Warning: Permanently added '10.128.0.51' (ED25519) to the list of known hosts.
2023/11/12 14:08:03 ignoring optional flag "sandboxArg"="0"
2023/11/12 14:08:03 parsed 1 programs
[ 39.592830][ T29] kauditd_printk_skb: 78 callbacks suppressed
[ 39.592838][ T29] audit: type=1400 audit(1699798083.537:154): avc: denied { mounton } for pid=348 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 39.624498][ T29] audit: type=1400 audit(1699798083.537:155): avc: denied { mount } for pid=348 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 39.647477][ T29] audit: type=1400 audit(1699798083.537:156): avc: denied { setattr } for pid=348 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 39.670392][ T29] audit: type=1400 audit(1699798083.537:157): avc: denied { read write } for pid=348 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 39.696870][ T29] audit: type=1400 audit(1699798083.537:158): avc: denied { open } for pid=348 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 39.747186][ T29] audit: type=1400 audit(1699798083.697:159): avc: denied { unlink } for pid=348 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2023/11/12 14:08:03 executed programs: 0
[ 39.772920][ T29] audit: type=1400 audit(1699798083.697:160): avc: denied { relabelto } for pid=350 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 39.801993][ T348] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 39.843627][ T355] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.850491][ T355] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.857707][ T355] device bridge_slave_0 entered promiscuous mode
[ 39.864386][ T355] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.871249][ T355] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.878385][ T355] device bridge_slave_1 entered promiscuous mode
[ 39.916468][ T355] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.923310][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.930410][ T355] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.937200][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.953480][ T311] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.960603][ T311] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.968231][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 39.975382][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.983666][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.991689][ T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.998524][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.006750][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 40.014616][ T311] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.021406][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.038152][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.046438][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.054221][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.062938][ T355] device veth0_vlan entered promiscuous mode
[ 40.069020][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.077770][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 40.084921][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 40.095092][ T355] device veth1_macvtap entered promiscuous mode
[ 40.101641][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.113557][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.121664][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.139661][ T29] audit: type=1400 audit(1699798084.087:161): avc: denied { prog_load } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 40.160968][ T362] FAULT_INJECTION: forcing a failure.
[ 40.160968][ T362] name failslab, interval 1, probability 0, space 0, times 1
[ 40.161835][ T29] audit: type=1400 audit(1699798084.087:162): avc: denied { bpf } for pid=360 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 40.174154][ T362] CPU: 0 PID: 362 Comm: syz-executor.0 Not tainted 5.15.137-syzkaller #0
[ 40.194279][ T29] audit: type=1400 audit(1699798084.087:163): avc: denied { perfmon } for pid=360 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 40.202171][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 40.202176][ T362] Call Trace:
[ 40.202179][ T362]
[ 40.202182][ T362] dump_stack_lvl+0x38/0x49
[ 40.202193][ T362] dump_stack+0x10/0x12
[ 40.202198][ T362] should_fail.cold+0x5/0xa
[ 40.202208][ T362] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 40.257111][ T362] __should_failslab+0xb6/0x100
[ 40.261796][ T362] should_failslab+0x9/0x20
[ 40.266136][ T362] kmem_cache_alloc_trace+0x3f/0x490
[ 40.271264][ T362] sk_psock_skb_ingress_self+0x52/0x3a0
[ 40.276640][ T362] sk_psock_verdict_recv+0x799/0x9e0
[ 40.281760][ T362] unix_read_sock+0xd8/0x200
[ 40.286185][ T362] ? sk_psock_tls_strp_read+0x360/0x360
[ 40.291568][ T362] ? unix_compat_ioctl+0x10/0x10
[ 40.296339][ T362] sk_psock_verdict_data_ready+0x104/0x170
[ 40.301984][ T362] ? failover_event+0x330/0x330
[ 40.306693][ T362] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 40.312307][ T362] ? skb_queue_tail+0xdc/0x150
[ 40.316912][ T362] unix_dgram_sendmsg+0xc13/0x16d0
[ 40.321858][ T362] ? unix_dgram_connect+0xc70/0xc70
[ 40.326894][ T362] ? unix_dgram_connect+0xc70/0xc70
[ 40.331925][ T362] __sock_sendmsg+0xb5/0xf0
[ 40.336265][ T362] ____sys_sendmsg+0x3f3/0x990
[ 40.340865][ T362] ? kernel_sendmsg+0x30/0x30
[ 40.345376][ T362] ? do_recvmmsg+0x5a0/0x5a0
[ 40.349805][ T362] ? __kasan_check_read+0x11/0x20
[ 40.354666][ T362] ___sys_sendmsg+0xfc/0x190
[ 40.359096][ T362] ? sendmsg_copy_msghdr+0x110/0x110
[ 40.364216][ T362] ? handle_pte_fault+0x1a2/0x2180
[ 40.369159][ T362] ? __handle_mm_fault+0x4aa/0x1380
[ 40.374192][ T362] ? __kasan_check_write+0x14/0x20
[ 40.379138][ T362] ? _raw_spin_lock+0x86/0x110
[ 40.383742][ T362] ? do_filp_open+0x1ab/0x3f0
[ 40.388340][ T362] ? __pmd_alloc+0x330/0x330
[ 40.392867][ T362] ? __fdget+0xe/0x10
[ 40.396682][ T362] ? sockfd_lookup_light+0x1c/0x150
[ 40.401716][ T362] __sys_sendmmsg+0x160/0x340
[ 40.406228][ T362] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 40.411098][ T362] ? branch_type+0x2e0/0x470
[ 40.415519][ T362] ? mutex_unlock+0x7e/0x240
[ 40.419942][ T362] ? mutex_trylock+0x260/0x260
[ 40.424541][ T362] ? vfs_write+0x2b2/0x8e0
[ 40.428795][ T362] ? __kasan_check_write+0x14/0x20
[ 40.433742][ T362] ? fput+0x17/0x30
[ 40.437392][ T362] ? __ia32_sys_read+0xa0/0xa0
[ 40.441987][ T362] ? debug_smp_processor_id+0x17/0x20
[ 40.447195][ T362] __x64_sys_sendmmsg+0x98/0xf0
[ 40.451891][ T362] ? syscall_exit_to_user_mode+0x2f/0x40
[ 40.457357][ T362] do_syscall_64+0x35/0xb0
[ 40.461603][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.467333][ T362] RIP: 0033:0x7fef51633ae9
[ 40.471675][ T362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 40.491112][ T362] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 40.499371][ T362] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 40.507170][ T362] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 40.514979][ T362] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 40.522792][ T362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 40.530606][ T362] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 40.538591][ T362]
[ 40.543391][ T360] ==================================================================
[ 40.551253][ T360] BUG: KASAN: use-after-free in consume_skb+0x28/0x1d0
[ 40.557935][ T360] Read of size 4 at addr ffff888121845ae4 by task syz-executor.0/360
[ 40.565831][ T360]
[ 40.568001][ T360] CPU: 0 PID: 360 Comm: syz-executor.0 Not tainted 5.15.137-syzkaller #0
[ 40.576246][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 40.586143][ T360] Call Trace:
[ 40.589265][ T360]
[ 40.592046][ T360] dump_stack_lvl+0x38/0x49
[ 40.596383][ T360] print_address_description.constprop.0+0x24/0x160
[ 40.602805][ T360] ? consume_skb+0x28/0x1d0
[ 40.607154][ T360] kasan_report.cold+0x82/0xdb
[ 40.611751][ T360] ? consume_skb+0x28/0x1d0
[ 40.616101][ T360] kasan_check_range+0x148/0x190
[ 40.620862][ T360] __kasan_check_read+0x11/0x20
[ 40.625668][ T360] consume_skb+0x28/0x1d0
[ 40.629824][ T360] __sk_msg_free+0x267/0x4e0
[ 40.634248][ T360] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 40.639896][ T360] ? skb_dequeue+0x115/0x1a0
[ 40.644317][ T360] sk_psock_stop+0x3e4/0x600
[ 40.648742][ T360] ? __local_bh_enable_ip+0x28/0x60
[ 40.653782][ T360] ? xfrmi6_err+0x440/0x440
[ 40.658114][ T360] sock_map_close+0x253/0x310
[ 40.662629][ T360] ? sock_map_lookup+0x300/0x300
[ 40.667403][ T360] ? do_lock_file_wait+0x320/0x320
[ 40.672348][ T360] ? down_write_killable+0x2c0/0x2c0
[ 40.677480][ T360] unix_release+0x73/0xe0
[ 40.681636][ T360] __sock_release+0xc2/0x270
[ 40.686069][ T360] sock_close+0x10/0x20
[ 40.690057][ T360] __fput+0x317/0x960
[ 40.693874][ T360] ____fput+0x9/0x10
[ 40.697694][ T360] task_work_run+0xc2/0x150
[ 40.702031][ T360] exit_to_user_mode_prepare+0x140/0x150
[ 40.707501][ T360] syscall_exit_to_user_mode+0x21/0x40
[ 40.712794][ T360] do_syscall_64+0x42/0xb0
[ 40.717047][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.722949][ T360] RIP: 0033:0x7fef516329da
[ 40.727207][ T360] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 40.746646][ T360] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 40.754891][ T360] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 40.762707][ T360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 40.770512][ T360] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 40.778323][ T360] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a005
[ 40.786135][ T360] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 0000000000009cc4
[ 40.794209][ T360]
[ 40.797081][ T360]
[ 40.799242][ T360] Allocated by task 362:
[ 40.803341][ T360] kasan_save_stack+0x26/0x50
[ 40.807831][ T360] __kasan_slab_alloc+0x94/0xc0
[ 40.812519][ T360] kmem_cache_alloc+0x197/0x480
[ 40.817207][ T360] skb_clone+0x131/0x310
[ 40.821284][ T360] sk_psock_verdict_recv+0x4a/0x9e0
[ 40.826320][ T360] unix_read_sock+0xd8/0x200
[ 40.830748][ T360] sk_psock_verdict_data_ready+0x104/0x170
[ 40.836390][ T360] unix_dgram_sendmsg+0xc13/0x16d0
[ 40.841421][ T360] __sock_sendmsg+0xb5/0xf0
[ 40.845767][ T360] ____sys_sendmsg+0x3f3/0x990
[ 40.850366][ T360] ___sys_sendmsg+0xfc/0x190
[ 40.854787][ T360] __sys_sendmmsg+0x160/0x340
[ 40.859303][ T360] __x64_sys_sendmmsg+0x98/0xf0
[ 40.863995][ T360] do_syscall_64+0x35/0xb0
[ 40.868244][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.873969][ T360]
[ 40.876141][ T360] Freed by task 38:
[ 40.879786][ T360] kasan_save_stack+0x26/0x50
[ 40.884301][ T360] kasan_set_track+0x25/0x30
[ 40.888727][ T360] kasan_set_free_info+0x24/0x40
[ 40.893543][ T360] __kasan_slab_free+0x111/0x150
[ 40.898282][ T360] slab_free_freelist_hook+0x94/0x1a0
[ 40.903477][ T360] kmem_cache_free+0x105/0x250
[ 40.908115][ T360] kfree_skbmem+0x95/0x140
[ 40.912341][ T360] kfree_skb_reason+0xbb/0x2b0
[ 40.916930][ T360] kfree_skb+0xb/0x10
[ 40.920752][ T360] sk_psock_backlog+0x694/0xd00
[ 40.925450][ T360] process_one_work+0x62c/0xec0
[ 40.930131][ T360] worker_thread+0x48e/0xdb0
[ 40.934577][ T360] kthread+0x324/0x3e0
[ 40.938460][ T360] ret_from_fork+0x1f/0x30
[ 40.942712][ T360]
[ 40.944882][ T360] The buggy address belongs to the object at ffff888121845a00
[ 40.944882][ T360] which belongs to the cache skbuff_head_cache of size 240
[ 40.959292][ T360] The buggy address is located 228 bytes inside of
[ 40.959292][ T360] 240-byte region [ffff888121845a00, ffff888121845af0)
[ 40.972914][ T360] The buggy address belongs to the page:
[ 40.978471][ T360] page:ffffea0004861140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121845
[ 40.988548][ T360] flags: 0x4000000000000200(slab|zone=1)
[ 40.994008][ T360] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 41.002434][ T360] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 41.010844][ T360] page dumped because: kasan: bad access detected
[ 41.017092][ T360] page_owner tracks the page as allocated
[ 41.022646][ T360] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 306, ts 40158859914, free_ts 0
[ 41.037493][ T360] prep_new_page+0x1a2/0x310
[ 41.041914][ T360] get_page_from_freelist+0x1ce2/0x30a0
[ 41.047298][ T360] __alloc_pages+0x217/0x2330
[ 41.051807][ T360] allocate_slab+0x39d/0x530
[ 41.056237][ T360] ___slab_alloc.constprop.0+0x3ca/0x890
[ 41.061712][ T360] __slab_alloc.constprop.0+0x42/0x80
[ 41.066911][ T360] kmem_cache_alloc+0x440/0x480
[ 41.071686][ T360] __alloc_skb+0x14b/0x250
[ 41.075937][ T360] alloc_skb_with_frags+0x76/0x4a0
[ 41.080887][ T360] sock_alloc_send_pskb+0x68b/0x840
[ 41.085917][ T360] sock_alloc_send_skb+0x13/0x20
[ 41.090693][ T360] mld_newpack.isra.0+0x1ae/0x8f0
[ 41.095552][ T360] add_grhead+0x265/0x350
[ 41.099719][ T360] add_grec+0xb4d/0xdf0
[ 41.103712][ T360] mld_ifc_work+0x43e/0xc10
[ 41.108054][ T360] process_one_work+0x62c/0xec0
[ 41.112763][ T360] page_owner free stack trace missing
[ 41.118122][ T360]
[ 41.120291][ T360] Memory state around the buggy address:
[ 41.125761][ T360] ffff888121845980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 41.133667][ T360] ffff888121845a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.141644][ T360] >ffff888121845a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 41.149538][ T360] ^
[ 41.156569][ T360] ffff888121845b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 41.164553][ T360] ffff888121845b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.172451][ T360] ==================================================================
[ 41.180359][ T360] Disabling lock debugging due to kernel taint
[ 41.186393][ T360] ==================================================================
[ 41.194240][ T360] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 41.202483][ T360]
[ 41.204654][ T360] CPU: 0 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 41.214299][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 41.224184][ T360] Call Trace:
[ 41.227305][ T360]
[ 41.230111][ T360] dump_stack_lvl+0x38/0x49
[ 41.234432][ T360] print_address_description.constprop.0+0x24/0x160
[ 41.240849][ T360] ? kmem_cache_free+0x105/0x250
[ 41.245620][ T360] kasan_report_invalid_free+0x75/0xa0
[ 41.250913][ T360] ? kmem_cache_free+0x105/0x250
[ 41.255782][ T360] __kasan_slab_free+0x134/0x150
[ 41.260559][ T360] slab_free_freelist_hook+0x94/0x1a0
[ 41.265757][ T360] ? kfree_skbmem+0x95/0x140
[ 41.270183][ T360] kmem_cache_free+0x105/0x250
[ 41.274782][ T360] kfree_skbmem+0x95/0x140
[ 41.279034][ T360] consume_skb+0xab/0x1d0
[ 41.283205][ T360] __sk_msg_free+0x267/0x4e0
[ 41.287633][ T360] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 41.293269][ T360] ? skb_dequeue+0x115/0x1a0
[ 41.297698][ T360] sk_psock_stop+0x3e4/0x600
[ 41.302123][ T360] ? __local_bh_enable_ip+0x28/0x60
[ 41.307506][ T360] ? xfrmi6_err+0x440/0x440
