Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts.
2025/05/20 05:22:38 ignoring optional flag "sandboxArg"="0"
2025/05/20 05:22:38 ignoring optional flag "type"="gce"
2025/05/20 05:22:38 parsed 1 programs
2025/05/20 05:22:38 executed programs: 0
[  502.446379][  T324] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.453968][  T324] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.462076][  T324] device bridge_slave_0 entered promiscuous mode
[  502.468940][  T324] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.476022][  T324] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.483707][  T324] device bridge_slave_1 entered promiscuous mode
[  502.540461][  T324] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.547959][  T324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  502.555535][  T324] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.562605][  T324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  502.585580][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.592961][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.603197][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  502.610829][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  502.620709][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  502.629019][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.636243][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[  502.645064][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  502.653594][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.661316][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[  502.674140][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  502.683558][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  502.698031][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  502.712188][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  502.720631][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  502.728218][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  502.736590][  T324] device veth0_vlan entered promiscuous mode
[  502.747579][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  502.757433][  T324] device veth1_macvtap entered promiscuous mode
[  502.770126][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  502.780676][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  502.802584][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  502.802599][   T30] audit: type=1400 audit(1747718558.963:88): avc:  denied  { create } for  pid=328 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  502.834181][   T30] audit: type=1400 audit(1747718558.963:89): avc:  denied  { write } for  pid=328 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  502.855370][    C1] ==================================================================
[  502.855386][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[  502.855439][    C1] Read of size 4 at addr ffffc900001d0ad8 by task kauditd/30
[  502.855456][    C1] 
[  502.855468][    C1] CPU: 1 PID: 30 Comm: kauditd Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[  502.855491][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  502.855510][    C1] Call Trace:
[  502.855516][    C1]  <IRQ>
[  502.855523][    C1]  __dump_stack+0x21/0x30
[  502.855547][    C1]  dump_stack_lvl+0xee/0x150
[  502.855568][    C1]  ? show_regs_print_info+0x20/0x20
[  502.855591][    C1]  ? load_image+0x3a0/0x3a0
[  502.855611][    C1]  print_address_description+0x7f/0x2c0
[  502.855646][    C1]  ? __xfrm_dst_hash+0x399/0x480
[  502.855667][    C1]  kasan_report+0xf1/0x140
[  502.855685][    C1]  ? __xfrm_dst_hash+0x399/0x480
[  502.855705][    C1]  __asan_report_load4_noabort+0x14/0x20
[  502.855725][    C1]  __xfrm_dst_hash+0x399/0x480
[  502.855744][    C1]  xfrm_state_find+0x27e/0x2a70
[  502.855768][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[  502.855790][    C1]  ? xfrm_pol_bin_cmp+0x19e/0x310
[  502.855809][    C1]  xfrm_resolve_and_create_bundle+0x626/0x28d0
[  502.855835][    C1]  ? xfrm_sk_policy_lookup+0x470/0x470
[  502.855855][    C1]  ? xfrm_policy_lookup+0xc68/0xcc0
[  502.855878][    C1]  ? __xfrm_policy_check+0x28e0/0x28e0
[  502.855898][    C1]  ? __kasan_check_write+0x14/0x20
[  502.855917][    C1]  xfrm_lookup_with_ifid+0x6fd/0x2120
[  502.855944][    C1]  ? __xfrm_sk_clone_policy+0x680/0x680
[  502.855964][    C1]  ? ip_route_output_key_hash_rcu+0x14b8/0x2060
[  502.855985][    C1]  xfrm_lookup_route+0x3c/0x170
[  502.856005][    C1]  ip_route_output_flow+0x1d2/0x2d0
[  502.856024][    C1]  ? ipv4_sk_update_pmtu+0x1320/0x1320
[  502.856042][    C1]  ? make_kuid+0x1ad/0x640
[  502.856064][    C1]  ? __put_user_ns+0x60/0x60
[  502.856084][    C1]  ? __kasan_check_write+0x14/0x20
[  502.856103][    C1]  ? __alloc_skb+0x463/0x740
[  502.856125][    C1]  igmpv3_newpack+0x263/0xca0
[  502.856148][    C1]  ? console_unlock+0xc4e/0x1010
[  502.856167][    C1]  ? vprintk_emit+0x13f/0x300
[  502.856185][    C1]  ? vprintk+0x7a/0x80
[  502.856203][    C1]  ? _printk+0xcc/0x110
[  502.856222][    C1]  ? kauditd_hold_skb+0x1bc/0x210
[  502.856241][    C1]  ? kauditd_thread+0x4e2/0x860
[  502.856259][    C1]  ? igmpv3_sendpack+0x190/0x190
