KASAN: slab-use-after-free Read in net_generic
==================================================================
BUG: KASAN: slab-use-after-free in net_generic+0x137/0x240 include/net/netns/generic.h:47
Read of size 8 at addr ffff88802a43e828 by task kworker/u8:4/61
CPU: 0 PID: 61 Comm: kworker/u8:4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
net_generic+0x137/0x240 include/net/netns/generic.h:47
call_fib_notifiers+0x23/0x60 net/core/fib_notifier.c:32
call_fib6_entry_notifiers net/ipv6/ip6_fib.c:404 [inline]
fib6_add_rt2node net/ipv6/ip6_fib.c:1233 [inline]
fib6_add+0x1bd5/0x4430 net/ipv6/ip6_fib.c:1487
__ip6_ins_rt net/ipv6/route.c:1313 [inline]
ip6_ins_rt+0x106/0x170 net/ipv6/route.c:1323
__ipv6_ifa_notify+0x5ca/0x11f0 net/ipv6/addrconf.c:6264
ipv6_ifa_notify net/ipv6/addrconf.c:6303 [inline]
addrconf_dad_completed+0x181/0xcd0 net/ipv6/addrconf.c:4317
addrconf_dad_work+0xdc2/0x16f0
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
Allocated by task 5073:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3966 [inline]
__kmalloc+0x233/0x4a0 mm/slub.c:3979
kmalloc include/linux/slab.h:632 [inline]
kzalloc include/linux/slab.h:749 [inline]
net_alloc_generic net/core/net_namespace.c:75 [inline]
net_alloc net/core/net_namespace.c:427 [inline]
copy_net_ns+0x10e/0x7b0 net/core/net_namespace.c:490
create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
ksys_unshare+0x619/0xc10 kernel/fork.c:3322
__do_sys_unshare kernel/fork.c:3393 [inline]
__se_sys_unshare kernel/fork.c:3391 [inline]
__x64_sys_unshare+0x38/0x40 kernel/fork.c:3391
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Freed by task 5085:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
poison_slab_object+0xa6/0xe0 mm/kasan/common.c:240
__kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2106 [inline]
slab_free mm/slub.c:4280 [inline]
kfree+0x14a/0x380 mm/slub.c:4390
net_free net/core/net_namespace.c:459 [inline]
net_drop_ns+0x6e/0xc0 net/core/net_namespace.c:473
put_net_track include/net/net_namespace.h:366 [inline]
iterate_cleanup_work+0x1d2/0x260 net/netfilter/nf_nat_masquerade.c:89
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
The buggy address belongs to the object at ffff88802a43e800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 40 bytes inside of
freed 1024-byte region [ffff88802a43e800, ffff88802a43ec00)
The buggy address belongs to the physical page:
page:ffffea0000a90e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a438
head:ffffea0000a90e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888014c41dc0 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17639541498, free_ts 0
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533
prep_new_page mm/page_alloc.c:1540 [inline]
get_page_from_freelist+0x33ea/0x3580 mm/page_alloc.c:3311
__alloc_pages+0x256/0x680 mm/page_alloc.c:4569
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
alloc_slab_page+0x5f/0x160 mm/slub.c:2175
allocate_slab mm/slub.c:2338 [inline]
new_slab+0x84/0x2f0 mm/slub.c:2391
___slab_alloc+0xc73/0x1260 mm/slub.c:3525
__slab_alloc mm/slub.c:3610 [inline]
__slab_alloc_node mm/slub.c:3663 [inline]
slab_alloc_node mm/slub.c:3835 [inline]
__do_kmalloc_node mm/slub.c:3965 [inline]
__kmalloc+0x2e5/0x4a0 mm/slub.c:3979
kmalloc include/linux/slab.h:632 [inline]
kzalloc include/linux/slab.h:749 [inline]
net_alloc_generic net/core/net_namespace.c:75 [inline]
net_assign_generic net/core/net_namespace.c:95 [inline]
ops_init+0x203/0x610 net/core/net_namespace.c:130
__register_pernet_operations net/core/net_namespace.c:1243 [inline]
register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1312
register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1353
ip6table_nat_init+0x39/0x80 net/ipv6/netfilter/ip6table_nat.c:156
do_one_initcall+0x23a/0x830 init/main.c:1241
do_initcall_level+0x157/0x210 init/main.c:1303
do_initcalls+0x3f/0x80 init/main.c:1319
kernel_init_freeable+0x435/0x5d0 init/main.c:1550
kernel_init+0x1d/0x2a0 init/main.c:1439
page_owner free stack trace missing
Memory state around the buggy address:
ffff88802a43e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88802a43e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88802a43e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88802a43e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88802a43e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts.
