0xb0
[ 49.543134][ T371] ? proc_fault_inject_write+0x390/0x390
[ 49.548601][ T371] vfs_read+0x27d/0xd40
[ 49.552596][ T371] ? kernel_read+0x1f0/0x1f0
[ 49.557043][ T371] ? __kasan_check_write+0x14/0x20
[ 49.562054][ T371] ? mutex_lock+0xb6/0x1e0
[ 49.566308][ T371] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.572828][ T371] ? __fdget_pos+0x2e7/0x3a0
[ 49.577256][ T371] ? ksys_read+0x77/0x2c0
[ 49.581411][ T371] ksys_read+0x199/0x2c0
[ 49.585524][ T371] ? vfs_write+0x1110/0x1110
[ 49.589919][ T371] ? debug_smp_processor_id+0x17/0x20
[ 49.595127][ T371] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.601047][ T371] __x64_sys_read+0x7b/0x90
[ 49.605366][ T371] x64_sys_call+0x28/0x9a0
[ 49.609617][ T371] do_syscall_64+0x3b/0xb0
[ 49.613882][ T371] ? clear_bhb_loop+0x35/0x90
[ 49.618383][ T371] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.624246][ T371] RIP: 0033:0x7f7d365d178c
[ 49.628498][ T371] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 49.648050][ T371] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 49.656392][ T371] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 49.664212][ T371] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 49.672041][ T371] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 49.679827][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.687664][ T371] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 49.695449][ T371]
[ 49.707026][ T373] FAULT_INJECTION: forcing a failure.
[ 49.707026][ T373] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 49.720036][ T373] CPU: 1 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.731524][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.741505][ T373] Call Trace:
[ 49.744627][ T373]
[ 49.747414][ T373] dump_stack_lvl+0x151/0x1c0
[ 49.751920][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.757387][ T373] dump_stack+0x15/0x20
[ 49.761386][ T373] should_fail+0x3c6/0x510
[ 49.765632][ T373] should_fail_usercopy+0x1a/0x20
[ 49.770499][ T373] _copy_to_user+0x20/0x90
[ 49.774752][ T373] simple_read_from_buffer+0xc7/0x150
[ 49.780040][ T373] proc_fail_nth_read+0x1a3/0x210
[ 49.784906][ T373] ? proc_fault_inject_write+0x390/0x390
[ 49.790523][ T373] ? fsnotify_perm+0x269/0x5b0
[ 49.795115][ T373] ? security_file_permission+0x86/0xb0
[ 49.800496][ T373] ? proc_fault_inject_write+0x390/0x390
[ 49.805963][ T373] vfs_read+0x27d/0xd40
[ 49.809957][ T373] ? kernel_read+0x1f0/0x1f0
[ 49.814404][ T373] ? __kasan_check_write+0x14/0x20
[ 49.819329][ T373] ? mutex_lock+0xb6/0x1e0
[ 49.823582][ T373] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.830205][ T373] ? __fdget_pos+0x2e7/0x3a0
[ 49.834629][ T373] ? ksys_read+0x77/0x2c0
[ 49.838800][ T373] ksys_read+0x199/0x2c0
[ 49.842877][ T373] ? vfs_write+0x1110/0x1110
[ 49.847299][ T373] ? __kasan_check_write+0x14/0x20
[ 49.852261][ T373] ? switch_fpu_return+0x15f/0x2e0
[ 49.857207][ T373] __x64_sys_read+0x7b/0x90
[ 49.861540][ T373] x64_sys_call+0x28/0x9a0
[ 49.865898][ T373] do_syscall_64+0x3b/0xb0
[ 49.870268][ T373] ? clear_bhb_loop+0x35/0x90
[ 49.874771][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.880503][ T373] RIP: 0033:0x7f7d365d178c
[ 49.884838][ T373] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 49.904370][ T373] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 49.912614][ T373] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 49.920425][ T373] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 49.928244][ T373] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 49.936164][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.943964][ T373] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 49.951884][ T373]
[ 49.964078][ T375] FAULT_INJECTION: forcing a failure.
[ 49.964078][ T375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 49.976987][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.988571][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.998660][ T375] Call Trace:
[ 50.001786][ T375]
[ 50.004564][ T375] dump_stack_lvl+0x151/0x1c0
[ 50.009076][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.014544][ T375] dump_stack+0x15/0x20
[ 50.018548][ T375] should_fail+0x3c6/0x510
[ 50.022800][ T375] should_fail_usercopy+0x1a/0x20
[ 50.027648][ T375] _copy_to_user+0x20/0x90
[ 50.031908][ T375] simple_read_from_buffer+0xc7/0x150
[ 50.037108][ T375] proc_fail_nth_read+0x1a3/0x210
[ 50.041969][ T375] ? proc_fault_inject_write+0x390/0x390
[ 50.047437][ T375] ? fsnotify_perm+0x269/0x5b0
[ 50.052036][ T375] ? security_file_permission+0x86/0xb0
[ 50.057421][ T375] ? proc_fault_inject_write+0x390/0x390
[ 50.063157][ T375] vfs_read+0x27d/0xd40
[ 50.067148][ T375] ? kernel_read+0x1f0/0x1f0
[ 50.071571][ T375] ? __kasan_check_write+0x14/0x20
[ 50.076518][ T375] ? mutex_lock+0xb6/0x1e0
[ 50.080769][ T375] ? wait_for_completion_killable_timeout+0x10/0x10
[ 50.087195][ T375] ? __fdget_pos+0x2e7/0x3a0
[ 50.091617][ T375] ? ksys_read+0x77/0x2c0
[ 50.095791][ T375] ksys_read+0x199/0x2c0
[ 50.099866][ T375] ? vfs_write+0x1110/0x1110
[ 50.104292][ T375] ? __kasan_check_write+0x14/0x20
[ 50.109240][ T375] ? switch_fpu_return+0x15f/0x2e0
[ 50.114186][ T375] __x64_sys_read+0x7b/0x90
[ 50.118526][ T375] x64_sys_call+0x28/0x9a0
[ 50.122797][ T375] do_syscall_64+0x3b/0xb0
[ 50.127045][ T375] ? clear_bhb_loop+0x35/0x90
[ 50.131656][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.137374][ T375] RIP: 0033:0x7f7d365d178c
[ 50.141625][ T375] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 50.161154][ T375] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 50.169523][ T375] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 50.177330][ T375] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 50.185139][ T375] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 50.192948][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.200757][ T375] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 50.208604][ T375]
[ 50.219603][ T377] FAULT_INJECTION: forcing a failure.
[ 50.219603][ T377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 50.232642][ T377] CPU: 0 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.244281][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.254169][ T377] Call Trace:
[ 50.257291][ T377]
[ 50.260096][ T377] dump_stack_lvl+0x151/0x1c0
[ 50.264589][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.270054][ T377] dump_stack+0x15/0x20
[ 50.274041][ T377] should_fail+0x3c6/0x510
[ 50.278296][ T377] should_fail_usercopy+0x1a/0x20
[ 50.283183][ T377] _copy_to_user+0x20/0x90
[ 50.287406][ T377] simple_read_from_buffer+0xc7/0x150
[ 50.292619][ T377] proc_fail_nth_read+0x1a3/0x210
[ 50.297477][ T377] ? proc_fault_inject_write+0x390/0x390
[ 50.303032][ T377] ? fsnotify_perm+0x269/0x5b0
[ 50.307628][ T377] ? security_file_permission+0x86/0xb0
[ 50.313026][ T377] ? proc_fault_inject_write+0x390/0x390
[ 50.318482][ T377] vfs_read+0x27d/0xd40
[ 50.322473][ T377] ? kernel_read+0x1f0/0x1f0
[ 50.326933][ T377] ? __kasan_check_write+0x14/0x20
[ 50.331844][ T377] ? mutex_lock+0xb6/0x1e0
[ 50.336098][ T377] ? wait_for_completion_killable_timeout+0x10/0x10
[ 50.342522][ T377] ? __fdget_pos+0x2e7/0x3a0
[ 50.346953][ T377] ? ksys_read+0x77/0x2c0
[ 50.351114][ T377] ksys_read+0x199/0x2c0
[ 50.355195][ T377] ? vfs_write+0x1110/0x1110
[ 50.359623][ T377] ? __kasan_check_write+0x14/0x20
[ 50.364668][ T377] ? switch_fpu_return+0x15f/0x2e0
[ 50.369616][ T377] __x64_sys_read+0x7b/0x90
[ 50.373961][ T377] x64_sys_call+0x28/0x9a0
[ 50.378338][ T377] do_syscall_64+0x3b/0xb0
[ 50.382587][ T377] ? clear_bhb_loop+0x35/0x90
[ 50.387097][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.393269][ T377] RIP: 0033:0x7f7d365d178c
[ 50.397514][ T377] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 50.416963][ T377] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 50.425202][ T377] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 50.433014][ T377] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 50.440820][ T377] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 50.448629][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.456439][ T377] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 50.464266][ T377]
[ 50.476855][ T380] FAULT_INJECTION: forcing a failure.