[ 41.311843][ T360] sock_map_close+0x253/0x310
[ 41.316359][ T360] ? sock_map_lookup+0x300/0x300
[ 41.321133][ T360] ? do_lock_file_wait+0x320/0x320
[ 41.326174][ T360] ? down_write_killable+0x2c0/0x2c0
[ 41.331296][ T360] unix_release+0x73/0xe0
[ 41.335469][ T360] __sock_release+0xc2/0x270
[ 41.339887][ T360] sock_close+0x10/0x20
[ 41.343967][ T360] __fput+0x317/0x960
[ 41.347789][ T360] ____fput+0x9/0x10
[ 41.351519][ T360] task_work_run+0xc2/0x150
[ 41.355856][ T360] exit_to_user_mode_prepare+0x140/0x150
[ 41.361508][ T360] syscall_exit_to_user_mode+0x21/0x40
[ 41.366791][ T360] do_syscall_64+0x42/0xb0
[ 41.371047][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.376862][ T360] RIP: 0033:0x7fef516329da
[ 41.381113][ T360] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 41.400557][ T360] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 41.408804][ T360] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 41.416611][ T360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 41.424425][ T360] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 41.432241][ T360] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a005
[ 41.440050][ T360] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 0000000000009cc4
[ 41.447861][ T360]
[ 41.450723][ T360]
[ 41.452895][ T360] Allocated by task 362:
[ 41.456988][ T360] kasan_save_stack+0x26/0x50
[ 41.461520][ T360] __kasan_slab_alloc+0x94/0xc0
[ 41.466173][ T360] kmem_cache_alloc+0x197/0x480
[ 41.470863][ T360] skb_clone+0x131/0x310
[ 41.474940][ T360] sk_psock_verdict_recv+0x4a/0x9e0
[ 41.480088][ T360] unix_read_sock+0xd8/0x200
[ 41.484515][ T360] sk_psock_verdict_data_ready+0x104/0x170
[ 41.490156][ T360] unix_dgram_sendmsg+0xc13/0x16d0
[ 41.495109][ T360] __sock_sendmsg+0xb5/0xf0
[ 41.499465][ T360] ____sys_sendmsg+0x3f3/0x990
[ 41.504046][ T360] ___sys_sendmsg+0xfc/0x190
[ 41.508468][ T360] __sys_sendmmsg+0x160/0x340
[ 41.512990][ T360] __x64_sys_sendmmsg+0x98/0xf0
[ 41.517664][ T360] do_syscall_64+0x35/0xb0
[ 41.522006][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.527734][ T360]
[ 41.529904][ T360] Freed by task 38:
[ 41.533549][ T360] kasan_save_stack+0x26/0x50
[ 41.538066][ T360] kasan_set_track+0x25/0x30
[ 41.542488][ T360] kasan_set_free_info+0x24/0x40
[ 41.547262][ T360] __kasan_slab_free+0x111/0x150
[ 41.552035][ T360] slab_free_freelist_hook+0x94/0x1a0
[ 41.557252][ T360] kmem_cache_free+0x105/0x250
[ 41.561846][ T360] kfree_skbmem+0x95/0x140
[ 41.566104][ T360] kfree_skb_reason+0xbb/0x2b0
[ 41.570699][ T360] kfree_skb+0xb/0x10
[ 41.574517][ T360] sk_psock_backlog+0x694/0xd00
[ 41.579205][ T360] process_one_work+0x62c/0xec0
[ 41.583888][ T360] worker_thread+0x48e/0xdb0
[ 41.588318][ T360] kthread+0x324/0x3e0
[ 41.592311][ T360] ret_from_fork+0x1f/0x30
[ 41.596565][ T360]
[ 41.598739][ T360] The buggy address belongs to the object at ffff888121845a00
[ 41.598739][ T360] which belongs to the cache skbuff_head_cache of size 240
[ 41.613847][ T360] The buggy address is located 0 bytes inside of
[ 41.613847][ T360] 240-byte region [ffff888121845a00, ffff888121845af0)
[ 41.626785][ T360] The buggy address belongs to the page:
[ 41.632250][ T360] page:ffffea0004861140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121845
[ 41.642420][ T360] flags: 0x4000000000000200(slab|zone=1)
[ 41.647875][ T360] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 41.656295][ T360] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 41.664708][ T360] page dumped because: kasan: bad access detected
[ 41.670962][ T360] page_owner tracks the page as allocated
[ 41.676513][ T360] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 306, ts 40158859914, free_ts 0
[ 41.691442][ T360] prep_new_page+0x1a2/0x310
[ 41.695866][ T360] get_page_from_freelist+0x1ce2/0x30a0
[ 41.701247][ T360] __alloc_pages+0x217/0x2330
[ 41.705762][ T360] allocate_slab+0x39d/0x530
[ 41.710189][ T360] ___slab_alloc.constprop.0+0x3ca/0x890
[ 41.715655][ T360] __slab_alloc.constprop.0+0x42/0x80
[ 41.720864][ T360] kmem_cache_alloc+0x440/0x480
[ 41.725564][ T360] __alloc_skb+0x14b/0x250
[ 41.729804][ T360] alloc_skb_with_frags+0x76/0x4a0
[ 41.734844][ T360] sock_alloc_send_pskb+0x68b/0x840
[ 41.739870][ T360] sock_alloc_send_skb+0x13/0x20
[ 41.744649][ T360] mld_newpack.isra.0+0x1ae/0x8f0
[ 41.749680][ T360] add_grhead+0x265/0x350
[ 41.753845][ T360] add_grec+0xb4d/0xdf0
[ 41.757836][ T360] mld_ifc_work+0x43e/0xc10
[ 41.762205][ T360] process_one_work+0x62c/0xec0
[ 41.766865][ T360] page_owner free stack trace missing
[ 41.772081][ T360]
[ 41.774251][ T360] Memory state around the buggy address:
[ 41.779719][ T360] ffff888121845900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.787612][ T360] ffff888121845980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 41.795509][ T360] >ffff888121845a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.803406][ T360] ^
[ 41.807399][ T360] ffff888121845a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 41.815303][ T360] ffff888121845b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 41.823206][ T360] ==================================================================
[ 41.842362][ T366] FAULT_INJECTION: forcing a failure.
[ 41.842362][ T366] name failslab, interval 1, probability 0, space 0, times 0
[ 41.854846][ T366] CPU: 1 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 41.864391][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 41.874276][ T366] Call Trace:
[ 41.877483][ T366]
[ 41.880260][ T366] dump_stack_lvl+0x38/0x49
[ 41.884600][ T366] dump_stack+0x10/0x12
[ 41.888593][ T366] should_fail.cold+0x5/0xa
[ 41.892934][ T366] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 41.898487][ T366] __should_failslab+0xb6/0x100
[ 41.903173][ T366] should_failslab+0x9/0x20
[ 41.907516][ T366] kmem_cache_alloc_trace+0x3f/0x490
[ 41.912636][ T366] sk_psock_skb_ingress_self+0x52/0x3a0
[ 41.918017][ T366] sk_psock_verdict_recv+0x799/0x9e0
[ 41.923137][ T366] unix_read_sock+0xd8/0x200
[ 41.927569][ T366] ? sk_psock_tls_strp_read+0x360/0x360
[ 41.932948][ T366] ? unix_compat_ioctl+0x10/0x10
[ 41.937719][ T366] sk_psock_verdict_data_ready+0x104/0x170
[ 41.943359][ T366] ? failover_event+0x330/0x330
[ 41.948050][ T366] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 41.953689][ T366] ? skb_queue_tail+0xdc/0x150
[ 41.958290][ T366] unix_dgram_sendmsg+0xc13/0x16d0
[ 41.963251][ T366] ? unix_dgram_connect+0xc70/0xc70
[ 41.968273][ T366] ? unix_dgram_connect+0xc70/0xc70
[ 41.973304][ T366] __sock_sendmsg+0xb5/0xf0
[ 41.977643][ T366] ____sys_sendmsg+0x3f3/0x990
[ 41.982244][ T366] ? kernel_sendmsg+0x30/0x30
[ 41.986758][ T366] ? do_recvmmsg+0x5a0/0x5a0
[ 41.991183][ T366] ? __kasan_check_read+0x11/0x20
[ 41.996131][ T366] ___sys_sendmsg+0xfc/0x190
[ 42.000560][ T366] ? sendmsg_copy_msghdr+0x110/0x110
[ 42.005675][ T366] ? handle_pte_fault+0x1a2/0x2180
[ 42.010627][ T366] ? __handle_mm_fault+0x4aa/0x1380
[ 42.015667][ T366] ? do_filp_open+0x1ab/0x3f0
[ 42.020172][ T366] ? __pmd_alloc+0x330/0x330
[ 42.024598][ T366] ? __fdget+0xe/0x10
[ 42.028421][ T366] ? sockfd_lookup_light+0x1c/0x150
[ 42.033454][ T366] __sys_sendmmsg+0x160/0x340
[ 42.037964][ T366] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 42.042827][ T366] ? branch_type+0x2e0/0x470
[ 42.047253][ T366] ? mutex_unlock+0x7e/0x240
[ 42.051690][ T366] ? mutex_trylock+0x260/0x260
[ 42.056280][ T366] ? vfs_write+0x2b2/0x8e0
[ 42.060531][ T366] ? __kasan_check_write+0x14/0x20
[ 42.065490][ T366] ? fput+0x17/0x30
[ 42.069123][ T366] ? __ia32_sys_read+0xa0/0xa0
[ 42.073723][ T366] ? debug_smp_processor_id+0x17/0x20
[ 42.078933][ T366] __x64_sys_sendmmsg+0x98/0xf0
[ 42.083791][ T366] ? syscall_exit_to_user_mode+0x2f/0x40
[ 42.089261][ T366] do_syscall_64+0x35/0xb0
[ 42.093514][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.099254][ T366] RIP: 0033:0x7fef51633ae9
[ 42.103502][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.123031][ T366] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.131267][ T366] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 42.139086][ T366] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.146889][ T366] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 42.154703][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.162513][ T366] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 42.170329][ T366]
[ 42.174711][ T365] ==================================================================
[ 42.182573][ T365] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 42.190818][ T365]
[ 42.192988][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 42.202626][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 42.212517][ T365] Call Trace:
[ 42.215647][ T365]
[ 42.218420][ T365] dump_stack_lvl+0x38/0x49
[ 42.222760][ T365] print_address_description.constprop.0+0x24/0x160
[ 42.229179][ T365] ? kmem_cache_free+0x105/0x250
[ 42.233953][ T365] kasan_report_invalid_free+0x75/0xa0
[ 42.239247][ T365] ? kmem_cache_free+0x105/0x250
[ 42.244026][ T365] __kasan_slab_free+0x134/0x150
[ 42.248795][ T365] slab_free_freelist_hook+0x94/0x1a0
[ 42.254007][ T365] ? kfree_skbmem+0x95/0x140
[ 42.258433][ T365] kmem_cache_free+0x105/0x250
[ 42.263036][ T365] kfree_skbmem+0x95/0x140
[ 42.267287][ T365] consume_skb+0xab/0x1d0
[ 42.271449][ T365] __sk_msg_free+0x267/0x4e0
[ 42.275878][ T365] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 42.281516][ T365] ? skb_dequeue+0x115/0x1a0
[ 42.285943][ T365] sk_psock_stop+0x3e4/0x600
[ 42.290370][ T365] ? __local_bh_enable_ip+0x28/0x60
[ 42.295404][ T365] ? xfrmi6_err+0x440/0x440
[ 42.299744][ T365] sock_map_close+0x253/0x310
[ 42.304259][ T365] ? sock_map_lookup+0x300/0x300
[ 42.309034][ T365] ? do_lock_file_wait+0x320/0x320
[ 42.313977][ T365] ? down_write_killable+0x2c0/0x2c0
[ 42.319098][ T365] unix_release+0x73/0xe0
[ 42.323267][ T365] __sock_release+0xc2/0x270
[ 42.327691][ T365] sock_close+0x10/0x20
[ 42.331686][ T365] __fput+0x317/0x960
[ 42.335503][ T365] ____fput+0x9/0x10
[ 42.339234][ T365] task_work_run+0xc2/0x150
[ 42.343581][ T365] exit_to_user_mode_prepare+0x140/0x150
[ 42.349046][ T365] syscall_exit_to_user_mode+0x21/0x40
[ 42.354336][ T365] do_syscall_64+0x42/0xb0
[ 42.358594][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.364319][ T365] RIP: 0033:0x7fef516329da
[ 42.368577][ T365] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.388015][ T365] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.396259][ T365] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 42.404083][ T365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.411879][ T365] RBP: 0000000000000032 R08: 0000001b31e60000 R09: 00007fef51752f8c
[ 42.419694][ T365] R10: 00007ffef58718a0 R11: 0000000000000293 R12: 00007fef511b80d0
[ 42.427503][ T365] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000a36a
[ 42.435327][ T365]
[ 42.438188][ T365]
[ 42.440354][ T365] Allocated by task 366:
[ 42.444434][ T365] kasan_save_stack+0x26/0x50
[ 42.448948][ T365] __kasan_slab_alloc+0x94/0xc0
[ 42.453633][ T365] kmem_cache_alloc+0x197/0x480
[ 42.458317][ T365] skb_clone+0x131/0x310
[ 42.462392][ T365] sk_psock_verdict_recv+0x4a/0x9e0
[ 42.467532][ T365] unix_read_sock+0xd8/0x200
[ 42.471958][ T365] sk_psock_verdict_data_ready+0x104/0x170
[ 42.477598][ T365] unix_dgram_sendmsg+0xc13/0x16d0
[ 42.482543][ T365] __sock_sendmsg+0xb5/0xf0
[ 42.486886][ T365] ____sys_sendmsg+0x3f3/0x990
[ 42.491491][ T365] ___sys_sendmsg+0xfc/0x190
[ 42.495941][ T365] __sys_sendmmsg+0x160/0x340
[ 42.500432][ T365] __x64_sys_sendmmsg+0x98/0xf0
[ 42.505116][ T365] do_syscall_64+0x35/0xb0
[ 42.509371][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.515095][ T365]
[ 42.517262][ T365] Freed by task 37:
[ 42.520905][ T365] kasan_save_stack+0x26/0x50
[ 42.525419][ T365] kasan_set_track+0x25/0x30
[ 42.529847][ T365] kasan_set_free_info+0x24/0x40
[ 42.534622][ T365] __kasan_slab_free+0x111/0x150
[ 42.539394][ T365] slab_free_freelist_hook+0x94/0x1a0
[ 42.544611][ T365] kmem_cache_free+0x105/0x250
[ 42.549200][ T365] kfree_skbmem+0x95/0x140
[ 42.553454][ T365] kfree_skb_reason+0xbb/0x2b0
[ 42.558054][ T365] kfree_skb+0xb/0x10
[ 42.561875][ T365] sk_psock_backlog+0x694/0xd00
[ 42.566561][ T365] process_one_work+0x62c/0xec0
[ 42.571420][ T365] worker_thread+0x48e/0xdb0
[ 42.575844][ T365] kthread+0x324/0x3e0
[ 42.579752][ T365] ret_from_fork+0x1f/0x30
[ 42.584005][ T365]
[ 42.586176][ T365] The buggy address belongs to the object at ffff88812189f780
[ 42.586176][ T365] which belongs to the cache skbuff_head_cache of size 240
[ 42.600583][ T365] The buggy address is located 0 bytes inside of
[ 42.600583][ T365] 240-byte region [ffff88812189f780, ffff88812189f870)
[ 42.613516][ T365] The buggy address belongs to the page:
[ 42.618986][ T365] page:ffffea00048627c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12189f
[ 42.629148][ T365] flags: 0x4000000000000200(slab|zone=1)
[ 42.634703][ T365] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 42.643120][ T365] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 42.651532][ T365] page dumped because: kasan: bad access detected
[ 42.657781][ T365] page_owner tracks the page as allocated
[ 42.663340][ T365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 361, ts 41840584298, free_ts 0
[ 42.678180][ T365] prep_new_page+0x1a2/0x310
[ 42.682601][ T365] get_page_from_freelist+0x1ce2/0x30a0
[ 42.687993][ T365] __alloc_pages+0x217/0x2330
[ 42.692510][ T365] allocate_slab+0x39d/0x530
[ 42.697007][ T365] ___slab_alloc.constprop.0+0x3ca/0x890
[ 42.702475][ T365] __slab_alloc.constprop.0+0x42/0x80
[ 42.707683][ T365] kmem_cache_alloc+0x440/0x480
[ 42.712369][ T365] __alloc_skb+0x14b/0x250
[ 42.716624][ T365] alloc_skb_with_frags+0x76/0x4a0
[ 42.721572][ T365] sock_alloc_send_pskb+0x68b/0x840
[ 42.726608][ T365] unix_dgram_sendmsg+0x33a/0x16d0
[ 42.731553][ T365] __sock_sendmsg+0xb5/0xf0
[ 42.735906][ T365] sock_write_iter+0x223/0x430
[ 42.740492][ T365] new_sync_write+0x49b/0x6d0
[ 42.745097][ T365] vfs_write+0x5cc/0x8e0
[ 42.749176][ T365] ksys_write+0x192/0x210
[ 42.753341][ T365] page_owner free stack trace missing
[ 42.758639][ T365]
[ 42.760803][ T365] Memory state around the buggy address:
[ 42.766276][ T365] ffff88812189f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.774333][ T365] ffff88812189f700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 42.782385][ T365] >ffff88812189f780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.790283][ T365] ^
[ 42.794188][ T365] ffff88812189f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 42.802262][ T365] ffff88812189f880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 42.810159][ T365] ==================================================================
[ 42.827491][ T369] FAULT_INJECTION: forcing a failure.
