Warning: Permanently added '10.128.0.249' (ED25519) to the list of known hosts.
2024/12/31 01:32:04 ignoring optional flag "sandboxArg"="0"
2024/12/31 01:32:04 ignoring optional flag "type"="gce"
2024/12/31 01:32:04 parsed 1 programs
2024/12/31 01:32:04 executed programs: 0
[   48.389778][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.396675][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.404024][  T350] device bridge_slave_0 entered promiscuous mode
[   48.410830][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.417761][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.425238][  T350] device bridge_slave_1 entered promiscuous mode
[   48.471301][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.478235][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.485372][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.492154][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.511324][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.518397][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.526207][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   48.533577][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.542503][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.550492][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.557349][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.565823][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.573883][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.580744][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.592402][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.601718][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.615385][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.627039][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.635111][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.642589][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.651175][  T350] device veth0_vlan entered promiscuous mode
[   48.661379][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.670284][  T350] device veth1_macvtap entered promiscuous mode
[   48.680031][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   48.689993][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.704245][   T30] kauditd_printk_skb: 15 callbacks suppressed
[   48.704260][   T30] audit: type=1400 audit(1735608724.804:91): avc:  denied  { mounton } for  pid=350 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   48.739297][   T30] audit: type=1400 audit(1735608724.834:92): avc:  denied  { create } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   48.759870][   T30] audit: type=1400 audit(1735608724.834:93): avc:  denied  { write } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   48.780636][   T30] audit: type=1400 audit(1735608724.834:94): avc:  denied  { nlmsg_write } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   48.801868][   T30] audit: type=1400 audit(1735608724.834:95): avc:  denied  { prog_load } for  pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   48.810812][    C1] ==================================================================
[   48.828772][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x38d/0x460
[   48.836323][    C1] Read of size 4 at addr ffffc900001d0ab8 by task udevd/101
[   48.843463][    C1] 
[   48.845609][    C1] CPU: 1 PID: 101 Comm: udevd Not tainted 5.15.173-syzkaller-1077993-gf7ce2ffd2f33 #0
[   48.854979][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   48.864891][    C1] Call Trace:
[   48.868124][    C1]  <IRQ>
[   48.870898][    C1]  dump_stack_lvl+0x151/0x1c0
[   48.875417][    C1]  ? io_uring_drop_tctx_refs+0x190/0x190
[   48.881077][    C1]  ? panic+0x760/0x760
[   48.884959][    C1]  ? inode_permission+0x22c/0x460
[   48.889853][    C1]  ? user_path_at_empty+0x43/0x1a0
[   48.894768][    C1]  ? vfs_statx+0xfd/0x720
[   48.898996][    C1]  print_address_description+0x87/0x3b0
[   48.904415][    C1]  kasan_report+0x179/0x1c0
[   48.908740][    C1]  ? __xfrm_dst_hash+0x38d/0x460
[   48.913515][    C1]  ? __xfrm_dst_hash+0x38d/0x460
[   48.918395][    C1]  __asan_report_load4_noabort+0x14/0x20
[   48.924029][    C1]  __xfrm_dst_hash+0x38d/0x460
[   48.928633][    C1]  xfrm_state_find+0x2f1/0x2f70
[   48.933544][    C1]  ? __kasan_check_read+0x11/0x20
[   48.938406][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   48.943280][    C1]  ? xfrm4_get_saddr+0x18c/0x2a0
[   48.948046][    C1]  ? rhashtable_lookup+0x499/0x520
[   48.953027][    C1]  ? stack_trace_snprint+0xf0/0xf0
[   48.957932][    C1]  xfrm_resolve_and_create_bundle+0x65a/0x2b70
[   48.964009][    C1]  ? xfrm_sk_policy_lookup+0x5b0/0x5b0
[   48.969315][    C1]  ? xfrm_policy_lookup+0xf95/0x1010
[   48.974422][    C1]  ? filename_lookup+0x230/0x5c0
[   48.979198][    C1]  ? user_path_at_empty+0x43/0x1a0
[   48.984238][    C1]  xfrm_lookup_with_ifid+0x6fc/0x20d0
[   48.989433][    C1]  ? __xfrm_sk_clone_policy+0x930/0x930
[   48.995070][    C1]  ? ip_route_output_key_hash_rcu+0x159d/0x20b0
[   49.001240][    C1]  xfrm_lookup_route+0x3b/0x160
[   49.006007][    C1]  ip_route_output_flow+0x1ef/0x310
[   49.011067][    C1]  ? ipv4_sk_update_pmtu+0x1e00/0x1e00
[   49.016345][    C1]  ? make_kuid+0x200/0x700
[   49.020597][    C1]  ? __put_user_ns+0x60/0x60
[   49.025023][    C1]  ? __alloc_skb+0x355/0x550