[ 50.476855][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 50.489341][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.500832][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.510723][ T380] Call Trace:
[ 50.513849][ T380]
[ 50.516630][ T380] dump_stack_lvl+0x151/0x1c0
[ 50.521148][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.526617][ T380] dump_stack+0x15/0x20
[ 50.530600][ T380] should_fail+0x3c6/0x510
[ 50.534864][ T380] __should_failslab+0xa4/0xe0
[ 50.539461][ T380] should_failslab+0x9/0x20
[ 50.543794][ T380] slab_pre_alloc_hook+0x37/0xd0
[ 50.548571][ T380] kmem_cache_alloc_trace+0x48/0x210
[ 50.553687][ T380] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.559242][ T380] ? migrate_disable+0x190/0x190
[ 50.564020][ T380] sk_psock_skb_ingress_self+0x60/0x330
[ 50.569402][ T380] sk_psock_verdict_recv+0x66d/0x840
[ 50.574523][ T380] unix_read_sock+0x132/0x370
[ 50.579030][ T380] ? sk_psock_skb_redirect+0x440/0x440
[ 50.584331][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 50.589880][ T380] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.595183][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 50.600727][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.606369][ T380] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.611684][ T380] ? _raw_spin_lock+0xa4/0x1b0
[ 50.616289][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.621926][ T380] ? skb_queue_tail+0xfb/0x120
[ 50.626526][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.631565][ T380] ? unix_dgram_poll+0x690/0x690
[ 50.636338][ T380] ? security_socket_sendmsg+0x82/0xb0
[ 50.641636][ T380] ? unix_dgram_poll+0x690/0x690
[ 50.646400][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 50.651007][ T380] ? __sys_sendmsg_sock+0x40/0x40
[ 50.655864][ T380] ? import_iovec+0xe5/0x120
[ 50.660313][ T380] ___sys_sendmsg+0x252/0x2e0
[ 50.664831][ T380] ? __sys_sendmsg+0x260/0x260
[ 50.669404][ T380] ? __kasan_check_write+0x14/0x20
[ 50.674376][ T380] ? proc_fail_nth_write+0x20b/0x290
[ 50.679471][ T380] ? __fdget+0x1bc/0x240
[ 50.683551][ T380] __sys_sendmmsg+0x2bf/0x530
[ 50.688065][ T380] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.692925][ T380] ? mutex_unlock+0xb2/0x260
[ 50.697436][ T380] ? __kasan_check_write+0x14/0x20
[ 50.702401][ T380] ? __ia32_sys_read+0x90/0x90
[ 50.706981][ T380] ? debug_smp_processor_id+0x17/0x20
[ 50.712187][ T380] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.718093][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.722795][ T380] x64_sys_call+0x81d/0x9a0
[ 50.727118][ T380] do_syscall_64+0x3b/0xb0
[ 50.731395][ T380] ? clear_bhb_loop+0x35/0x90
[ 50.735882][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.741633][ T380] RIP: 0033:0x7f7d365d2ae9
[ 50.745874][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.765309][ T380] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.773553][ T380] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 50.781384][ T380] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.789171][ T380] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 50.796993][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.804807][ T380] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 50.812610][ T380]
[ 50.817243][ T379] ==================================================================
[ 50.819427][ T30] audit: type=1400 audit(1734007747.074:103): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 50.825137][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.825167][ T379]
[ 50.825174][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.847441][ T30] audit: type=1400 audit(1734007747.074:104): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 50.855503][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.855522][ T379] Call Trace:
[ 50.855529][ T379]
[ 50.855538][ T379] dump_stack_lvl+0x151/0x1c0
[ 50.855570][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.917443][ T379] ? __wake_up_klogd+0xd5/0x110
[ 50.922128][ T379] ? panic+0x760/0x760
[ 50.926026][ T379] ? kmem_cache_free+0x116/0x2e0
[ 50.930808][ T379] print_address_description+0x87/0x3b0
[ 50.936180][ T379] ? kmem_cache_free+0x116/0x2e0
[ 50.940950][ T379] ? kmem_cache_free+0x116/0x2e0
[ 50.945735][ T379] kasan_report_invalid_free+0x6b/0xa0
[ 50.951220][ T379] ____kasan_slab_free+0x13e/0x160
[ 50.956182][ T379] __kasan_slab_free+0x11/0x20
[ 50.960867][ T379] slab_free_freelist_hook+0xbd/0x190
[ 50.966770][ T379] ? kfree_skbmem+0x104/0x170
[ 50.971276][ T379] kmem_cache_free+0x116/0x2e0
[ 50.975883][ T379] kfree_skbmem+0x104/0x170
[ 50.980214][ T379] consume_skb+0xb4/0x250
[ 50.984384][ T379] __sk_msg_free+0x2dd/0x370
[ 50.989051][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.994646][ T379] sk_psock_stop+0x44c/0x4d0
[ 50.999076][ T379] sk_psock_drop+0x219/0x310
[ 51.003507][ T379] sock_map_unref+0x48f/0x4d0
[ 51.008012][ T379] ? __local_bh_enable_ip+0x58/0x80
[ 51.013040][ T379] ? _raw_spin_unlock_bh+0x51/0x60
[ 51.017993][ T379] sock_map_remove_links+0x41c/0x650
[ 51.023113][ T379] ? __kasan_record_aux_stack+0xd3/0xf0
[ 51.028487][ T379] ? kasan_record_aux_stack+0xe/0x10
[ 51.033617][ T379] ? task_work_add+0x27/0x1d0
[ 51.038136][ T379] ? sock_map_unhash+0x120/0x120
[ 51.042896][ T379] ? x64_sys_call+0x3d/0x9a0
[ 51.047323][ T379] ? locks_remove_posix+0x610/0x610
[ 51.052426][ T379] sock_map_close+0x114/0x530
[ 51.056964][ T379] ? unix_peer_get+0xe0/0xe0
[ 51.061384][ T379] ? sock_map_remove_links+0x650/0x650
[ 51.066847][ T379] ? rwsem_mark_wake+0x770/0x770
[ 51.071621][ T379] unix_release+0x82/0xc0
[ 51.076190][ T379] sock_close+0xdf/0x270
[ 51.080266][ T379] ? sock_mmap+0xa0/0xa0
[ 51.084348][ T379] __fput+0x228/0x8c0
[ 51.088294][ T379] ____fput+0x15/0x20
[ 51.092192][ T379] task_work_run+0x129/0x190
[ 51.096702][ T379] exit_to_user_mode_loop+0xc4/0xe0
[ 51.101732][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.107031][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 51.112406][ T379] do_syscall_64+0x47/0xb0
[ 51.116660][ T379] ? clear_bhb_loop+0x35/0x90
[ 51.121174][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.127076][ T379] RIP: 0033:0x7f7d365d19da
[ 51.131422][ T379] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.150858][ T379] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.159103][ T379] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 51.166982][ T379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.174725][ T379] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 51.182537][ T379] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c857
[ 51.190348][ T379] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000c516
[ 51.198161][ T379]
[ 51.201018][ T379]
[ 51.203190][ T379] Allocated by task 380:
[ 51.207267][ T379] __kasan_slab_alloc+0xb1/0xe0
[ 51.211955][ T379] slab_post_alloc_hook+0x53/0x2c0
[ 51.216901][ T379] kmem_cache_alloc+0xf5/0x200
[ 51.221503][ T379] skb_clone+0x1d1/0x360
[ 51.225584][ T379] sk_psock_verdict_recv+0x53/0x840
[ 51.230616][ T379] unix_read_sock+0x132/0x370
[ 51.235126][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.240854][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.245888][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 51.250488][ T379] ___sys_sendmsg+0x252/0x2e0
[ 51.255004][ T379] __sys_sendmmsg+0x2bf/0x530
[ 51.259515][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.264204][ T379] x64_sys_call+0x81d/0x9a0
[ 51.268541][ T379] do_syscall_64+0x3b/0xb0
[ 51.272803][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.278620][ T379]
[ 51.280782][ T379] Freed by task 20:
[ 51.284430][ T379] kasan_set_track+0x4b/0x70
[ 51.288938][ T379] kasan_set_free_info+0x23/0x40
[ 51.293712][ T379] ____kasan_slab_free+0x126/0x160
[ 51.298656][ T379] __kasan_slab_free+0x11/0x20
[ 51.303256][ T379] slab_free_freelist_hook+0xbd/0x190
[ 51.308492][ T379] kmem_cache_free+0x116/0x2e0
[ 51.313115][ T379] kfree_skbmem+0x104/0x170
[ 51.317405][ T379] kfree_skb+0xc2/0x360
[ 51.321421][ T379] sk_psock_backlog+0xc21/0xd90
[ 51.326083][ T379] process_one_work+0x6bb/0xc10
[ 51.330775][ T379] worker_thread+0xad5/0x12a0
[ 51.335283][ T379] kthread+0x421/0x510
[ 51.339191][ T379] ret_from_fork+0x1f/0x30
[ 51.343451][ T379]
[ 51.345618][ T379] The buggy address belongs to the object at ffff88810fec83c0
[ 51.345618][ T379] which belongs to the cache skbuff_head_cache of size 248
[ 51.360021][ T379] The buggy address is located 0 bytes inside of
[ 51.360021][ T379] 248-byte region [ffff88810fec83c0, ffff88810fec84b8)
[ 51.372967][ T379] The buggy address belongs to the page:
[ 51.378429][ T379] page:ffffea00043fb200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fec8
[ 51.388489][ T379] flags: 0x4000000000000200(slab|zone=1)
[ 51.393966][ T379] raw: 4000000000000200 ffffea00043dac80 0000000400000004 ffff8881081aa780
[ 51.402380][ T379] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.410792][ T379] page dumped because: kasan: bad access detected
[ 51.417044][ T379] page_owner tracks the page as allocated
[ 51.422704][ T379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4636890035, free_ts 0
[ 51.437547][ T379] post_alloc_hook+0x1a3/0x1b0
[ 51.442153][ T379] prep_new_page+0x1b/0x110
[ 51.446483][ T379] get_page_from_freelist+0x3550/0x35d0
[ 51.451887][ T379] __alloc_pages+0x27e/0x8f0
[ 51.456291][ T379] new_slab+0x9a/0x4e0
[ 51.460197][ T379] ___slab_alloc+0x39e/0x830
[ 51.464626][ T379] __slab_alloc+0x4a/0x90
[ 51.468790][ T379] kmem_cache_alloc+0x134/0x200
[ 51.473479][ T379] __alloc_skb+0xbe/0x550
[ 51.477642][ T379] netlink_sendmsg+0x797/0xd20
[ 51.482244][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 51.486853][ T379] ___sys_sendmsg+0x252/0x2e0
[ 51.491357][ T379] __se_sys_sendmsg+0x19a/0x260
[ 51.496043][ T379] __x64_sys_sendmsg+0x7b/0x90
[ 51.500646][ T379] x64_sys_call+0x16a/0x9a0
[ 51.504985][ T379] do_syscall_64+0x3b/0xb0
[ 51.509235][ T379] page_owner free stack trace missing
[ 51.514467][ T379]
[ 51.516612][ T379] Memory state around the buggy address:
[ 51.522085][ T379] ffff88810fec8280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/12/12 12:49:07 executed programs: 9
[ 51.529982][ T379] ffff88810fec8300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.537974][ T379] >ffff88810fec8380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.545863][ T379] ^
[ 51.551979][ T379] ffff88810fec8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.559839][ T379] ffff88810fec8480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.567732][ T379] ==================================================================
[ 51.613987][ T383] FAULT_INJECTION: forcing a failure.
[ 51.613987][ T383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 51.627168][ T383] CPU: 0 PID: 383 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.639044][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.648939][ T383] Call Trace:
[ 51.652050][ T383]
[ 51.654831][ T383] dump_stack_lvl+0x151/0x1c0
[ 51.659354][ T383] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.664811][ T383] dump_stack+0x15/0x20
[ 51.668800][ T383] should_fail+0x3c6/0x510
[ 51.673056][ T383] should_fail_usercopy+0x1a/0x20
[ 51.677915][ T383] _copy_to_user+0x20/0x90
[ 51.682168][ T383] simple_read_from_buffer+0xc7/0x150
[ 51.687398][ T383] proc_fail_nth_read+0x1a3/0x210
[ 51.692325][ T383] ? proc_fault_inject_write+0x390/0x390
[ 51.697791][ T383] ? fsnotify_perm+0x269/0x5b0
[ 51.702391][ T383] ? security_file_permission+0x86/0xb0
[ 51.707772][ T383] ? proc_fault_inject_write+0x390/0x390
[ 51.713239][ T383] vfs_read+0x27d/0xd40
[ 51.717242][ T383] ? kernel_read+0x1f0/0x1f0
[ 51.721660][ T383] ? __kasan_check_write+0x14/0x20
[ 51.726604][ T383] ? mutex_lock+0xb6/0x1e0
[ 51.730879][ T383] ? wait_for_completion_killable_timeout+0x10/0x10
[ 51.737397][ T383] ? __fdget_pos+0x2e7/0x3a0
[ 51.741833][ T383] ? ksys_read+0x77/0x2c0
[ 51.745994][ T383] ksys_read+0x199/0x2c0
[ 51.750051][ T383] ? vfs_write+0x1110/0x1110
[ 51.754566][ T383] ? __kasan_check_write+0x14/0x20
[ 51.759507][ T383] ? switch_fpu_return+0x15f/0x2e0
[ 51.764462][ T383] __x64_sys_read+0x7b/0x90
[ 51.768890][ T383] x64_sys_call+0x28/0x9a0
[ 51.773137][ T383] do_syscall_64+0x3b/0xb0
[ 51.777397][ T383] ? clear_bhb_loop+0x35/0x90
[ 51.781904][ T383] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.787631][ T383] RIP: 0033:0x7f7d365d178c
[ 51.791890][ T383] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 51.811325][ T383] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 51.819567][ T383] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 51.827579][ T383] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 51.835362][ T383] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 51.843181][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.850987][ T383] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 51.858802][ T383]
[ 51.869793][ T385] FAULT_INJECTION: forcing a failure.
