Warning: Permanently added '10.128.1.92' (ED25519) to the list of known hosts.
2024/10/19 00:49:05 ignoring optional flag "sandboxArg"="0"
2024/10/19 00:49:05 ignoring optional flag "type"="gce"
2024/10/19 00:49:05 parsed 1 programs
2024/10/19 00:49:05 executed programs: 0
[   45.203875][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.210776][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.218623][  T350] device bridge_slave_0 entered promiscuous mode
[   45.225361][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.232255][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.239666][  T350] device bridge_slave_1 entered promiscuous mode
[   45.289171][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.296236][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.303432][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.310297][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.331731][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.339028][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.346444][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.354211][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.363210][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.371457][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.378372][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.386998][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.395383][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.402275][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.414061][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.423501][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.437559][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.450410][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.458313][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.465811][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.474091][  T350] device veth0_vlan entered promiscuous mode
[   45.484465][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.493795][  T350] device veth1_macvtap entered promiscuous mode
[   45.503566][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.513940][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.528197][   T30] kauditd_printk_skb: 15 callbacks suppressed
[   45.528214][   T30] audit: type=1400 audit(1729298945.812:91): avc:  denied  { mounton } for  pid=350 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   45.566202][   T30] audit: type=1400 audit(1729298945.852:92): avc:  denied  { create } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.586420][   T30] audit: type=1400 audit(1729298945.852:93): avc:  denied  { write } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.606750][   T30] audit: type=1400 audit(1729298945.852:94): avc:  denied  { nlmsg_write } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.627693][   T30] audit: type=1400 audit(1729298945.852:95): avc:  denied  { prog_load } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   46.298514][    C1] ==================================================================
[   46.306585][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x38d/0x460
[   46.314129][    C1] Read of size 4 at addr ffffc900001d0ab8 by task swapper/1/0
[   46.321419][    C1] 
[   46.323584][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.167-syzkaller-1075712-g5e4635681cf1 #0
[   46.333132][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   46.343030][    C1] Call Trace:
[   46.346161][    C1]  <IRQ>
[   46.348847][    C1]  dump_stack_lvl+0x151/0x1c0
[   46.353478][    C1]  ? io_uring_drop_tctx_refs+0x190/0x190
[   46.358908][    C1]  ? panic+0x760/0x760
[   46.362810][    C1]  ? do_idle+0x36b/0x5d0
[   46.366894][    C1]  print_address_description+0x87/0x3b0
[   46.372273][    C1]  kasan_report+0x179/0x1c0
[   46.376614][    C1]  ? __xfrm_dst_hash+0x38d/0x460
[   46.381741][    C1]  ? __xfrm_dst_hash+0x38d/0x460
[   46.386529][    C1]  __asan_report_load4_noabort+0x14/0x20
[   46.392084][    C1]  __xfrm_dst_hash+0x38d/0x460
[   46.396663][    C1]  xfrm_state_find+0x2f1/0x2f70
[   46.401356][    C1]  ? __kasan_check_read+0x11/0x20
[   46.406216][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   46.411159][    C1]  ? xfrm4_get_saddr+0x18c/0x2a0
[   46.415947][    C1]  ? secondary_startup_64_no_verify+0xb1/0xbb
[   46.421846][    C1]  ? rhashtable_lookup+0x499/0x520
[   46.426778][    C1]  ? stack_trace_snprint+0xf0/0xf0
[   46.431851][    C1]  xfrm_resolve_and_create_bundle+0x65a/0x2b70