[ 42.827491][ T369] name failslab, interval 1, probability 0, space 0, times 0
[ 42.840247][ T369] CPU: 1 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 42.850027][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 42.859976][ T369] Call Trace:
[ 42.863059][ T369]
[ 42.865834][ T369] dump_stack_lvl+0x38/0x49
[ 42.870181][ T369] dump_stack+0x10/0x12
[ 42.874166][ T369] should_fail.cold+0x5/0xa
[ 42.878512][ T369] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 42.884158][ T369] __should_failslab+0xb6/0x100
[ 42.888844][ T369] should_failslab+0x9/0x20
[ 42.893182][ T369] kmem_cache_alloc_trace+0x3f/0x490
[ 42.898297][ T369] sk_psock_skb_ingress_self+0x52/0x3a0
[ 42.903763][ T369] sk_psock_verdict_recv+0x799/0x9e0
[ 42.908886][ T369] unix_read_sock+0xd8/0x200
[ 42.913313][ T369] ? sk_psock_tls_strp_read+0x360/0x360
[ 42.918873][ T369] ? unix_compat_ioctl+0x10/0x10
[ 42.923647][ T369] sk_psock_verdict_data_ready+0x104/0x170
[ 42.929895][ T369] ? failover_event+0x330/0x330
[ 42.939789][ T369] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 42.945432][ T369] ? skb_queue_tail+0xdc/0x150
[ 42.950212][ T369] unix_dgram_sendmsg+0xc13/0x16d0
[ 42.955174][ T369] ? unix_dgram_connect+0xc70/0xc70
[ 42.960188][ T369] ? unix_dgram_connect+0xc70/0xc70
[ 42.965396][ T369] __sock_sendmsg+0xb5/0xf0
[ 42.969743][ T369] ____sys_sendmsg+0x3f3/0x990
[ 42.974335][ T369] ? kernel_sendmsg+0x30/0x30
[ 42.978892][ T369] ? do_recvmmsg+0x5a0/0x5a0
[ 42.983273][ T369] ? __kasan_check_read+0x11/0x20
[ 42.988132][ T369] ___sys_sendmsg+0xfc/0x190
[ 42.992560][ T369] ? sendmsg_copy_msghdr+0x110/0x110
[ 42.997853][ T369] ? handle_pte_fault+0x1a2/0x2180
[ 43.002803][ T369] ? __handle_mm_fault+0x4aa/0x1380
[ 43.007933][ T369] ? do_filp_open+0x1ab/0x3f0
[ 43.012434][ T369] ? __pmd_alloc+0x330/0x330
[ 43.016863][ T369] ? __fdget+0xe/0x10
[ 43.020681][ T369] ? sockfd_lookup_light+0x1c/0x150
[ 43.025714][ T369] __sys_sendmmsg+0x160/0x340
[ 43.030239][ T369] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 43.035090][ T369] ? branch_type+0x2e0/0x470
[ 43.039515][ T369] ? mutex_unlock+0x7e/0x240
[ 43.043942][ T369] ? mutex_trylock+0x260/0x260
[ 43.048544][ T369] ? vfs_write+0x2b2/0x8e0
[ 43.052794][ T369] ? __kasan_check_write+0x14/0x20
[ 43.057742][ T369] ? fput+0x17/0x30
[ 43.061388][ T369] ? __ia32_sys_read+0xa0/0xa0
[ 43.065988][ T369] ? debug_smp_processor_id+0x17/0x20
[ 43.071196][ T369] __x64_sys_sendmmsg+0x98/0xf0
[ 43.075882][ T369] ? syscall_exit_to_user_mode+0x2f/0x40
[ 43.081351][ T369] do_syscall_64+0x35/0xb0
[ 43.085604][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.091333][ T369] RIP: 0033:0x7fef51633ae9
[ 43.095584][ T369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 43.115025][ T369] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 43.123278][ T369] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 43.131085][ T369] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 43.138897][ T369] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 43.146705][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 43.154603][ T369] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 43.162419][ T369]
[ 43.166902][ T368] ==================================================================
[ 43.174761][ T368] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 43.183008][ T368]
[ 43.185182][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 43.194810][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 43.204705][ T368] Call Trace:
[ 43.207832][ T368]
[ 43.210621][ T368] dump_stack_lvl+0x38/0x49
[ 43.214947][ T368] print_address_description.constprop.0+0x24/0x160
[ 43.221371][ T368] ? kmem_cache_free+0x105/0x250
[ 43.226152][ T368] kasan_report_invalid_free+0x75/0xa0
[ 43.231441][ T368] ? kmem_cache_free+0x105/0x250
[ 43.236211][ T368] __kasan_slab_free+0x134/0x150
[ 43.241000][ T368] slab_free_freelist_hook+0x94/0x1a0
[ 43.246192][ T368] ? kfree_skbmem+0x95/0x140
[ 43.250621][ T368] kmem_cache_free+0x105/0x250
[ 43.255221][ T368] kfree_skbmem+0x95/0x140
[ 43.259474][ T368] consume_skb+0xab/0x1d0
[ 43.263641][ T368] __sk_msg_free+0x267/0x4e0
[ 43.268067][ T368] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 43.273707][ T368] ? skb_dequeue+0x115/0x1a0
[ 43.278143][ T368] sk_psock_stop+0x3e4/0x600
[ 43.282561][ T368] ? __local_bh_enable_ip+0x28/0x60
[ 43.287594][ T368] ? xfrmi6_err+0x440/0x440
[ 43.291934][ T368] sock_map_close+0x253/0x310
[ 43.296542][ T368] ? sock_map_lookup+0x300/0x300
[ 43.301392][ T368] ? do_lock_file_wait+0x320/0x320
[ 43.306343][ T368] ? down_write_killable+0x2c0/0x2c0
[ 43.311462][ T368] unix_release+0x73/0xe0
[ 43.315628][ T368] __sock_release+0xc2/0x270
[ 43.320055][ T368] sock_close+0x10/0x20
[ 43.324054][ T368] __fput+0x317/0x960
[ 43.327867][ T368] ____fput+0x9/0x10
[ 43.331600][ T368] task_work_run+0xc2/0x150
[ 43.335939][ T368] exit_to_user_mode_prepare+0x140/0x150
[ 43.341406][ T368] syscall_exit_to_user_mode+0x21/0x40
[ 43.346699][ T368] do_syscall_64+0x42/0xb0
[ 43.350956][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.356683][ T368] RIP: 0033:0x7fef516329da
[ 43.360936][ T368] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.380374][ T368] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.388629][ T368] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 43.396433][ T368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.404244][ T368] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 43.412056][ T368] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000aa84
[ 43.419865][ T368] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000a743
[ 43.428201][ T368]
[ 43.431071][ T368]
[ 43.433235][ T368] Allocated by task 369:
[ 43.437311][ T368] kasan_save_stack+0x26/0x50
[ 43.441825][ T368] __kasan_slab_alloc+0x94/0xc0
[ 43.446512][ T368] kmem_cache_alloc+0x197/0x480
[ 43.451200][ T368] skb_clone+0x131/0x310
[ 43.455279][ T368] sk_psock_verdict_recv+0x4a/0x9e0
[ 43.460318][ T368] unix_read_sock+0xd8/0x200
[ 43.464743][ T368] sk_psock_verdict_data_ready+0x104/0x170
[ 43.470398][ T368] unix_dgram_sendmsg+0xc13/0x16d0
[ 43.475328][ T368] __sock_sendmsg+0xb5/0xf0
[ 43.479670][ T368] ____sys_sendmsg+0x3f3/0x990
[ 43.484268][ T368] ___sys_sendmsg+0xfc/0x190
[ 43.488691][ T368] __sys_sendmmsg+0x160/0x340
[ 43.493210][ T368] __x64_sys_sendmmsg+0x98/0xf0
[ 43.497981][ T368] do_syscall_64+0x35/0xb0
[ 43.502233][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.507960][ T368]
[ 43.510133][ T368] Freed by task 56:
[ 43.513775][ T368] kasan_save_stack+0x26/0x50
[ 43.518301][ T368] kasan_set_track+0x25/0x30
[ 43.522718][ T368] kasan_set_free_info+0x24/0x40
[ 43.527582][ T368] __kasan_slab_free+0x111/0x150
[ 43.532352][ T368] slab_free_freelist_hook+0x94/0x1a0
[ 43.537557][ T368] kmem_cache_free+0x105/0x250
[ 43.542158][ T368] kfree_skbmem+0x95/0x140
[ 43.546410][ T368] kfree_skb_reason+0xbb/0x2b0
[ 43.551012][ T368] kfree_skb+0xb/0x10
[ 43.554871][ T368] sk_psock_backlog+0x694/0xd00
[ 43.559532][ T368] process_one_work+0x62c/0xec0
[ 43.564222][ T368] worker_thread+0x48e/0xdb0
[ 43.568631][ T368] kthread+0x324/0x3e0
[ 43.572537][ T368] ret_from_fork+0x1f/0x30
[ 43.576789][ T368]
[ 43.578958][ T368] The buggy address belongs to the object at ffff888121973c80
[ 43.578958][ T368] which belongs to the cache skbuff_head_cache of size 240
[ 43.593460][ T368] The buggy address is located 0 bytes inside of
[ 43.593460][ T368] 240-byte region [ffff888121973c80, ffff888121973d70)
[ 43.606475][ T368] The buggy address belongs to the page:
[ 43.611943][ T368] page:ffffea0004865cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121973
[ 43.622006][ T368] flags: 0x4000000000000200(slab|zone=1)
[ 43.627487][ T368] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 43.635897][ T368] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.644425][ T368] page dumped because: kasan: bad access detected
[ 43.650658][ T368] page_owner tracks the page as allocated
[ 43.656211][ T368] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 361, ts 42826377677, free_ts 0
[ 43.671050][ T368] prep_new_page+0x1a2/0x310
[ 43.675473][ T368] get_page_from_freelist+0x1ce2/0x30a0
[ 43.680857][ T368] __alloc_pages+0x217/0x2330
[ 43.685365][ T368] allocate_slab+0x39d/0x530
[ 43.689792][ T368] ___slab_alloc.constprop.0+0x3ca/0x890
[ 43.695269][ T368] __slab_alloc.constprop.0+0x42/0x80
[ 43.700469][ T368] kmem_cache_alloc+0x440/0x480
[ 43.705164][ T368] __alloc_skb+0x14b/0x250
[ 43.709416][ T368] netlink_sendmsg+0x89f/0xd10
[ 43.714009][ T368] __sock_sendmsg+0xb5/0xf0
[ 43.718356][ T368] ____sys_sendmsg+0x694/0x990
[ 43.722946][ T368] ___sys_sendmsg+0xfc/0x190
[ 43.727381][ T368] __sys_sendmsg+0xc3/0x160
[ 43.731712][ T368] __x64_sys_sendmsg+0x73/0xb0
[ 43.736314][ T368] do_syscall_64+0x35/0xb0
[ 43.740574][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.746295][ T368] page_owner free stack trace missing
[ 43.751505][ T368]
[ 43.753671][ T368] Memory state around the buggy address:
[ 43.759145][ T368] ffff888121973b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.767044][ T368] ffff888121973c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 43.774939][ T368] >ffff888121973c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.782841][ T368] ^
[ 43.786742][ T368] ffff888121973d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 43.794640][ T368] ffff888121973d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.802625][ T368] ==================================================================
[ 43.819001][ T371] FAULT_INJECTION: forcing a failure.