2024/04/07 03:18:56 fuzzer started
2024/04/07 03:18:56 connecting to host at 10.128.0.169:35799
2024/04/07 03:18:56 checking machine...
2024/04/07 03:18:56 checking revisions...
2024/04/07 03:18:57 testing simple program...
[ 72.425491][ T5069] cgroup: Unknown subsys name 'net'
[ 72.538664][ T5069] cgroup: Unknown subsys name 'rlimit'
[ 74.165179][ T5069] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 74.390011][ T5075] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.398312][ T5075] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.406074][ T5075] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.414758][ T5075] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.422938][ T5075] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 74.430716][ T5075] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.625491][ T5073] chnl_net:caif_netlink_parms(): no params data found
[ 74.707900][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.715789][ T5073] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.723384][ T5073] bridge_slave_0: entered allmulticast mode
[ 74.731021][ T5073] bridge_slave_0: entered promiscuous mode
[ 74.741377][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.748645][ T5073] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.755803][ T5073] bridge_slave_1: entered allmulticast mode
[ 74.763262][ T5073] bridge_slave_1: entered promiscuous mode
[ 74.799768][ T5073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.812275][ T5073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.850387][ T5073] team0: Port device team_slave_0 added
[ 74.859362][ T5073] team0: Port device team_slave_1 added
[ 74.891553][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.898724][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.924956][ T5073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.939385][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.946348][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.972421][ T5073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.023230][ T5073] hsr_slave_0: entered promiscuous mode
[ 75.029938][ T5073] hsr_slave_1: entered promiscuous mode
[ 75.188349][ T5073] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.201125][ T5073] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.211361][ T5073] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.222945][ T5073] netdevsim netdevsim0 netdevsim3: renamed from eth3
executing program
[ 75.255622][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.263035][ T5073] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.271053][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.278252][ T5073] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.354751][ T5073] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.375944][ T56] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.384827][ T56] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.405312][ T5073] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.420070][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.427350][ T5085] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.452749][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.459971][ T5085] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.654569][ T5073] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.705899][ T5073] veth0_vlan: entered promiscuous mode
[ 75.722677][ T5073] veth1_vlan: entered promiscuous mode
[ 75.763575][ T5073] veth0_macvtap: entered promiscuous mode
[ 75.775795][ T5073] veth1_macvtap: entered promiscuous mode
[ 75.796940][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.813920][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.828231][ T5073] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.838162][ T5073] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.846890][ T5073] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.855653][ T5073] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.941367][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.955757][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.987021][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.996323][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/04/07 03:19:00 building call list...
[ 76.381143][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 3/30 users at
