Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts.
2025/07/29 07:30:45 ignoring optional flag "sandboxArg"="0"
2025/07/29 07:30:45 ignoring optional flag "type"="gce"
2025/07/29 07:30:45 parsed 1 programs
2025/07/29 07:30:45 executed programs: 0
[   45.152217][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.159306][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.166809][  T331] device bridge_slave_0 entered promiscuous mode
[   45.173694][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.180713][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.188032][  T331] device bridge_slave_1 entered promiscuous mode
[   45.223886][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.230916][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.238177][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.245205][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.260871][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.268145][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.275472][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.282831][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.291754][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.299960][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.306996][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.315282][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.323427][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.330491][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.341050][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.350253][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.362456][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.373182][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.381235][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.388774][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.396942][  T331] device veth0_vlan entered promiscuous mode
[   45.406789][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.415679][  T331] device veth1_macvtap entered promiscuous mode
[   45.424536][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.434248][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.453150][   T30] kauditd_printk_skb: 14 callbacks suppressed
[   45.453163][   T30] audit: type=1400 audit(1753774245.606:88): avc:  denied  { create } for  pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.482882][   T30] audit: type=1400 audit(1753774245.606:89): avc:  denied  { write } for  pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.504798][   T30] audit: type=1400 audit(1753774245.606:90): avc:  denied  { nlmsg_write } for  pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.525825][   T30] audit: type=1400 audit(1753774245.606:91): avc:  denied  { prog_load } for  pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   45.743612][    C0] ==================================================================
[   45.751705][    C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[   45.759504][    C0] Read of size 4 at addr ffffc90000007ad8 by task syz-executor.0/331
[   45.767540][    C0] 
[   45.769852][    C0] CPU: 0 PID: 331 Comm: syz-executor.0 Not tainted 5.15.189-syzkaller-1081268-ga71626bd56a5 #0
[   45.780146][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.790197][    C0] Call Trace:
[   45.793455][    C0]  <IRQ>
[   45.796375][    C0]  __dump_stack+0x21/0x30
[   45.800765][    C0]  dump_stack_lvl+0xee/0x150
[   45.805336][    C0]  ? show_regs_print_info+0x20/0x20
[   45.810592][    C0]  ? load_image+0x3a0/0x3a0
[   45.815066][    C0]  print_address_description+0x7f/0x2c0
[   45.820716][    C0]  ? __xfrm_dst_hash+0x399/0x480
[   45.825641][    C0]  kasan_report+0xf1/0x140
[   45.830043][    C0]  ? __xfrm_dst_hash+0x399/0x480
[   45.834963][    C0]  __asan_report_load4_noabort+0x14/0x20
[   45.840587][    C0]  __xfrm_dst_hash+0x399/0x480
[   45.845341][    C0]  xfrm_state_find+0x27e/0x2a70
[   45.850183][    C0]  ? xfrm_sad_getinfo+0x170/0x170
[   45.855190][    C0]  ? xfrm_pol_bin_cmp+0x19e/0x310
[   45.860197][    C0]  xfrm_resolve_and_create_bundle+0x626/0x28d0
[   45.866505][    C0]  ? xfrm_sk_policy_lookup+0x470/0x470
[   45.871939][    C0]  ? xfrm_policy_lookup+0xc68/0xcc0
[   45.877127][    C0]  ? do_syscall_64+0x4c/0xa0
[   45.881706][    C0]  ? __xfrm_policy_check+0x28e0/0x28e0
[   45.887145][    C0]  ? __kasan_check_write+0x14/0x20
[   45.892240][    C0]  xfrm_lookup_with_ifid+0x6fd/0x2120
[   45.897590][    C0]  ? __xfrm_sk_clone_policy+0x680/0x680
[   45.903111][    C0]  ? ip_route_output_key_hash_rcu+0x14b8/0x2060
[   45.909325][    C0]  xfrm_lookup_route+0x3c/0x170
[   45.914156][    C0]  ip_route_output_flow+0x1d2/0x2d0
[   45.919326][    C0]  ? ipv4_sk_update_pmtu+0x1320/0x1320
[   45.924753][    C0]  ? make_kuid+0x1ad/0x640
[   45.929143][    C0]  ? __put_user_ns+0x60/0x60
[   45.933714][    C0]  ? __kasan_check_write+0x14/0x20
[   45.938846][    C0]  ? __alloc_skb+0x463/0x740
[   45.943426][    C0]  igmpv3_newpack+0x263/0xca0
[   45.948095][    C0]  ? update_stack_state+0x3d7/0x480
[   45.953285][    C0]  ? unwind_next_frame+0x3d5/0x700
[   45.958372][    C0]  ? stack_trace_save+0x98/0xe0
[   45.963202][    C0]  ? __kasan_slab_alloc+0xbd/0xf0
[   45.968292][    C0]  ? slab_post_alloc_hook+0x4f/0x2b0
[   45.973579][    C0]  ? vm_area_dup+0x26/0x210
