Warning: Permanently added '[localhost]:39005' (ED25519) to the list of known hosts. 1970/01/01 00:04:03 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:04:05 parsed 1 programs 1970/01/01 00:04:05 executed programs: 0 [ 250.305665][ T3372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.330693][ T3372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.969528][ T3372] hsr_slave_0: entered promiscuous mode [ 252.014558][ T3372] hsr_slave_1: entered promiscuous mode [ 253.966996][ T3372] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 254.033124][ T3372] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 254.119717][ T3372] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 254.285590][ T3372] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 255.847634][ T3372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.915164][ T3372] veth0_vlan: entered promiscuous mode [ 260.993382][ T3372] veth1_vlan: entered promiscuous mode [ 261.214267][ T3372] veth0_macvtap: entered promiscuous mode [ 261.255574][ T3372] veth1_macvtap: entered promiscuous mode [ 261.556648][ T3372] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.559425][ T3372] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.561167][ T3372] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.575343][ T3372] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.366974][ C0] ================================================================== [ 262.376399][ C0] BUG: KASAN: invalid-access in __packet_get_status+0xb0/0x12c [ 262.379127][ C0] Read at addr f4ff000006b50000 by task rm/3484 [ 262.380053][ C0] Pointer tag: [f4], memory tag: [f0] [ 262.380751][ C0] [ 262.382281][ C0] CPU: 0 PID: 3484 Comm: rm Not tainted 6.6.0-syzkaller-gffc253263a13 #0 [ 262.383794][ C0] Hardware name: linux,dummy-virt (DT) [ 262.384576][ C0] Call trace: [ 262.385228][ C0] dump_backtrace+0x94/0xec [ 262.386024][ C0] show_stack+0x18/0x24 [ 262.386556][ C0] dump_stack_lvl+0x48/0x60 [ 262.387070][ C0] print_report+0x108/0x618 [ 262.387613][ C0] kasan_report+0x88/0xac [ 262.388132][ C0] __do_kernel_fault+0x17c/0x1e8 [ 262.388675][ C0] do_tag_check_fault+0x78/0x8c [ 262.389211][ C0] do_mem_abort+0x44/0x94 [ 262.389737][ C0] el1_abort+0x40/0x60 [ 262.390236][ C0] el1h_64_sync_handler+0xd8/0xe4 [ 262.390808][ C0] el1h_64_sync+0x64/0x68 [ 262.391357][ C0] __packet_get_status+0xb0/0x12c [ 262.392133][ C0] tpacket_rcv+0x29c/0xc04 [ 262.392635][ C0] dev_queue_xmit_nit+0x27c/0x2c0 [ 262.393379][ C0] dev_hard_start_xmit+0x70/0x10c [ 262.393893][ C0] __dev_queue_xmit+0x1c0/0xe48 [ 262.394577][ C0] ip6_finish_output2+0x260/0x7b8 [ 262.395210][ C0] ip6_finish_output+0x23c/0x354 [ 262.395766][ C0] ip6_output+0x74/0x1cc [ 262.396339][ C0] NF_HOOK.constprop.0+0x50/0xe0 [ 262.397031][ C0] ndisc_send_skb+0x280/0x474 [ 262.397537][ C0] ndisc_send_rs+0x5c/0x1b0 [ 262.398100][ C0] addrconf_rs_timer+0x158/0x2b0 [ 262.398815][ C0] call_timer_fn.constprop.0+0x24/0x80 [ 262.399614][ C0] __run_timers+0x224/0x270 [ 262.400132][ C0] run_timer_softirq+0x20/0x40 [ 262.400881][ C0] __do_softirq+0x10c/0x284 [ 262.401622][ C0] ____do_softirq+0x10/0x1c [ 262.402288][ C0] call_on_irq_stack+0x24/0x4c [ 262.402806][ C0] do_softirq_own_stack+0x1c/0x28 [ 262.403380][ C0] irq_exit_rcu+0xd8/0xf4 [ 262.403884][ C0] el1_interrupt+0x38/0x64 [ 262.404395][ C0] el1h_64_irq_handler+0x18/0x24 [ 262.404900][ C0] el1h_64_irq+0x64/0x68 [ 262.405434][ C0] up_write+0x30/0x80 [ 262.405912][ C0] do_vmi_align_munmap+0x15c/0x40c [ 262.406473][ C0] do_vmi_munmap+0xac/0x100 [ 262.406987][ C0] mmap_region+0xd4/0x968 [ 262.407516][ C0] do_mmap+0x3e0/0x4c4 [ 262.407992][ C0] vm_mmap_pgoff+0xf0/0x134 [ 262.408473][ C0] ksys_mmap_pgoff+0x4c/0x204 [ 262.409005][ C0] __arm64_sys_mmap+0x30/0x44 [ 262.409513][ C0] invoke_syscall+0x48/0x114 [ 262.410033][ C0] el0_svc_common.constprop.0+0x40/0xe0 [ 262.410639][ C0] do_el0_svc+0x1c/0x28 [ 262.411201][ C0] el0_svc+0x40/0x114 [ 262.411876][ C0] el0t_64_sync_handler+0x100/0x12c [ 262.412434][ C0] el0t_64_sync+0x19c/0x1a0 [ 262.413228][ C0] [ 262.413810][ C0] The buggy address belongs to the physical page: [ 262.414704][ C0] page:000000005249250c refcount:9 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x46b50 [ 262.415919][ C0] head:000000005249250c order:3 entire_mapcount:0 nr_pages_mapped:8 pincount:0 [ 262.416724][ C0] flags: 0x1ffc2c006000040(head|arch_2|arch_3|node=0|zone=0|lastcpupid=0x7ff|kasantag=0xb) [ 262.418069][ C0] page_type: 0x0() [ 262.419399][ C0] raw: 01ffc2c006000040 0000000000000000 dead000000000122 0000000000000000 [ 262.420272][ C0] raw: 0000000000000000 0000000000000000 0000000900000000 0000000000000000 [ 262.421065][ C0] page dumped because: kasan: bad access detected [ 262.421687][ C0] [ 262.422086][ C0] Memory state around the buggy address: [ 262.424285][ C0] ffff000006b4fe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 262.425157][ C0] ffff000006b4ff00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 262.425840][ C0] >ffff000006b50000: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 262.426498][ C0] ^ [ 262.427306][ C0] ffff000006b50100: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 262.428058][ C0] ffff000006b50200: f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 f0 [ 262.428771][ C0] ================================================================== [ 262.432321][ C0] Disabling lock debugging due to kernel taint 1970/01/01 00:04:23 executed programs: 1 1970/01/01 00:04:28 executed programs: 6 1970/01/01 00:04:33 executed programs: 13 1970/01/01 00:04:38 executed programs: 20 1970/01/01 00:04:43 executed programs: 28 1970/01/01 00:04:49 executed programs: 35