Warning: Permanently added '10.128.0.240' (ED25519) to the list of known hosts.
2024/08/28 00:06:01 ignoring optional flag "sandboxArg"="0"
2024/08/28 00:06:02 parsed 1 programs
2024/08/28 00:06:02 executed programs: 0
[   45.826916][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.834005][  T413] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.841709][  T413] device bridge_slave_0 entered promiscuous mode
[   45.848629][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.855774][  T413] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.863092][  T413] device bridge_slave_1 entered promiscuous mode
[   45.917666][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.924548][  T413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.931758][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.938568][  T413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.963797][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.971398][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.978761][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.987045][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.997529][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.005679][  T359] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.012531][  T359] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.021602][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.030151][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.037043][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.060382][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.068180][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.078047][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.100457][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.108553][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.118927][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.129049][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.157825][   T23] kauditd_printk_skb: 15 callbacks suppressed
[   46.157836][   T23] audit: type=1400 audit(1724803562.410:91): avc:  denied  { create } for  pid=419 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.185151][   T23] audit: type=1400 audit(1724803562.420:92): avc:  denied  { write } for  pid=419 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.205770][   T23] audit: type=1400 audit(1724803562.420:93): avc:  denied  { nlmsg_write } for  pid=419 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.209325][    C1] ==================================================================
[   46.234240][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430
[   46.241762][    C1] Read of size 4 at addr ffff8881f6f09a78 by task kworker/1:1/24
[   46.249320][    C1] 
[   46.251485][    C1] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 5.4.281-syzkaller-04937-gd883a2284ec1 #0
[   46.261193][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   46.271193][    C1] Workqueue: rcu_gp process_srcu
[   46.275958][    C1] Call Trace:
[   46.279078][    C1]  <IRQ>
[   46.281788][    C1]  dump_stack+0x1d8/0x241
[   46.286032][    C1]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   46.291672][    C1]  ? printk+0xd1/0x111
[   46.295587][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   46.300359][    C1]  print_address_description+0x8c/0x600
[   46.305857][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   46.310617][    C1]  __kasan_report+0xf3/0x120
[   46.315041][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   46.320247][    C1]  kasan_report+0x30/0x60
[   46.324499][    C1]  __xfrm_dst_hash+0x355/0x430
[   46.329118][    C1]  xfrm_state_find+0x2cc/0x2dc0
[   46.333894][    C1]  ? ret_from_fork+0x1f/0x30
[   46.338315][    C1]  ? call_rcu+0x10/0x10
[   46.342308][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   46.347166][    C1]  ? xfrm4_get_saddr+0x18c/0x2a0
[   46.351941][    C1]  ? stack_trace_save+0x118/0x1c0
[   46.356975][    C1]  ? xfrm_pol_bin_key+0x21/0x1c0
[   46.361755][    C1]  xfrm_resolve_and_create_bundle+0x6aa/0x31d0
[   46.367739][    C1]  ? xfrm_pol_bin_obj+0x1c0/0x1c0
[   46.372603][    C1]  ? xfrm_sk_policy_lookup+0x5c0/0x5c0
[   46.377934][    C1]  ? xfrm_policy_lookup+0xe4f/0xec0
[   46.382940][    C1]  xfrm_lookup_with_ifid+0x549/0x1c90
[   46.388134][    C1]  ? rt_set_nexthop+0x21b/0x700
[   46.392826][    C1]  ? __xfrm_sk_clone_policy+0x8a0/0x8a0
[   46.398331][    C1]  ? ip_route_output_key_hash+0x230/0x230
[   46.403856][    C1]  xfrm_lookup_route+0x37/0x170
[   46.408530][    C1]  ip_route_output_flow+0x1fe/0x330