[ 76.381143][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.381143][ T5085] inet6_create+0x6d4/0x10f0
[ 76.381143][ T5085] __sock_create+0x492/0x920
[ 76.381143][ T5085] udp_sock_create6+0xe7/0x870
[ 76.381143][ T5085] wg_socket_init+0x861/0xea0
[ 76.381143][ T5085] wg_open+0x255/0x420
[ 76.381143][ T5085] __dev_open+0x2d5/0x450
[ 76.381143][ T5085] __dev_change_flags+0x1e2/0x6f0
[ 76.381143][ T5085] dev_change_flags+0x8b/0x1a0
[ 76.381143][ T5085] do_setlink+0xccd/0x41f0
[ 76.381143][ T5085] rtnl_newlink+0x180b/0x20a0
[ 76.381143][ T5085] rtnetlink_rcv_msg+0x89d/0x10d0
[ 76.381143][ T5085] netlink_rcv_skb+0x1e5/0x430
[ 76.381143][ T5085] netlink_unicast+0x7ec/0x980
[ 76.381143][ T5085] netlink_sendmsg+0x8e1/0xcb0
[ 76.381143][ T5085] __sock_sendmsg+0x223/0x270
[ 76.381143][ T5085]
[ 76.468845][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 3/30 users at
[ 76.468845][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.468845][ T5085] inet_create+0x652/0xe80
[ 76.468845][ T5085] __sock_create+0x492/0x920
[ 76.468845][ T5085] udp_sock_create4+0xda/0x670
[ 76.468845][ T5085] wg_socket_init+0x6c0/0xea0
[ 76.468845][ T5085] wg_open+0x255/0x420
[ 76.468845][ T5085] __dev_open+0x2d5/0x450
[ 76.468845][ T5085] __dev_change_flags+0x1e2/0x6f0
[ 76.468845][ T5085] dev_change_flags+0x8b/0x1a0
[ 76.468845][ T5085] do_setlink+0xccd/0x41f0
[ 76.468845][ T5085] rtnl_newlink+0x180b/0x20a0
[ 76.468845][ T5085] rtnetlink_rcv_msg+0x89d/0x10d0
[ 76.468845][ T5085] netlink_rcv_skb+0x1e5/0x430
[ 76.468845][ T5085] netlink_unicast+0x7ec/0x980
[ 76.468845][ T5085] netlink_sendmsg+0x8e1/0xcb0
[ 76.468845][ T5085] __sock_sendmsg+0x223/0x270
[ 76.468845][ T5085]
[ 76.556781][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.556781][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.556781][ T5085] inet6_create+0x6d4/0x10f0
[ 76.556781][ T5085] __sock_create+0x492/0x920
[ 76.556781][ T5085] udp_sock_create6+0xe7/0x870
[ 76.556781][ T5085] geneve_sock_add+0x3a7/0xbc0
[ 76.556781][ T5085] geneve_open+0x8f/0x160
[ 76.556781][ T5085] __dev_open+0x2d5/0x450
[ 76.556781][ T5085] __dev_change_flags+0x1e2/0x6f0
[ 76.556781][ T5085] dev_change_flags+0x8b/0x1a0
[ 76.556781][ T5085] do_setlink+0xccd/0x41f0
[ 76.556781][ T5085] rtnl_newlink+0x180b/0x20a0
[ 76.556781][ T5085] rtnetlink_rcv_msg+0x89d/0x10d0
[ 76.556781][ T5085] netlink_rcv_skb+0x1e5/0x430
[ 76.556781][ T5085] netlink_unicast+0x7ec/0x980
[ 76.556781][ T5085] netlink_sendmsg+0x8e1/0xcb0
[ 76.556781][ T5085] __sock_sendmsg+0x223/0x270
[ 76.556781][ T5085]
[ 76.644705][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.644705][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.644705][ T5085] inet_create+0x652/0xe80
[ 76.644705][ T5085] __sock_create+0x492/0x920
[ 76.644705][ T5085] udp_sock_create4+0xda/0x670
[ 76.644705][ T5085] geneve_sock_add+0x424/0xbc0
[ 76.644705][ T5085] geneve_open+0xe3/0x160
[ 76.644705][ T5085] __dev_open+0x2d5/0x450
[ 76.644705][ T5085] __dev_change_flags+0x1e2/0x6f0
[ 76.644705][ T5085] dev_change_flags+0x8b/0x1a0
[ 76.644705][ T5085] do_setlink+0xccd/0x41f0
[ 76.644705][ T5085] rtnl_newlink+0x180b/0x20a0
[ 76.644705][ T5085] rtnetlink_rcv_msg+0x89d/0x10d0
[ 76.644705][ T5085] netlink_rcv_skb+0x1e5/0x430
[ 76.644705][ T5085] netlink_unicast+0x7ec/0x980
[ 76.644705][ T5085] netlink_sendmsg+0x8e1/0xcb0
[ 76.644705][ T5085] __sock_sendmsg+0x223/0x270
[ 76.644705][ T5085]
[ 76.731980][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.731980][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.731980][ T5085] inet6_create+0x6d4/0x10f0
[ 76.731980][ T5085] __sock_create+0x492/0x920
[ 76.731980][ T5085] udp_sock_create6+0xe7/0x870
[ 76.731980][ T5085] rxrpc_lookup_local+0xd86/0x1890
[ 76.731980][ T5085] rxrpc_bind+0x3b7/0x700
[ 76.731980][ T5085] kernel_bind+0x104/0x150
[ 76.731980][ T5085] afs_open_socket+0x2a6/0x610
[ 76.731980][ T5085] afs_net_init+0x7b9/0x9a0
[ 76.731980][ T5085] ops_init+0x354/0x610
[ 76.731980][ T5085] setup_net+0x515/0xca0
[ 76.731980][ T5085] copy_net_ns+0x4e4/0x7b0
[ 76.731980][ T5085] create_new_namespaces+0x425/0x7b0
[ 76.731980][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 76.731980][ T5085] ksys_unshare+0x619/0xc10
[ 76.731980][ T5085] __x64_sys_unshare+0x38/0x40
[ 76.731980][ T5085]
[ 76.819313][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.819313][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.819313][ T5085] rxrpc_create+0xda/0x690
