Warning: Permanently added '10.128.0.136' (ED25519) to the list of known hosts.
2025/10/07 11:26:11 ignoring optional flag "type"="gce"
2025/10/07 11:26:11 parsed 1 programs
2025/10/07 11:26:11 executed programs: 0
[ 40.020129][ T332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.027349][ T332] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.034906][ T332] device bridge_slave_0 entered promiscuous mode
[ 40.041690][ T332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.049072][ T332] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.056766][ T332] device bridge_slave_1 entered promiscuous mode
[ 40.095329][ T332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.102377][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.109749][ T332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.116822][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.132134][ T305] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.139439][ T305] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.147563][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 40.155312][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 40.164068][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 40.172335][ T305] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.179383][ T305] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.187858][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 40.196132][ T305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.203191][ T305] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.214022][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.223599][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.236483][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.247144][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.255323][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 40.263147][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 40.271515][ T332] device veth0_vlan entered promiscuous mode
[ 40.280872][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.290333][ T332] device veth1_macvtap entered promiscuous mode
[ 40.299227][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.309445][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.330040][ T30] kauditd_printk_skb: 14 callbacks suppressed
[ 40.330055][ T30] audit: type=1400 audit(1759836371.511:88): avc: denied { create } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 40.357353][ T30] audit: type=1400 audit(1759836371.511:89): avc: denied { write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 40.378546][ T30] audit: type=1400 audit(1759836371.511:90): avc: denied { nlmsg_write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 40.400048][ T30] audit: type=1400 audit(1759836371.511:91): avc: denied { prog_load } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 40.622689][ C0] ==================================================================
[ 40.630790][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[ 40.638775][ C0] Read of size 4 at addr ffffc90000007ad8 by task syz-executor.0/417
[ 40.646942][ C0]
[ 40.649270][ C0] CPU: 0 PID: 417 Comm: syz-executor.0 Not tainted syzkaller #0
[ 40.656942][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 40.667002][ C0] Call Trace:
[ 40.670274][ C0]
[ 40.673382][ C0] __dump_stack+0x21/0x30
[ 40.677708][ C0] dump_stack_lvl+0xee/0x150
[ 40.682295][ C0] ? show_regs_print_info+0x20/0x20
[ 40.687497][ C0] ? load_image+0x3a0/0x3a0
[ 40.692020][ C0] print_address_description+0x7f/0x2c0
[ 40.697552][ C0] ? __xfrm_dst_hash+0x399/0x480
[ 40.702502][ C0] kasan_report+0xf1/0x140
[ 40.707008][ C0] ? __xfrm_dst_hash+0x399/0x480
[ 40.711958][ C0] __asan_report_load4_noabort+0x14/0x20
[ 40.717587][ C0] __xfrm_dst_hash+0x399/0x480
[ 40.722345][ C0] xfrm_state_find+0x27e/0x2a70
[ 40.727187][ C0] ? xfrm_sad_getinfo+0x170/0x170
[ 40.732199][ C0] ? xfrm_pol_bin_cmp+0x19e/0x310
[ 40.737252][ C0] xfrm_resolve_and_create_bundle+0x626/0x28d0
[ 40.743422][ C0] ? xfrm_sk_policy_lookup+0x470/0x470
[ 40.748902][ C0] ? xfrm_policy_lookup+0xc68/0xcc0
[ 40.754090][ C0] ? __xfrm_policy_check+0x28e0/0x28e0
[ 40.759613][ C0] ? __kasan_check_write+0x14/0x20
[ 40.764720][ C0] xfrm_lookup_with_ifid+0x6fd/0x2120
[ 40.770172][ C0] ? rt_set_nexthop+0x5ce/0x790
[ 40.775004][ C0] ? __xfrm_sk_clone_policy+0x680/0x680
