Warning: Permanently added '[localhost]:41236' (ED25519) to the list of known hosts. 1970/01/01 00:02:47 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:02:48 parsed 1 programs 1970/01/01 00:02:48 executed programs: 0 [ 172.377075][ T3436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.390547][ T3436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.641176][ T3436] hsr_slave_0: entered promiscuous mode [ 173.700610][ T3436] hsr_slave_1: entered promiscuous mode [ 175.199731][ T3436] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 175.222406][ T3436] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 175.246212][ T3436] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 175.265997][ T3436] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 176.272218][ T3436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.215521][ T3436] veth0_vlan: entered promiscuous mode [ 181.283589][ T3436] veth1_vlan: entered promiscuous mode [ 181.470413][ T3436] veth0_macvtap: entered promiscuous mode [ 181.486376][ T3436] veth1_macvtap: entered promiscuous mode [ 181.587028][ T3436] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.589087][ T3436] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.589697][ T3436] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.590269][ T3436] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.050175][ T3343] ================================================================== [ 182.054882][ T3343] BUG: KASAN: invalid-access in __packet_get_status+0xb8/0x138 [ 182.056124][ T3343] Read at addr f6f0000007e60000 by task kworker/0:3/3343 [ 182.056679][ T3343] Pointer tag: [f6], memory tag: [f0] [ 182.057053][ T3343] [ 182.059147][ T3343] CPU: 0 UID: 0 PID: 3343 Comm: kworker/0:3 Not tainted 6.11.0-rc2-syzkaller-gde9c2c66ad8e #0 [ 182.060648][ T3343] Hardware name: linux,dummy-virt (DT) [ 182.061510][ T3343] Workqueue: mld mld_ifc_work [ 182.062691][ T3343] Call trace: [ 182.063205][ T3343] dump_backtrace+0x94/0xec [ 182.063797][ T3343] show_stack+0x18/0x24 [ 182.064305][ T3343] dump_stack_lvl+0x78/0x90 [ 182.064782][ T3343] print_report+0x108/0x618 [ 182.065309][ T3343] kasan_report+0x88/0xac [ 182.065823][ T3343] __do_kernel_fault+0x170/0x1c8 [ 182.066344][ T3343] do_tag_check_fault+0x78/0x8c [ 182.066857][ T3343] do_mem_abort+0x44/0x94 [ 182.067643][ T3343] el1_abort+0x40/0x60 [ 182.068135][ T3343] el1h_64_sync_handler+0xd8/0xe4 [ 182.068636][ T3343] el1h_64_sync+0x64/0x68 [ 182.069132][ T3343] __packet_get_status+0xb8/0x138 [ 182.069687][ T3343] tpacket_rcv+0x2b8/0xc58 [ 182.070153][ T3343] dev_queue_xmit_nit+0x284/0x2cc [ 182.070664][ T3343] dev_hard_start_xmit+0x78/0x114 [ 182.071157][ T3343] __dev_queue_xmit+0x1b4/0xf48 [ 182.071704][ T3343] ip6_finish_output2+0x3ac/0x924 [ 182.072215][ T3343] ip6_finish_output+0x22c/0x34c [ 182.072724][ T3343] ip6_output+0x78/0x1cc [ 182.073190][ T3343] NF_HOOK.constprop.0+0x50/0xe0 [ 182.073757][ T3343] mld_sendpack+0x204/0x40c [ 182.074239][ T3343] mld_ifc_work+0x1d4/0x478 [ 182.074728][ T3343] process_one_work+0x15c/0x29c [ 182.075248][ T3343] worker_thread+0x254/0x364 [ 182.075734][ T3343] kthread+0x114/0x118 [ 182.076206][ T3343] ret_from_fork+0x10/0x20 [ 182.076895][ T3343] [ 182.077413][ T3343] The buggy address belongs to the physical page: [ 182.078206][ T3343] page: refcount:9 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x47e60 [ 182.079029][ T3343] head: order:3 mapcount:8 entire_mapcount:0 nr_pages_mapped:8 pincount:0 [ 182.079807][ T3343] flags: 0x1ffc24003000040(head|arch_2|arch_3|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9) [ 182.081226][ T3343] raw: 01ffc24003000040 0000000000000000 dead000000000122 0000000000000000 [ 182.081992][ T3343] raw: 0000000000000000 0000000000000000 0000000900000000 0000000000000000 [ 182.082742][ T3343] head: 01ffc24003000040 0000000000000000 dead000000000122 0000000000000000 [ 182.083449][ T3343] head: 0000000000000000 0000000000000000 0000000900000000 0000000000000000 [ 182.084136][ T3343] head: 01ffc24003000003 ffffc1ffc01f9801 ffffffff00000007 0000000000000008 [ 182.084813][ T3343] head: 0000000000000008 0000000000000000 0000000000000000 0000000000000000 [ 182.085598][ T3343] page dumped because: kasan: bad access detected [ 182.086159][ T3343] [ 182.086499][ T3343] Memory state around the buggy address: [ 182.087310][ T3343] fff0000007e5fe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 182.088302][ T3343] fff0000007e5ff00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 182.088947][ T3343] >fff0000007e60000: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 182.089697][ T3343] ^ [ 182.090282][ T3343] fff0000007e60100: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 182.090958][ T3343] fff0000007e60200: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 182.091695][ T3343] ================================================================== [ 182.092970][ T3343] Disabling lock debugging due to kernel taint 1970/01/01 00:03:02 executed programs: 1 1970/01/01 00:03:07 executed programs: 9 1970/01/01 00:03:12 executed programs: 18 1970/01/01 00:03:17 executed programs: 27 1970/01/01 00:03:23 executed programs: 36 1970/01/01 00:03:28 executed programs: 45