[ 43.819001][ T371] name failslab, interval 1, probability 0, space 0, times 0
[ 43.831491][ T371] CPU: 0 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 43.841103][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 43.851108][ T371] Call Trace:
[ 43.854334][ T371]
[ 43.857138][ T371] dump_stack_lvl+0x38/0x49
[ 43.861443][ T371] dump_stack+0x10/0x12
[ 43.865437][ T371] should_fail.cold+0x5/0xa
[ 43.869804][ T371] ? skb_clone+0x131/0x310
[ 43.874041][ T371] __should_failslab+0xb6/0x100
[ 43.878719][ T371] should_failslab+0x9/0x20
[ 43.883066][ T371] kmem_cache_alloc+0x40/0x480
[ 43.887655][ T371] ? avc_has_perm_noaudit+0x200/0x200
[ 43.892868][ T371] skb_clone+0x131/0x310
[ 43.896941][ T371] sk_psock_verdict_recv+0x4a/0x9e0
[ 43.901999][ T371] unix_read_sock+0xd8/0x200
[ 43.906402][ T371] ? sk_psock_tls_strp_read+0x360/0x360
[ 43.911782][ T371] ? unix_compat_ioctl+0x10/0x10
[ 43.916559][ T371] sk_psock_verdict_data_ready+0x104/0x170
[ 43.922197][ T371] ? failover_event+0x330/0x330
[ 43.926882][ T371] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 43.932524][ T371] ? skb_queue_tail+0xdc/0x150
[ 43.937126][ T371] unix_dgram_sendmsg+0xc13/0x16d0
[ 43.942084][ T371] ? unix_dgram_connect+0xc70/0xc70
[ 43.947111][ T371] ? unix_dgram_connect+0xc70/0xc70
[ 43.952151][ T371] __sock_sendmsg+0xb5/0xf0
[ 43.956481][ T371] ____sys_sendmsg+0x3f3/0x990
[ 43.961090][ T371] ? kernel_sendmsg+0x30/0x30
[ 43.965595][ T371] ? do_recvmmsg+0x5a0/0x5a0
[ 43.970023][ T371] ? __kasan_check_read+0x11/0x20
[ 43.974886][ T371] ___sys_sendmsg+0xfc/0x190
[ 43.979307][ T371] ? sendmsg_copy_msghdr+0x110/0x110
[ 43.984427][ T371] ? handle_pte_fault+0x1a2/0x2180
[ 43.989388][ T371] ? __handle_mm_fault+0x4aa/0x1380
[ 43.994411][ T371] ? do_filp_open+0x1ab/0x3f0
[ 43.998932][ T371] ? __pmd_alloc+0x330/0x330
[ 44.003351][ T371] ? __fdget+0xe/0x10
[ 44.007194][ T371] ? sockfd_lookup_light+0x1c/0x150
[ 44.012224][ T371] __sys_sendmmsg+0x160/0x340
[ 44.016717][ T371] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 44.021691][ T371] ? branch_type+0x2e0/0x470
[ 44.026117][ T371] ? mutex_unlock+0x7e/0x240
[ 44.030544][ T371] ? mutex_trylock+0x260/0x260
[ 44.035143][ T371] ? vfs_write+0x2b2/0x8e0
[ 44.039395][ T371] ? __kasan_check_write+0x14/0x20
[ 44.044344][ T371] ? fput+0x17/0x30
[ 44.047987][ T371] ? __ia32_sys_read+0xa0/0xa0
[ 44.052587][ T371] ? debug_smp_processor_id+0x17/0x20
[ 44.057804][ T371] __x64_sys_sendmmsg+0x98/0xf0
[ 44.062484][ T371] ? syscall_exit_to_user_mode+0x2f/0x40
[ 44.067954][ T371] do_syscall_64+0x35/0xb0
[ 44.072204][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.077930][ T371] RIP: 0033:0x7fef51633ae9
[ 44.082188][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.101626][ T371] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.109871][ T371] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 44.117681][ T371] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.125492][ T371] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 44.133305][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.141205][ T371] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 44.149057][ T371]
[ 44.160759][ T374] FAULT_INJECTION: forcing a failure.
[ 44.160759][ T374] name failslab, interval 1, probability 0, space 0, times 0
[ 44.173265][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 44.182787][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 44.192681][ T374] Call Trace:
[ 44.195805][ T374]
[ 44.198584][ T374] dump_stack_lvl+0x38/0x49
[ 44.202933][ T374] dump_stack+0x10/0x12
[ 44.206921][ T374] should_fail.cold+0x5/0xa
[ 44.211259][ T374] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 44.216808][ T374] __should_failslab+0xb6/0x100
[ 44.221495][ T374] should_failslab+0x9/0x20
[ 44.225854][ T374] kmem_cache_alloc_trace+0x3f/0x490
[ 44.230961][ T374] sk_psock_skb_ingress_self+0x52/0x3a0
[ 44.236337][ T374] sk_psock_verdict_recv+0x799/0x9e0
[ 44.241458][ T374] unix_read_sock+0xd8/0x200
[ 44.245887][ T374] ? sk_psock_tls_strp_read+0x360/0x360
[ 44.251265][ T374] ? unix_compat_ioctl+0x10/0x10
[ 44.256040][ T374] sk_psock_verdict_data_ready+0x104/0x170
[ 44.261684][ T374] ? failover_event+0x330/0x330
[ 44.266369][ T374] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 44.272009][ T374] ? skb_queue_tail+0xdc/0x150
[ 44.276612][ T374] unix_dgram_sendmsg+0xc13/0x16d0
[ 44.281561][ T374] ? unix_dgram_connect+0xc70/0xc70
[ 44.286592][ T374] ? unix_dgram_connect+0xc70/0xc70
[ 44.291628][ T374] __sock_sendmsg+0xb5/0xf0
[ 44.295973][ T374] ____sys_sendmsg+0x3f3/0x990
[ 44.300565][ T374] ? kernel_sendmsg+0x30/0x30
[ 44.305079][ T374] ? do_recvmmsg+0x5a0/0x5a0
[ 44.309507][ T374] ? __kasan_check_read+0x11/0x20
[ 44.314370][ T374] ___sys_sendmsg+0xfc/0x190
[ 44.318791][ T374] ? sendmsg_copy_msghdr+0x110/0x110
[ 44.323912][ T374] ? handle_pte_fault+0x1a2/0x2180
[ 44.328863][ T374] ? __handle_mm_fault+0x4aa/0x1380
[ 44.333907][ T374] ? do_filp_open+0x1ab/0x3f0
[ 44.338408][ T374] ? __pmd_alloc+0x330/0x330
[ 44.342835][ T374] ? __fdget+0xe/0x10
[ 44.346651][ T374] ? sockfd_lookup_light+0x1c/0x150
[ 44.351685][ T374] __sys_sendmmsg+0x160/0x340
[ 44.356201][ T374] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 44.361066][ T374] ? branch_type+0x2e0/0x470
[ 44.365485][ T374] ? mutex_unlock+0x7e/0x240
[ 44.369912][ T374] ? mutex_trylock+0x260/0x260
[ 44.374512][ T374] ? vfs_write+0x2b2/0x8e0
[ 44.378765][ T374] ? __kasan_check_write+0x14/0x20
[ 44.383711][ T374] ? fput+0x17/0x30
[ 44.387387][ T374] ? __ia32_sys_read+0xa0/0xa0
[ 44.391959][ T374] ? debug_smp_processor_id+0x17/0x20
[ 44.397166][ T374] __x64_sys_sendmmsg+0x98/0xf0
[ 44.401854][ T374] ? syscall_exit_to_user_mode+0x2f/0x40
[ 44.407320][ T374] do_syscall_64+0x35/0xb0
[ 44.411572][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.417303][ T374] RIP: 0033:0x7fef51633ae9
[ 44.421555][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.441020][ T374] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.449247][ T374] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 44.457061][ T374] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.464872][ T374] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 44.472675][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.480489][ T374] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 44.488356][ T374]
[ 44.493045][ T373] ==================================================================
[ 44.500902][ T373] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 44.509156][ T373]
[ 44.511318][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 44.520951][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 44.530844][ T373] Call Trace:
[ 44.533970][ T373]
[ 44.536748][ T373] dump_stack_lvl+0x38/0x49
[ 44.541181][ T373] print_address_description.constprop.0+0x24/0x160
[ 44.547606][ T373] ? kmem_cache_free+0x105/0x250
[ 44.552376][ T373] kasan_report_invalid_free+0x75/0xa0
[ 44.557672][ T373] ? kmem_cache_free+0x105/0x250
[ 44.562617][ T373] __kasan_slab_free+0x134/0x150
[ 44.567391][ T373] slab_free_freelist_hook+0x94/0x1a0
[ 44.572598][ T373] ? kfree_skbmem+0x95/0x140
[ 44.577027][ T373] kmem_cache_free+0x105/0x250
[ 44.581625][ T373] kfree_skbmem+0x95/0x140
[ 44.585888][ T373] consume_skb+0xab/0x1d0
[ 44.590046][ T373] __sk_msg_free+0x267/0x4e0
[ 44.594473][ T373] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 44.600201][ T373] ? skb_dequeue+0x115/0x1a0
[ 44.604625][ T373] sk_psock_stop+0x3e4/0x600
[ 44.609054][ T373] ? __local_bh_enable_ip+0x28/0x60
[ 44.614099][ T373] ? xfrmi6_err+0x440/0x440
[ 44.618431][ T373] sock_map_close+0x253/0x310
[ 44.622945][ T373] ? sock_map_lookup+0x300/0x300
[ 44.627715][ T373] ? do_lock_file_wait+0x320/0x320
[ 44.632662][ T373] ? down_write_killable+0x2c0/0x2c0
[ 44.637874][ T373] unix_release+0x73/0xe0
[ 44.642090][ T373] __sock_release+0xc2/0x270
[ 44.646469][ T373] sock_close+0x10/0x20
[ 44.650453][ T373] __fput+0x317/0x960
[ 44.654283][ T373] ____fput+0x9/0x10
[ 44.658006][ T373] task_work_run+0xc2/0x150
[ 44.662343][ T373] exit_to_user_mode_prepare+0x140/0x150
[ 44.667811][ T373] syscall_exit_to_user_mode+0x21/0x40
[ 44.673107][ T373] do_syscall_64+0x42/0xb0
[ 44.677363][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.683090][ T373] RIP: 0033:0x7fef516329da
[ 44.687344][ T373] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.706796][ T373] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.715113][ T373] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 44.723059][ T373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.730843][ T373] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 44.738650][ T373] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000afba
[ 44.746463][ T373] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000ac79
[ 44.754275][ T373]
[ 44.757136][ T373]
[ 44.759308][ T373] Allocated by task 374:
[ 44.763387][ T373] kasan_save_stack+0x26/0x50
[ 44.767897][ T373] __kasan_slab_alloc+0x94/0xc0
[ 44.772585][ T373] kmem_cache_alloc+0x197/0x480
[ 44.777273][ T373] skb_clone+0x131/0x310
[ 44.781349][ T373] sk_psock_verdict_recv+0x4a/0x9e0
[ 44.786386][ T373] unix_read_sock+0xd8/0x200
[ 44.790814][ T373] sk_psock_verdict_data_ready+0x104/0x170
[ 44.796455][ T373] unix_dgram_sendmsg+0xc13/0x16d0
[ 44.801401][ T373] __sock_sendmsg+0xb5/0xf0
[ 44.805741][ T373] ____sys_sendmsg+0x3f3/0x990
[ 44.810341][ T373] ___sys_sendmsg+0xfc/0x190
[ 44.814766][ T373] __sys_sendmmsg+0x160/0x340
[ 44.819281][ T373] __x64_sys_sendmmsg+0x98/0xf0
[ 44.824080][ T373] do_syscall_64+0x35/0xb0
[ 44.828307][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.834037][ T373]
[ 44.836205][ T373] Freed by task 306:
[ 44.839937][ T373] kasan_save_stack+0x26/0x50
[ 44.844455][ T373] kasan_set_track+0x25/0x30
[ 44.848876][ T373] kasan_set_free_info+0x24/0x40
[ 44.853649][ T373] __kasan_slab_free+0x111/0x150
[ 44.858430][ T373] slab_free_freelist_hook+0x94/0x1a0
[ 44.863629][ T373] kmem_cache_free+0x105/0x250
[ 44.868230][ T373] kfree_skbmem+0x95/0x140
[ 44.872484][ T373] kfree_skb_reason+0xbb/0x2b0
[ 44.877082][ T373] kfree_skb+0xb/0x10
[ 44.880904][ T373] sk_psock_backlog+0x694/0xd00
[ 44.885589][ T373] process_one_work+0x62c/0xec0
[ 44.890285][ T373] worker_thread+0x48e/0xdb0
[ 44.894709][ T373] kthread+0x324/0x3e0
[ 44.898608][ T373] ret_from_fork+0x1f/0x30
[ 44.902860][ T373]
[ 44.905032][ T373] The buggy address belongs to the object at ffff8881218a8500
[ 44.905032][ T373] which belongs to the cache skbuff_head_cache of size 240
[ 44.919583][ T373] The buggy address is located 0 bytes inside of
[ 44.919583][ T373] 240-byte region [ffff8881218a8500, ffff8881218a85f0)
[ 44.932585][ T373] The buggy address belongs to the page:
[ 44.938054][ T373] page:ffffea0004862a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1218a8
[ 44.948123][ T373] flags: 0x4000000000000200(slab|zone=1)
[ 44.953603][ T373] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 44.962095][ T373] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 44.970514][ T373] page dumped because: kasan: bad access detected
[ 44.976851][ T373] page_owner tracks the page as allocated
[ 44.982402][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 306, ts 43810757098, free_ts 43810735580
[ 44.998202][ T373] prep_new_page+0x1a2/0x310
[ 45.002629][ T373] get_page_from_freelist+0x1ce2/0x30a0
[ 45.008018][ T373] __alloc_pages+0x217/0x2330
[ 45.012522][ T373] allocate_slab+0x39d/0x530
[ 45.016947][ T373] ___slab_alloc.constprop.0+0x3ca/0x890
[ 45.022417][ T373] __slab_alloc.constprop.0+0x42/0x80
[ 45.027625][ T373] kmem_cache_alloc+0x440/0x480
[ 45.032312][ T373] __alloc_skb+0x14b/0x250
[ 45.036565][ T373] alloc_skb_with_frags+0x76/0x4a0
[ 45.041513][ T373] sock_alloc_send_pskb+0x68b/0x840
[ 45.046547][ T373] sock_alloc_send_skb+0x13/0x20
[ 45.051326][ T373] mld_newpack.isra.0+0x1ae/0x8f0
[ 45.056180][ T373] add_grhead+0x265/0x350
[ 45.060344][ T373] add_grec+0xb4d/0xdf0
[ 45.064338][ T373] mld_send_initial_cr.part.0.isra.0+0x57/0xa0
[ 45.070326][ T373] mld_dad_work+0x171/0x550
[ 45.074665][ T373] page last free stack trace:
[ 45.079178][ T373] free_pcp_prepare+0x1b6/0x4c0
[ 45.083869][ T373] free_unref_page+0x84/0x790
[ 45.088385][ T373] __free_pages+0xd7/0xf0
[ 45.092545][ T373] __vunmap+0x4b2/0x7b0
[ 45.096551][ T373] __vfree+0x21/0x90
[ 45.100276][ T373] vfree+0x27/0x40
[ 45.103834][ T373] bpf_jit_free+0x120/0x260
[ 45.108255][ T373] bpf_prog_free_deferred+0x594/0x7a0
[ 45.113461][ T373] process_one_work+0x62c/0xec0
[ 45.118150][ T373] worker_thread+0x48e/0xdb0
[ 45.122579][ T373] kthread+0x324/0x3e0
[ 45.126483][ T373] ret_from_fork+0x1f/0x30
[ 45.130744][ T373]
[ 45.132985][ T373] Memory state around the buggy address:
2023/11/12 14:08:09 executed programs: 5
[ 45.138471][ T373] ffff8881218a8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.146367][ T373] ffff8881218a8480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 45.154267][ T373] >ffff8881218a8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.162177][ T373] ^
[ 45.166071][ T373] ffff8881218a8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 45.173977][ T373] ffff8881218a8600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.181862][ T373] ==================================================================
[ 45.214883][ T377] FAULT_INJECTION: forcing a failure.