[ 76.819313][ T5085] __sock_create+0x492/0x920
[ 76.819313][ T5085] afs_open_socket+0xe4/0x610
[ 76.819313][ T5085] afs_net_init+0x7b9/0x9a0
[ 76.819313][ T5085] ops_init+0x354/0x610
[ 76.819313][ T5085] setup_net+0x515/0xca0
[ 76.819313][ T5085] copy_net_ns+0x4e4/0x7b0
[ 76.819313][ T5085] create_new_namespaces+0x425/0x7b0
[ 76.819313][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 76.819313][ T5085] ksys_unshare+0x619/0xc10
[ 76.819313][ T5085] __x64_sys_unshare+0x38/0x40
[ 76.819313][ T5085] do_syscall_64+0xfd/0x240
[ 76.819313][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 76.819313][ T5085]
[ 76.897819][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.897819][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.897819][ T5085] tipc_sk_create+0x16b/0x1e90
[ 76.897819][ T5085] __sock_create+0x492/0x920
[ 76.897819][ T5085] tipc_topsrv_init_net+0x40d/0x9d0
[ 76.897819][ T5085] ops_init+0x354/0x610
[ 76.897819][ T5085] setup_net+0x515/0xca0
[ 76.897819][ T5085] copy_net_ns+0x4e4/0x7b0
[ 76.897819][ T5085] create_new_namespaces+0x425/0x7b0
[ 76.897819][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 76.897819][ T5085] ksys_unshare+0x619/0xc10
[ 76.897819][ T5085] __x64_sys_unshare+0x38/0x40
[ 76.897819][ T5085] do_syscall_64+0xfd/0x240
[ 76.897819][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 76.897819][ T5085]
[ 76.972526][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 76.972526][ T5085] sk_alloc+0x2ea/0x3d0
[ 76.972526][ T5085] inet6_create+0x6d4/0x10f0
[ 76.972526][ T5085] __sock_create+0x492/0x920
[ 76.972526][ T5085] rds_tcp_listen_init+0xd5/0x5a0
[ 76.972526][ T5085] rds_tcp_init_net+0x141/0x320
[ 76.972526][ T5085] ops_init+0x354/0x610
[ 76.972526][ T5085] setup_net+0x515/0xca0
[ 76.972526][ T5085] copy_net_ns+0x4e4/0x7b0
[ 76.972526][ T5085] create_new_namespaces+0x425/0x7b0
[ 76.972526][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 76.972526][ T5085] ksys_unshare+0x619/0xc10
[ 76.972526][ T5085] __x64_sys_unshare+0x38/0x40
[ 76.972526][ T5085] do_syscall_64+0xfd/0x240
[ 76.972526][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 76.972526][ T5085]
[ 77.052004][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.052004][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.052004][ T5085] __netlink_create+0x6c/0x280
[ 77.052004][ T5085] __netlink_kernel_create+0x1d8/0x780
[ 77.052004][ T5085] rdma_nl_net_init+0xc7/0x170
[ 77.052004][ T5085] rdma_dev_init_net+0x96/0x280
[ 77.052004][ T5085] ops_init+0x354/0x610
[ 77.052004][ T5085] setup_net+0x515/0xca0
[ 77.052004][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.052004][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.052004][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.052004][ T5085] ksys_unshare+0x619/0xc10
[ 77.052004][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.052004][ T5085] do_syscall_64+0xfd/0x240
[ 77.052004][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.052004][ T5085]
[ 77.132181][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.132181][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.132181][ T5085] inet6_create+0x6d4/0x10f0
[ 77.132181][ T5085] __sock_create+0x492/0x920
[ 77.132181][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.132181][ T5085] sctp_ctrlsock_init+0x44/0xd0
[ 77.132181][ T5085] ops_init+0x354/0x610
[ 77.132181][ T5085] setup_net+0x515/0xca0
[ 77.132181][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.132181][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.132181][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.132181][ T5085] ksys_unshare+0x619/0xc10
[ 77.132181][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.132181][ T5085] do_syscall_64+0xfd/0x240
[ 77.132181][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.132181][ T5085]
[ 77.211570][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 2/30 users at
[ 77.211570][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.211570][ T5085] inet6_create+0x6d4/0x10f0
[ 77.211570][ T5085] __sock_create+0x492/0x920
[ 77.211570][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.211570][ T5085] ops_init+0x354/0x610
[ 77.211570][ T5085] setup_net+0x515/0xca0
[ 77.211570][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.211570][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.211570][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.211570][ T5085] ksys_unshare+0x619/0xc10