[ 51.869793][ T385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 51.883077][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.894618][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.904511][ T385] Call Trace:
[ 51.907632][ T385]
[ 51.910415][ T385] dump_stack_lvl+0x151/0x1c0
[ 51.914922][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.920392][ T385] dump_stack+0x15/0x20
[ 51.924383][ T385] should_fail+0x3c6/0x510
[ 51.928636][ T385] should_fail_usercopy+0x1a/0x20
[ 51.933495][ T385] _copy_to_user+0x20/0x90
[ 51.937763][ T385] simple_read_from_buffer+0xc7/0x150
[ 51.942956][ T385] proc_fail_nth_read+0x1a3/0x210
[ 51.947817][ T385] ? proc_fault_inject_write+0x390/0x390
[ 51.953284][ T385] ? fsnotify_perm+0x269/0x5b0
[ 51.957885][ T385] ? security_file_permission+0x86/0xb0
[ 51.963383][ T385] ? proc_fault_inject_write+0x390/0x390
[ 51.968824][ T385] vfs_read+0x27d/0xd40
[ 51.972915][ T385] ? kernel_read+0x1f0/0x1f0
[ 51.977439][ T385] ? __kasan_check_write+0x14/0x20
[ 51.982376][ T385] ? mutex_lock+0xb6/0x1e0
[ 51.986640][ T385] ? wait_for_completion_killable_timeout+0x10/0x10
[ 51.993052][ T385] ? __fdget_pos+0x2e7/0x3a0
[ 51.997590][ T385] ? ksys_read+0x77/0x2c0
[ 52.001763][ T385] ksys_read+0x199/0x2c0
[ 52.005840][ T385] ? vfs_write+0x1110/0x1110
[ 52.010264][ T385] ? __kasan_check_write+0x14/0x20
[ 52.015219][ T385] ? switch_fpu_return+0x15f/0x2e0
[ 52.020162][ T385] __x64_sys_read+0x7b/0x90
[ 52.024497][ T385] x64_sys_call+0x28/0x9a0
[ 52.028751][ T385] do_syscall_64+0x3b/0xb0
[ 52.033002][ T385] ? clear_bhb_loop+0x35/0x90
[ 52.037533][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.043245][ T385] RIP: 0033:0x7f7d365d178c
[ 52.047505][ T385] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.066940][ T385] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.075181][ T385] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 52.082996][ T385] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 52.090808][ T385] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 52.098617][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.106430][ T385] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 52.114246][ T385]
[ 52.126680][ T387] FAULT_INJECTION: forcing a failure.
[ 52.126680][ T387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.139636][ T387] CPU: 0 PID: 387 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.151145][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.161160][ T387] Call Trace:
[ 52.164278][ T387]
[ 52.167054][ T387] dump_stack_lvl+0x151/0x1c0
[ 52.171580][ T387] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.177057][ T387] dump_stack+0x15/0x20
[ 52.181024][ T387] should_fail+0x3c6/0x510
[ 52.185279][ T387] should_fail_usercopy+0x1a/0x20
[ 52.190148][ T387] _copy_to_user+0x20/0x90
[ 52.194395][ T387] simple_read_from_buffer+0xc7/0x150
[ 52.199603][ T387] proc_fail_nth_read+0x1a3/0x210
[ 52.204460][ T387] ? proc_fault_inject_write+0x390/0x390
[ 52.209926][ T387] ? fsnotify_perm+0x269/0x5b0
[ 52.214528][ T387] ? security_file_permission+0x86/0xb0
[ 52.219919][ T387] ? proc_fault_inject_write+0x390/0x390
[ 52.225374][ T387] vfs_read+0x27d/0xd40
[ 52.229366][ T387] ? kernel_read+0x1f0/0x1f0
[ 52.233791][ T387] ? __kasan_check_write+0x14/0x20
[ 52.238741][ T387] ? mutex_lock+0xb6/0x1e0
[ 52.242997][ T387] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.249419][ T387] ? __fdget_pos+0x2e7/0x3a0
[ 52.253847][ T387] ? ksys_read+0x77/0x2c0
[ 52.258010][ T387] ksys_read+0x199/0x2c0
[ 52.262087][ T387] ? vfs_write+0x1110/0x1110
[ 52.266516][ T387] ? __kasan_check_write+0x14/0x20
[ 52.271459][ T387] ? switch_fpu_return+0x15f/0x2e0
[ 52.276410][ T387] __x64_sys_read+0x7b/0x90
[ 52.280749][ T387] x64_sys_call+0x28/0x9a0
[ 52.285002][ T387] do_syscall_64+0x3b/0xb0
[ 52.289253][ T387] ? clear_bhb_loop+0x35/0x90
[ 52.293768][ T387] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.299494][ T387] RIP: 0033:0x7f7d365d178c
[ 52.303749][ T387] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.323193][ T387] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.331438][ T387] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 52.339247][ T387] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 52.347088][ T387] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 52.354868][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.362686][ T387] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 52.370495][ T387]
[ 52.381770][ T389] FAULT_INJECTION: forcing a failure.
[ 52.381770][ T389] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 52.394847][ T389] CPU: 1 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.406345][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.416254][ T389] Call Trace:
[ 52.419360][ T389]
[ 52.422140][ T389] dump_stack_lvl+0x151/0x1c0
[ 52.426653][ T389] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.432158][ T389] dump_stack+0x15/0x20
[ 52.436130][ T389] should_fail+0x3c6/0x510
[ 52.440364][ T389] should_fail_alloc_page+0x5a/0x80
[ 52.445406][ T389] prepare_alloc_pages+0x15c/0x700
[ 52.450347][ T389] ? __alloc_pages_bulk+0xe40/0xe40
[ 52.455381][ T389] __alloc_pages+0x18c/0x8f0
[ 52.459811][ T389] ? prep_new_page+0x110/0x110
[ 52.464403][ T389] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.469701][ T389] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 52.475349][ T389] new_slab+0x9a/0x4e0
[ 52.479247][ T389] ___slab_alloc+0x39e/0x830
[ 52.483681][ T389] ? skb_clone+0x1d1/0x360
[ 52.487931][ T389] ? skb_clone+0x1d1/0x360
[ 52.492178][ T389] __slab_alloc+0x4a/0x90
[ 52.496346][ T389] ? skb_clone+0x1d1/0x360
[ 52.500597][ T389] kmem_cache_alloc+0x134/0x200
[ 52.505370][ T389] skb_clone+0x1d1/0x360
[ 52.509467][ T389] sk_psock_verdict_recv+0x53/0x840
[ 52.514483][ T389] ? avc_has_perm_noaudit+0x430/0x430
[ 52.519690][ T389] ? mntput_no_expire+0xfc/0x6b0
[ 52.524471][ T389] unix_read_sock+0x132/0x370
[ 52.528979][ T389] ? sk_psock_skb_redirect+0x440/0x440
[ 52.534399][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 52.540043][ T389] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.545358][ T389] ? unix_stream_splice_actor+0x120/0x120
[ 52.551237][ T389] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.556898][ T389] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.562087][ T389] ? _raw_spin_lock+0xa4/0x1b0
[ 52.566685][ T389] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.572328][ T389] ? skb_queue_tail+0xfb/0x120
[ 52.576930][ T389] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.581978][ T389] ? unix_dgram_poll+0x690/0x690
[ 52.586738][ T389] ? __kasan_check_write+0x14/0x20
[ 52.591683][ T389] ? __cpuidle_text_end+0x2/0x2
[ 52.596367][ T389] ? cgroup_rstat_updated+0xe5/0x370
[ 52.601488][ T389] ? security_socket_sendmsg+0x82/0xb0
[ 52.606795][ T389] ? unix_dgram_poll+0x690/0x690
[ 52.611555][ T389] ____sys_sendmsg+0x59e/0x8f0
[ 52.616179][ T389] ? __sys_sendmsg_sock+0x40/0x40
[ 52.621046][ T389] ? import_iovec+0xe5/0x120
[ 52.625444][ T389] ___sys_sendmsg+0x252/0x2e0
[ 52.629959][ T389] ? __sys_sendmsg+0x260/0x260
[ 52.634562][ T389] ? __kasan_check_write+0x14/0x20
[ 52.639507][ T389] ? proc_fail_nth_write+0x20b/0x290
[ 52.644637][ T389] ? __fdget+0x1bc/0x240
[ 52.648703][ T389] __sys_sendmmsg+0x2bf/0x530
[ 52.653223][ T389] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.658079][ T389] ? mutex_unlock+0xb2/0x260
[ 52.662504][ T389] ? __kasan_check_write+0x14/0x20
[ 52.667454][ T389] ? __ia32_sys_read+0x90/0x90
[ 52.672052][ T389] ? debug_smp_processor_id+0x17/0x20
[ 52.677255][ T389] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.683161][ T389] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.687851][ T389] x64_sys_call+0x81d/0x9a0
[ 52.692200][ T389] do_syscall_64+0x3b/0xb0
[ 52.696439][ T389] ? clear_bhb_loop+0x35/0x90
[ 52.700954][ T389] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.706690][ T389] RIP: 0033:0x7f7d365d2ae9
[ 52.710935][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.730375][ T389] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.738622][ T389] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 52.746516][ T389] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.754334][ T389] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 52.762140][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.770037][ T389] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 52.777868][ T389]
[ 52.792922][ T392] FAULT_INJECTION: forcing a failure.
[ 52.792922][ T392] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.805792][ T392] CPU: 1 PID: 392 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.817301][ T392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.827199][ T392] Call Trace:
[ 52.830321][ T392]
[ 52.833108][ T392] dump_stack_lvl+0x151/0x1c0
[ 52.837613][ T392] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.843257][ T392] dump_stack+0x15/0x20
[ 52.847243][ T392] should_fail+0x3c6/0x510
[ 52.851498][ T392] should_fail_usercopy+0x1a/0x20
[ 52.856377][ T392] _copy_to_user+0x20/0x90
[ 52.860621][ T392] simple_read_from_buffer+0xc7/0x150
[ 52.865820][ T392] proc_fail_nth_read+0x1a3/0x210
[ 52.870682][ T392] ? proc_fault_inject_write+0x390/0x390
[ 52.876151][ T392] ? fsnotify_perm+0x269/0x5b0
[ 52.880760][ T392] ? security_file_permission+0x86/0xb0
[ 52.886284][ T392] ? proc_fault_inject_write+0x390/0x390
[ 52.891751][ T392] vfs_read+0x27d/0xd40
[ 52.895743][ T392] ? kernel_read+0x1f0/0x1f0
[ 52.900230][ T392] ? __kasan_check_write+0x14/0x20
[ 52.905119][ T392] ? mutex_lock+0xb6/0x1e0
[ 52.909366][ T392] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.915883][ T392] ? __fdget_pos+0x2e7/0x3a0
[ 52.920302][ T392] ? ksys_read+0x77/0x2c0
[ 52.924475][ T392] ksys_read+0x199/0x2c0
[ 52.928549][ T392] ? vfs_write+0x1110/0x1110
[ 52.932974][ T392] ? __kasan_check_write+0x14/0x20
[ 52.937918][ T392] ? switch_fpu_return+0x15f/0x2e0
[ 52.942866][ T392] __x64_sys_read+0x7b/0x90
[ 52.947209][ T392] x64_sys_call+0x28/0x9a0
[ 52.951460][ T392] do_syscall_64+0x3b/0xb0
[ 52.955712][ T392] ? clear_bhb_loop+0x35/0x90
[ 52.960223][ T392] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.965952][ T392] RIP: 0033:0x7f7d365d178c
[ 52.970207][ T392] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.989647][ T392] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.997894][ T392] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 53.005704][ T392] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 53.013513][ T392] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 53.021324][ T392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.029135][ T392] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 53.036951][ T392]
[ 53.049749][ T394] FAULT_INJECTION: forcing a failure.
