Warning: Permanently added '10.128.0.224' (ED25519) to the list of known hosts.
2025/03/11 02:37:40 ignoring optional flag "sandboxArg"="0"
2025/03/11 02:37:40 ignoring optional flag "type"="gce"
2025/03/11 02:37:40 parsed 1 programs
2025/03/11 02:37:40 executed programs: 0
[   45.661576][  T349] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.669302][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.676709][  T349] device bridge_slave_0 entered promiscuous mode
[   45.683713][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.690664][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.698027][  T349] device bridge_slave_1 entered promiscuous mode
[   45.745763][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.753014][  T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.760156][  T349] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.767403][  T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.786811][  T310] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.793890][  T310] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.801098][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.816273][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.826130][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.834200][  T310] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.841620][  T310] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.850316][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.858465][  T310] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.865569][  T310] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.877505][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.887121][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.901562][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.912878][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.922030][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.929956][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.938801][  T349] device veth0_vlan entered promiscuous mode
[   45.948797][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.957789][  T349] device veth1_macvtap entered promiscuous mode
[   45.967398][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.977393][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.990937][   T30] kauditd_printk_skb: 15 callbacks suppressed
[   45.990952][   T30] audit: type=1400 audit(1741660660.742:91): avc:  denied  { mounton } for  pid=349 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   46.027114][   T30] audit: type=1400 audit(1741660660.782:92): avc:  denied  { create } for  pid=354 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.047968][   T30] audit: type=1400 audit(1741660660.782:93): avc:  denied  { write } for  pid=354 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.068214][   T30] audit: type=1400 audit(1741660660.782:94): avc:  denied  { nlmsg_write } for  pid=354 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.089505][   T30] audit: type=1400 audit(1741660660.782:95): avc:  denied  { prog_load } for  pid=354 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   46.433290][    C0] ==================================================================
[   46.441359][    C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x38d/0x460
[   46.449520][    C0] Read of size 4 at addr ffffc900009879f8 by task syz-execprog/342
[   46.457302][    C0] 
[   46.459579][    C0] CPU: 0 PID: 342 Comm: syz-execprog Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[   46.469717][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   46.479633][    C0] Call Trace:
[   46.482821][    C0]  <TASK>
[   46.485713][    C0]  dump_stack_lvl+0x151/0x1c0
[   46.490387][    C0]  ? io_uring_drop_tctx_refs+0x190/0x190
[   46.495832][    C0]  ? panic+0x760/0x760
[   46.499727][    C0]  print_address_description+0x87/0x3b0
[   46.505115][    C0]  kasan_report+0x179/0x1c0
[   46.509658][    C0]  ? __xfrm_dst_hash+0x38d/0x460
[   46.514540][    C0]  ? __xfrm_dst_hash+0x38d/0x460
[   46.519309][    C0]  __asan_report_load4_noabort+0x14/0x20
[   46.525253][    C0]  __xfrm_dst_hash+0x38d/0x460
[   46.529845][    C0]  xfrm_state_find+0x2f1/0x2f70
[   46.534609][    C0]  ? __kasan_check_read+0x11/0x20