[ 45.214883][ T377] name failslab, interval 1, probability 0, space 0, times 0
[ 45.227429][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 45.237017][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 45.246925][ T377] Call Trace:
[ 45.250036][ T377]
[ 45.252814][ T377] dump_stack_lvl+0x38/0x49
[ 45.257156][ T377] dump_stack+0x10/0x12
[ 45.261143][ T377] should_fail.cold+0x5/0xa
[ 45.265484][ T377] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 45.271040][ T377] __should_failslab+0xb6/0x100
[ 45.275723][ T377] should_failslab+0x9/0x20
[ 45.280067][ T377] kmem_cache_alloc_trace+0x3f/0x490
[ 45.285187][ T377] sk_psock_skb_ingress_self+0x52/0x3a0
[ 45.290567][ T377] sk_psock_verdict_recv+0x799/0x9e0
[ 45.295689][ T377] unix_read_sock+0xd8/0x200
[ 45.300115][ T377] ? sk_psock_tls_strp_read+0x360/0x360
[ 45.305494][ T377] ? unix_compat_ioctl+0x10/0x10
[ 45.310270][ T377] sk_psock_verdict_data_ready+0x104/0x170
[ 45.315909][ T377] ? failover_event+0x330/0x330
[ 45.320596][ T377] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 45.326242][ T377] ? skb_queue_tail+0xdc/0x150
[ 45.330839][ T377] unix_dgram_sendmsg+0xc13/0x16d0
[ 45.335789][ T377] ? unix_dgram_connect+0xc70/0xc70
[ 45.340821][ T377] ? unix_dgram_connect+0xc70/0xc70
[ 45.345875][ T377] __sock_sendmsg+0xb5/0xf0
[ 45.350194][ T377] ____sys_sendmsg+0x3f3/0x990
[ 45.354793][ T377] ? kernel_sendmsg+0x30/0x30
[ 45.359308][ T377] ? do_recvmmsg+0x5a0/0x5a0
[ 45.363748][ T377] ? __kasan_check_read+0x11/0x20
[ 45.368599][ T377] ___sys_sendmsg+0xfc/0x190
[ 45.373113][ T377] ? sendmsg_copy_msghdr+0x110/0x110
[ 45.378230][ T377] ? handle_pte_fault+0x1a2/0x2180
[ 45.383263][ T377] ? __handle_mm_fault+0x4aa/0x1380
[ 45.388296][ T377] ? do_filp_open+0x1ab/0x3f0
[ 45.392813][ T377] ? __pmd_alloc+0x330/0x330
[ 45.397239][ T377] ? __fdget+0xe/0x10
[ 45.401055][ T377] ? sockfd_lookup_light+0x1c/0x150
[ 45.406087][ T377] __sys_sendmmsg+0x160/0x340
[ 45.410604][ T377] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 45.415464][ T377] ? branch_type+0x2e0/0x470
[ 45.419887][ T377] ? mutex_unlock+0x7e/0x240
[ 45.424314][ T377] ? mutex_trylock+0x260/0x260
[ 45.428916][ T377] ? vfs_write+0x2b2/0x8e0
[ 45.433167][ T377] ? __kasan_check_write+0x14/0x20
[ 45.438113][ T377] ? fput+0x17/0x30
[ 45.441761][ T377] ? __ia32_sys_read+0xa0/0xa0
[ 45.446369][ T377] ? debug_smp_processor_id+0x17/0x20
[ 45.451568][ T377] __x64_sys_sendmmsg+0x98/0xf0
[ 45.456259][ T377] ? syscall_exit_to_user_mode+0x2f/0x40
[ 45.461726][ T377] do_syscall_64+0x35/0xb0
[ 45.465977][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.471705][ T377] RIP: 0033:0x7fef51633ae9
[ 45.475958][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.495401][ T377] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.503644][ T377] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 45.511543][ T377] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.519439][ T377] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 45.527252][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.535063][ T377] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 45.542880][ T377]
[ 45.547074][ T29] kauditd_printk_skb: 3 callbacks suppressed
[ 45.547080][ T29] audit: type=1400 audit(1699798089.497:167): avc: denied { remove_name } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 45.547842][ T376] ==================================================================
[ 45.552881][ T29] audit: type=1400 audit(1699798089.497:168): avc: denied { rename } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.575012][ T376] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 45.575028][ T376]
[ 45.575033][ T376] CPU: 1 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 45.575040][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 45.575044][ T376] Call Trace:
[ 45.575048][ T376]
[ 45.575052][ T376] dump_stack_lvl+0x38/0x49
[ 45.575060][ T376] print_address_description.constprop.0+0x24/0x160
[ 45.575066][ T376] ? kmem_cache_free+0x105/0x250
[ 45.575072][ T376] kasan_report_invalid_free+0x75/0xa0
[ 45.575077][ T376] ? kmem_cache_free+0x105/0x250
[ 45.575083][ T376] __kasan_slab_free+0x134/0x150
[ 45.575089][ T376] slab_free_freelist_hook+0x94/0x1a0
[ 45.575097][ T376] ? kfree_skbmem+0x95/0x140
[ 45.575104][ T376] kmem_cache_free+0x105/0x250
[ 45.575113][ T376] kfree_skbmem+0x95/0x140
[ 45.575118][ T376] consume_skb+0xab/0x1d0
[ 45.575125][ T376] __sk_msg_free+0x267/0x4e0
[ 45.575132][ T376] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 45.583990][ T29] audit: type=1400 audit(1699798089.497:169): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.604692][ T376] ? skb_dequeue+0x115/0x1a0
[ 45.604708][ T376] sk_psock_stop+0x3e4/0x600
[ 45.604717][ T376] ? __local_bh_enable_ip+0x28/0x60
[ 45.604726][ T376] ? xfrmi6_err+0x440/0x440
[ 45.604734][ T376] sock_map_close+0x253/0x310
[ 45.604740][ T376] ? sock_map_lookup+0x300/0x300
[ 45.604745][ T376] ? do_lock_file_wait+0x320/0x320
[ 45.604754][ T376] ? down_write_killable+0x2c0/0x2c0
[ 45.761434][ T376] unix_release+0x73/0xe0
[ 45.765601][ T376] __sock_release+0xc2/0x270
[ 45.770025][ T376] sock_close+0x10/0x20
[ 45.774016][ T376] __fput+0x317/0x960
[ 45.777835][ T376] ____fput+0x9/0x10
[ 45.781568][ T376] task_work_run+0xc2/0x150
[ 45.785907][ T376] exit_to_user_mode_prepare+0x140/0x150
[ 45.791376][ T376] syscall_exit_to_user_mode+0x21/0x40
[ 45.796670][ T376] do_syscall_64+0x42/0xb0
[ 45.800920][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.806651][ T376] RIP: 0033:0x7fef516329da
[ 45.810906][ T376] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.830347][ T376] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.838589][ T376] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 45.846402][ T376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.854215][ T376] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 45.862024][ T376] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b3d7
[ 45.869835][ T376] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000b096
[ 45.877649][ T376]
[ 45.880511][ T376]
[ 45.882684][ T376] Allocated by task 377:
[ 45.886760][ T376] kasan_save_stack+0x26/0x50
[ 45.891274][ T376] __kasan_slab_alloc+0x94/0xc0
[ 45.895961][ T376] kmem_cache_alloc+0x197/0x480
[ 45.900645][ T376] skb_clone+0x131/0x310
[ 45.904728][ T376] sk_psock_verdict_recv+0x4a/0x9e0
[ 45.909762][ T376] unix_read_sock+0xd8/0x200
[ 45.914184][ T376] sk_psock_verdict_data_ready+0x104/0x170
[ 45.919828][ T376] unix_dgram_sendmsg+0xc13/0x16d0
[ 45.924775][ T376] __sock_sendmsg+0xb5/0xf0
[ 45.929115][ T376] ____sys_sendmsg+0x3f3/0x990
[ 45.933715][ T376] ___sys_sendmsg+0xfc/0x190
[ 45.938141][ T376] __sys_sendmmsg+0x160/0x340
[ 45.942655][ T376] __x64_sys_sendmmsg+0x98/0xf0
[ 45.947340][ T376] do_syscall_64+0x35/0xb0
[ 45.951593][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.957324][ T376]
[ 45.959495][ T376] Freed by task 37:
[ 45.963314][ T376] kasan_save_stack+0x26/0x50
[ 45.967826][ T376] kasan_set_track+0x25/0x30
[ 45.972252][ T376] kasan_set_free_info+0x24/0x40
[ 45.977026][ T376] __kasan_slab_free+0x111/0x150
[ 45.981805][ T376] slab_free_freelist_hook+0x94/0x1a0
[ 45.987008][ T376] kmem_cache_free+0x105/0x250
[ 45.991608][ T376] kfree_skbmem+0x95/0x140
[ 45.995948][ T376] kfree_skb_reason+0xbb/0x2b0
[ 46.000546][ T376] kfree_skb+0xb/0x10
[ 46.004370][ T376] sk_psock_backlog+0x694/0xd00
[ 46.009051][ T376] process_one_work+0x62c/0xec0
[ 46.013740][ T376] worker_thread+0x48e/0xdb0
[ 46.018167][ T376] kthread+0x324/0x3e0
[ 46.022089][ T376] ret_from_fork+0x1f/0x30
[ 46.026325][ T376]
[ 46.028495][ T376] The buggy address belongs to the object at ffff888103988640
[ 46.028495][ T376] which belongs to the cache skbuff_head_cache of size 240
[ 46.042937][ T376] The buggy address is located 0 bytes inside of
[ 46.042937][ T376] 240-byte region [ffff888103988640, ffff888103988730)
[ 46.055838][ T376] The buggy address belongs to the page:
[ 46.061304][ T376] page:ffffea00040e6200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103988
[ 46.071371][ T376] flags: 0x4000000000000200(slab|zone=1)
[ 46.076842][ T376] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 46.085259][ T376] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.093770][ T376] page dumped because: kasan: bad access detected
[ 46.100021][ T376] page_owner tracks the page as allocated
[ 46.105567][ T376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 45193035664, free_ts 45191309063
[ 46.121364][ T376] prep_new_page+0x1a2/0x310
[ 46.125790][ T376] get_page_from_freelist+0x1ce2/0x30a0
[ 46.131173][ T376] __alloc_pages+0x217/0x2330
[ 46.135685][ T376] allocate_slab+0x39d/0x530
[ 46.140112][ T376] ___slab_alloc.constprop.0+0x3ca/0x890
[ 46.145580][ T376] __slab_alloc.constprop.0+0x42/0x80
[ 46.150797][ T376] kmem_cache_alloc+0x440/0x480
[ 46.155475][ T376] __alloc_skb+0x14b/0x250
[ 46.159727][ T376] alloc_skb_with_frags+0x76/0x4a0
[ 46.164672][ T376] sock_alloc_send_pskb+0x68b/0x840
[ 46.169707][ T376] unix_dgram_sendmsg+0x33a/0x16d0
[ 46.174663][ T376] __sock_sendmsg+0xb5/0xf0
[ 46.178992][ T376] __sys_sendto+0x1e3/0x2f0
[ 46.183334][ T376] __x64_sys_sendto+0xdc/0x1a0
[ 46.187940][ T376] do_syscall_64+0x35/0xb0
[ 46.192186][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.197918][ T376] page last free stack trace:
[ 46.202431][ T376] free_pcp_prepare+0x1b6/0x4c0
[ 46.207119][ T376] free_unref_page+0x84/0x790
[ 46.211628][ T376] __free_pages+0xd7/0xf0
[ 46.215792][ T376] __vunmap+0x4b2/0x7b0
[ 46.219786][ T376] free_work+0x51/0x70
[ 46.223698][ T376] process_one_work+0x62c/0xec0
[ 46.228380][ T376] worker_thread+0x48e/0xdb0
[ 46.232806][ T376] kthread+0x324/0x3e0
[ 46.236718][ T376] ret_from_fork+0x1f/0x30
[ 46.240966][ T376]
[ 46.243136][ T376] Memory state around the buggy address:
[ 46.248697][ T376] ffff888103988500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.256677][ T376] ffff888103988580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 46.264584][ T376] >ffff888103988600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.272470][ T376] ^
[ 46.278461][ T376] ffff888103988680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.286362][ T376] ffff888103988700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 46.294255][ T376] ==================================================================
[ 46.310017][ T380] FAULT_INJECTION: forcing a failure.