[ 77.211570][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.211570][ T5085] do_syscall_64+0xfd/0x240
[ 77.211570][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.211570][ T5085]
[ 77.285995][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.285995][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.285995][ T5085] inet_create+0x652/0xe80
[ 77.285995][ T5085] __sock_create+0x492/0x920
[ 77.285995][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.285995][ T5085] ops_init+0x354/0x610
[ 77.285995][ T5085] setup_net+0x515/0xca0
[ 77.285995][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.285995][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.285995][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.285995][ T5085] ksys_unshare+0x619/0xc10
[ 77.285995][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.285995][ T5085] do_syscall_64+0xfd/0x240
[ 77.285995][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.285995][ T5085]
[ 77.360166][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.360166][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.360166][ T5085] inet6_create+0x6d4/0x10f0
[ 77.360166][ T5085] __sock_create+0x492/0x920
[ 77.360166][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.360166][ T5085] igmp6_net_init+0x16f/0x390
[ 77.360166][ T5085] ops_init+0x354/0x610
[ 77.360166][ T5085] setup_net+0x515/0xca0
[ 77.360166][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.360166][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.360166][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.360166][ T5085] ksys_unshare+0x619/0xc10
[ 77.360166][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.360166][ T5085] do_syscall_64+0xfd/0x240
[ 77.360166][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.360166][ T5085]
[ 77.439645][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.439645][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.439645][ T5085] inet6_create+0x6d4/0x10f0
[ 77.439645][ T5085] __sock_create+0x492/0x920
[ 77.439645][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.439645][ T5085] igmp6_net_init+0x39/0x390
[ 77.439645][ T5085] ops_init+0x354/0x610
[ 77.439645][ T5085] setup_net+0x515/0xca0
[ 77.439645][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.439645][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.439645][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.439645][ T5085] ksys_unshare+0x619/0xc10
[ 77.439645][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.439645][ T5085] do_syscall_64+0xfd/0x240
[ 77.439645][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.439645][ T5085]
[ 77.518784][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.518784][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.518784][ T5085] inet6_create+0x6d4/0x10f0
[ 77.518784][ T5085] __sock_create+0x492/0x920
[ 77.518784][ T5085] inet_ctl_sock_create+0xc2/0x250
[ 77.518784][ T5085] ndisc_net_init+0xa7/0x2b0
[ 77.518784][ T5085] ops_init+0x354/0x610
[ 77.518784][ T5085] setup_net+0x515/0xca0
[ 77.518784][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.518784][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.518784][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.518784][ T5085] ksys_unshare+0x619/0xc10
[ 77.518784][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.518784][ T5085] do_syscall_64+0xfd/0x240
[ 77.518784][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.518784][ T5085]
[ 77.597915][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 has 1/30 users at
[ 77.597915][ T5085] sk_alloc+0x2ea/0x3d0
[ 77.597915][ T5085] __netlink_create+0x6c/0x280
[ 77.597915][ T5085] __netlink_kernel_create+0x1d8/0x780
[ 77.597915][ T5085] xfrm_user_net_init+0xa2/0x150
[ 77.597915][ T5085] ops_init+0x354/0x610
[ 77.597915][ T5085] setup_net+0x515/0xca0
[ 77.597915][ T5085] copy_net_ns+0x4e4/0x7b0
[ 77.597915][ T5085] create_new_namespaces+0x425/0x7b0
[ 77.597915][ T5085] unshare_nsproxy_namespaces+0x124/0x180
[ 77.597915][ T5085] ksys_unshare+0x619/0xc10
[ 77.597915][ T5085] __x64_sys_unshare+0x38/0x40
[ 77.597915][ T5085] do_syscall_64+0xfd/0x240
[ 77.597915][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 77.597915][ T5085]
[ 77.673058][ T5085] ref_tracker: net notrefcnt@ffff8880226f01d8 skipped reports about 9/30 users.