[ 53.049749][ T394] name failslab, interval 1, probability 0, space 0, times 0
[ 53.062206][ T394] CPU: 1 PID: 394 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.073704][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.083708][ T394] Call Trace:
[ 53.086827][ T394]
[ 53.089605][ T394] dump_stack_lvl+0x151/0x1c0
[ 53.094119][ T394] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.099592][ T394] dump_stack+0x15/0x20
[ 53.103580][ T394] should_fail+0x3c6/0x510
[ 53.107904][ T394] __should_failslab+0xa4/0xe0
[ 53.112433][ T394] should_failslab+0x9/0x20
[ 53.116774][ T394] slab_pre_alloc_hook+0x37/0xd0
[ 53.121546][ T394] kmem_cache_alloc_trace+0x48/0x210
[ 53.126669][ T394] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.132217][ T394] ? migrate_disable+0x190/0x190
[ 53.136990][ T394] sk_psock_skb_ingress_self+0x60/0x330
[ 53.142375][ T394] sk_psock_verdict_recv+0x66d/0x840
[ 53.147493][ T394] unix_read_sock+0x132/0x370
[ 53.152006][ T394] ? sk_psock_skb_redirect+0x440/0x440
[ 53.157306][ T394] ? unix_stream_splice_actor+0x120/0x120
[ 53.162858][ T394] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.168148][ T394] ? unix_stream_splice_actor+0x120/0x120
[ 53.173709][ T394] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.179349][ T394] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.184565][ T394] ? _raw_spin_lock+0xa4/0x1b0
[ 53.189154][ T394] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.194794][ T394] ? skb_queue_tail+0xfb/0x120
[ 53.199394][ T394] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.204442][ T394] ? unix_dgram_poll+0x690/0x690
[ 53.209215][ T394] ? __kasan_check_write+0x14/0x20
[ 53.214150][ T394] ? __cpuidle_text_end+0x2/0x2
[ 53.218844][ T394] ? cgroup_rstat_updated+0xe5/0x370
[ 53.224044][ T394] ? security_socket_sendmsg+0x82/0xb0
[ 53.229339][ T394] ? unix_dgram_poll+0x690/0x690
[ 53.234112][ T394] ____sys_sendmsg+0x59e/0x8f0
[ 53.238712][ T394] ? __sys_sendmsg_sock+0x40/0x40
[ 53.243574][ T394] ? import_iovec+0xe5/0x120
[ 53.247996][ T394] ___sys_sendmsg+0x252/0x2e0
[ 53.252514][ T394] ? __sys_sendmsg+0x260/0x260
[ 53.257114][ T394] ? __kasan_check_write+0x14/0x20
[ 53.262058][ T394] ? proc_fail_nth_write+0x20b/0x290
[ 53.267184][ T394] ? __fdget+0x1bc/0x240
[ 53.271259][ T394] __sys_sendmmsg+0x2bf/0x530
[ 53.275783][ T394] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.280977][ T394] ? mutex_unlock+0xb2/0x260
[ 53.285411][ T394] ? __kasan_check_write+0x14/0x20
[ 53.290355][ T394] ? __ia32_sys_read+0x90/0x90
[ 53.294951][ T394] ? debug_smp_processor_id+0x17/0x20
[ 53.300156][ T394] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.306058][ T394] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.310747][ T394] x64_sys_call+0x81d/0x9a0
[ 53.315085][ T394] do_syscall_64+0x3b/0xb0
[ 53.319338][ T394] ? clear_bhb_loop+0x35/0x90
[ 53.323852][ T394] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.329639][ T394] RIP: 0033:0x7f7d365d2ae9
[ 53.333834][ T394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.353284][ T394] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.361522][ T394] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 53.369333][ T394] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.377140][ T394] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 53.384953][ T394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.392770][ T394] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 53.400579][ T394]
[ 53.405821][ T393] ==================================================================
[ 53.413696][ T393] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 53.421941][ T393]
[ 53.424114][ T393] CPU: 0 PID: 393 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.435655][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.445550][ T393] Call Trace:
[ 53.448675][ T393]
[ 53.451454][ T393] dump_stack_lvl+0x151/0x1c0
[ 53.455974][ T393] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.461431][ T393] ? __wake_up_klogd+0xd5/0x110
[ 53.466126][ T393] ? panic+0x760/0x760
[ 53.470051][ T393] ? kvm_sched_clock_read+0x18/0x40
[ 53.475060][ T393] ? kmem_cache_free+0x116/0x2e0
[ 53.479834][ T393] print_address_description+0x87/0x3b0
[ 53.485217][ T393] ? kmem_cache_free+0x116/0x2e0
[ 53.489986][ T393] ? kmem_cache_free+0x116/0x2e0
[ 53.494761][ T393] kasan_report_invalid_free+0x6b/0xa0
[ 53.500054][ T393] ____kasan_slab_free+0x13e/0x160
[ 53.505011][ T393] __kasan_slab_free+0x11/0x20
[ 53.509604][ T393] slab_free_freelist_hook+0xbd/0x190
[ 53.514814][ T393] ? kfree_skbmem+0x104/0x170
[ 53.519324][ T393] kmem_cache_free+0x116/0x2e0
[ 53.523949][ T393] kfree_skbmem+0x104/0x170
[ 53.528261][ T393] consume_skb+0xb4/0x250
[ 53.532430][ T393] __sk_msg_free+0x2dd/0x370
[ 53.536854][ T393] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.542496][ T393] sk_psock_stop+0x44c/0x4d0
[ 53.546930][ T393] sk_psock_drop+0x219/0x310
[ 53.551348][ T393] sock_map_unref+0x48f/0x4d0
[ 53.555864][ T393] ? __local_bh_enable_ip+0x58/0x80
[ 53.560908][ T393] ? _raw_spin_unlock_bh+0x51/0x60
[ 53.565842][ T393] sock_map_remove_links+0x41c/0x650
[ 53.570963][ T393] ? __kasan_record_aux_stack+0xd3/0xf0
[ 53.576342][ T393] ? kasan_record_aux_stack+0xe/0x10
[ 53.581472][ T393] ? task_work_add+0x27/0x1d0
[ 53.585995][ T393] ? sock_map_unhash+0x120/0x120
[ 53.590750][ T393] ? x64_sys_call+0x3d/0x9a0
[ 53.595176][ T393] ? locks_remove_posix+0x610/0x610
[ 53.600229][ T393] sock_map_close+0x114/0x530
[ 53.604746][ T393] ? unix_peer_get+0xe0/0xe0
[ 53.609150][ T393] ? sock_map_remove_links+0x650/0x650
[ 53.614447][ T393] ? rwsem_mark_wake+0x770/0x770
[ 53.619219][ T393] unix_release+0x82/0xc0
[ 53.623400][ T393] sock_close+0xdf/0x270
[ 53.627463][ T393] ? sock_mmap+0xa0/0xa0
[ 53.631545][ T393] __fput+0x228/0x8c0
[ 53.635373][ T393] ____fput+0x15/0x20
[ 53.639183][ T393] task_work_run+0x129/0x190
[ 53.643615][ T393] exit_to_user_mode_loop+0xc4/0xe0
[ 53.648676][ T393] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.653944][ T393] syscall_exit_to_user_mode+0x26/0x160
[ 53.659324][ T393] do_syscall_64+0x47/0xb0
[ 53.663573][ T393] ? clear_bhb_loop+0x35/0x90
[ 53.668087][ T393] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.673820][ T393] RIP: 0033:0x7f7d365d19da
[ 53.678064][ T393] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.697508][ T393] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.705774][ T393] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 53.713559][ T393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.721373][ T393] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 53.729187][ T393] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d263
[ 53.736997][ T393] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000cf22
[ 53.744816][ T393]
[ 53.747671][ T393]
[ 53.749839][ T393] Allocated by task 394:
[ 53.753918][ T393] __kasan_slab_alloc+0xb1/0xe0
[ 53.758643][ T393] slab_post_alloc_hook+0x53/0x2c0
[ 53.763551][ T393] kmem_cache_alloc+0xf5/0x200
[ 53.768151][ T393] skb_clone+0x1d1/0x360
[ 53.772326][ T393] sk_psock_verdict_recv+0x53/0x840
[ 53.777472][ T393] unix_read_sock+0x132/0x370
[ 53.781989][ T393] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.787634][ T393] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.792774][ T393] ____sys_sendmsg+0x59e/0x8f0
[ 53.797345][ T393] ___sys_sendmsg+0x252/0x2e0
[ 53.801864][ T393] __sys_sendmmsg+0x2bf/0x530
[ 53.806372][ T393] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.811059][ T393] x64_sys_call+0x81d/0x9a0
[ 53.815398][ T393] do_syscall_64+0x3b/0xb0
[ 53.819655][ T393] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.825396][ T393]
[ 53.827551][ T393] Freed by task 60:
[ 53.831206][ T393] kasan_set_track+0x4b/0x70
[ 53.835625][ T393] kasan_set_free_info+0x23/0x40
[ 53.840404][ T393] ____kasan_slab_free+0x126/0x160
[ 53.845349][ T393] __kasan_slab_free+0x11/0x20
[ 53.849970][ T393] slab_free_freelist_hook+0xbd/0x190
[ 53.855156][ T393] kmem_cache_free+0x116/0x2e0
[ 53.859751][ T393] kfree_skbmem+0x104/0x170
[ 53.864091][ T393] kfree_skb+0xc2/0x360
[ 53.868082][ T393] sk_psock_backlog+0xc21/0xd90
[ 53.872767][ T393] process_one_work+0x6bb/0xc10
[ 53.877563][ T393] worker_thread+0xad5/0x12a0
[ 53.882150][ T393] kthread+0x421/0x510
[ 53.886060][ T393] ret_from_fork+0x1f/0x30
[ 53.890302][ T393]
[ 53.892471][ T393] The buggy address belongs to the object at ffff88812329c8c0
[ 53.892471][ T393] which belongs to the cache skbuff_head_cache of size 248
[ 53.906896][ T393] The buggy address is located 0 bytes inside of
[ 53.906896][ T393] 248-byte region [ffff88812329c8c0, ffff88812329c9b8)
[ 53.919811][ T393] The buggy address belongs to the page:
[ 53.925289][ T393] page:ffffea00048ca700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12329c
[ 53.935356][ T393] flags: 0x4000000000000200(slab|zone=1)
[ 53.940822][ T393] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa780
[ 53.949238][ T393] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.957651][ T393] page dumped because: kasan: bad access detected
[ 53.963902][ T393] page_owner tracks the page as allocated
[ 53.969453][ T393] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 394, ts 53049722781, free_ts 53049006587
[ 53.985177][ T393] post_alloc_hook+0x1a3/0x1b0
[ 53.989772][ T393] prep_new_page+0x1b/0x110
[ 53.994102][ T393] get_page_from_freelist+0x3550/0x35d0
[ 53.999541][ T393] __alloc_pages+0x27e/0x8f0
[ 54.003919][ T393] new_slab+0x9a/0x4e0
[ 54.007826][ T393] ___slab_alloc+0x39e/0x830
[ 54.012243][ T393] __slab_alloc+0x4a/0x90
[ 54.016410][ T393] kmem_cache_alloc+0x134/0x200
[ 54.021097][ T393] __alloc_skb+0xbe/0x550
[ 54.025261][ T393] alloc_skb_with_frags+0xa6/0x680
[ 54.030206][ T393] sock_alloc_send_pskb+0x915/0xa50
[ 54.035254][ T393] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.040190][ T393] ____sys_sendmsg+0x59e/0x8f0
[ 54.044828][ T393] ___sys_sendmsg+0x252/0x2e0
[ 54.049389][ T393] __sys_sendmmsg+0x2bf/0x530
[ 54.053989][ T393] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.058703][ T393] page last free stack trace:
[ 54.063198][ T393] free_unref_page_prepare+0x7c8/0x7d0
[ 54.068494][ T393] free_unref_page+0xe8/0x750
[ 54.073019][ T393] __free_pages+0x61/0xf0
[ 54.077256][ T393] free_pages+0x7c/0x90
[ 54.081250][ T393] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 54.086804][ T393] __apply_to_page_range+0x8dd/0xbe0
[ 54.091917][ T393] apply_to_existing_page_range+0x38/0x50
[ 54.097498][ T393] kasan_release_vmalloc+0x9a/0xb0
[ 54.102423][ T393] __purge_vmap_area_lazy+0x154a/0x1690
[ 54.107808][ T393] _vm_unmap_aliases+0x339/0x3b0
[ 54.112570][ T393] vm_unmap_aliases+0x19/0x20
[ 54.117084][ T393] change_page_attr_set_clr+0x308/0x1050
[ 54.122557][ T393] set_memory_ro+0xa1/0xe0
[ 54.126807][ T393] bpf_int_jit_compile+0xbf21/0xc6b0
[ 54.131928][ T393] bpf_prog_select_runtime+0x724/0xa10
[ 54.137225][ T393] bpf_prog_load+0x1315/0x1b50
[ 54.141833][ T393]
[ 54.143990][ T393] Memory state around the buggy address:
[ 54.149461][ T393] ffff88812329c780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.157468][ T393] ffff88812329c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.165369][ T393] >ffff88812329c880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.173260][ T393] ^
[ 54.179292][ T393] ffff88812329c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.187248][ T393] ffff88812329c980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.195134][ T393] ==================================================================
[ 54.216666][ T397] FAULT_INJECTION: forcing a failure.