[ 46.310017][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 46.322595][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 46.332182][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 46.342083][ T380] Call Trace:
[ 46.345203][ T380]
[ 46.347982][ T380] dump_stack_lvl+0x38/0x49
[ 46.352320][ T380] dump_stack+0x10/0x12
[ 46.356313][ T380] should_fail.cold+0x5/0xa
[ 46.360651][ T380] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 46.366210][ T380] __should_failslab+0xb6/0x100
[ 46.370896][ T380] should_failslab+0x9/0x20
[ 46.375233][ T380] kmem_cache_alloc_trace+0x3f/0x490
[ 46.380355][ T380] sk_psock_skb_ingress_self+0x52/0x3a0
[ 46.385739][ T380] sk_psock_verdict_recv+0x799/0x9e0
[ 46.390860][ T380] unix_read_sock+0xd8/0x200
[ 46.395282][ T380] ? sk_psock_tls_strp_read+0x360/0x360
[ 46.400664][ T380] ? unix_compat_ioctl+0x10/0x10
[ 46.405528][ T380] sk_psock_verdict_data_ready+0x104/0x170
[ 46.411169][ T380] ? failover_event+0x330/0x330
[ 46.415855][ T380] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 46.421505][ T380] ? skb_queue_tail+0xdc/0x150
[ 46.426096][ T380] unix_dgram_sendmsg+0xc13/0x16d0
[ 46.431049][ T380] ? unix_dgram_connect+0xc70/0xc70
[ 46.436077][ T380] ? unix_dgram_connect+0xc70/0xc70
[ 46.441116][ T380] __sock_sendmsg+0xb5/0xf0
[ 46.445457][ T380] ____sys_sendmsg+0x3f3/0x990
[ 46.450049][ T380] ? kernel_sendmsg+0x30/0x30
[ 46.454574][ T380] ? do_recvmmsg+0x5a0/0x5a0
[ 46.458990][ T380] ? __kasan_check_read+0x11/0x20
[ 46.463853][ T380] ___sys_sendmsg+0xfc/0x190
[ 46.468280][ T380] ? sendmsg_copy_msghdr+0x110/0x110
[ 46.473395][ T380] ? handle_pte_fault+0x1a2/0x2180
[ 46.478457][ T380] ? __handle_mm_fault+0x4aa/0x1380
[ 46.483495][ T380] ? do_filp_open+0x1ab/0x3f0
[ 46.488000][ T380] ? __pmd_alloc+0x330/0x330
[ 46.492433][ T380] ? __fdget+0xe/0x10
[ 46.496243][ T380] ? sockfd_lookup_light+0x1c/0x150
[ 46.501279][ T380] __sys_sendmmsg+0x160/0x340
[ 46.505792][ T380] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 46.510655][ T380] ? branch_type+0x2e0/0x470
[ 46.515081][ T380] ? mutex_unlock+0x7e/0x240
[ 46.519507][ T380] ? mutex_trylock+0x260/0x260
[ 46.524105][ T380] ? vfs_write+0x2b2/0x8e0
[ 46.528357][ T380] ? __kasan_check_write+0x14/0x20
[ 46.533307][ T380] ? fput+0x17/0x30
[ 46.536951][ T380] ? __ia32_sys_read+0xa0/0xa0
[ 46.541549][ T380] ? debug_smp_processor_id+0x17/0x20
[ 46.546759][ T380] __x64_sys_sendmmsg+0x98/0xf0
[ 46.551443][ T380] ? syscall_exit_to_user_mode+0x2f/0x40
[ 46.556913][ T380] do_syscall_64+0x35/0xb0
[ 46.561164][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.566985][ T380] RIP: 0033:0x7fef51633ae9
[ 46.571238][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.591109][ T380] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.599441][ T380] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 46.607252][ T380] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.615175][ T380] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 46.622986][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.631153][ T380] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 46.638957][ T380]
[ 46.642192][ T379] ==================================================================
[ 46.650074][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 46.658480][ T379]
[ 46.660630][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 46.670267][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 46.680293][ T379] Call Trace:
[ 46.683419][ T379]
[ 46.686201][ T379] dump_stack_lvl+0x38/0x49
[ 46.690535][ T379] print_address_description.constprop.0+0x24/0x160
[ 46.696953][ T379] ? kmem_cache_free+0x105/0x250
[ 46.701727][ T379] kasan_report_invalid_free+0x75/0xa0
[ 46.707107][ T379] ? kmem_cache_free+0x105/0x250
[ 46.711883][ T379] __kasan_slab_free+0x134/0x150
[ 46.716655][ T379] slab_free_freelist_hook+0x94/0x1a0
[ 46.721870][ T379] ? kfree_skbmem+0x95/0x140
[ 46.726291][ T379] kmem_cache_free+0x105/0x250
[ 46.730906][ T379] kfree_skbmem+0x95/0x140
[ 46.735143][ T379] consume_skb+0xab/0x1d0
[ 46.739308][ T379] __sk_msg_free+0x267/0x4e0
[ 46.743737][ T379] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 46.749386][ T379] ? skb_dequeue+0x115/0x1a0
[ 46.753800][ T379] sk_psock_stop+0x3e4/0x600
[ 46.758232][ T379] ? __local_bh_enable_ip+0x28/0x60
[ 46.763265][ T379] ? xfrmi6_err+0x440/0x440
[ 46.767602][ T379] sock_map_close+0x253/0x310
[ 46.772114][ T379] ? sock_map_lookup+0x300/0x300
[ 46.776890][ T379] ? do_lock_file_wait+0x320/0x320
[ 46.781835][ T379] ? down_write_killable+0x2c0/0x2c0
[ 46.786957][ T379] unix_release+0x73/0xe0
[ 46.791127][ T379] __sock_release+0xc2/0x270
[ 46.795552][ T379] sock_close+0x10/0x20
[ 46.799556][ T379] __fput+0x317/0x960
[ 46.803362][ T379] ____fput+0x9/0x10
[ 46.807094][ T379] task_work_run+0xc2/0x150
[ 46.811434][ T379] exit_to_user_mode_prepare+0x140/0x150
[ 46.816909][ T379] syscall_exit_to_user_mode+0x21/0x40
[ 46.822204][ T379] do_syscall_64+0x42/0xb0
[ 46.826447][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.832181][ T379] RIP: 0033:0x7fef516329da
[ 46.836434][ T379] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.855872][ T379] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.864117][ T379] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 46.871930][ T379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.879739][ T379] RBP: 0000000000000032 R08: 0000001b31e60000 R09: 00007fef51752f8c
[ 46.887554][ T379] R10: 00007ffef58718a0 R11: 0000000000000293 R12: 00007fef511b80d0
[ 46.895366][ T379] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000b4de
[ 46.903179][ T379]
[ 46.906037][ T379]
[ 46.908208][ T379] Allocated by task 380:
[ 46.912296][ T379] kasan_save_stack+0x26/0x50
[ 46.916804][ T379] __kasan_slab_alloc+0x94/0xc0
[ 46.921486][ T379] kmem_cache_alloc+0x197/0x480
[ 46.926173][ T379] skb_clone+0x131/0x310
[ 46.930251][ T379] sk_psock_verdict_recv+0x4a/0x9e0
[ 46.935300][ T379] unix_read_sock+0xd8/0x200
[ 46.939712][ T379] sk_psock_verdict_data_ready+0x104/0x170
[ 46.945360][ T379] unix_dgram_sendmsg+0xc13/0x16d0
[ 46.950302][ T379] __sock_sendmsg+0xb5/0xf0
[ 46.954642][ T379] ____sys_sendmsg+0x3f3/0x990
[ 46.959244][ T379] ___sys_sendmsg+0xfc/0x190
[ 46.963667][ T379] __sys_sendmmsg+0x160/0x340
[ 46.968182][ T379] __x64_sys_sendmmsg+0x98/0xf0
[ 46.972874][ T379] do_syscall_64+0x35/0xb0
[ 46.977120][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.982851][ T379]
[ 46.985017][ T379] Freed by task 37:
[ 46.988676][ T379] kasan_save_stack+0x26/0x50
[ 46.993181][ T379] kasan_set_track+0x25/0x30
[ 46.997605][ T379] kasan_set_free_info+0x24/0x40
[ 47.002377][ T379] __kasan_slab_free+0x111/0x150
[ 47.007243][ T379] slab_free_freelist_hook+0x94/0x1a0
[ 47.012450][ T379] kmem_cache_free+0x105/0x250
[ 47.017053][ T379] kfree_skbmem+0x95/0x140
[ 47.021302][ T379] kfree_skb_reason+0xbb/0x2b0
[ 47.025897][ T379] kfree_skb+0xb/0x10
[ 47.029716][ T379] sk_psock_backlog+0x694/0xd00
[ 47.034402][ T379] process_one_work+0x62c/0xec0
[ 47.039093][ T379] worker_thread+0x48e/0xdb0
[ 47.043521][ T379] kthread+0x324/0x3e0
[ 47.047423][ T379] ret_from_fork+0x1f/0x30
[ 47.051679][ T379]
[ 47.053862][ T379] The buggy address belongs to the object at ffff88812184a280
[ 47.053862][ T379] which belongs to the cache skbuff_head_cache of size 240
[ 47.068257][ T379] The buggy address is located 0 bytes inside of
[ 47.068257][ T379] 240-byte region [ffff88812184a280, ffff88812184a370)
[ 47.081276][ T379] The buggy address belongs to the page:
[ 47.086747][ T379] page:ffffea0004861280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12184a
[ 47.096816][ T379] flags: 0x4000000000000200(slab|zone=1)
[ 47.102370][ T379] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 47.110785][ T379] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.119219][ T379] page dumped because: kasan: bad access detected
[ 47.125455][ T379] page_owner tracks the page as allocated
[ 47.131007][ T379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 361, ts 46308558605, free_ts 46307196445
[ 47.146715][ T379] prep_new_page+0x1a2/0x310
[ 47.151143][ T379] get_page_from_freelist+0x1ce2/0x30a0
[ 47.156610][ T379] __alloc_pages+0x217/0x2330
[ 47.161223][ T379] allocate_slab+0x39d/0x530
[ 47.165650][ T379] ___slab_alloc.constprop.0+0x3ca/0x890
[ 47.171115][ T379] __slab_alloc.constprop.0+0x42/0x80
[ 47.176331][ T379] kmem_cache_alloc+0x440/0x480
[ 47.181009][ T379] __alloc_skb+0x14b/0x250
[ 47.185262][ T379] alloc_skb_with_frags+0x76/0x4a0
[ 47.190210][ T379] sock_alloc_send_pskb+0x68b/0x840
[ 47.195242][ T379] unix_dgram_sendmsg+0x33a/0x16d0
[ 47.200191][ T379] __sock_sendmsg+0xb5/0xf0
[ 47.204533][ T379] sock_write_iter+0x223/0x430
[ 47.209133][ T379] new_sync_write+0x49b/0x6d0
[ 47.213643][ T379] vfs_write+0x5cc/0x8e0
[ 47.217723][ T379] ksys_write+0x192/0x210
[ 47.221890][ T379] page last free stack trace:
[ 47.226401][ T379] free_pcp_prepare+0x1b6/0x4c0
[ 47.231089][ T379] free_unref_page+0x84/0x790
[ 47.235606][ T379] __free_pages+0xd7/0xf0
[ 47.239770][ T379] __vunmap+0x4b2/0x7b0
[ 47.243766][ T379] __vfree+0x21/0x90
[ 47.247602][ T379] vfree+0x27/0x40
[ 47.251235][ T379] do_ip6t_get_ctl+0x6d0/0x8a0
[ 47.255825][ T379] nf_getsockopt+0x5f/0xc0
[ 47.260078][ T379] ipv6_getsockopt+0x156/0x1a0
[ 47.264679][ T379] tcp_getsockopt+0x6a/0xc0
[ 47.269018][ T379] sock_common_getsockopt+0x72/0xf0
[ 47.274051][ T379] __sys_getsockopt+0x1da/0x6d0
[ 47.278739][ T379] __x64_sys_getsockopt+0xb9/0x140
[ 47.283686][ T379] do_syscall_64+0x35/0xb0
[ 47.287941][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.293677][ T379]
[ 47.295842][ T379] Memory state around the buggy address:
[ 47.301310][ T379] ffff88812184a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.309208][ T379] ffff88812184a200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 47.317104][ T379] >ffff88812184a280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.325014][ T379] ^
[ 47.328908][ T379] ffff88812184a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 47.336810][ T379] ffff88812184a380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.344702][ T379] ==================================================================
[ 47.360501][ T383] FAULT_INJECTION: forcing a failure.
[ 47.360501][ T383] name failslab, interval 1, probability 0, space 0, times 0
[ 47.373013][ T383] CPU: 1 PID: 383 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 47.382532][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 47.392426][ T383] Call Trace:
[ 47.395560][ T383]
[ 47.398333][ T383] dump_stack_lvl+0x38/0x49
[ 47.402669][ T383] dump_stack+0x10/0x12
[ 47.406658][ T383] should_fail.cold+0x5/0xa
[ 47.410998][ T383] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 47.416580][ T383] __should_failslab+0xb6/0x100
[ 47.421242][ T383] should_failslab+0x9/0x20
[ 47.425582][ T383] kmem_cache_alloc_trace+0x3f/0x490
[ 47.430703][ T383] sk_psock_skb_ingress_self+0x52/0x3a0
[ 47.436084][ T383] sk_psock_verdict_recv+0x799/0x9e0
[ 47.441212][ T383] unix_read_sock+0xd8/0x200
[ 47.445637][ T383] ? sk_psock_tls_strp_read+0x360/0x360
[ 47.451014][ T383] ? unix_compat_ioctl+0x10/0x10
[ 47.455796][ T383] sk_psock_verdict_data_ready+0x104/0x170
[ 47.461427][ T383] ? failover_event+0x330/0x330
[ 47.466120][ T383] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 47.471757][ T383] ? skb_queue_tail+0xdc/0x150
[ 47.476375][ T383] unix_dgram_sendmsg+0xc13/0x16d0
[ 47.481310][ T383] ? unix_dgram_connect+0xc70/0xc70
[ 47.486339][ T383] ? unix_dgram_connect+0xc70/0xc70
[ 47.491374][ T383] __sock_sendmsg+0xb5/0xf0
[ 47.495711][ T383] ____sys_sendmsg+0x3f3/0x990
[ 47.500310][ T383] ? kernel_sendmsg+0x30/0x30
[ 47.504824][ T383] ? do_recvmmsg+0x5a0/0x5a0
[ 47.509252][ T383] ? __kasan_check_read+0x11/0x20
[ 47.514111][ T383] ___sys_sendmsg+0xfc/0x190
[ 47.518538][ T383] ? sendmsg_copy_msghdr+0x110/0x110
[ 47.523664][ T383] ? handle_pte_fault+0x1a2/0x2180
[ 47.528619][ T383] ? __handle_mm_fault+0x4aa/0x1380
[ 47.533641][ T383] ? do_filp_open+0x1ab/0x3f0
[ 47.538153][ T383] ? __pmd_alloc+0x330/0x330
[ 47.542593][ T383] ? __fdget+0xe/0x10
[ 47.546398][ T383] ? sockfd_lookup_light+0x1c/0x150
[ 47.551431][ T383] __sys_sendmmsg+0x160/0x340
[ 47.555953][ T383] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 47.560816][ T383] ? branch_type+0x2e0/0x470
[ 47.565232][ T383] ? mutex_unlock+0x7e/0x240
[ 47.569656][ T383] ? mutex_trylock+0x260/0x260
[ 47.574259][ T383] ? vfs_write+0x2b2/0x8e0
[ 47.578512][ T383] ? __kasan_check_write+0x14/0x20
[ 47.583459][ T383] ? fput+0x17/0x30
[ 47.587109][ T383] ? __ia32_sys_read+0xa0/0xa0
[ 47.591727][ T383] ? debug_smp_processor_id+0x17/0x20
[ 47.596909][ T383] __x64_sys_sendmmsg+0x98/0xf0
[ 47.601598][ T383] ? syscall_exit_to_user_mode+0x2f/0x40
[ 47.607067][ T383] do_syscall_64+0x35/0xb0
[ 47.611319][ T383] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.617046][ T383] RIP: 0033:0x7fef51633ae9
[ 47.621310][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.640756][ T383] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.648988][ T383] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 47.656797][ T383] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.664613][ T383] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 47.672768][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.680578][ T383] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 47.688484][ T383]
[ 47.692723][ T382] ==================================================================
[ 47.700586][ T382] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 47.708842][ T382]
[ 47.711000][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 47.720634][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 47.730533][ T382] Call Trace:
[ 47.733652][ T382]
[ 47.736431][ T382] dump_stack_lvl+0x38/0x49
[ 47.740771][ T382] print_address_description.constprop.0+0x24/0x160
[ 47.747204][ T382] ? kmem_cache_free+0x105/0x250
[ 47.752076][ T382] kasan_report_invalid_free+0x75/0xa0
[ 47.757373][ T382] ? kmem_cache_free+0x105/0x250
[ 47.762141][ T382] __kasan_slab_free+0x134/0x150
[ 47.766916][ T382] slab_free_freelist_hook+0x94/0x1a0
[ 47.772126][ T382] ? kfree_skbmem+0x95/0x140
[ 47.776592][ T382] kmem_cache_free+0x105/0x250
[ 47.781161][ T382] kfree_skbmem+0x95/0x140
[ 47.785402][ T382] consume_skb+0xab/0x1d0
[ 47.789577][ T382] __sk_msg_free+0x267/0x4e0
[ 47.793995][ T382] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 47.799732][ T382] ? skb_dequeue+0x115/0x1a0
[ 47.804158][ T382] sk_psock_stop+0x3e4/0x600
[ 47.808585][ T382] ? __local_bh_enable_ip+0x28/0x60
[ 47.813611][ T382] ? xfrmi6_err+0x440/0x440
[ 47.817952][ T382] sock_map_close+0x253/0x310
[ 47.822464][ T382] ? sock_map_lookup+0x300/0x300
[ 47.827237][ T382] ? do_lock_file_wait+0x320/0x320
[ 47.832187][ T382] ? down_write_killable+0x2c0/0x2c0
[ 47.837308][ T382] unix_release+0x73/0xe0
[ 47.841476][ T382] __sock_release+0xc2/0x270
[ 47.846074][ T382] sock_close+0x10/0x20
[ 47.850066][ T382] __fput+0x317/0x960
[ 47.853886][ T382] ____fput+0x9/0x10
[ 47.857616][ T382] task_work_run+0xc2/0x150