[ 77.701239][ T61] ==================================================================
[ 77.709356][ T61] BUG: KASAN: slab-use-after-free in net_generic+0x137/0x240
[ 77.716805][ T61] Read of size 8 at addr ffff88802a43e828 by task kworker/u8:4/61
[ 77.724631][ T61]
[ 77.726967][ T61] CPU: 0 PID: 61 Comm: kworker/u8:4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e-dirty #0
[ 77.737146][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 77.747221][ T61] Workqueue: ipv6_addrconf addrconf_dad_work
[ 77.753246][ T61] Call Trace:
[ 77.756539][ T61]
[ 77.759487][ T61] dump_stack_lvl+0x241/0x360
[ 77.764202][ T61] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.769440][ T61] ? __pfx__printk+0x10/0x10
[ 77.774072][ T61] ? _printk+0xd5/0x120
[ 77.778297][ T61] ? __virt_addr_valid+0x183/0x520
[ 77.783446][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.788325][ T61] print_report+0x169/0x550
[ 77.792863][ T61] ? __virt_addr_valid+0x183/0x520
[ 77.798012][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.802893][ T61] ? __virt_addr_valid+0x44e/0x520
[ 77.808045][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.812923][ T61] ? __phys_addr+0xba/0x170
[ 77.817639][ T61] ? net_generic+0x137/0x240
[ 77.822251][ T61] kasan_report+0x143/0x180
[ 77.826801][ T61] ? net_generic+0x137/0x240
[ 77.831422][ T61] ? net_generic+0x1f/0x240
[ 77.835957][ T61] net_generic+0x137/0x240
[ 77.840395][ T61] call_fib_notifiers+0x23/0x60
[ 77.845304][ T61] fib6_add+0x1bd5/0x4430
[ 77.849707][ T61] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.856103][ T61] ? __pfx_lock_acquire+0x10/0x10
[ 77.861152][ T61] ? __pfx_fib6_add+0x10/0x10
[ 77.865864][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.870742][ T61] ? do_raw_spin_lock+0x14f/0x370
[ 77.875798][ T61] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 77.881630][ T61] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.887037][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.891919][ T61] ? ip6_ins_rt+0xf0/0x170
[ 77.896369][ T61] ip6_ins_rt+0x106/0x170
[ 77.900730][ T61] ? __pfx_ip6_ins_rt+0x10/0x10
[ 77.905616][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.910489][ T61] ? nlmsg_notify+0x15a/0x1c0
[ 77.915196][ T61] __ipv6_ifa_notify+0x5ca/0x11f0
[ 77.920243][ T61] ? __pfx___ipv6_ifa_notify+0x10/0x10
[ 77.925724][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.930599][ T61] ? mark_lock+0x9a/0x350
[ 77.934959][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.939842][ T61] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 77.945852][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 77.952210][ T61] ? __cancel_work+0x26a/0x390
[ 77.957001][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.961878][ T61] ? lockdep_hardirqs_on+0x99/0x150
[ 77.967113][ T61] ? srso_return_thunk+0x5/0x5f
[ 77.971989][ T61] ? __cancel_work+0x2ef/0x390
[ 77.976790][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 77.983154][ T61] addrconf_dad_completed+0x181/0xcd0
[ 77.988570][ T61] ? __pfx_addrconf_dad_completed+0x10/0x10
[ 77.994527][ T61] ? addrconf_dad_work+0x58a/0x16f0
[ 77.999783][ T61] addrconf_dad_work+0xdc2/0x16f0
[ 78.004876][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.009767][ T61] ? __pfx_addrconf_dad_work+0x10/0x10
[ 78.015276][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 78.021642][ T61] ? process_scheduled_works+0x91b/0x1770
[ 78.027395][ T61] process_scheduled_works+0xa02/0x1770
[ 78.032992][ T61] ? __pfx_process_scheduled_works+0x10/0x10
[ 78.039006][ T61] ? assign_work+0x364/0x3d0
[ 78.043622][ T61] worker_thread+0x86d/0xd70
[ 78.048241][ T61] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 78.054174][ T61] ? __kthread_parkme+0x169/0x1d0
[ 78.059229][ T61] ? __pfx_worker_thread+0x10/0x10
[ 78.064420][ T61] kthread+0x2f2/0x390
[ 78.068528][ T61] ? __pfx_worker_thread+0x10/0x10
[ 78.073668][ T61] ? __pfx_kthread+0x10/0x10
[ 78.078288][ T61] ret_from_fork+0x4d/0x80
[ 78.082745][ T61] ? __pfx_kthread+0x10/0x10
[ 78.087372][ T61] ret_from_fork_asm+0x1a/0x30
[ 78.092213][ T61]
[ 78.095242][ T61]
[ 78.097572][ T61] Allocated by task 5073:
[ 78.101905][ T61] kasan_save_track+0x3f/0x80