[   46.539562][    C0]  ? xfrm_sad_getinfo+0x170/0x170
[   46.544672][    C0]  ? xfrm4_get_saddr+0x18c/0x2a0
[   46.549579][    C0]  ? rhashtable_lookup+0x499/0x520
[   46.554747][    C0]  ? stack_trace_snprint+0xf0/0xf0
[   46.559827][    C0]  xfrm_resolve_and_create_bundle+0x65a/0x2b70
[   46.565832][    C0]  ? xfrm_sk_policy_lookup+0x5b0/0x5b0
[   46.571631][    C0]  ? xfrm_policy_lookup+0xf95/0x1010
[   46.576933][    C0]  xfrm_lookup_with_ifid+0x6fc/0x20d0
[   46.582326][    C0]  ? __xfrm_sk_clone_policy+0x930/0x930
[   46.587707][    C0]  ? ip_route_output_key_hash_rcu+0x159d/0x20b0
[   46.594084][    C0]  xfrm_lookup_route+0x3b/0x160
[   46.598770][    C0]  ip_route_output_flow+0x1ef/0x310
[   46.603806][    C0]  ? ipv4_sk_update_pmtu+0x1e00/0x1e00
[   46.609091][    C0]  ? make_kuid+0x200/0x700
[   46.613628][    C0]  ? __put_user_ns+0x60/0x60
[   46.618206][    C0]  ? __alloc_skb+0x355/0x550
[   46.622831][    C0]  igmpv3_newpack+0x437/0x10d0
[   46.627704][    C0]  ? igmpv3_sendpack+0x190/0x190
[   46.632486][    C0]  ? ttwu_do_activate+0x17c/0x290
[   46.637436][    C0]  add_grhead+0x84/0x330
[   46.641485][    C0]  add_grec+0x12ca/0x15d0
[   46.645651][    C0]  ? __kasan_check_write+0x14/0x20
[   46.650610][    C0]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   46.655456][    C0]  ? igmpv3_send_report+0x460/0x460
[   46.660492][    C0]  igmp_ifc_timer_expire+0x83b/0xf50
[   46.665616][    C0]  ? __kasan_check_write+0x14/0x20
[   46.670649][    C0]  ? _raw_spin_lock+0xa4/0x1b0
[   46.675251][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[   46.680644][    C0]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.685801][    C0]  call_timer_fn+0x3b/0x2d0
[   46.690166][    C0]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.695481][    C0]  __run_timers+0x72a/0xa10
[   46.700080][    C0]  ? calc_index+0x280/0x280
[   46.704513][    C0]  ? hrtimer_interrupt+0x867/0xaa0
[   46.709632][    C0]  run_timer_softirq+0x69/0xf0
[   46.714325][    C0]  handle_softirqs+0x25e/0x5c0
[   46.718921][    C0]  __irq_exit_rcu+0x52/0xf0
[   46.723266][    C0]  irq_exit_rcu+0x9/0x10
[   46.727385][    C0]  sysvec_apic_timer_interrupt+0x58/0xc0
[   46.732987][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   46.738801][    C0] RIP: 0033:0x6c6636
[   46.742792][    C0] Code: f1 75 5a 48 8d 70 08 83 3d c6 60 83 01 00 74 13 0f 1f 40 00 e8 1b c8 da ff 49 89 33 4c 8b 09 4d 89 4b 08 48 89 31 48 8b 72 30 <4c> 8b 4a 38 4c 8b 52 28 48 89 71 10 4c 89 49 18 83 3d 93 60 83 01
[   46.762673][    C0] RSP: 002b:000000c00111eeb0 EFLAGS: 00000246
[   46.768569][    C0] RAX: 000000c0010beae0 RBX: 0000000000911860 RCX: 000000c00112b800
[   46.776647][    C0] RDX: 0000000001481160 RSI: 000000000000000a RDI: 000000c00111fc48
[   46.784471][    C0] RBP: 000000c00111f020 R08: 0000000001efb9c7 R09: 0000000000c85f50
[   46.792267][    C0] R10: 0000000000000010 R11: 0000000000c7f2a0 R12: 000000c00111ef30
[   46.800343][    C0] R13: 0000000000000000 R14: 000000c0008ce540 R15: 000000007fffffff
[   46.808160][    C0]  </TASK>
[   46.811295][    C0] 
[   46.813450][    C0] 
[   46.815809][    C0] addr ffffc900009879f8 is located in stack of task syz-execprog/342 at offset 88 in frame:
[   46.825902][    C0]  igmpv3_newpack+0x0/0x10d0
[   46.830668][    C0] 
[   46.833010][    C0] this frame has 1 object:
[   46.837540][    C0]  [32, 88) 'fl4'
[   46.837552][    C0] 
[   46.843178][    C0] Memory state around the buggy address:
[   46.848721][    C0]  ffffc90000987880: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
[   46.857017][    C0]  ffffc90000987900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.864875][    C0] >ffffc90000987980: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
[   46.872911][    C0]                                                                 ^
[   46.880848][    C0]  ffffc90000987a00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   46.888696][    C0]  ffffc90000987a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.896833][    C0] ==================================================================
[   46.904832][    C0] Disabling lock debugging due to kernel taint
2025/03/11 02:37:45 executed programs: 594
2025/03/11 02:37:50 executed programs: 1324