[ 47.861958][ T382] exit_to_user_mode_prepare+0x140/0x150
[ 47.867452][ T382] syscall_exit_to_user_mode+0x21/0x40
[ 47.872718][ T382] do_syscall_64+0x42/0xb0
[ 47.876970][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.882701][ T382] RIP: 0033:0x7fef516329da
[ 47.887039][ T382] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.906654][ T382] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.915080][ T382] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 47.922887][ T382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.930870][ T382] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 47.938684][ T382] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bc39
[ 47.946492][ T382] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000b8f8
[ 47.954305][ T382]
[ 47.957173][ T382]
[ 47.959337][ T382] Allocated by task 383:
[ 47.963417][ T382] kasan_save_stack+0x26/0x50
[ 47.967929][ T382] __kasan_slab_alloc+0x94/0xc0
[ 47.972616][ T382] kmem_cache_alloc+0x197/0x480
[ 47.977304][ T382] skb_clone+0x131/0x310
[ 47.981382][ T382] sk_psock_verdict_recv+0x4a/0x9e0
[ 47.986420][ T382] unix_read_sock+0xd8/0x200
[ 47.990852][ T382] sk_psock_verdict_data_ready+0x104/0x170
[ 47.996484][ T382] unix_dgram_sendmsg+0xc13/0x16d0
[ 48.001437][ T382] __sock_sendmsg+0xb5/0xf0
[ 48.005773][ T382] ____sys_sendmsg+0x3f3/0x990
[ 48.010372][ T382] ___sys_sendmsg+0xfc/0x190
[ 48.014800][ T382] __sys_sendmmsg+0x160/0x340
[ 48.019311][ T382] __x64_sys_sendmmsg+0x98/0xf0
[ 48.024007][ T382] do_syscall_64+0x35/0xb0
[ 48.028250][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.033978][ T382]
[ 48.036150][ T382] Freed by task 56:
[ 48.039802][ T382] kasan_save_stack+0x26/0x50
[ 48.044314][ T382] kasan_set_track+0x25/0x30
[ 48.048735][ T382] kasan_set_free_info+0x24/0x40
[ 48.053508][ T382] __kasan_slab_free+0x111/0x150
[ 48.058283][ T382] slab_free_freelist_hook+0x94/0x1a0
[ 48.063488][ T382] kmem_cache_free+0x105/0x250
[ 48.068102][ T382] kfree_skbmem+0x95/0x140
[ 48.072340][ T382] kfree_skb_reason+0xbb/0x2b0
[ 48.076946][ T382] kfree_skb+0xb/0x10
[ 48.080770][ T382] sk_psock_backlog+0x694/0xd00
[ 48.085540][ T382] process_one_work+0x62c/0xec0
[ 48.090239][ T382] worker_thread+0x48e/0xdb0
[ 48.094650][ T382] kthread+0x324/0x3e0
[ 48.098558][ T382] ret_from_fork+0x1f/0x30
[ 48.102810][ T382]
[ 48.104977][ T382] The buggy address belongs to the object at ffff888121672640
[ 48.104977][ T382] which belongs to the cache skbuff_head_cache of size 240
[ 48.119390][ T382] The buggy address is located 0 bytes inside of
[ 48.119390][ T382] 240-byte region [ffff888121672640, ffff888121672730)
[ 48.132491][ T382] The buggy address belongs to the page:
[ 48.137962][ T382] page:ffffea0004859c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121672
[ 48.148043][ T382] flags: 0x4000000000000200(slab|zone=1)
[ 48.153500][ T382] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f89080
[ 48.161917][ T382] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.170335][ T382] page dumped because: kasan: bad access detected
[ 48.176583][ T382] page_owner tracks the page as allocated
[ 48.182136][ T382] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 47354387895, free_ts 43813367480
[ 48.197768][ T382] prep_new_page+0x1a2/0x310
[ 48.202188][ T382] get_page_from_freelist+0x1ce2/0x30a0
[ 48.207587][ T382] __alloc_pages+0x217/0x2330
[ 48.212081][ T382] allocate_slab+0x39d/0x530
[ 48.216505][ T382] ___slab_alloc.constprop.0+0x3ca/0x890
[ 48.221976][ T382] __slab_alloc.constprop.0+0x42/0x80
[ 48.227182][ T382] kmem_cache_alloc+0x440/0x480
[ 48.231875][ T382] __alloc_skb+0x14b/0x250
[ 48.236121][ T382] alloc_skb_with_frags+0x76/0x4a0
[ 48.241068][ T382] sock_alloc_send_pskb+0x68b/0x840
[ 48.246111][ T382] unix_dgram_sendmsg+0x33a/0x16d0
[ 48.251053][ T382] __sock_sendmsg+0xb5/0xf0
[ 48.255387][ T382] __sys_sendto+0x1e3/0x2f0
[ 48.259729][ T382] __x64_sys_sendto+0xdc/0x1a0
[ 48.264328][ T382] do_syscall_64+0x35/0xb0
[ 48.268585][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.274308][ T382] page last free stack trace:
[ 48.278831][ T382] free_pcp_prepare+0x1b6/0x4c0
[ 48.283511][ T382] free_unref_page_list+0x1e3/0xcd0
[ 48.288543][ T382] release_pages+0x37f/0xff0
[ 48.292972][ T382] free_pages_and_swap_cache+0x5d/0x80
[ 48.298269][ T382] tlb_finish_mmu+0x129/0x790
[ 48.302783][ T382] exit_mmap+0x21a/0x710
[ 48.306859][ T382] __mmput+0x70/0x3a0
[ 48.310680][ T382] mmput+0x35/0xf0
[ 48.314241][ T382] do_exit+0x87b/0x2400
[ 48.318230][ T382] do_group_exit+0xe6/0x290
[ 48.322566][ T382] get_signal+0x236/0x1db0
[ 48.326821][ T382] arch_do_signal_or_restart+0x2b4/0x21c0
[ 48.332383][ T382] exit_to_user_mode_prepare+0xff/0x150
[ 48.337844][ T382] syscall_exit_to_user_mode+0x21/0x40
[ 48.343135][ T382] do_syscall_64+0x42/0xb0
[ 48.347391][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.353118][ T382]
[ 48.355297][ T382] Memory state around the buggy address:
[ 48.360762][ T382] ffff888121672500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.368658][ T382] ffff888121672580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 48.376557][ T382] >ffff888121672600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.384450][ T382] ^
[ 48.390454][ T382] ffff888121672680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.398343][ T382] ffff888121672700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 48.406268][ T382] ==================================================================
[ 48.421666][ T386] FAULT_INJECTION: forcing a failure.
[ 48.421666][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 48.434123][ T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 48.443688][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 48.453700][ T386] Call Trace:
[ 48.456908][ T386]
[ 48.459686][ T386] dump_stack_lvl+0x38/0x49
[ 48.464029][ T386] dump_stack+0x10/0x12
[ 48.468017][ T386] should_fail.cold+0x5/0xa
[ 48.472353][ T386] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 48.477915][ T386] __should_failslab+0xb6/0x100
[ 48.482596][ T386] should_failslab+0x9/0x20
[ 48.486941][ T386] kmem_cache_alloc_trace+0x3f/0x490
[ 48.492057][ T386] sk_psock_skb_ingress_self+0x52/0x3a0
[ 48.497440][ T386] sk_psock_verdict_recv+0x799/0x9e0
[ 48.502560][ T386] unix_read_sock+0xd8/0x200
[ 48.506986][ T386] ? sk_psock_tls_strp_read+0x360/0x360
[ 48.512367][ T386] ? unix_compat_ioctl+0x10/0x10
[ 48.517148][ T386] sk_psock_verdict_data_ready+0x104/0x170
[ 48.522785][ T386] ? failover_event+0x330/0x330
[ 48.527472][ T386] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.533112][ T386] ? skb_queue_tail+0xdc/0x150
[ 48.537712][ T386] unix_dgram_sendmsg+0xc13/0x16d0
[ 48.542660][ T386] ? unix_dgram_connect+0xc70/0xc70
[ 48.547693][ T386] ? unix_dgram_connect+0xc70/0xc70
[ 48.552726][ T386] __sock_sendmsg+0xb5/0xf0
[ 48.557154][ T386] ____sys_sendmsg+0x3f3/0x990
[ 48.561847][ T386] ? kernel_sendmsg+0x30/0x30
[ 48.566380][ T386] ? do_recvmmsg+0x5a0/0x5a0
[ 48.570780][ T386] ? __kasan_check_read+0x11/0x20
[ 48.575641][ T386] ___sys_sendmsg+0xfc/0x190
[ 48.580068][ T386] ? sendmsg_copy_msghdr+0x110/0x110
[ 48.585186][ T386] ? handle_pte_fault+0x1a2/0x2180
[ 48.590158][ T386] ? __handle_mm_fault+0x4aa/0x1380
[ 48.595169][ T386] ? do_filp_open+0x1ab/0x3f0
[ 48.599945][ T386] ? __pmd_alloc+0x330/0x330
[ 48.604368][ T386] ? __fdget+0xe/0x10
[ 48.608187][ T386] ? sockfd_lookup_light+0x1c/0x150
[ 48.613245][ T386] __sys_sendmmsg+0x160/0x340
[ 48.617736][ T386] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 48.622596][ T386] ? branch_type+0x2e0/0x470
[ 48.627110][ T386] ? mutex_unlock+0x7e/0x240
[ 48.631534][ T386] ? mutex_trylock+0x260/0x260
[ 48.636227][ T386] ? vfs_write+0x2b2/0x8e0
[ 48.640484][ T386] ? __kasan_check_write+0x14/0x20
[ 48.645440][ T386] ? fput+0x17/0x30
[ 48.649074][ T386] ? __ia32_sys_read+0xa0/0xa0
[ 48.653693][ T386] ? debug_smp_processor_id+0x17/0x20
[ 48.658898][ T386] __x64_sys_sendmmsg+0x98/0xf0
[ 48.663665][ T386] ? syscall_exit_to_user_mode+0x2f/0x40
[ 48.669132][ T386] do_syscall_64+0x35/0xb0
[ 48.673377][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.679105][ T386] RIP: 0033:0x7fef51633ae9
[ 48.683358][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.702824][ T386] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.711043][ T386] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 48.718858][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.726670][ T386] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 48.734495][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.742289][ T386] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 48.750106][ T386]
[ 48.754336][ T385] ==================================================================
[ 48.762200][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 48.770440][ T385]
[ 48.772608][ T385] CPU: 1 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 48.782247][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 48.792137][ T385] Call Trace:
[ 48.795437][ T385]
[ 48.798212][ T385] dump_stack_lvl+0x38/0x49
[ 48.802552][ T385] print_address_description.constprop.0+0x24/0x160
[ 48.808974][ T385] ? kmem_cache_free+0x105/0x250
[ 48.813747][ T385] kasan_report_invalid_free+0x75/0xa0
[ 48.819041][ T385] ? kmem_cache_free+0x105/0x250
[ 48.823815][ T385] __kasan_slab_free+0x134/0x150
[ 48.828596][ T385] slab_free_freelist_hook+0x94/0x1a0
[ 48.833806][ T385] ? kfree_skbmem+0x95/0x140
[ 48.838223][ T385] kmem_cache_free+0x105/0x250
[ 48.842823][ T385] kfree_skbmem+0x95/0x140
[ 48.847076][ T385] consume_skb+0xab/0x1d0
[ 48.851243][ T385] __sk_msg_free+0x267/0x4e0
[ 48.855668][ T385] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.861317][ T385] ? skb_dequeue+0x115/0x1a0
[ 48.865738][ T385] sk_psock_stop+0x3e4/0x600
[ 48.870165][ T385] ? __local_bh_enable_ip+0x28/0x60
[ 48.875195][ T385] ? xfrmi6_err+0x440/0x440
[ 48.879539][ T385] sock_map_close+0x253/0x310
[ 48.884051][ T385] ? sock_map_lookup+0x300/0x300
[ 48.888823][ T385] ? do_lock_file_wait+0x320/0x320
[ 48.893771][ T385] ? down_write_killable+0x2c0/0x2c0
[ 48.898900][ T385] unix_release+0x73/0xe0
[ 48.903058][ T385] __sock_release+0xc2/0x270
[ 48.907492][ T385] sock_close+0x10/0x20
[ 48.911478][ T385] __fput+0x317/0x960
[ 48.915298][ T385] ____fput+0x9/0x10
[ 48.919125][ T385] task_work_run+0xc2/0x150
[ 48.923550][ T385] exit_to_user_mode_prepare+0x140/0x150
[ 48.929019][ T385] syscall_exit_to_user_mode+0x21/0x40
[ 48.934304][ T385] do_syscall_64+0x42/0xb0
[ 48.938563][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.944289][ T385] RIP: 0033:0x7fef516329da
[ 48.948539][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.968153][ T385] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.976406][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 48.984209][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.992029][ T385] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 48.999834][ T385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c05e
[ 49.007646][ T385] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000bd1d
[ 49.015467][ T385]
[ 49.018321][ T385]
[ 49.020579][ T385] Allocated by task 386:
[ 49.024654][ T385] kasan_save_stack+0x26/0x50
[ 49.029168][ T385] __kasan_slab_alloc+0x94/0xc0
[ 49.033860][ T385] kmem_cache_alloc+0x197/0x480
[ 49.038543][ T385] skb_clone+0x131/0x310
[ 49.042718][ T385] sk_psock_verdict_recv+0x4a/0x9e0
[ 49.047754][ T385] unix_read_sock+0xd8/0x200
[ 49.052180][ T385] sk_psock_verdict_data_ready+0x104/0x170
[ 49.057821][ T385] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.062765][ T385] __sock_sendmsg+0xb5/0xf0
[ 49.067109][ T385] ____sys_sendmsg+0x3f3/0x990
[ 49.071713][ T385] ___sys_sendmsg+0xfc/0x190
[ 49.076137][ T385] __sys_sendmmsg+0x160/0x340
[ 49.080667][ T385] __x64_sys_sendmmsg+0x98/0xf0
[ 49.085335][ T385] do_syscall_64+0x35/0xb0
[ 49.089585][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.095322][ T385]
[ 49.097494][ T385] Freed by task 37:
[ 49.101304][ T385] kasan_save_stack+0x26/0x50
[ 49.105816][ T385] kasan_set_track+0x25/0x30
[ 49.110250][ T385] kasan_set_free_info+0x24/0x40
[ 49.115023][ T385] __kasan_slab_free+0x111/0x150
[ 49.119790][ T385] slab_free_freelist_hook+0x94/0x1a0
[ 49.125000][ T385] kmem_cache_free+0x105/0x250
[ 49.129598][ T385] kfree_skbmem+0x95/0x140
[ 49.133850][ T385] kfree_skb_reason+0xbb/0x2b0
[ 49.138450][ T385] kfree_skb+0xb/0x10
[ 49.142267][ T385] sk_psock_backlog+0x694/0xd00
[ 49.146955][ T385] process_one_work+0x62c/0xec0
[ 49.151641][ T385] worker_thread+0x48e/0xdb0
[ 49.156069][ T385] kthread+0x324/0x3e0
[ 49.159974][ T385] ret_from_fork+0x1f/0x30
[ 49.164226][ T385]
[ 49.166406][ T385] The buggy address belongs to the object at ffff888109fa4280
[ 49.166406][ T385] which belongs to the cache skbuff_head_cache of size 240
[ 49.180819][ T385] The buggy address is located 0 bytes inside of
[ 49.180819][ T385] 240-byte region [ffff888109fa4280, ffff888109fa4370)
[ 49.193739][ T385] The buggy address belongs to the page:
[ 49.199225][ T385] page:ffffea000427e900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109fa4
[ 49.209274][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 49.214747][ T385] raw: 4000000000000200 ffffea00041afd80 0000000200000002 ffff888107f89080
[ 49.223162][ T385] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.231598][ T385] page dumped because: kasan: bad access detected
[ 49.237829][ T385] page_owner tracks the page as allocated
[ 49.243386][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1925462635, free_ts 0
[ 49.258051][ T385] prep_new_page+0x1a2/0x310
[ 49.262478][ T385] get_page_from_freelist+0x1ce2/0x30a0
[ 49.267863][ T385] __alloc_pages+0x217/0x2330
[ 49.272380][ T385] allocate_slab+0x39d/0x530
[ 49.276798][ T385] ___slab_alloc.constprop.0+0x3ca/0x890
[ 49.282266][ T385] __slab_alloc.constprop.0+0x42/0x80
[ 49.287479][ T385] kmem_cache_alloc+0x440/0x480
[ 49.292160][ T385] __alloc_skb+0x14b/0x250
[ 49.296415][ T385] inet_netconf_notify_devconf+0x82/0x130
[ 49.301968][ T385] __devinet_sysctl_register+0x1aa/0x2e0
[ 49.307439][ T385] devinet_sysctl_register+0x124/0x1e0
[ 49.312733][ T385] inetdev_init+0x208/0x440
[ 49.317070][ T385] inetdev_event+0x984/0x1220
[ 49.321582][ T385] raw_notifier_call_chain+0x8e/0xd0
[ 49.326706][ T385] register_netdevice+0xcb4/0x1560
[ 49.331653][ T385] dummy_init_module+0xb5/0x103
[ 49.336337][ T385] page_owner free stack trace missing
[ 49.341550][ T385]
[ 49.343714][ T385] Memory state around the buggy address:
[ 49.349188][ T385] ffff888109fa4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.357085][ T385] ffff888109fa4200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 49.364981][ T385] >ffff888109fa4280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.372881][ T385] ^
[ 49.376787][ T385] ffff888109fa4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 49.384685][ T385] ffff888109fa4380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.392580][ T385] ==================================================================
[ 49.406994][ T388] FAULT_INJECTION: forcing a failure.