[ 78.106607][ T61] __kasan_kmalloc+0x98/0xb0
[ 78.111229][ T61] __kmalloc+0x233/0x4a0
[ 78.115490][ T61] copy_net_ns+0x10e/0x7b0
[ 78.119929][ T61] create_new_namespaces+0x425/0x7b0
[ 78.125249][ T61] unshare_nsproxy_namespaces+0x124/0x180
[ 78.130996][ T61] ksys_unshare+0x619/0xc10
[ 78.135525][ T61] __x64_sys_unshare+0x38/0x40
[ 78.140320][ T61] do_syscall_64+0xfd/0x240
[ 78.144846][ T61] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 78.150767][ T61]
[ 78.153098][ T61] Freed by task 5085:
[ 78.157087][ T61] kasan_save_track+0x3f/0x80
[ 78.161793][ T61] kasan_save_free_info+0x40/0x50
[ 78.166858][ T61] poison_slab_object+0xa6/0xe0
[ 78.171748][ T61] __kasan_slab_free+0x37/0x60
[ 78.176539][ T61] kfree+0x14a/0x380
[ 78.180452][ T61] net_drop_ns+0x6e/0xc0
[ 78.184724][ T61] iterate_cleanup_work+0x1d2/0x260
[ 78.189945][ T61] process_scheduled_works+0xa02/0x1770
[ 78.195511][ T61] worker_thread+0x86d/0xd70
[ 78.200123][ T61] kthread+0x2f2/0x390
[ 78.204225][ T61] ret_from_fork+0x4d/0x80
[ 78.208678][ T61] ret_from_fork_asm+0x1a/0x30
[ 78.213470][ T61]
[ 78.215805][ T61] The buggy address belongs to the object at ffff88802a43e800
[ 78.215805][ T61] which belongs to the cache kmalloc-1k of size 1024
[ 78.229884][ T61] The buggy address is located 40 bytes inside of
[ 78.229884][ T61] freed 1024-byte region [ffff88802a43e800, ffff88802a43ec00)
[ 78.243716][ T61]
[ 78.246057][ T61] The buggy address belongs to the physical page:
executing program
[ 78.252475][ T61] page:ffffea0000a90e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a438
[ 78.262645][ T61] head:ffffea0000a90e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 78.271623][ T61] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 78.280054][ T61] page_type: 0xffffffff()
[ 78.284404][ T61] raw: 00fff00000000840 ffff888014c41dc0 0000000000000000 dead000000000001
[ 78.293008][ T61] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 78.301607][ T61] page dumped because: kasan: bad access detected
[ 78.308035][ T61] page_owner tracks the page as allocated
[ 78.313762][ T61] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17639541498, free_ts 0
[ 78.333517][ T61] post_alloc_hook+0x1ea/0x210
[ 78.338325][ T61] get_page_from_freelist+0x33ea/0x3580
[ 78.343899][ T61] __alloc_pages+0x256/0x680
[ 78.348509][ T61] alloc_slab_page+0x5f/0x160
[ 78.353214][ T61] new_slab+0x84/0x2f0
[ 78.357310][ T61] ___slab_alloc+0xc73/0x1260
[ 78.362015][ T61] __kmalloc+0x2e5/0x4a0
[ 78.366275][ T61] ops_init+0x203/0x610
[ 78.370463][ T61] register_pernet_operations+0x2cb/0x660
[ 78.376214][ T61] register_pernet_subsys+0x28/0x40
[ 78.381450][ T61] ip6table_nat_init+0x39/0x80
[ 78.386249][ T61] do_one_initcall+0x23a/0x830
[ 78.391039][ T61] do_initcall_level+0x157/0x210
[ 78.395998][ T61] do_initcalls+0x3f/0x80
[ 78.400347][ T61] kernel_init_freeable+0x435/0x5d0
[ 78.405573][ T61] kernel_init+0x1d/0x2a0
[ 78.409923][ T61] page_owner free stack trace missing
[ 78.415297][ T61]
[ 78.417632][ T61] Memory state around the buggy address:
[ 78.423274][ T61] ffff88802a43e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.431349][ T61] ffff88802a43e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.439423][ T61] >ffff88802a43e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.447489][ T61] ^
[ 78.452872][ T61] ffff88802a43e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.460943][ T61] ffff88802a43e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.469270][ T61] ==================================================================
[ 78.477394][ T61] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.485047][ T61] CPU: 0 PID: 61 Comm: kworker/u8:4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e-dirty #0
[ 78.495225][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 78.505310][ T61] Workqueue: ipv6_addrconf addrconf_dad_work
[ 78.511434][ T61] Call Trace:
[ 78.514731][ T61]
[ 78.517685][ T61] dump_stack_lvl+0x241/0x360
[ 78.522408][ T61] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.527653][ T61] ? __pfx__printk+0x10/0x10
[ 78.532296][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.537188][ T61] ? vscnprintf+0x5d/0x90
[ 78.541544][ T61] panic+0x349/0x860