[   45.978154][    C0]  ? igmpv3_sendpack+0x190/0x190
[   45.983099][    C0]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   45.988788][    C0]  ? _raw_spin_lock+0xe0/0xe0
[   45.993452][    C0]  add_grhead+0x75/0x2e0
[   45.997673][    C0]  add_grec+0x116c/0x1410
[   46.001986][    C0]  ? __kasan_check_write+0x14/0x20
[   46.007095][    C0]  igmp_ifc_timer_expire+0x89e/0xf80
[   46.012357][    C0]  ? __kasan_check_write+0x14/0x20
[   46.017525][    C0]  ? _raw_spin_lock+0x8e/0xe0
[   46.022176][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[   46.027543][    C0]  ? igmp_gq_timer_expire+0xe0/0xe0
[   46.032713][    C0]  call_timer_fn+0x38/0x290
[   46.037212][    C0]  ? igmp_gq_timer_expire+0xe0/0xe0
[   46.042379][    C0]  __run_timers+0x639/0x9a0
[   46.046855][    C0]  ? calc_index+0x200/0x200
[   46.051335][    C0]  ? sched_clock_cpu+0x18/0x3c0
[   46.056152][    C0]  run_timer_softirq+0x6a/0xf0
[   46.060884][    C0]  handle_softirqs+0x250/0x560
[   46.065618][    C0]  __irq_exit_rcu+0x52/0xf0
[   46.070093][    C0]  irq_exit_rcu+0x9/0x10
[   46.074307][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   46.079908][    C0]  </IRQ>
[   46.082810][    C0]  <TASK>
[   46.085715][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   46.091669][    C0] RIP: 0010:update_stack_state+0x3d7/0x480
[   46.097445][    C0] Code: 8b 05 7d 2f d1 7e 49 39 45 00 74 0e 48 8b 7d d0 e8 2e fc ff ff 49 89 c6 eb 1d 4c 8b 75 d0 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <74> 08 4c 89 f7 e8 ff e9 75 00 4d 8b 36 48 83 c3 48 48 89 d8 48 c1
[   46.117020][    C0] RSP: 0018:ffffc90000a373d8 EFLAGS: 00000246
[   46.123149][    C0] RAX: 1ffff92000146f28 RBX: ffffc90000a37528 RCX: ffffc90000a37901
[   46.131099][    C0] RDX: ffffc90000a37938 RSI: 1ffff92000146ea6 RDI: ffffc90000a37580
[   46.139073][    C0] RBP: ffffc90000a37498 R08: ffffc90000a375f0 R09: ffffc90000a375e8
[   46.147017][    C0] R10: 0000000000000002 R11: 1ffff92000146ea5 R12: dffffc0000000000
[   46.154965][    C0] R13: ffffc90000a37550 R14: ffffc90000a37940 R15: 1ffff92000146ead
[   46.162919][    C0]  unwind_next_frame+0x3d5/0x700
[   46.167852][    C0]  ? stack_trace_save+0xe0/0xe0
[   46.172694][    C0]  arch_stack_walk+0x108/0x140
[   46.177437][    C0]  ? kmem_cache_alloc+0xf7/0x260
[   46.182461][    C0]  stack_trace_save+0x98/0xe0
[   46.187128][    C0]  ? stack_trace_snprint+0xf0/0xf0
[   46.192263][    C0]  ? __kasan_check_write+0x14/0x20
[   46.197351][    C0]  ? memset+0x35/0x40
[   46.201308][    C0]  __kasan_slab_alloc+0xbd/0xf0
[   46.206129][    C0]  ? __kasan_slab_alloc+0xbd/0xf0
[   46.211136][    C0]  ? slab_post_alloc_hook+0x4f/0x2b0
[   46.216394][    C0]  ? kmem_cache_alloc+0xf7/0x260
[   46.221315][    C0]  slab_post_alloc_hook+0x4f/0x2b0
[   46.226397][    C0]  ? should_failslab+0x9/0x20
[   46.231068][    C0]  ? vm_area_dup+0x26/0x210
[   46.235549][    C0]  kmem_cache_alloc+0xf7/0x260
[   46.240293][    C0]  vm_area_dup+0x26/0x210
[   46.244598][    C0]  copy_mm+0x93a/0x1390
[   46.248729][    C0]  ? copy_signal+0x600/0x600
[   46.253285][    C0]  ? __init_rwsem+0xfc/0x1d0
[   46.257863][    C0]  ? copy_signal+0x4cb/0x600
[   46.262484][    C0]  copy_process+0x115c/0x3210
[   46.267155][    C0]  ? __pidfd_prepare+0x150/0x150
[   46.272078][    C0]  kernel_clone+0x23f/0x940
[   46.276560][    C0]  ? do_user_addr_fault+0xa64/0x1180
[   46.281820][    C0]  ? create_io_thread+0x130/0x130
[   46.286819][    C0]  __x64_sys_clone+0x176/0x1d0
[   46.291557][    C0]  ? __ia32_sys_vfork+0xf0/0xf0
[   46.296377][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   46.302416][    C0]  x64_sys_call+0x41f/0x9a0
[   46.306888][    C0]  do_syscall_64+0x4c/0xa0
[   46.311280][    C0]  ? clear_bhb_loop+0x50/0xa0
[   46.315925][    C0]  ? clear_bhb_loop+0x50/0xa0
[   46.320572][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.326441][    C0] RIP: 0033:0x7f54402cf993
[   46.330851][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[   46.350602][    C0] RSP: 002b:00007ffed1380e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   46.358990][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54402cf993
[   46.366934][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   46.374878][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   46.382820][    C0] R10: 0000555583163750 R11: 0000000000000246 R12: 0000000000000001
[   46.390849][    C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   46.398795][    C0]  </TASK>
[   46.401795][    C0] 
[   46.404094][    C0] 
[   46.406391][    C0] Memory state around the buggy address:
[   46.411988][    C0]  ffffc90000007980: 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[   46.420016][    C0]  ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.428042][    C0] >ffffc90000007a80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[   46.436068][    C0]                                                     ^
[   46.442979][    C0]  ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.451008][    C0]  ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.459052][    C0] ==================================================================
[   46.467078][    C0] Disabling lock debugging due to kernel taint
2025/07/29 07:30:50 executed programs: 659
2025/07/29 07:30:55 executed programs: 1532