Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts.
2026/02/25 03:33:47 ignoring optional flag "type"="gce"
2026/02/25 03:33:47 parsed 1 programs
2026/02/25 03:33:47 executed programs: 0
[   38.313713][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.320873][  T332] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.328184][  T332] device bridge_slave_0 entered promiscuous mode
[   38.335106][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.342157][  T332] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.349429][  T332] device bridge_slave_1 entered promiscuous mode
[   38.388577][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.395641][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.402914][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.409955][  T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.426425][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.433610][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.440954][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   38.448405][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.457114][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   38.465273][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.472409][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.481085][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   38.489221][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.496346][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.507813][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   38.517297][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   38.530663][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   38.541779][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   38.549965][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   38.557443][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   38.565873][  T332] device veth0_vlan entered promiscuous mode
[   38.575367][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   38.584248][  T332] device veth1_macvtap entered promiscuous mode
[   38.593137][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   38.603191][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.623813][   T30] kauditd_printk_skb: 14 callbacks suppressed
[   38.623827][   T30] audit: type=1400 audit(1771990427.574:88): avc:  denied  { create } for  pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   38.650717][   T30] audit: type=1400 audit(1771990427.584:89): avc:  denied  { write } for  pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   38.671246][   T30] audit: type=1400 audit(1771990427.584:90): avc:  denied  { nlmsg_write } for  pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   38.693428][   T30] audit: type=1400 audit(1771990427.584:91): avc:  denied  { prog_load } for  pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   39.499764][    C1] ==================================================================
[   39.507889][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[   39.515750][    C1] Read of size 4 at addr ffffc900001d0ad8 by task syz-executor.0/607
[   39.523809][    C1] 
[   39.526154][    C1] CPU: 1 PID: 607 Comm: syz-executor.0 Not tainted syzkaller #0
[   39.533770][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   39.543915][    C1] Call Trace:
[   39.547190][    C1]  <IRQ>
[   39.550047][    C1]  __dump_stack+0x21/0x30
[   39.554372][    C1]  dump_stack_lvl+0x110/0x170
[   39.559042][    C1]  ? show_regs_print_info+0x20/0x20
[   39.564232][    C1]  ? load_image+0x3e0/0x3e0
[   39.568907][    C1]  print_address_description+0x7f/0x2c0
[   39.574474][    C1]  ? __xfrm_dst_hash+0x399/0x480
[   39.579420][    C1]  kasan_report+0xf1/0x140
[   39.583839][    C1]  ? __xfrm_dst_hash+0x399/0x480
[   39.588771][    C1]  __asan_report_load4_noabort+0x14/0x20
[   39.594484][    C1]  __xfrm_dst_hash+0x399/0x480
[   39.599247][    C1]  xfrm_state_find+0x28a/0x2a10
[   39.604092][    C1]  ? percpu_counter_add_batch+0x13c/0x160
[   39.609819][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   39.614844][    C1]  ? xfrm_pol_bin_cmp+0x19e/0x310
[   39.619862][    C1]  xfrm_resolve_and_create_bundle+0x697/0x29f0
[   39.626052][    C1]  ? xfrm_sk_policy_lookup+0x480/0x480
[   39.631506][    C1]  ? xfrm_policy_lookup+0xcba/0xd10
[   39.636700][    C1]  ? __xfrm_policy_check+0x2980/0x2980
[   39.642162][    C1]  xfrm_lookup_with_ifid+0x4e9/0x2080
[   39.647532][    C1]  ? rt_set_nexthop+0x5b9/0x780
[   39.652388][    C1]  ? __xfrm_sk_clone_policy+0x680/0x680
[   39.657928][    C1]  ? ip_route_output_key_hash_rcu+0x15af/0x20e0
[   39.664170][    C1]  xfrm_lookup_route+0x3c/0x170
[   39.669102][    C1]  ip_route_output_flow+0x1f8/0x2f0
[   39.674311][    C1]  ? ipv4_sk_update_pmtu+0x14b0/0x14b0
[   39.679767][    C1]  ? make_kuid+0x1db/0x680
[   39.684186][    C1]  ? __put_user_ns+0x60/0x60
[   39.688941][    C1]  ? __kasan_check_write+0x14/0x20
[   39.694046][    C1]  ? __alloc_skb+0x463/0x740
[   39.698630][    C1]  igmpv3_newpack+0x280/0xcd0
[   39.703308][    C1]  ? unlink_anon_vmas+0x8e/0x590
[   39.708305][    C1]  ? free_pgtables+0x131/0x280
[   39.713061][    C1]  ? __mmput+0x93/0x320
[   39.717211][    C1]  ? mmput+0x50/0x150