[ 40.780526][ C0] ? ip_route_output_key_hash_rcu+0x15af/0x20e0
[ 40.786777][ C0] xfrm_lookup_route+0x3c/0x170
[ 40.791639][ C0] ip_route_output_flow+0x1d2/0x2d0
[ 40.796834][ C0] ? ipv4_sk_update_pmtu+0x1320/0x1320
[ 40.802280][ C0] ? make_kuid+0x1ad/0x640
[ 40.806732][ C0] ? __put_user_ns+0x60/0x60
[ 40.811304][ C0] ? __kasan_check_write+0x14/0x20
[ 40.816396][ C0] ? __alloc_skb+0x463/0x740
[ 40.820971][ C0] igmpv3_newpack+0x263/0xca0
[ 40.825629][ C0] ? do_exit+0x1aff/0x27a0
[ 40.830024][ C0] ? do_group_exit+0x141/0x310
[ 40.834854][ C0] ? x64_sys_call+0x832/0x9a0
[ 40.839614][ C0] ? do_syscall_64+0x4c/0xa0
[ 40.844189][ C0] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 40.850251][ C0] ? igmpv3_sendpack+0x190/0x190
[ 40.855280][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 40.860729][ C0] ? _raw_spin_lock+0xe0/0xe0
[ 40.865395][ C0] add_grhead+0x75/0x2e0
[ 40.869621][ C0] add_grec+0x116c/0x1410
[ 40.873942][ C0] ? __kasan_check_write+0x14/0x20
[ 40.879212][ C0] igmp_ifc_timer_expire+0x89e/0xf80
[ 40.884485][ C0] ? __kasan_check_write+0x14/0x20
[ 40.889626][ C0] ? _raw_spin_lock+0x8e/0xe0
[ 40.894283][ C0] ? _raw_spin_trylock_bh+0x130/0x130
[ 40.899644][ C0] ? igmp_gq_timer_expire+0xe0/0xe0
[ 40.904819][ C0] call_timer_fn+0x38/0x290
[ 40.909304][ C0] ? igmp_gq_timer_expire+0xe0/0xe0
[ 40.914482][ C0] __run_timers+0x639/0x9a0
[ 40.918974][ C0] ? calc_index+0x200/0x200
[ 40.923456][ C0] ? sched_clock_cpu+0x18/0x3c0
[ 40.928287][ C0] run_timer_softirq+0x6a/0xf0
[ 40.933118][ C0] handle_softirqs+0x250/0x560
[ 40.937865][ C0] __irq_exit_rcu+0x52/0xf0
[ 40.942354][ C0] irq_exit_rcu+0x9/0x10
[ 40.946586][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 40.952387][ C0]
[ 40.955316][ C0]
[ 40.958238][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 40.964377][ C0] RIP: 0010:do_exit+0x1aff/0x27a0
[ 40.969511][ C0] Code: c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 59 1a 69 00 4c 8b 33 bb 08 00 00 00 49 8d 3c 1e 48 89 f8 48 c1 e8 03 42 80 3c 38 00 <74> 05 e8 3a 1a 69 00 49 83 3c 1e 00 75 0b e8 8e 9b 2a 00 48 83 c3
[ 40.989106][ C0] RSP: 0018:ffffc90000d7fd40 EFLAGS: 00000246
[ 40.995188][ C0] RAX: 1ffff920001af8b4 RBX: 00000000000045a0 RCX: ffff8881105f13c0
[ 41.003144][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90000d7c5a0
[ 41.011286][ C0] RBP: ffffc90000d7fe90 R08: 0000000000000004 R09: 0000000000000003
[ 41.019325][ C0] R10: fffff520001aff98 R11: 1ffff920001aff98 R12: ffff8881105f1bf8
[ 41.027365][ C0] R13: 1ffff110220be325 R14: ffffc90000d78000 R15: dffffc0000000000
[ 41.035453][ C0] ? put_task_struct+0x90/0x90
[ 41.040218][ C0] ? kick_process+0xdc/0x150
[ 41.044787][ C0] ? zap_other_threads+0x246/0x280
[ 41.049984][ C0] do_group_exit+0x141/0x310
[ 41.054560][ C0] __x64_sys_exit_group+0x3f/0x40
[ 41.059570][ C0] x64_sys_call+0x832/0x9a0
[ 41.064061][ C0] do_syscall_64+0x4c/0xa0
[ 41.068537][ C0] ? clear_bhb_loop+0x50/0xa0
[ 41.073370][ C0] ? clear_bhb_loop+0x50/0xa0
[ 41.078230][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 41.084103][ C0] RIP: 0033:0x7f35c5b90859
[ 41.088511][ C0] Code: Unable to access opcode bytes at RIP 0x7f35c5b9082f.
[ 41.095948][ C0] RSP: 002b:00007ffceff88cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 41.104367][ C0] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f35c5b90859
[ 41.112336][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 41.120323][ C0] RBP: 0000000000000001 R08: 00007f35c5caff8c R09: 0000000000000000
[ 41.128473][ C0] R10: 0000001b30760000 R11: 0000000000000246 R12: 0000000000000000
[ 41.136429][ C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 41.144382][ C0]
[ 41.147469][ C0]
[ 41.149769][ C0]
[ 41.152069][ C0] Memory state around the buggy address:
[ 41.157765][ C0] ffffc90000007980: 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 41.165807][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.173846][ C0] >ffffc90000007a80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[ 41.181985][ C0] ^
[ 41.188925][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.196962][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.205173][ C0] ==================================================================
[ 41.213206][ C0] Disabling lock debugging due to kernel taint
2025/10/07 11:26:16 executed programs: 670
2025/10/07 11:26:21 executed programs: 1505