Warning: Permanently added '[localhost]:43479' (ED25519) to the list of known hosts.
1970/01/01 00:03:53 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:03:56 parsed 1 programs
1970/01/01 00:03:56 executed programs: 0
[  241.791479][ T3364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.813680][ T3364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.026573][ T3364] hsr_slave_0: entered promiscuous mode
[  244.067370][ T3364] hsr_slave_1: entered promiscuous mode
[  246.255150][ T3364] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  246.309480][ T3364] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  246.340368][ T3364] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  246.375063][ T3364] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  248.121749][ T3364] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.898512][ T3364] veth0_vlan: entered promiscuous mode
[  254.971909][ T3364] veth1_vlan: entered promiscuous mode
[  255.227191][ T3364] veth0_macvtap: entered promiscuous mode
[  255.267343][ T3364] veth1_macvtap: entered promiscuous mode
[  255.517186][ T3364] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.517726][ T3364] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.518004][ T3364] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.518307][ T3364] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.418292][  T163] ==================================================================
[  256.429554][  T163] BUG: KASAN: invalid-access in __packet_get_status+0xb8/0x138
[  256.432810][  T163] Read at addr f7f000000b448000 by task kworker/u8:4/163
[  256.434564][  T163] Pointer tag: [f7], memory tag: [f0]
[  256.436530][  T163] 
[  256.437971][  T163] CPU: 0 PID: 163 Comm: kworker/u8:4 Not tainted 6.10.0-rc1-syzkaller-g2bfcfd584ff5 #0
[  256.440650][  T163] Hardware name: linux,dummy-virt (DT)
[  256.443264][  T163] Workqueue: ipv6_addrconf addrconf_dad_work
[  256.446715][  T163] Call trace:
[  256.447684][  T163]  dump_backtrace+0x94/0xec
[  256.448987][  T163]  show_stack+0x18/0x24
[  256.449819][  T163]  dump_stack_lvl+0x78/0x90
[  256.450681][  T163]  print_report+0x108/0x618
[  256.451568][  T163]  kasan_report+0x88/0xac
[  256.452430][  T163]  __do_kernel_fault+0x1a0/0x1dc
[  256.453702][  T163]  do_tag_check_fault+0x78/0x8c
[  256.455974][  T163]  do_mem_abort+0x44/0x94
[  256.456776][  T163]  el1_abort+0x40/0x60
[  256.457478][  T163]  el1h_64_sync_handler+0xd8/0xe4
[  256.458349][  T163]  el1h_64_sync+0x64/0x68
[  256.458960][  T163]  __packet_get_status+0xb8/0x138
[  256.459791][  T163]  tpacket_rcv+0x2b0/0xbd0
[  256.461122][  T163]  dev_queue_xmit_nit+0x284/0x2c8
[  256.462100][  T163]  dev_hard_start_xmit+0x7c/0x118
[  256.462865][  T163]  __dev_queue_xmit+0x1c0/0xea8
[  256.463820][  T163]  neigh_resolve_output+0xf8/0x1e0
[  256.465739][  T163]  ip6_finish_output2+0x2c4/0x914
[  256.466755][  T163]  ip6_finish_output+0x228/0x344
[  256.467492][  T163]  ip6_output+0x78/0x1c8
[  256.468271][  T163]  NF_HOOK.constprop.0+0x50/0xe0
[  256.469604][  T163]  ndisc_send_skb+0x1f8/0x3d8
[  256.470873][  T163]  ndisc_send_ns+0x68/0xb4
[  256.472031][  T163]  addrconf_dad_work+0x3d0/0x590
[  256.473340][  T163]  process_one_work+0x164/0x2a8
[  256.474938][  T163]  worker_thread+0x27c/0x38c
[  256.476679][  T163]  kthread+0x114/0x118
[  256.477350][  T163]  ret_from_fork+0x10/0x20
[  256.478516][  T163] 
[  256.479197][  T163] The buggy address belongs to the physical page:
[  256.482030][  T163] page: refcount:9 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x4b448
[  256.483321][  T163] head: order:3 mapcount:8 entire_mapcount:0 nr_pages_mapped:8 pincount:0
[  256.484413][  T163] flags: 0x1ffc20003000040(head|arch_2|arch_3|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x8)
[  256.486592][  T163] raw: 01ffc20003000040 0000000000000000 dead000000000122 0000000000000000
[  256.487724][  T163] raw: 0000000000000000 0000000000000000 0000000900000000 0000000000000000
[  256.491189][  T163] head: 01ffc20003000040 0000000000000000 dead000000000122 0000000000000000
[  256.493867][  T163] head: 0000000000000000 0000000000000000 0000000900000000 0000000000000000
[  256.495561][  T163] head: 01ffc20003000003 ffffc1ffc02d1201 ffffffff00000007 0000000000000008
[  256.497315][  T163] head: 0000000000000008 0000000000000000 0000000000000000 0000000000000000
[  256.498942][  T163] page dumped because: kasan: bad access detected
[  256.499903][  T163] 
[  256.500434][  T163] Memory state around the buggy address:
[  256.501450][  T163]  fff000000b447e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  256.502881][  T163]  fff000000b447f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  256.504081][  T163] >fff000000b448000: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0
[  256.505288][  T163]                    ^
[  256.506329][  T163]  fff000000b448100: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0
[  256.507789][  T163]  fff000000b448200: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0
[  256.508957][  T163] ==================================================================
[  256.511310][  T163] Disabling lock debugging due to kernel taint
1970/01/01 00:04:16 executed programs: 1
1970/01/01 00:04:22 executed programs: 6
1970/01/01 00:04:27 executed programs: 14
1970/01/01 00:04:33 executed programs: 22
1970/01/01 00:04:38 executed programs: 30
1970/01/01 00:04:44 executed programs: 38