[ 54.216666][ T397] name failslab, interval 1, probability 0, space 0, times 0
[ 54.229150][ T397] CPU: 1 PID: 397 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.240610][ T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.250506][ T397] Call Trace:
[ 54.253629][ T397]
[ 54.256439][ T397] dump_stack_lvl+0x151/0x1c0
[ 54.260921][ T397] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.266388][ T397] dump_stack+0x15/0x20
[ 54.270380][ T397] should_fail+0x3c6/0x510
[ 54.274635][ T397] __should_failslab+0xa4/0xe0
[ 54.279231][ T397] should_failslab+0x9/0x20
[ 54.283579][ T397] slab_pre_alloc_hook+0x37/0xd0
[ 54.288353][ T397] kmem_cache_alloc_trace+0x48/0x210
[ 54.293466][ T397] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.299021][ T397] ? migrate_disable+0x190/0x190
[ 54.303794][ T397] sk_psock_skb_ingress_self+0x60/0x330
[ 54.309279][ T397] sk_psock_verdict_recv+0x66d/0x840
[ 54.314401][ T397] unix_read_sock+0x132/0x370
[ 54.318912][ T397] ? sk_psock_skb_redirect+0x440/0x440
[ 54.324204][ T397] ? unix_stream_splice_actor+0x120/0x120
[ 54.329755][ T397] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.335054][ T397] ? unix_stream_splice_actor+0x120/0x120
[ 54.340606][ T397] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.346250][ T397] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.351462][ T397] ? _raw_spin_lock+0xa4/0x1b0
[ 54.356055][ T397] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.361702][ T397] ? skb_queue_tail+0xfb/0x120
[ 54.366297][ T397] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.371490][ T397] ? unix_dgram_poll+0x690/0x690
[ 54.376258][ T397] ? __kasan_check_write+0x14/0x20
[ 54.381214][ T397] ? __cpuidle_text_end+0x2/0x2
[ 54.385893][ T397] ? cgroup_rstat_updated+0xe5/0x370
[ 54.391017][ T397] ? security_socket_sendmsg+0x82/0xb0
[ 54.396308][ T397] ? unix_dgram_poll+0x690/0x690
[ 54.401081][ T397] ____sys_sendmsg+0x59e/0x8f0
[ 54.405679][ T397] ? __sys_sendmsg_sock+0x40/0x40
[ 54.410542][ T397] ? import_iovec+0xe5/0x120
[ 54.414966][ T397] ___sys_sendmsg+0x252/0x2e0
[ 54.419477][ T397] ? __sys_sendmsg+0x260/0x260
[ 54.424079][ T397] ? __kasan_check_write+0x14/0x20
[ 54.429024][ T397] ? proc_fail_nth_write+0x20b/0x290
[ 54.434148][ T397] ? __fdget+0x1bc/0x240
[ 54.438230][ T397] __sys_sendmmsg+0x2bf/0x530
[ 54.442741][ T397] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.447617][ T397] ? mutex_unlock+0xb2/0x260
[ 54.452039][ T397] ? __kasan_check_write+0x14/0x20
[ 54.456983][ T397] ? __ia32_sys_read+0x90/0x90
[ 54.461576][ T397] ? debug_smp_processor_id+0x17/0x20
[ 54.466781][ T397] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.472684][ T397] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.477369][ T397] x64_sys_call+0x81d/0x9a0
[ 54.481709][ T397] do_syscall_64+0x3b/0xb0
[ 54.486004][ T397] ? clear_bhb_loop+0x35/0x90
[ 54.490622][ T397] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.496328][ T397] RIP: 0033:0x7f7d365d2ae9
[ 54.500556][ T397] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.520081][ T397] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.528326][ T397] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 54.536151][ T397] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.543950][ T397] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 54.551763][ T397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.559569][ T397] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 54.567396][ T397]
[ 54.580717][ T396] ==================================================================
[ 54.588624][ T396] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.596857][ T396]
[ 54.599024][ T396] CPU: 0 PID: 396 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.610655][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.620598][ T396] Call Trace:
[ 54.623683][ T396]
[ 54.626464][ T396] dump_stack_lvl+0x151/0x1c0
[ 54.630970][ T396] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.636466][ T396] ? __wake_up_klogd+0xd5/0x110
[ 54.641215][ T396] ? panic+0x760/0x760
[ 54.645458][ T396] ? kvm_sched_clock_read+0x18/0x40
[ 54.650500][ T396] ? kmem_cache_free+0x116/0x2e0
[ 54.655264][ T396] print_address_description+0x87/0x3b0
[ 54.660732][ T396] ? kmem_cache_free+0x116/0x2e0
[ 54.665588][ T396] ? kmem_cache_free+0x116/0x2e0
[ 54.670362][ T396] kasan_report_invalid_free+0x6b/0xa0
[ 54.675657][ T396] ____kasan_slab_free+0x13e/0x160
[ 54.680607][ T396] __kasan_slab_free+0x11/0x20
[ 54.685202][ T396] slab_free_freelist_hook+0xbd/0x190
[ 54.690427][ T396] ? kfree_skbmem+0x104/0x170
[ 54.694919][ T396] kmem_cache_free+0x116/0x2e0
[ 54.699529][ T396] kfree_skbmem+0x104/0x170
[ 54.703866][ T396] consume_skb+0xb4/0x250
[ 54.708051][ T396] __sk_msg_free+0x2dd/0x370
[ 54.712453][ T396] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.718193][ T396] sk_psock_stop+0x44c/0x4d0
[ 54.722618][ T396] sk_psock_drop+0x219/0x310
[ 54.727041][ T396] sock_map_unref+0x48f/0x4d0
[ 54.731554][ T396] ? __local_bh_enable_ip+0x58/0x80
[ 54.736677][ T396] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.741621][ T396] sock_map_remove_links+0x41c/0x650
[ 54.746745][ T396] ? __kasan_record_aux_stack+0xd3/0xf0
[ 54.752122][ T396] ? kasan_record_aux_stack+0xe/0x10
[ 54.757249][ T396] ? task_work_add+0x27/0x1d0
[ 54.761758][ T396] ? sock_map_unhash+0x120/0x120
[ 54.766537][ T396] ? x64_sys_call+0x3d/0x9a0
[ 54.770956][ T396] ? locks_remove_posix+0x610/0x610
[ 54.776078][ T396] sock_map_close+0x114/0x530
[ 54.780591][ T396] ? unix_peer_get+0xe0/0xe0
[ 54.785278][ T396] ? sock_map_remove_links+0x650/0x650
[ 54.790572][ T396] ? rwsem_mark_wake+0x770/0x770
[ 54.795345][ T396] unix_release+0x82/0xc0
[ 54.799512][ T396] sock_close+0xdf/0x270
[ 54.803614][ T396] ? sock_mmap+0xa0/0xa0
[ 54.807668][ T396] __fput+0x228/0x8c0
[ 54.811489][ T396] ____fput+0x15/0x20
[ 54.815423][ T396] task_work_run+0x129/0x190
[ 54.819841][ T396] exit_to_user_mode_loop+0xc4/0xe0
[ 54.824873][ T396] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.830167][ T396] syscall_exit_to_user_mode+0x26/0x160
[ 54.835547][ T396] do_syscall_64+0x47/0xb0
[ 54.839802][ T396] ? clear_bhb_loop+0x35/0x90
[ 54.844315][ T396] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.850129][ T396] RIP: 0033:0x7f7d365d19da
[ 54.854430][ T396] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.873824][ T396] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.882196][ T396] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 54.890051][ T396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.897864][ T396] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 54.905674][ T396] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d6f3
[ 54.913483][ T396] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000d3b2
[ 54.921394][ T396]
[ 54.924160][ T396]
[ 54.926428][ T396] Allocated by task 397:
[ 54.930594][ T396] __kasan_slab_alloc+0xb1/0xe0
[ 54.935277][ T396] slab_post_alloc_hook+0x53/0x2c0
[ 54.940224][ T396] kmem_cache_alloc+0xf5/0x200
[ 54.944824][ T396] skb_clone+0x1d1/0x360
[ 54.948904][ T396] sk_psock_verdict_recv+0x53/0x840
[ 54.954053][ T396] unix_read_sock+0x132/0x370
[ 54.958565][ T396] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.964323][ T396] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.969329][ T396] ____sys_sendmsg+0x59e/0x8f0
[ 54.973929][ T396] ___sys_sendmsg+0x252/0x2e0
[ 54.978448][ T396] __sys_sendmmsg+0x2bf/0x530
[ 54.982955][ T396] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.987653][ T396] x64_sys_call+0x81d/0x9a0
[ 54.992165][ T396] do_syscall_64+0x3b/0xb0
[ 54.996408][ T396] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.002139][ T396]
[ 55.004304][ T396] Freed by task 310:
[ 55.008043][ T396] kasan_set_track+0x4b/0x70
[ 55.012462][ T396] kasan_set_free_info+0x23/0x40
[ 55.017235][ T396] ____kasan_slab_free+0x126/0x160
[ 55.022183][ T396] __kasan_slab_free+0x11/0x20
[ 55.026791][ T396] slab_free_freelist_hook+0xbd/0x190
[ 55.031991][ T396] kmem_cache_free+0x116/0x2e0