[   46.413924][    C1]  ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0
[   46.419216][    C1]  ? make_kuid+0x200/0x700
[   46.423469][    C1]  ? __put_user_ns+0x50/0x50
[   46.428065][    C1]  ? __alloc_skb+0x29e/0x4d0
[   46.432754][    C1]  igmpv3_newpack+0x437/0x1070
[   46.437363][    C1]  ? igmpv3_sendpack+0x190/0x190
[   46.442120][    C1]  add_grhead+0x75/0x2c0
[   46.446204][    C1]  add_grec+0x12c9/0x15d0
[   46.450449][    C1]  ? cpus_share_cache+0x110/0x110
[   46.455393][    C1]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   46.460343][    C1]  ? igmpv3_send_report+0x410/0x410
[   46.465372][    C1]  ? insert_work+0x279/0x330
[   46.469816][    C1]  igmp_ifc_timer_expire+0x7bc/0xea0
[   46.474922][    C1]  ? _raw_spin_lock+0xa4/0x1b0
[   46.479530][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[   46.484732][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.489886][    C1]  call_timer_fn+0x36/0x390
[   46.494368][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   46.499402][    C1]  __run_timers+0x879/0xbe0
[   46.503754][    C1]  ? enqueue_timer+0x300/0x300
[   46.508350][    C1]  ? check_preemption_disabled+0x9f/0x320
[   46.513898][    C1]  ? debug_smp_processor_id+0x20/0x20
[   46.519111][    C1]  ? lapic_next_event+0x5b/0x70
[   46.523789][    C1]  run_timer_softirq+0x63/0xf0
[   46.528383][    C1]  __do_softirq+0x23b/0x6b7
[   46.532858][    C1]  irq_exit+0x195/0x1c0
[   46.536810][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   46.542198][    C1]  apic_timer_interrupt+0xf/0x20
[   46.546952][    C1]  </IRQ>
[   46.549749][    C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x1a/0x70
[   46.556007][    C1] Code: 74 0a 18 4c 89 44 0a 20 49 ff c1 4c 89 09 c3 90 4c 8b 04 24 65 48 8b 15 f4 52 9e 7e 65 8b 05 f9 52 9e 7e a9 00 01 1f 00 74 01 <c3> 8b 82 00 0a 00 00 83 f8 03 75 f4 48 8b 8a 08 0a 00 00 44 8b 92
[   46.575782][    C1] RSP: 0018:ffff8881f22f7bd0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[   46.584114][    C1] RAX: 0000000000000000 RBX: ffffffff868e88c0 RCX: ffff8881f5cd8000
[   46.591927][    C1] RDX: ffff8881f5cd8000 RSI: 0000000000000008 RDI: 0000000000000000
[   46.599828][    C1] RBP: 000000000000059d R08: ffffffff822c3873 R09: ffffed103e45ef81
[   46.607897][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   46.615703][    C1] R13: 1ffffffff0bd6ef9 R14: 0000000000000008 R15: ffffffff85eb7678
[   46.623529][    C1]  ? find_next_bit+0x23/0x100
[   46.628039][    C1]  find_next_bit+0x23/0x100
[   46.632376][    C1]  ? cpumask_next+0xc/0x20
[   46.636629][    C1]  try_check_zero+0x6b/0x360
[   46.641506][    C1]  process_srcu+0x1ab/0xc40
[   46.645839][    C1]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   46.650867][    C1]  ? _raw_spin_lock_irqsave+0x210/0x210
[   46.656673][    C1]  ? read_word_at_a_time+0xe/0x20
[   46.661644][    C1]  ? strscpy+0x89/0x220
[   46.665724][    C1]  process_one_work+0x765/0xd20
[   46.670413][    C1]  worker_thread+0xaef/0x1470
[   46.674940][    C1]  kthread+0x2da/0x360
[   46.678827][    C1]  ? worker_clr_flags+0x170/0x170
[   46.683701][    C1]  ? kthread_blkcg+0xd0/0xd0
[   46.688117][    C1]  ret_from_fork+0x1f/0x30
[   46.692356][    C1] 
[   46.694533][    C1] The buggy address belongs to the page:
[   46.700118][    C1] page:ffffea0007dbc240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   46.709296][    C1] flags: 0x8000000000001000(reserved)
[   46.714507][    C1] raw: 8000000000001000 ffffea0007dbc248 ffffea0007dbc248 0000000000000000
[   46.722916][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   46.731335][    C1] page dumped because: kasan: bad access detected
[   46.737674][    C1] page_owner info is not present (never set?)
[   46.743563][    C1] 
[   46.745731][    C1] Memory state around the buggy address:
[   46.751207][    C1]  ffff8881f6f09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
[   46.759104][    C1]  ffff8881f6f09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.767007][    C1] >ffff8881f6f09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
[   46.774901][    C1]                                                                 ^
[   46.782712][    C1]  ffff8881f6f09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   46.790715][    C1]  ffff8881f6f09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.798846][    C1] ==================================================================
[   46.806917][    C1] Disabling lock debugging due to kernel taint
2024/08/28 00:06:07 executed programs: 508
2024/08/28 00:06:12 executed programs: 1105