[   39.721189][    C1]  ? do_exit+0x9f2/0x27e0
[   39.725519][    C1]  ? get_signal+0x66a/0x1480
[   39.730101][    C1]  ? igmpv3_sendpack+0x190/0x190
[   39.735037][    C1]  ? _raw_spin_lock_irqsave+0xc2/0x130
[   39.740490][    C1]  ? _raw_spin_lock+0xf0/0xf0
[   39.745165][    C1]  add_grhead+0x75/0x2e0
[   39.749487][    C1]  add_grec+0x116c/0x1410
[   39.753894][    C1]  ? __kasan_check_write+0x14/0x20
[   39.759002][    C1]  igmp_ifc_timer_expire+0x89e/0xf80
[   39.764279][    C1]  ? __kasan_check_write+0x14/0x20
[   39.769391][    C1]  ? _raw_spin_lock+0x94/0xf0
[   39.774059][    C1]  ? _raw_spin_trylock_bh+0x150/0x150
[   39.779534][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[   39.784734][    C1]  call_timer_fn+0x38/0x290
[   39.789318][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[   39.794597][    C1]  __run_timers+0x650/0x9e0
[   39.799096][    C1]  ? calc_index+0x200/0x200
[   39.803605][    C1]  ? sched_clock_cpu+0x18/0x3c0
[   39.808449][    C1]  run_timer_softirq+0x6a/0xf0
[   39.813250][    C1]  handle_softirqs+0x250/0x560
[   39.818062][    C1]  __irq_exit_rcu+0x52/0xf0
[   39.822582][    C1]  irq_exit_rcu+0x9/0x10
[   39.826827][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   39.832458][    C1]  </IRQ>
[   39.835384][    C1]  <TASK>
[   39.838312][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   39.844306][    C1] RIP: 0010:unlink_anon_vmas+0x8e/0x590
[   39.849945][    C1] Code: 45 a0 4c 89 75 c0 4d 89 e7 49 c1 ef 03 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 4c 89 e7 e8 56 21 07 00 49 8b 04 24 <48> 89 45 c8 49 8d 5c 24 f8 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00
[   39.869543][    C1] RSP: 0018:ffffc90000df7770 EFLAGS: 00000246
[   39.875691][    C1] RAX: ffff888113803e50 RBX: ffff88810de470b8 RCX: ffff8881164993c0
[   39.883664][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   39.891824][    C1] RBP: ffffc90000df77d0 R08: ffff88810de470cf R09: 1ffff11021bc8e19
[   39.899797][    C1] R10: dffffc0000000000 R11: ffffed1021bc8e1a R12: ffff8881138031f0
[   39.907899][    C1] R13: ffff88810de470b8 R14: ffff888113868818 R15: 1ffff1102270063e
[   39.916162][    C1]  ? up_write+0x7b/0x290
[   39.920417][    C1]  free_pgtables+0x131/0x280
[   39.925037][    C1]  exit_mmap+0x433/0x8b0
[   39.929320][    C1]  ? vm_brk+0x30/0x30
[   39.933298][    C1]  ? mutex_unlock+0x8f/0x230
[   39.937885][    C1]  ? uprobe_clear_state+0x2c1/0x320
[   39.943171][    C1]  __mmput+0x93/0x320
[   39.947234][    C1]  ? mmput+0x48/0x150
[   39.951211][    C1]  mmput+0x50/0x150
[   39.955101][    C1]  do_exit+0x9f2/0x27e0
[   39.959252][    C1]  ? put_task_struct+0x90/0x90
[   39.964013][    C1]  ? asm_exc_page_fault+0x27/0x30
[   39.969033][    C1]  ? futex_exit_release+0x1d0/0x1d0
[   39.974233][    C1]  ? __kasan_check_write+0x14/0x20
[   39.979428][    C1]  ? _raw_spin_lock_irq+0x95/0xf0
[   39.984449][    C1]  do_group_exit+0x141/0x310
[   39.989132][    C1]  ? __kasan_check_write+0x14/0x20
[   39.994244][    C1]  get_signal+0x66a/0x1480
[   39.998667][    C1]  arch_do_signal_or_restart+0xdf/0x11c0
[   40.004318][    C1]  ? selinux_bpf+0xc7/0xf0
[   40.008868][    C1]  ? security_bpf+0x82/0xa0
[   40.013565][    C1]  ? get_sigframe_size+0x10/0x10
[   40.018510][    C1]  ? __se_sys_futex+0x135/0x330
[   40.023368][    C1]  exit_to_user_mode_loop+0xa7/0xe0
[   40.028569][    C1]  exit_to_user_mode_prepare+0x87/0xd0
[   40.034195][    C1]  syscall_exit_to_user_mode+0x1a/0x30
[   40.039734][    C1]  do_syscall_64+0x58/0xa0
[   40.044264][    C1]  ? clear_bhb_loop+0x50/0xa0
[   40.049023][    C1]  ? clear_bhb_loop+0x50/0xa0
[   40.053693][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   40.059583][    C1] RIP: 0033:0x7f2a13cbaeb9
[   40.064001][    C1] Code: Unable to access opcode bytes at RIP 0x7f2a13cbae8f.
[   40.071359][    C1] RSP: 002b:00007f2a1384d178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   40.079783][    C1] RAX: 0000000000000001 RBX: 00007f2a13df9f88 RCX: 00007f2a13cbaeb9
[   40.087844][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2a13df9f8c
[   40.096170][    C1] RBP: 00007f2a13df9f80 R08: 001bbf34851c7942 R09: 00007f2a1384dcdc
[   40.104227][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f2a13df9f8c
[   40.112192][    C1] R13: 000000000000000b R14: 00007ffeff13de20 R15: 00007ffeff13df08
[   40.120261][    C1]  </TASK>
[   40.123273][    C1] 
[   40.125593][    C1] 
[   40.127908][    C1] Memory state around the buggy address:
[   40.133527][    C1]  ffffc900001d0980: f8 f8 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[   40.141766][    C1]  ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.149905][    C1] >ffffc900001d0a80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[   40.157954][    C1]                                                     ^
[   40.164878][    C1]  ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.172937][    C1]  ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.180986][    C1] ==================================================================
[   40.189058][    C1] Disabling lock debugging due to kernel taint
2026/02/25 03:33:52 executed programs: 632
2026/02/25 03:33:57 executed programs: 1450