[ 55.036611][ T396] kfree_skbmem+0x104/0x170
[ 55.040932][ T396] kfree_skb+0xc2/0x360
[ 55.044953][ T396] sk_psock_backlog+0xc21/0xd90
[ 55.049620][ T396] process_one_work+0x6bb/0xc10
[ 55.054311][ T396] worker_thread+0xad5/0x12a0
[ 55.058810][ T396] kthread+0x421/0x510
[ 55.062715][ T396] ret_from_fork+0x1f/0x30
[ 55.066967][ T396]
[ 55.069136][ T396] The buggy address belongs to the object at ffff888123312640
[ 55.069136][ T396] which belongs to the cache skbuff_head_cache of size 248
[ 55.083547][ T396] The buggy address is located 0 bytes inside of
[ 55.083547][ T396] 248-byte region [ffff888123312640, ffff888123312738)
[ 55.096484][ T396] The buggy address belongs to the page:
[ 55.101953][ T396] page:ffffea00048cc480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123312
[ 55.112011][ T396] flags: 0x4000000000000200(slab|zone=1)
[ 55.117488][ T396] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa780
[ 55.125914][ T396] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.134321][ T396] page dumped because: kasan: bad access detected
[ 55.140570][ T396] page_owner tracks the page as allocated
[ 55.146298][ T396] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 397, ts 54216660011, free_ts 54215791431
[ 55.163487][ T396] post_alloc_hook+0x1a3/0x1b0
[ 55.168079][ T396] prep_new_page+0x1b/0x110
[ 55.172419][ T396] get_page_from_freelist+0x3550/0x35d0
[ 55.177801][ T396] __alloc_pages+0x27e/0x8f0
[ 55.182246][ T396] new_slab+0x9a/0x4e0
[ 55.186131][ T396] ___slab_alloc+0x39e/0x830
[ 55.190582][ T396] __slab_alloc+0x4a/0x90
[ 55.194728][ T396] kmem_cache_alloc+0x134/0x200
[ 55.199412][ T396] skb_clone+0x1d1/0x360
[ 55.203490][ T396] sk_psock_verdict_recv+0x53/0x840
[ 55.208555][ T396] unix_read_sock+0x132/0x370
[ 55.213048][ T396] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.218678][ T396] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.223717][ T396] ____sys_sendmsg+0x59e/0x8f0
[ 55.228312][ T396] ___sys_sendmsg+0x252/0x2e0
[ 55.232825][ T396] __sys_sendmmsg+0x2bf/0x530
[ 55.237339][ T396] page last free stack trace:
[ 55.241852][ T396] free_unref_page_prepare+0x7c8/0x7d0
[ 55.247146][ T396] free_unref_page+0xe8/0x750
[ 55.251659][ T396] __free_pages+0x61/0xf0
[ 55.255844][ T396] __vunmap+0x7bc/0x8f0
[ 55.259816][ T396] vfree+0x7f/0xb0
[ 55.263379][ T396] bpf_patch_insn_data+0x7f0/0xde0
[ 55.268321][ T396] bpf_check+0x6653/0x12bf0
[ 55.272669][ T396] bpf_prog_load+0x12ac/0x1b50
[ 55.277260][ T396] __sys_bpf+0x4bc/0x760
[ 55.281343][ T396] __x64_sys_bpf+0x7c/0x90
[ 55.285595][ T396] x64_sys_call+0x87f/0x9a0
[ 55.289933][ T396] do_syscall_64+0x3b/0xb0
[ 55.294185][ T396] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.299915][ T396]
[ 55.302089][ T396] Memory state around the buggy address:
[ 55.307560][ T396] ffff888123312500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.315461][ T396] ffff888123312580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.323355][ T396] >ffff888123312600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.331250][ T396] ^
[ 55.337241][ T396] ffff888123312680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.345139][ T396] ffff888123312700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.353029][ T396] ==================================================================
[ 55.372941][ T400] FAULT_INJECTION: forcing a failure.
[ 55.372941][ T400] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.385843][ T400] CPU: 1 PID: 400 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.397323][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.407215][ T400] Call Trace:
[ 55.410341][ T400]
[ 55.413116][ T400] dump_stack_lvl+0x151/0x1c0
[ 55.417627][ T400] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.423122][ T400] dump_stack+0x15/0x20
[ 55.427128][ T400] should_fail+0x3c6/0x510
[ 55.431428][ T400] should_fail_usercopy+0x1a/0x20
[ 55.436289][ T400] _copy_to_user+0x20/0x90
[ 55.440543][ T400] simple_read_from_buffer+0xc7/0x150
[ 55.445749][ T400] proc_fail_nth_read+0x1a3/0x210
[ 55.450611][ T400] ? proc_fault_inject_write+0x390/0x390
[ 55.456180][ T400] ? fsnotify_perm+0x269/0x5b0
[ 55.460779][ T400] ? security_file_permission+0x86/0xb0
[ 55.466157][ T400] ? proc_fault_inject_write+0x390/0x390
[ 55.471781][ T400] vfs_read+0x27d/0xd40
[ 55.475904][ T400] ? kernel_read+0x1f0/0x1f0
[ 55.480359][ T400] ? __kasan_check_write+0x14/0x20
[ 55.485277][ T400] ? mutex_lock+0xb6/0x1e0
[ 55.489524][ T400] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.495976][ T400] ? __fdget_pos+0x2e7/0x3a0
[ 55.500387][ T400] ? ksys_read+0x77/0x2c0
[ 55.504541][ T400] ksys_read+0x199/0x2c0
[ 55.508628][ T400] ? vfs_write+0x1110/0x1110
[ 55.513052][ T400] ? __kasan_check_write+0x14/0x20
[ 55.517989][ T400] ? switch_fpu_return+0x15f/0x2e0
[ 55.522947][ T400] __x64_sys_read+0x7b/0x90
[ 55.527278][ T400] x64_sys_call+0x28/0x9a0
[ 55.531538][ T400] do_syscall_64+0x3b/0xb0
[ 55.535786][ T400] ? clear_bhb_loop+0x35/0x90
[ 55.540294][ T400] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.546029][ T400] RIP: 0033:0x7f7d365d178c
[ 55.550277][ T400] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 55.569942][ T400] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 55.578185][ T400] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 55.585996][ T400] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 55.593850][ T400] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 55.601619][ T400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.609430][ T400] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 55.617243][ T400]
[ 55.627958][ T402] FAULT_INJECTION: forcing a failure.
[ 55.627958][ T402] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.641062][ T402] CPU: 1 PID: 402 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.652616][ T402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.662481][ T402] Call Trace:
[ 55.665605][ T402]
[ 55.668385][ T402] dump_stack_lvl+0x151/0x1c0
[ 55.672895][ T402] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.678364][ T402] dump_stack+0x15/0x20
[ 55.682355][ T402] should_fail+0x3c6/0x510
[ 55.686608][ T402] should_fail_usercopy+0x1a/0x20
[ 55.691470][ T402] _copy_to_user+0x20/0x90
[ 55.695720][ T402] simple_read_from_buffer+0xc7/0x150
[ 55.700951][ T402] proc_fail_nth_read+0x1a3/0x210
[ 55.705995][ T402] ? proc_fault_inject_write+0x390/0x390
[ 55.711464][ T402] ? fsnotify_perm+0x269/0x5b0
[ 55.716049][ T402] ? security_file_permission+0x86/0xb0
[ 55.721426][ T402] ? proc_fault_inject_write+0x390/0x390
[ 55.726896][ T402] vfs_read+0x27d/0xd40
[ 55.730894][ T402] ? kernel_read+0x1f0/0x1f0
[ 55.735323][ T402] ? __kasan_check_write+0x14/0x20
[ 55.740263][ T402] ? mutex_lock+0xb6/0x1e0
[ 55.744512][ T402] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.750941][ T402] ? __fdget_pos+0x2e7/0x3a0
[ 55.755382][ T402] ? ksys_read+0x77/0x2c0
[ 55.759531][ T402] ksys_read+0x199/0x2c0
[ 55.763609][ T402] ? vfs_write+0x1110/0x1110
[ 55.768033][ T402] ? __kasan_check_write+0x14/0x20
[ 55.773226][ T402] ? switch_fpu_return+0x15f/0x2e0
[ 55.778245][ T402] __x64_sys_read+0x7b/0x90
[ 55.782584][ T402] x64_sys_call+0x28/0x9a0
[ 55.786837][ T402] do_syscall_64+0x3b/0xb0
[ 55.791089][ T402] ? clear_bhb_loop+0x35/0x90
[ 55.795599][ T402] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.801331][ T402] RIP: 0033:0x7f7d365d178c
[ 55.805580][ T402] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 55.825026][ T402] RSP: 002b:00007f7d361550c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 55.833266][ T402] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d178c
[ 55.841180][ T402] RDX: 000000000000000f RSI: 00007f7d36155130 RDI: 0000000000000006
[ 55.849063][ T402] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 55.857221][ T402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.865141][ T402] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 55.872936][ T402]
[ 55.883508][ T404] FAULT_INJECTION: forcing a failure.