[ 49.406994][ T388] name failslab, interval 1, probability 0, space 0, times 0
[ 49.419537][ T388] CPU: 1 PID: 388 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 49.429107][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 49.439001][ T388] Call Trace:
[ 49.442122][ T388]
[ 49.444902][ T388] dump_stack_lvl+0x38/0x49
[ 49.449239][ T388] dump_stack+0x10/0x12
[ 49.453230][ T388] should_fail.cold+0x5/0xa
[ 49.457571][ T388] ? skb_clone+0x131/0x310
[ 49.461824][ T388] __should_failslab+0xb6/0x100
[ 49.466515][ T388] should_failslab+0x9/0x20
[ 49.470850][ T388] kmem_cache_alloc+0x40/0x480
[ 49.475452][ T388] ? avc_has_perm_noaudit+0x200/0x200
[ 49.480666][ T388] skb_clone+0x131/0x310
[ 49.484739][ T388] sk_psock_verdict_recv+0x4a/0x9e0
[ 49.489775][ T388] unix_read_sock+0xd8/0x200
[ 49.494199][ T388] ? sk_psock_tls_strp_read+0x360/0x360
[ 49.499589][ T388] ? unix_compat_ioctl+0x10/0x10
[ 49.504354][ T388] sk_psock_verdict_data_ready+0x104/0x170
[ 49.509995][ T388] ? failover_event+0x330/0x330
[ 49.514680][ T388] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 49.520322][ T388] ? skb_queue_tail+0xdc/0x150
[ 49.524923][ T388] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.529871][ T388] ? unix_dgram_connect+0xc70/0xc70
[ 49.534906][ T388] ? unix_dgram_connect+0xc70/0xc70
[ 49.539943][ T388] __sock_sendmsg+0xb5/0xf0
[ 49.544276][ T388] ____sys_sendmsg+0x3f3/0x990
[ 49.548878][ T388] ? kernel_sendmsg+0x30/0x30
[ 49.553391][ T388] ? do_recvmmsg+0x5a0/0x5a0
[ 49.557820][ T388] ? __kasan_check_read+0x11/0x20
[ 49.562687][ T388] ___sys_sendmsg+0xfc/0x190
[ 49.567227][ T388] ? sendmsg_copy_msghdr+0x110/0x110
[ 49.572350][ T388] ? handle_pte_fault+0x1a2/0x2180
[ 49.577300][ T388] ? __handle_mm_fault+0x4aa/0x1380
[ 49.582336][ T388] ? do_filp_open+0x1ab/0x3f0
[ 49.586842][ T388] ? __pmd_alloc+0x330/0x330
[ 49.591277][ T388] ? __fdget+0xe/0x10
[ 49.595086][ T388] ? sockfd_lookup_light+0x1c/0x150
[ 49.600135][ T388] __sys_sendmmsg+0x160/0x340
[ 49.604640][ T388] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 49.609496][ T388] ? branch_type+0x2e0/0x470
[ 49.613924][ T388] ? mutex_unlock+0x7e/0x240
[ 49.618354][ T388] ? mutex_trylock+0x260/0x260
[ 49.622948][ T388] ? vfs_write+0x2b2/0x8e0
[ 49.627202][ T388] ? __kasan_check_write+0x14/0x20
[ 49.632149][ T388] ? fput+0x17/0x30
[ 49.635794][ T388] ? __ia32_sys_read+0xa0/0xa0
[ 49.640395][ T388] ? debug_smp_processor_id+0x17/0x20
[ 49.645602][ T388] __x64_sys_sendmmsg+0x98/0xf0
[ 49.650288][ T388] ? syscall_exit_to_user_mode+0x2f/0x40
[ 49.655763][ T388] do_syscall_64+0x35/0xb0
[ 49.660013][ T388] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.665752][ T388] RIP: 0033:0x7fef51633ae9
[ 49.669996][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.689438][ T388] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.697678][ T388] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 49.705487][ T388] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.713311][ T388] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 49.721111][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.728923][ T388] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 49.736736][ T388]
[ 49.746140][ T391] FAULT_INJECTION: forcing a failure.
[ 49.746140][ T391] name failslab, interval 1, probability 0, space 0, times 0
[ 49.758585][ T391] CPU: 1 PID: 391 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 49.768161][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 49.778055][ T391] Call Trace:
[ 49.781180][ T391]
[ 49.783965][ T391] dump_stack_lvl+0x38/0x49
[ 49.788298][ T391] dump_stack+0x10/0x12
[ 49.792287][ T391] should_fail.cold+0x5/0xa
[ 49.796631][ T391] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 49.802184][ T391] __should_failslab+0xb6/0x100
[ 49.806872][ T391] should_failslab+0x9/0x20
[ 49.811211][ T391] kmem_cache_alloc_trace+0x3f/0x490
[ 49.816331][ T391] sk_psock_skb_ingress_self+0x52/0x3a0
[ 49.821712][ T391] sk_psock_verdict_recv+0x799/0x9e0
[ 49.826837][ T391] unix_read_sock+0xd8/0x200
[ 49.831261][ T391] ? sk_psock_tls_strp_read+0x360/0x360
[ 49.836643][ T391] ? unix_compat_ioctl+0x10/0x10
[ 49.841422][ T391] sk_psock_verdict_data_ready+0x104/0x170
[ 49.847055][ T391] ? failover_event+0x330/0x330
[ 49.851744][ T391] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 49.857385][ T391] ? skb_queue_tail+0xdc/0x150
[ 49.861985][ T391] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.866934][ T391] ? unix_dgram_connect+0xc70/0xc70
[ 49.871969][ T391] ? unix_dgram_connect+0xc70/0xc70
[ 49.877004][ T391] __sock_sendmsg+0xb5/0xf0
[ 49.881339][ T391] ____sys_sendmsg+0x3f3/0x990
[ 49.885940][ T391] ? kernel_sendmsg+0x30/0x30
[ 49.890463][ T391] ? do_recvmmsg+0x5a0/0x5a0
[ 49.894882][ T391] ? __kasan_check_read+0x11/0x20
[ 49.899738][ T391] ___sys_sendmsg+0xfc/0x190
[ 49.904166][ T391] ? sendmsg_copy_msghdr+0x110/0x110
[ 49.909375][ T391] ? handle_pte_fault+0x1a2/0x2180
[ 49.914329][ T391] ? __handle_mm_fault+0x4aa/0x1380
[ 49.919445][ T391] ? do_filp_open+0x1ab/0x3f0
[ 49.923953][ T391] ? __pmd_alloc+0x330/0x330
[ 49.928384][ T391] ? __fdget+0xe/0x10
[ 49.932201][ T391] ? sockfd_lookup_light+0x1c/0x150
[ 49.937236][ T391] __sys_sendmmsg+0x160/0x340
[ 49.941749][ T391] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 49.946607][ T391] ? branch_type+0x2e0/0x470
[ 49.951034][ T391] ? mutex_unlock+0x7e/0x240
[ 49.955464][ T391] ? mutex_trylock+0x260/0x260
[ 49.960064][ T391] ? vfs_write+0x2b2/0x8e0
[ 49.964316][ T391] ? __kasan_check_write+0x14/0x20
[ 49.969262][ T391] ? fput+0x17/0x30
[ 49.972995][ T391] ? __ia32_sys_read+0xa0/0xa0
[ 49.977602][ T391] ? debug_smp_processor_id+0x17/0x20
[ 49.982801][ T391] __x64_sys_sendmmsg+0x98/0xf0
[ 49.987491][ T391] ? syscall_exit_to_user_mode+0x2f/0x40
[ 49.993063][ T391] do_syscall_64+0x35/0xb0
[ 49.997317][ T391] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.003051][ T391] RIP: 0033:0x7fef51633ae9
[ 50.007299][ T391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.026741][ T391] RSP: 002b:00007fef511b60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.034983][ T391] RAX: ffffffffffffffda RBX: 00007fef51752f80 RCX: 00007fef51633ae9
[ 50.042795][ T391] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.050612][ T391] RBP: 00007fef511b6120 R08: 0000000000000000 R09: 0000000000000000
[ 50.058511][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.066327][ T391] R13: 000000000000000b R14: 00007fef51752f80 R15: 00007ffef5871688
[ 50.074140][ T391]
[ 50.078347][ T390] ==================================================================
[ 50.086346][ T390] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 50.094601][ T390]
[ 50.096770][ T390] CPU: 1 PID: 390 Comm: syz-executor.0 Tainted: G B 5.15.137-syzkaller #0
[ 50.106654][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 50.116631][ T390] Call Trace:
[ 50.119674][ T390]
[ 50.122452][ T390] dump_stack_lvl+0x38/0x49
[ 50.126875][ T390] print_address_description.constprop.0+0x24/0x160
[ 50.133299][ T390] ? kmem_cache_free+0x105/0x250
[ 50.138075][ T390] kasan_report_invalid_free+0x75/0xa0
[ 50.143367][ T390] ? kmem_cache_free+0x105/0x250
[ 50.148141][ T390] __kasan_slab_free+0x134/0x150
[ 50.152920][ T390] slab_free_freelist_hook+0x94/0x1a0
[ 50.158137][ T390] ? kfree_skbmem+0x95/0x140
[ 50.162550][ T390] kmem_cache_free+0x105/0x250
[ 50.167149][ T390] kfree_skbmem+0x95/0x140
[ 50.171403][ T390] consume_skb+0xab/0x1d0
[ 50.175569][ T390] __sk_msg_free+0x267/0x4e0
[ 50.179995][ T390] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 50.185637][ T390] ? skb_dequeue+0x115/0x1a0
[ 50.190061][ T390] sk_psock_stop+0x3e4/0x600
[ 50.194489][ T390] ? __local_bh_enable_ip+0x28/0x60
[ 50.199527][ T390] ? xfrmi6_err+0x440/0x440
[ 50.203868][ T390] sock_map_close+0x253/0x310
[ 50.208385][ T390] ? sock_map_lookup+0x300/0x300
[ 50.213150][ T390] ? do_lock_file_wait+0x320/0x320
[ 50.218193][ T390] ? down_write_killable+0x2c0/0x2c0
[ 50.223309][ T390] unix_release+0x73/0xe0
[ 50.227470][ T390] __sock_release+0xc2/0x270
[ 50.231935][ T390] sock_close+0x10/0x20
[ 50.235890][ T390] __fput+0x317/0x960
[ 50.239714][ T390] ____fput+0x9/0x10
[ 50.243441][ T390] task_work_run+0xc2/0x150
[ 50.247782][ T390] exit_to_user_mode_prepare+0x140/0x150
[ 50.253247][ T390] syscall_exit_to_user_mode+0x21/0x40
[ 50.258542][ T390] do_syscall_64+0x42/0xb0
[ 50.262797][ T390] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.268525][ T390] RIP: 0033:0x7fef516329da
[ 50.272781][ T390] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.292218][ T390] RSP: 002b:00007ffef5871750 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.300474][ T390] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fef516329da
[ 50.308274][ T390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.316084][ T390] RBP: 00007fef51754980 R08: 0000001b31e60000 R09: 00007ffef58cc080
[ 50.323896][ T390] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c58b
[ 50.331707][ T390] R13: ffffffffffffffff R14: 00007fef511b7000 R15: 000000000000c24a
[ 50.339523][ T390]
[ 50.342386][ T390]
[ 50.344553][ T390] Allocated by task 391:
[ 50.348635][ T390] kasan_save_stack+0x26/0x50
[ 50.353147][ T390] __kasan_slab_alloc+0x94/0xc0
[ 50.357831][ T390] kmem_cache_alloc+0x197/0x480
[ 50.362518][ T390] skb_clone+0x131/0x310
[ 50.366604][ T390] sk_psock_verdict_recv+0x4a/0x9e0
[ 50.371639][ T390] unix_read_sock+0xd8/0x200
[ 50.376061][ T390] sk_psock_verdict_data_ready+0x104/0x170
[ 50.381705][ T390] unix_dgram_sendmsg+0xc13/0x16d0
[ 50.386651][ T390] __sock_sendmsg+0xb5/0xf0
[ 50.391009][ T390] ____sys_sendmsg+0x3f3/0x990
[ 50.395589][ T390] ___sys_sendmsg+0xfc/0x190
[ 50.400020][ T390] __sys_sendmmsg+0x160/0x340
[ 50.404558][ T390] __x64_sys_sendmmsg+0x98/0xf0
[ 50.409218][ T390] do_syscall_64+0x35/0xb0
[ 50.413470][ T390] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.419207][ T390]
[ 50.421376][ T390] Freed by task 37:
[ 50.425011][ T390] kasan_save_stack+0x26/0x50
[ 50.429523][ T390] kasan_set_track+0x25/0x30
[ 50.433953][ T390] kasan_set_free_info+0x24/0x40
[ 50.438732][ T390] __kasan_slab_free+0x111/0x150
[ 50.443583][ T390] slab_free_freelist_hook+0x94/0x1a0
[ 50.448799][ T390] kmem_cache_free+0x105/0x250
[ 50.453391][ T390] kfree_skbmem+0x95/0x140
[ 50.457646][ T390] kfree_skb_reason+0xbb/0x2b0
[ 50.462243][ T390] kfree_skb+0xb/0x10
[ 50.466065][ T390] sk_psock_backlog+0x694/0xd00
[ 50.470752][ T390] process_one_work+0x62c/0xec0
[ 50.475586][ T390] worker_thread+0x48e/0xdb0
[ 50.479952][ T390] kthread+0x324/0x3e0
[ 50.483856][ T390] ret_from_fork+0x1f/0x30
[ 50.488116][ T390]
[ 50.490282][ T390] The buggy address belongs to the object at ffff888109ab3000
[ 50.490282][ T390] which belongs to the cache skbuff_head_cache of size 240
[ 50.504693][ T390] The buggy address is located 0 bytes inside of
[ 50.504693][ T390] 240-byte region [ffff888109ab3000, ffff888109ab30f0)
[ 50.517620][ T390] The buggy address belongs to the page:
[ 50.523090][ T390] page:ffffea000426acc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ab3
[ 50.533158][ T390] flags: 0x4000000000000200(slab|zone=1)