[   46.437838][    C1]  ? xfrm_sk_policy_lookup+0x5b0/0x5b0
[   46.443129][    C1]  ? xfrm_policy_lookup+0xf95/0x1010
[   46.448335][    C1]  ? secondary_startup_64_no_verify+0xb1/0xbb
[   46.454257][    C1]  xfrm_lookup_with_ifid+0x6fc/0x20d0
[   46.459446][    C1]  ? __xfrm_sk_clone_policy+0x930/0x930
[   46.464896][    C1]  ? ip_route_output_key_hash_rcu+0x159d/0x20b0
[   46.471076][    C1]  xfrm_lookup_route+0x3b/0x160
[   46.475760][    C1]  ip_route_output_flow+0x1ef/0x310
[   46.480794][    C1]  ? ipv4_sk_update_pmtu+0x1e00/0x1e00
[   46.486102][    C1]  ? make_kuid+0x200/0x700
[   46.490352][    C1]  ? __put_user_ns+0x60/0x60
[   46.494773][    C1]  ? __alloc_skb+0x355/0x550
[   46.499196][    C1]  igmpv3_newpack+0x437/0x10d0
[   46.503805][    C1]  ? __queue_work+0x92a/0xcd0
[   46.508304][    C1]  ? delayed_work_timer_fn+0x61/0x80
[   46.513430][    C1]  ? igmpv3_sendpack+0x190/0x190
[   46.518290][    C1]  add_grhead+0x84/0x330
[   46.523082][    C1]  add_grec+0x12ca/0x15d0
[   46.527244][    C1]  ? __kasan_check_write+0x14/0x20
[   46.532193][    C1]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   46.537048][    C1]  ? igmpv3_send_report+0x460/0x460
[   46.542258][    C1]  igmp_ifc_timer_expire+0x83b/0xf50
[   46.547387][    C1]  ? __kasan_check_write+0x14/0x20
[   46.552340][    C1]  ? _raw_spin_lock+0xa4/0x1b0
[   46.556935][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[   46.562136][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.567174][    C1]  call_timer_fn+0x3b/0x2d0
[   46.571509][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.576556][    C1]  __run_timers+0x72a/0xa10
[   46.580888][    C1]  ? calc_index+0x280/0x280
[   46.585230][    C1]  ? hrtimer_interrupt+0x867/0xaa0
[   46.590165][    C1]  run_timer_softirq+0x69/0xf0
[   46.594767][    C1]  handle_softirqs+0x25e/0x5c0
[   46.599367][    C1]  __irq_exit_rcu+0x52/0xf0
[   46.603837][    C1]  irq_exit_rcu+0x9/0x10
[   46.607875][    C1]  sysvec_apic_timer_interrupt+0x9a/0xc0
[   46.613339][    C1]  </IRQ>
[   46.616126][    C1]  <TASK>
[   46.618896][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   46.624709][    C1] RIP: 0010:acpi_idle_enter+0x416/0x760
[   46.630181][    C1] Code: 89 de 48 83 e6 08 31 ff e8 e7 8a 89 fc 48 83 e3 08 0f 85 b0 00 00 00 0f 1f 44 00 00 e8 93 86 89 fc 0f 00 2d cc c6 c2 00 fb f4 <fa> e9 e1 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30
[   46.649704][    C1] RSP: 0018:ffffc90000157c30 EFLAGS: 000002d3
[   46.655620][    C1] RAX: ffffffff84e6d0ed RBX: 0000000000000000 RCX: ffff888100344f00
[   46.663418][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   46.671604][    C1] RBP: ffffc90000157c70 R08: ffffffff84e6d0d9 R09: ffffed10200689e1
[   46.679490][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[   46.687296][    C1] R13: ffff888102b9c804 R14: dffffc0000000000 R15: ffff888105980864
[   46.695121][    C1]  ? acpi_idle_enter+0x3f9/0x760
[   46.700167][    C1]  ? acpi_idle_enter+0x40d/0x760
[   46.705092][    C1]  ? intel_idle_ibrs+0x130/0x130
[   46.709866][    C1]  cpuidle_enter_state+0x5e1/0x1550
[   46.714895][    C1]  ? cpuidle_enter_s2idle+0x600/0x600
[   46.720114][    C1]  ? menu_enable_device+0x380/0x380
[   46.725230][    C1]  ? sched_clock_cpu+0x18/0x3b0
[   46.729907][    C1]  cpuidle_enter+0x5f/0xa0
[   46.734342][    C1]  do_idle+0x36b/0x5d0
[   46.738242][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   46.743275][    C1]  ? _raw_spin_unlock+0x50/0x70
[   46.747963][    C1]  cpu_startup_entry+0x18/0x20
[   46.752563][    C1]  start_secondary+0x2e6/0x3a0
[   46.757170][    C1]  secondary_startup_64_no_verify+0xb1/0xbb
[   46.762890][    C1]  </TASK>
[   46.765762][    C1] 
[   46.768020][    C1] 
[   46.770290][    C1] Memory state around the buggy address:
[   46.775747][    C1]  ffffc900001d0980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   46.783730][    C1]  ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   46.792000][    C1] >ffffc900001d0a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[   46.799876][    C1]                                         ^
[   46.805865][    C1]  ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.813763][    C1]  ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.821661][    C1] ==================================================================
[   46.829736][    C1] Disabling lock debugging due to kernel taint
2024/10/19 00:49:10 executed programs: 577
2024/10/19 00:49:15 executed programs: 1312