[ 55.883508][ T404] name failslab, interval 1, probability 0, space 0, times 0
[ 55.896291][ T404] CPU: 1 PID: 404 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.907938][ T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.917832][ T404] Call Trace:
[ 55.920960][ T404]
[ 55.923732][ T404] dump_stack_lvl+0x151/0x1c0
[ 55.928245][ T404] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.933716][ T404] dump_stack+0x15/0x20
[ 55.937706][ T404] should_fail+0x3c6/0x510
[ 55.941959][ T404] __should_failslab+0xa4/0xe0
[ 55.946785][ T404] should_failslab+0x9/0x20
[ 55.951100][ T404] slab_pre_alloc_hook+0x37/0xd0
[ 55.955874][ T404] kmem_cache_alloc_trace+0x48/0x210
[ 55.961097][ T404] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.966695][ T404] ? migrate_disable+0x190/0x190
[ 55.971510][ T404] sk_psock_skb_ingress_self+0x60/0x330
[ 55.976889][ T404] sk_psock_verdict_recv+0x66d/0x840
[ 55.982010][ T404] unix_read_sock+0x132/0x370
[ 55.986522][ T404] ? sk_psock_skb_redirect+0x440/0x440
[ 55.991820][ T404] ? unix_stream_splice_actor+0x120/0x120
[ 55.997371][ T404] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.002667][ T404] ? unix_stream_splice_actor+0x120/0x120
[ 56.008218][ T404] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.013859][ T404] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.019065][ T404] ? _raw_spin_lock+0xa4/0x1b0
[ 56.023666][ T404] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.029310][ T404] ? skb_queue_tail+0xfb/0x120
[ 56.033909][ T404] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.038951][ T404] ? unix_dgram_poll+0x690/0x690
[ 56.043718][ T404] ? __kasan_check_write+0x14/0x20
[ 56.048664][ T404] ? __cpuidle_text_end+0x2/0x2
[ 56.053349][ T404] ? cgroup_rstat_updated+0xe5/0x370
[ 56.058473][ T404] ? security_socket_sendmsg+0x82/0xb0
[ 56.063763][ T404] ? unix_dgram_poll+0x690/0x690
[ 56.068545][ T404] ____sys_sendmsg+0x59e/0x8f0
[ 56.073140][ T404] ? __sys_sendmsg_sock+0x40/0x40
[ 56.078075][ T404] ? import_iovec+0xe5/0x120
[ 56.082722][ T404] ___sys_sendmsg+0x252/0x2e0
[ 56.087312][ T404] ? __sys_sendmsg+0x260/0x260
[ 56.091911][ T404] ? __kasan_check_write+0x14/0x20
[ 56.097030][ T404] ? proc_fail_nth_write+0x20b/0x290
[ 56.102289][ T404] ? __fdget+0x1bc/0x240
[ 56.106466][ T404] __sys_sendmmsg+0x2bf/0x530
[ 56.110972][ T404] ? __ia32_sys_sendmsg+0x90/0x90
[ 56.115854][ T404] ? mutex_unlock+0xb2/0x260
[ 56.120259][ T404] ? __kasan_check_write+0x14/0x20
[ 56.125343][ T404] ? __ia32_sys_read+0x90/0x90
[ 56.129904][ T404] ? debug_smp_processor_id+0x17/0x20
[ 56.135109][ T404] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.141012][ T404] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.145699][ T404] x64_sys_call+0x81d/0x9a0
[ 56.150056][ T404] do_syscall_64+0x3b/0xb0
[ 56.154289][ T404] ? clear_bhb_loop+0x35/0x90
[ 56.158808][ T404] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.164533][ T404] RIP: 0033:0x7f7d365d2ae9
[ 56.168789][ T404] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.188326][ T404] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 56.196559][ T404] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 56.204365][ T404] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.212178][ T404] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 56.219993][ T404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.227800][ T404] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 56.235617][ T404]
[ 56.241753][ T403] ==================================================================
[ 56.249641][ T403] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 56.257882][ T403]
[ 56.260052][ T403] CPU: 0 PID: 403 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 56.271594][ T403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.281662][ T403] Call Trace:
[ 56.284787][ T403]
[ 56.287564][ T403] dump_stack_lvl+0x151/0x1c0
[ 56.292078][ T403] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.297545][ T403] ? __wake_up_klogd+0xd5/0x110
[ 56.302254][ T403] ? panic+0x760/0x760
[ 56.306137][ T403] ? kmem_cache_free+0x116/0x2e0
[ 56.310913][ T403] print_address_description+0x87/0x3b0
[ 56.316294][ T403] ? kmem_cache_free+0x116/0x2e0
[ 56.321065][ T403] ? kmem_cache_free+0x116/0x2e0
[ 56.325838][ T403] kasan_report_invalid_free+0x6b/0xa0
[ 56.331258][ T403] ____kasan_slab_free+0x13e/0x160
[ 56.336185][ T403] __kasan_slab_free+0x11/0x20
[ 56.340790][ T403] slab_free_freelist_hook+0xbd/0x190
[ 56.346003][ T403] ? kfree_skbmem+0x104/0x170
[ 56.350590][ T403] kmem_cache_free+0x116/0x2e0
[ 56.355235][ T403] kfree_skbmem+0x104/0x170
[ 56.359531][ T403] consume_skb+0xb4/0x250
[ 56.363700][ T403] __sk_msg_free+0x2dd/0x370
[ 56.368236][ T403] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.373876][ T403] sk_psock_stop+0x44c/0x4d0
[ 56.378403][ T403] sk_psock_drop+0x219/0x310
[ 56.382817][ T403] sock_map_unref+0x48f/0x4d0
[ 56.387327][ T403] ? __local_bh_enable_ip+0x58/0x80
[ 56.392365][ T403] ? _raw_spin_unlock_bh+0x51/0x60
[ 56.397311][ T403] sock_map_remove_links+0x41c/0x650
[ 56.402428][ T403] ? __kasan_record_aux_stack+0xd3/0xf0
[ 56.407816][ T403] ? kasan_record_aux_stack+0xe/0x10
[ 56.412931][ T403] ? task_work_add+0x27/0x1d0
[ 56.417444][ T403] ? sock_map_unhash+0x120/0x120
[ 56.422440][ T403] ? x64_sys_call+0x3d/0x9a0
[ 56.426949][ T403] ? locks_remove_posix+0x610/0x610
[ 56.432150][ T403] sock_map_close+0x114/0x530
[ 56.436643][ T403] ? unix_peer_get+0xe0/0xe0
[ 56.441064][ T403] ? sock_map_remove_links+0x650/0x650
[ 56.446358][ T403] ? rwsem_mark_wake+0x770/0x770
[ 56.451135][ T403] unix_release+0x82/0xc0
[ 56.455299][ T403] sock_close+0xdf/0x270
[ 56.459379][ T403] ? sock_mmap+0xa0/0xa0
[ 56.463468][ T403] __fput+0x228/0x8c0
[ 56.467280][ T403] ____fput+0x15/0x20
[ 56.471229][ T403] task_work_run+0x129/0x190
[ 56.475651][ T403] exit_to_user_mode_loop+0xc4/0xe0
[ 56.480804][ T403] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.486114][ T403] syscall_exit_to_user_mode+0x26/0x160
[ 56.491482][ T403] do_syscall_64+0x47/0xb0
[ 56.495730][ T403] ? clear_bhb_loop+0x35/0x90
[ 56.500245][ T403] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.505970][ T403] RIP: 0033:0x7f7d365d19da
[ 56.510239][ T403] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 56.529871][ T403] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 56.538117][ T403] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 56.545936][ T403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 56.553741][ T403] RBP: 00007f7d366f3980 R08: 0000001b31c60000 R09: 00007ffcd99720b0
[ 56.561552][ T403] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000dd76
[ 56.569357][ T403] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000da35
[ 56.577174][ T403]
[ 56.580046][ T403]
[ 56.582205][ T403] Allocated by task 404:
[ 56.586293][ T403] __kasan_slab_alloc+0xb1/0xe0
[ 56.590967][ T403] slab_post_alloc_hook+0x53/0x2c0
[ 56.595918][ T403] kmem_cache_alloc+0xf5/0x200
[ 56.600516][ T403] skb_clone+0x1d1/0x360
[ 56.604593][ T403] sk_psock_verdict_recv+0x53/0x840
[ 56.609640][ T403] unix_read_sock+0x132/0x370
[ 56.614144][ T403] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.619788][ T403] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.624818][ T403] ____sys_sendmsg+0x59e/0x8f0
[ 56.629419][ T403] ___sys_sendmsg+0x252/0x2e0
[ 56.633928][ T403] __sys_sendmmsg+0x2bf/0x530
[ 56.638442][ T403] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.643152][ T403] x64_sys_call+0x81d/0x9a0
[ 56.647474][ T403] do_syscall_64+0x3b/0xb0
[ 56.651742][ T403] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.657451][ T403]
[ 56.659619][ T403] Freed by task 39:
[ 56.663264][ T403] kasan_set_track+0x4b/0x70
[ 56.667691][ T403] kasan_set_free_info+0x23/0x40
[ 56.672466][ T403] ____kasan_slab_free+0x126/0x160
[ 56.677412][ T403] __kasan_slab_free+0x11/0x20
[ 56.682116][ T403] slab_free_freelist_hook+0xbd/0x190
[ 56.687306][ T403] kmem_cache_free+0x116/0x2e0
[ 56.691905][ T403] kfree_skbmem+0x104/0x170
[ 56.696247][ T403] kfree_skb+0xc2/0x360
[ 56.700237][ T403] sk_psock_backlog+0xc21/0xd90
[ 56.705048][ T403] process_one_work+0x6bb/0xc10
[ 56.709723][ T403] worker_thread+0xad5/0x12a0
[ 56.714531][ T403] kthread+0x421/0x510
[ 56.718440][ T403] ret_from_fork+0x1f/0x30
[ 56.722773][ T403]
[ 56.724944][ T403] The buggy address belongs to the object at ffff8881233238c0
[ 56.724944][ T403] which belongs to the cache skbuff_head_cache of size 248
[ 56.739354][ T403] The buggy address is located 0 bytes inside of
[ 56.739354][ T403] 248-byte region [ffff8881233238c0, ffff8881233239b8)
[ 56.752289][ T403] The buggy address belongs to the page:
[ 56.757756][ T403] page:ffffea00048cc8c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123323
[ 56.767853][ T403] flags: 0x4000000000000200(slab|zone=1)
[ 56.773304][ T403] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa780
[ 56.781722][ T403] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.790138][ T403] page dumped because: kasan: bad access detected
[ 56.796378][ T403] page_owner tracks the page as allocated
[ 56.801949][ T403] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 55368580754, free_ts 46953245391
[ 56.817643][ T403] post_alloc_hook+0x1a3/0x1b0
[ 56.822244][ T403] prep_new_page+0x1b/0x110
[ 56.826598][ T403] get_page_from_freelist+0x3550/0x35d0
[ 56.831966][ T403] __alloc_pages+0x27e/0x8f0
[ 56.836477][ T403] new_slab+0x9a/0x4e0
[ 56.840386][ T403] ___slab_alloc+0x39e/0x830
[ 56.844809][ T403] __slab_alloc+0x4a/0x90
[ 56.848970][ T403] kmem_cache_alloc+0x134/0x200
[ 56.853656][ T403] __alloc_skb+0xbe/0x550
[ 56.857830][ T403] alloc_uevent_skb+0x80/0x230
[ 56.862768][ T403] kobject_uevent_net_broadcast+0x311/0x590
[ 56.868478][ T403] kobject_uevent_env+0x525/0x700
[ 56.873338][ T403] kobject_synth_uevent+0x4eb/0xae0
[ 56.878370][ T403] uevent_store+0x25/0x60
[ 56.882533][ T403] dev_attr_store+0x5c/0x80
[ 56.886962][ T403] sysfs_kf_write+0x123/0x140
[ 56.891479][ T403] page last free stack trace:
[ 56.895992][ T403] __free_pages_ok+0x985/0xa50
[ 56.900684][ T403] __free_pages+0xe9/0xf0
[ 56.904839][ T403] free_nonslab_page+0x82/0xc0
[ 56.909441][ T403] kfree+0x19e/0x220
[ 56.913171][ T403] kvfree+0x35/0x40
[ 56.916816][ T403] btf_check_all_metas+0x5c4/0xa40
[ 56.921769][ T403] btf_parse_vmlinux+0x403/0xe00
[ 56.926538][ T403] bpf_check+0x757/0x12bf0
[ 56.930798][ T403] bpf_prog_load+0x12ac/0x1b50
[ 56.935394][ T403] __sys_bpf+0x4bc/0x760
[ 56.939469][ T403] __x64_sys_bpf+0x7c/0x90
[ 56.943828][ T403] x64_sys_call+0x87f/0x9a0
[ 56.948173][ T403] do_syscall_64+0x3b/0xb0
[ 56.952426][ T403] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.958190][ T403]
[ 56.960330][ T403] Memory state around the buggy address:
[ 56.965878][ T403] ffff888123323780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.973778][ T403] ffff888123323800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2024/12/12 12:49:13 executed programs: 19
[ 56.981673][ T403] >ffff888123323880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.989746][ T403] ^
[ 56.995735][ T403] ffff888123323900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.003634][ T403] ffff888123323980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.011665][ T403] ==================================================================
[ 57.046289][ T407] FAULT_INJECTION: forcing a failure.