[ 78.545472][ T61] ? check_panic_on_warn+0x21/0xb0
[ 78.550616][ T61] ? __pfx_panic+0x10/0x10
[ 78.555063][ T61] ? mark_lock+0x9a/0x350
[ 78.559419][ T61] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 78.565358][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.570235][ T61] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 78.576165][ T61] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 78.582538][ T61] ? print_report+0x502/0x550
[ 78.587259][ T61] check_panic_on_warn+0x86/0xb0
[ 78.592247][ T61] ? net_generic+0x137/0x240
[ 78.596863][ T61] end_report+0x6e/0x140
[ 78.601143][ T61] kasan_report+0x154/0x180
[ 78.605683][ T61] ? net_generic+0x137/0x240
[ 78.610299][ T61] ? net_generic+0x1f/0x240
[ 78.614828][ T61] net_generic+0x137/0x240
[ 78.619269][ T61] call_fib_notifiers+0x23/0x60
[ 78.624143][ T61] fib6_add+0x1bd5/0x4430
[ 78.628522][ T61] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 78.634889][ T61] ? __pfx_lock_acquire+0x10/0x10
[ 78.639942][ T61] ? __pfx_fib6_add+0x10/0x10
[ 78.644649][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.649561][ T61] ? do_raw_spin_lock+0x14f/0x370
[ 78.654627][ T61] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 78.660470][ T61] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 78.665884][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.670772][ T61] ? ip6_ins_rt+0xf0/0x170
[ 78.675223][ T61] ip6_ins_rt+0x106/0x170
[ 78.679588][ T61] ? __pfx_ip6_ins_rt+0x10/0x10
[ 78.684474][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.689354][ T61] ? nlmsg_notify+0x15a/0x1c0
[ 78.694064][ T61] __ipv6_ifa_notify+0x5ca/0x11f0
[ 78.699112][ T61] ? __pfx___ipv6_ifa_notify+0x10/0x10
[ 78.704684][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.709561][ T61] ? mark_lock+0x9a/0x350
[ 78.713916][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.718789][ T61] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 78.724967][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 78.731325][ T61] ? __cancel_work+0x26a/0x390
[ 78.736127][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.741007][ T61] ? lockdep_hardirqs_on+0x99/0x150
[ 78.746238][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.751121][ T61] ? __cancel_work+0x2ef/0x390
[ 78.755923][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 78.762290][ T61] addrconf_dad_completed+0x181/0xcd0
[ 78.767717][ T61] ? __pfx_addrconf_dad_completed+0x10/0x10
[ 78.773655][ T61] ? addrconf_dad_work+0x58a/0x16f0
[ 78.778900][ T61] addrconf_dad_work+0xdc2/0x16f0
[ 78.783967][ T61] ? srso_return_thunk+0x5/0x5f
[ 78.788852][ T61] ? __pfx_addrconf_dad_work+0x10/0x10
[ 78.794358][ T61] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 78.800727][ T61] ? process_scheduled_works+0x91b/0x1770
[ 78.806474][ T61] process_scheduled_works+0xa02/0x1770
[ 78.812067][ T61] ? __pfx_process_scheduled_works+0x10/0x10
[ 78.818082][ T61] ? assign_work+0x364/0x3d0
[ 78.822754][ T61] worker_thread+0x86d/0xd70
[ 78.827425][ T61] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 78.833368][ T61] ? __kthread_parkme+0x169/0x1d0
[ 78.838514][ T61] ? __pfx_worker_thread+0x10/0x10
[ 78.843673][ T61] kthread+0x2f2/0x390
[ 78.847789][ T61] ? __pfx_worker_thread+0x10/0x10
[ 78.852931][ T61] ? __pfx_kthread+0x10/0x10
[ 78.857554][ T61] ret_from_fork+0x4d/0x80
[ 78.862007][ T61] ? __pfx_kthread+0x10/0x10
[ 78.866628][ T61] ret_from_fork_asm+0x1a/0x30
[ 78.871440][ T61]
[ 78.874677][ T61] Kernel Offset: disabled
[ 78.878995][ T61] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1837125112=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 0ee3535ea
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0ee3535ea8ff21d50e44372bb1cfd147e299ab5b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240404-085507'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0ee3535ea8ff21d50e44372bb1cfd147e299ab5b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240404-085507'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0ee3535ea8ff21d50e44372bb1cfd147e299ab5b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240404-085507'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"0ee3535ea8ff21d50e44372bb1cfd147e299ab5b\"