[  502.856281][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  502.856304][    C1]  ? _raw_spin_lock+0xe0/0xe0
[  502.856326][    C1]  add_grhead+0x75/0x2e0
[  502.856348][    C1]  add_grec+0x116c/0x1410
[  502.856369][    C1]  ? __kasan_check_write+0x14/0x20
[  502.856392][    C1]  igmp_ifc_timer_expire+0x89e/0xf80
[  502.856415][    C1]  ? __kasan_check_write+0x14/0x20
[  502.856435][    C1]  ? _raw_spin_lock+0x8e/0xe0
[  502.856456][    C1]  ? _raw_spin_trylock_bh+0x130/0x130
[  502.856478][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[  502.856499][    C1]  call_timer_fn+0x38/0x290
[  502.856522][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[  502.856543][    C1]  __run_timers+0x639/0x9a0
[  502.856564][    C1]  ? calc_index+0x200/0x200
[  502.856586][    C1]  ? sched_clock_cpu+0x18/0x3c0
[  502.856606][    C1]  run_timer_softirq+0x6a/0xf0
[  502.856638][    C1]  handle_softirqs+0x250/0x560
[  502.856664][    C1]  __irq_exit_rcu+0x52/0xf0
[  502.856684][    C1]  irq_exit_rcu+0x9/0x10
[  502.856704][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  502.856725][    C1]  </IRQ>
[  502.856731][    C1]  <TASK>
[  502.856738][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  502.856765][    C1] RIP: 0010:console_unlock+0xc4e/0x1010
[  502.856788][    C1] Code: 38 4c 89 f6 48 81 e6 00 02 00 00 31 ff e8 3a 8c 17 00 49 81 e6 00 02 00 00 75 07 e8 ec 87 17 00 eb 06 e8 e5 87 17 00 fb 89 d8 <0a> 44 24 17 a8 01 74 0e e8 d5 87 17 00 85 db 74 19 e9 18 03 00 00
[  502.856810][    C1] RSP: 0018:ffffc900001ff880 EFLAGS: 00000293
[  502.856830][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881001be2c0
[  502.856845][    C1] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[  502.856858][    C1] RBP: ffffc900001ffaf0 R08: 0000000000000004 R09: 0000000000000003
[  502.856871][    C1] R10: fffff5200003ff00 R11: 1ffff9200003ff00 R12: 00000000000000e5
[  502.856886][    C1] R13: dffffc0000000000 R14: 0000000000000200 R15: ffffffff86a15468
[  502.856907][    C1]  ? vprintk_emit+0x300/0x300
[  502.856928][    C1]  ? _raw_spin_lock+0xe0/0xe0
[  502.856949][    C1]  ? kfree_skb+0xc1/0x2f0
[  502.856966][    C1]  ? kauditd_send_queue+0x289/0x2d0
[  502.856985][    C1]  ? kthread+0x411/0x500
[  502.857007][    C1]  ? __printk_safe_exit+0x9/0x20
[  502.857027][    C1]  ? console_trylock+0x137/0x1a0
[  502.857051][    C1]  vprintk_emit+0x13f/0x300
[  502.857069][    C1]  ? vprintk_store+0x12f0/0x12f0
[  502.857088][    C1]  ? __kasan_check_write+0x14/0x20
[  502.857108][    C1]  ? _raw_spin_trylock+0xb1/0x140
[  502.857128][    C1]  ? __cpuidle_text_end+0xb/0xb
[  502.857149][    C1]  vprintk_default+0x26/0x30
[  502.857168][    C1]  vprintk+0x7a/0x80
[  502.857186][    C1]  _printk+0xcc/0x110
[  502.857206][    C1]  ? load_image+0x3a0/0x3a0
[  502.857228][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  502.857252][    C1]  kauditd_hold_skb+0x1bc/0x210
[  502.857271][    C1]  ? kauditd_send_queue+0x2d0/0x2d0
[  502.857290][    C1]  ? auditd_conn_free+0xe0/0xe0
[  502.857308][    C1]  kauditd_send_queue+0x289/0x2d0
[  502.857328][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  502.857351][    C1]  ? auditd_conn_free+0xe0/0xe0
[  502.857369][    C1]  ? kauditd_send_queue+0x2d0/0x2d0
[  502.857389][    C1]  ? auditd_conn_free+0xe0/0xe0
[  502.857415][    C1]  kauditd_thread+0x4e2/0x860
[  502.857433][    C1]  ? __kasan_check_write+0x14/0x20
[  502.857453][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  502.857475][    C1]  ? _raw_spin_lock+0xe0/0xe0
[  502.857496][    C1]  ? audit_log+0x150/0x150
[  502.857513][    C1]  ? io_schedule+0xe0/0xe0
[  502.857531][    C1]  ? __kasan_check_read+0x11/0x20
[  502.857550][    C1]  ? __kthread_parkme+0xac/0x200
[  502.857569][    C1]  ? preempt_count_add+0x90/0x1b0
[  502.857589][    C1]  kthread+0x411/0x500
[  502.857606][    C1]  ? audit_log+0x150/0x150
[  502.857629][    C1]  ? kthread_blkcg+0xd0/0xd0
[  502.857647][    C1]  ret_from_fork+0x1f/0x30
[  502.857669][    C1]  </TASK>
[  502.857676][    C1] 
[  502.857680][    C1] 
[  502.857683][    C1] Memory state around the buggy address:
[  502.857693][    C1]  ffffc900001d0980: 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[  502.857704][    C1]  ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  502.857717][    C1] >ffffc900001d0a80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[  502.857726][    C1]                                                     ^
[  502.857737][    C1]  ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  502.857750][    C1]  ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  502.857759][    C1] ==================================================================
[  502.857766][    C1] Disabling lock debugging due to kernel taint
[  503.556705][   T30] audit: type=1400 audit(1747718558.963:90): avc:  denied  { nlmsg_write } for  pid=328 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  503.585821][   T30] audit: type=1400 audit(1747718558.963:91): avc:  denied  { prog_load } for  pid=328 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
2025/05/20 05:22:43 executed programs: 587
2025/05/20 05:22:48 executed programs: 1339