[ 57.046289][ T407] name failslab, interval 1, probability 0, space 0, times 0
[ 57.058754][ T407] CPU: 1 PID: 407 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.070379][ T407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.080500][ T407] Call Trace:
[ 57.083609][ T407]
[ 57.086388][ T407] dump_stack_lvl+0x151/0x1c0
[ 57.090906][ T407] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.096469][ T407] dump_stack+0x15/0x20
[ 57.100365][ T407] should_fail+0x3c6/0x510
[ 57.104613][ T407] __should_failslab+0xa4/0xe0
[ 57.109212][ T407] should_failslab+0x9/0x20
[ 57.113559][ T407] slab_pre_alloc_hook+0x37/0xd0
[ 57.118340][ T407] kmem_cache_alloc_trace+0x48/0x210
[ 57.123575][ T407] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.129119][ T407] ? migrate_disable+0x190/0x190
[ 57.133895][ T407] sk_psock_skb_ingress_self+0x60/0x330
[ 57.139324][ T407] sk_psock_verdict_recv+0x66d/0x840
[ 57.144402][ T407] unix_read_sock+0x132/0x370
[ 57.148906][ T407] ? sk_psock_skb_redirect+0x440/0x440
[ 57.154197][ T407] ? unix_stream_splice_actor+0x120/0x120
[ 57.159753][ T407] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.165050][ T407] ? unix_stream_splice_actor+0x120/0x120
[ 57.170705][ T407] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.176347][ T407] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.181559][ T407] ? _raw_spin_lock+0xa4/0x1b0
[ 57.186158][ T407] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.191789][ T407] ? skb_queue_tail+0xfb/0x120
[ 57.196396][ T407] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.201431][ T407] ? unix_dgram_poll+0x690/0x690
[ 57.206206][ T407] ? __kasan_check_write+0x14/0x20
[ 57.211150][ T407] ? __cpuidle_text_end+0x2/0x2
[ 57.215831][ T407] ? cgroup_rstat_updated+0xe5/0x370
[ 57.220955][ T407] ? security_socket_sendmsg+0x82/0xb0
[ 57.226270][ T407] ? unix_dgram_poll+0x690/0x690
[ 57.231024][ T407] ____sys_sendmsg+0x59e/0x8f0
[ 57.235754][ T407] ? __sys_sendmsg_sock+0x40/0x40
[ 57.240602][ T407] ? import_iovec+0xe5/0x120
[ 57.245025][ T407] ___sys_sendmsg+0x252/0x2e0
[ 57.249538][ T407] ? __sys_sendmsg+0x260/0x260
[ 57.254170][ T407] ? __kasan_check_write+0x14/0x20
[ 57.259185][ T407] ? proc_fail_nth_write+0x20b/0x290
[ 57.264309][ T407] ? __fdget+0x1bc/0x240
[ 57.268385][ T407] __sys_sendmmsg+0x2bf/0x530
[ 57.272900][ T407] ? __ia32_sys_sendmsg+0x90/0x90
[ 57.277756][ T407] ? mutex_unlock+0xb2/0x260
[ 57.282185][ T407] ? __kasan_check_write+0x14/0x20
[ 57.287139][ T407] ? __ia32_sys_read+0x90/0x90
[ 57.291734][ T407] ? debug_smp_processor_id+0x17/0x20
[ 57.296941][ T407] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.302853][ T407] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.307530][ T407] x64_sys_call+0x81d/0x9a0
[ 57.311867][ T407] do_syscall_64+0x3b/0xb0
[ 57.316121][ T407] ? clear_bhb_loop+0x35/0x90
[ 57.320655][ T407] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.326364][ T407] RIP: 0033:0x7f7d365d2ae9
[ 57.330618][ T407] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 57.350062][ T407] RSP: 002b:00007f7d361550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 57.358389][ T407] RAX: ffffffffffffffda RBX: 00007f7d366f1f80 RCX: 00007f7d365d2ae9
[ 57.366197][ T407] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 57.374022][ T407] RBP: 00007f7d36155120 R08: 0000000000000000 R09: 0000000000000000
[ 57.381819][ T407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.389717][ T407] R13: 000000000000000b R14: 00007f7d366f1f80 R15: 00007ffcd984eb28
[ 57.397882][ T407]
[ 57.401365][ T406] ==================================================================
[ 57.409253][ T406] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 57.417498][ T406]
[ 57.419667][ T406] CPU: 0 PID: 406 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.431306][ T406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.441196][ T406] Call Trace:
[ 57.444313][ T406]
[ 57.447105][ T406] dump_stack_lvl+0x151/0x1c0
[ 57.451609][ T406] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.457159][ T406] ? __wake_up_klogd+0xd5/0x110
[ 57.461856][ T406] ? panic+0x760/0x760
[ 57.465785][ T406] ? kmem_cache_free+0x116/0x2e0
[ 57.470638][ T406] print_address_description+0x87/0x3b0
[ 57.476027][ T406] ? kmem_cache_free+0x116/0x2e0
[ 57.480803][ T406] ? kmem_cache_free+0x116/0x2e0
[ 57.485589][ T406] kasan_report_invalid_free+0x6b/0xa0
[ 57.490985][ T406] ____kasan_slab_free+0x13e/0x160
[ 57.495937][ T406] __kasan_slab_free+0x11/0x20
[ 57.500530][ T406] slab_free_freelist_hook+0xbd/0x190
[ 57.505760][ T406] ? kfree_skbmem+0x104/0x170
[ 57.510250][ T406] kmem_cache_free+0x116/0x2e0
[ 57.514849][ T406] kfree_skbmem+0x104/0x170
[ 57.519284][ T406] consume_skb+0xb4/0x250
[ 57.523447][ T406] __sk_msg_free+0x2dd/0x370
[ 57.527892][ T406] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.533555][ T406] sk_psock_stop+0x44c/0x4d0
[ 57.537946][ T406] sk_psock_drop+0x219/0x310
[ 57.542370][ T406] sock_map_unref+0x48f/0x4d0
[ 57.547087][ T406] ? __local_bh_enable_ip+0x58/0x80
[ 57.552117][ T406] ? _raw_spin_unlock_bh+0x51/0x60
[ 57.557062][ T406] sock_map_remove_links+0x41c/0x650
[ 57.562304][ T406] ? __kasan_record_aux_stack+0xd3/0xf0
[ 57.567673][ T406] ? kasan_record_aux_stack+0xe/0x10
[ 57.572930][ T406] ? task_work_add+0x27/0x1d0
[ 57.577460][ T406] ? sock_map_unhash+0x120/0x120
[ 57.582214][ T406] ? x64_sys_call+0x3d/0x9a0
[ 57.586650][ T406] ? locks_remove_posix+0x610/0x610
[ 57.591673][ T406] sock_map_close+0x114/0x530
[ 57.596187][ T406] ? unix_peer_get+0xe0/0xe0
[ 57.600611][ T406] ? sock_map_remove_links+0x650/0x650
[ 57.605921][ T406] ? rwsem_mark_wake+0x770/0x770
[ 57.610683][ T406] unix_release+0x82/0xc0
[ 57.614868][ T406] sock_close+0xdf/0x270
[ 57.618927][ T406] ? sock_mmap+0xa0/0xa0
[ 57.623021][ T406] __fput+0x228/0x8c0
[ 57.626832][ T406] ____fput+0x15/0x20
[ 57.630645][ T406] task_work_run+0x129/0x190
[ 57.635097][ T406] exit_to_user_mode_loop+0xc4/0xe0
[ 57.640277][ T406] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.645513][ T406] syscall_exit_to_user_mode+0x26/0x160
[ 57.650894][ T406] do_syscall_64+0x47/0xb0
[ 57.655150][ T406] ? clear_bhb_loop+0x35/0x90
[ 57.659697][ T406] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.665388][ T406] RIP: 0033:0x7f7d365d19da
[ 57.669661][ T406] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 57.689198][ T406] RSP: 002b:00007ffcd984ebf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 57.697461][ T406] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7d365d19da
[ 57.705254][ T406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 57.713065][ T406] RBP: 0000000000000032 R08: 0000001b31c60000 R09: 00007f7d366f1f8c
[ 57.720873][ T406] R10: 00007ffcd984ed40 R11: 0000000000000293 R12: 00007f7d361570d0
[ 57.728683][ T406] R13: ffffffffffffffff R14: 00007f7d36156000 R15: 000000000000dec0
[ 57.736500][ T406]
[ 57.739356][ T406]
[ 57.741525][ T406] Allocated by task 407:
[ 57.745611][ T406] __kasan_slab_alloc+0xb1/0xe0
[ 57.750302][ T406] slab_post_alloc_hook+0x53/0x2c0
[ 57.755246][ T406] kmem_cache_alloc+0xf5/0x200
[ 57.759946][ T406] skb_clone+0x1d1/0x360
[ 57.764154][ T406] sk_psock_verdict_recv+0x53/0x840
[ 57.769275][ T406] unix_read_sock+0x132/0x370
[ 57.773811][ T406] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.779636][ T406] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.784668][ T406] ____sys_sendmsg+0x59e/0x8f0
[ 57.789261][ T406] ___sys_sendmsg+0x252/0x2e0
[ 57.793773][ T406] __sys_sendmmsg+0x2bf/0x530
[ 57.798305][ T406] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.802973][ T406] x64_sys_call+0x81d/0x9a0
[ 57.807313][ T406] do_syscall_64+0x3b/0xb0
[ 57.811574][ T406] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.817296][ T406]
[ 57.819462][ T406] Freed by task 20:
[ 57.823117][ T406] kasan_set_track+0x4b/0x70
[ 57.827766][ T406] kasan_set_free_info+0x23/0x40
[ 57.832545][ T406] ____kasan_slab_free+0x126/0x160
[ 57.837490][ T406] __kasan_slab_free+0x11/0x20
[ 57.842117][ T406] slab_free_freelist_hook+0xbd/0x190
[ 57.847287][ T406] kmem_cache_free+0x116/0x2e0
[ 57.851894][ T406] kfree_skbmem+0x104/0x170
[ 57.856228][ T406] kfree_skb+0xc2/0x360
[ 57.860243][ T406] sk_psock_backlog+0xc21/0xd90
[ 57.865384][ T406] process_one_work+0x6bb/0xc10
[ 57.870071][ T406] worker_thread+0xad5/0x12a0
[ 57.874725][ T406] kthread+0x421/0x510
[ 57.878608][ T406] ret_from_fork+0x1f/0x30
[ 57.882859][ T406]
[ 57.885035][ T406] The buggy address belongs to the object at ffff888110f1d8c0
[ 57.885035][ T406] which belongs to the cache skbuff_head_cache of size 248
[ 57.899447][ T406] The buggy address is located 0 bytes inside of
[ 57.899447][ T406] 248-byte region [ffff888110f1d8c0, ffff888110f1d9b8)
[ 57.912461][ T406] The buggy address belongs to the page:
[ 57.917931][ T406] page:ffffea000443c740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110f1d
[ 57.927992][ T406] flags: 0x4000000000000200(slab|zone=1)
[ 57.933466][ T406] raw: 4000000000000200 ffffea000443c700 0000000a0000000a ffff8881081aa780
[ 57.941887][ T406] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.950292][ T406] page dumped because: kasan: bad access detected
[ 57.956543][ T406] page_owner tracks the page as allocated
[ 57.962097][ T406] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 111, ts 4723598472, free_ts 0
[ 57.977146][ T406] post_alloc_hook+0x1a3/0x1b0
[ 57.981740][ T406] prep_new_page+0x1b/0x110
[ 57.986082][ T406] get_page_from_freelist+0x3550/0x35d0
[ 57.991464][ T406] __alloc_pages+0x27e/0x8f0
[ 57.995889][ T406] new_slab+0x9a/0x4e0