[   49.029786][    C1]  igmpv3_newpack+0x437/0x10d0
[   49.034394][    C1]  ? igmpv3_sendpack+0x190/0x190
[   49.039261][    C1]  ? __this_cpu_preempt_check+0x13/0x20
[   49.044659][    C1]  ? __raise_softirq_irqoff+0x1a/0xe0
[   49.049991][    C1]  ? raise_softirq+0xa6/0x110
[   49.054512][    C1]  add_grhead+0x84/0x330
[   49.058586][    C1]  add_grec+0x12ca/0x15d0
[   49.062777][    C1]  ? __kasan_check_read+0x11/0x20
[   49.067621][    C1]  ? _nohz_idle_balance+0x4f0/0x4f0
[   49.072815][    C1]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   49.077643][    C1]  ? igmpv3_send_report+0x460/0x460
[   49.082680][    C1]  igmp_ifc_timer_expire+0x83b/0xf50
[   49.087808][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   49.093262][    C1]  call_timer_fn+0x3b/0x2d0
[   49.097604][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   49.102727][    C1]  __run_timers+0x72a/0xa10
[   49.107067][    C1]  ? calc_index+0x280/0x280
[   49.111404][    C1]  ? hrtimer_interrupt+0x867/0xaa0
[   49.116352][    C1]  run_timer_softirq+0x69/0xf0
[   49.120952][    C1]  handle_softirqs+0x25e/0x5c0
[   49.125646][    C1]  __irq_exit_rcu+0x52/0xf0
[   49.130103][    C1]  irq_exit_rcu+0x9/0x10
[   49.134249][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   49.139718][    C1]  </IRQ>
[   49.142818][    C1]  <TASK>
[   49.145592][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   49.151426][    C1] RIP: 0010:__raw_callee_save___pv_queued_spin_unlock+0x10/0x17
[   49.159027][    C1] Code: 41 51 41 52 41 53 e8 cb 0a 00 00 41 5b 41 5a 41 59 41 58 5f 5e 5a 59 5d c3 90 55 48 89 e5 52 b8 01 00 00 00 31 d2 f0 0f b0 17 <3c> 01 75 03 5a 5d c3 56 0f b6 f0 e8 bc ff ff ff 5e 5a 5d c3 0f 1f
[   49.178633][    C1] RSP: 0018:ffffc90000a376e8 EFLAGS: 00000246
[   49.184546][    C1] RAX: 0000000000000001 RBX: ffff88810cfacad8 RCX: dffffc0000000000
[   49.192344][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810cfacad8
[   49.200160][    C1] RBP: ffffc90000a376f0 R08: ffffffff81bd887d R09: 0000000000000003
[   49.208061][    C1] R10: fffff52000146ed4 R11: dffffc0000000001 R12: ffff8881013fff18
[   49.215869][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88810cfaca50
[   49.223679][    C1]  ? generic_permission+0x1ad/0x510
[   49.228715][    C1]  _raw_spin_unlock+0x41/0x70
[   49.233227][    C1]  kernfs_iop_permission+0x297/0x3b0
[   49.238342][    C1]  ? security_inode_permission+0xb0/0xf0
[   49.243813][    C1]  inode_permission+0x22c/0x460
[   49.248501][    C1]  ? kernfs_evict_inode+0x60/0x60
[   49.253368][    C1]  link_path_walk+0x2be/0xd90
[   49.257973][    C1]  ? handle_lookup_down+0x130/0x130
[   49.262994][    C1]  path_lookupat+0xa0/0x450
[   49.267336][    C1]  filename_lookup+0x230/0x5c0
[   49.271935][    C1]  ? hashlen_string+0x120/0x120
[   49.276720][    C1]  ? getname_flags+0x1fd/0x520
[   49.281318][    C1]  user_path_at_empty+0x43/0x1a0
[   49.286104][    C1]  vfs_statx+0xfd/0x720
[   49.290297][    C1]  ? vfs_fstatat+0x40/0x40
[   49.294498][    C1]  ? debug_smp_processor_id+0x17/0x20
[   49.299932][    C1]  __se_sys_newfstatat+0xc8/0x760
[   49.304793][    C1]  ? __x64_sys_newfstatat+0xb0/0xb0
[   49.309829][    C1]  ? vfs_submount+0xb0/0xb0
[   49.314225][    C1]  ? lockref_put_return+0xc9/0xe0
[   49.319130][    C1]  ? mntput+0x5d/0xc0
[   49.322942][    C1]  ? debug_smp_processor_id+0x17/0x20
[   49.328134][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   49.334099][    C1]  __x64_sys_newfstatat+0x9b/0xb0
[   49.339012][    C1]  x64_sys_call+0x6e2/0x9a0
[   49.343334][    C1]  do_syscall_64+0x3b/0xb0
[   49.347578][    C1]  ? clear_bhb_loop+0x35/0x90
[   49.352093][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   49.357831][    C1] RIP: 0033:0x7f254986c5f4
[   49.362084][    C1] Code: 64 c7 00 09 00 00 00 83 c8 ff c3 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 00 00 00 00 41 89 ca b8 06 01 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 10 48 8b 15 03 a8 0d 00 f7 d8 41 83 c8
[   49.381515][    C1] RSP: 002b:00007fffc5a45388 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[   49.389766][    C1] RAX: ffffffffffffffda RBX: 0000556e63cd7140 RCX: 00007f254986c5f4
[   49.397668][    C1] RDX: 00007fffc5a45398 RSI: 00007fffc5a45828 RDI: 00000000ffffff9c
[   49.405483][    C1] RBP: 00007fffc5a45428 R08: 0000000000000000 R09: 0000000000000000
[   49.413300][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc5a45828
[   49.421103][    C1] R13: 00007fffc5a45398 R14: 0000556e63ccb2c0 R15: 0000000000000000
[   49.429102][    C1]  </TASK>
[   49.431953][    C1] 
[   49.434207][    C1] 
[   49.436433][    C1] Memory state around the buggy address:
[   49.442035][    C1]  ffffc900001d0980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   49.449929][    C1]  ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   49.457824][    C1] >ffffc900001d0a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[   49.465716][    C1]                                         ^
[   49.471451][    C1]  ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.479353][    C1]  ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.487250][    C1] ==================================================================
[   49.495242][    C1] Disabling lock debugging due to kernel taint
2024/12/31 01:32:09 executed programs: 627
2024/12/31 01:32:14 executed programs: 1346