Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts. 2025/09/08 11:06:04 parsed 1 programs [ 26.572902][ T24] audit: type=1400 audit(1757329564.340:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 26.594437][ T24] audit: type=1400 audit(1757329564.340:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.614830][ T24] audit: type=1400 audit(1757329564.340:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 27.264146][ T24] audit: type=1400 audit(1757329565.030:67): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.265118][ T282] cgroup: Unknown subsys name 'net' [ 27.288922][ T24] audit: type=1400 audit(1757329565.030:68): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.318180][ T24] audit: type=1400 audit(1757329565.060:69): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.318364][ T282] cgroup: Unknown subsys name 'devices' [ 27.589078][ T282] cgroup: Unknown subsys name 'hugetlb' [ 27.594885][ T282] cgroup: Unknown subsys name 'rlimit' [ 27.767902][ T24] audit: type=1400 audit(1757329565.540:70): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.794699][ T24] audit: type=1400 audit(1757329565.540:71): avc: denied { create } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.800708][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.816516][ T24] audit: type=1400 audit(1757329565.540:72): avc: denied { write } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.847363][ T24] audit: type=1400 audit(1757329565.540:73): avc: denied { read } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.903904][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.371089][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.378969][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.386651][ T287] device bridge_slave_0 entered promiscuous mode [ 28.393916][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.401341][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.409051][ T287] device bridge_slave_1 entered promiscuous mode [ 28.448664][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.455716][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.463408][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.470542][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.486738][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.494784][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.503286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.511402][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.520731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.529367][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.536817][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.545465][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.554308][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.561883][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.574208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.583698][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.597039][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.608481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.616640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.624733][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.633695][ T287] device veth0_vlan entered promiscuous mode [ 28.643728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.653332][ T287] device veth1_macvtap entered promiscuous mode [ 28.662790][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.672848][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.689519][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 28.699556][ T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 29.235044][ T9] device bridge_slave_1 left promiscuous mode [ 29.242070][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.250593][ T9] device bridge_slave_0 left promiscuous mode [ 29.257132][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.265781][ T9] device veth1_macvtap left promiscuous mode [ 29.272286][ T9] device veth0_vlan left promiscuous mode 2025/09/08 11:06:07 executed programs: 0 [ 29.645809][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.652946][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.661305][ T349] device bridge_slave_0 entered promiscuous mode [ 29.668698][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.676029][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.683718][ T349] device bridge_slave_1 entered promiscuous mode [ 29.717934][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.725304][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.733720][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.742491][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.759880][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.768890][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.776638][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.788970][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.798201][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.805503][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.813683][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.823309][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.831612][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.844145][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.853785][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.867064][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.878481][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.886965][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.894595][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.903457][ T349] device veth0_vlan entered promiscuous mode [ 29.913089][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.922750][ T349] device veth1_macvtap entered promiscuous mode [ 29.932510][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.943250][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.607441][ C0] ================================================================== [ 30.615817][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480 [ 30.624051][ C0] Read of size 4 at addr ffffc90000007b18 by task swapper/0/0 [ 30.631590][ C0] [ 30.633940][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 30.641147][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 30.651884][ C0] Call Trace: [ 30.655260][ C0] [ 30.658201][ C0] __dump_stack+0x21/0x24 [ 30.662610][ C0] dump_stack_lvl+0x169/0x1d8 [ 30.667373][ C0] ? show_regs_print_info+0x18/0x18 [ 30.672883][ C0] ? thaw_kernel_threads+0x220/0x220 [ 30.678471][ C0] print_address_description+0x7f/0x2c0 [ 30.684368][ C0] ? __xfrm_dst_hash+0x399/0x480 [ 30.689473][ C0] kasan_report+0xe2/0x130 [ 30.694029][ C0] ? __xfrm_dst_hash+0x399/0x480 [ 30.699404][ C0] __asan_report_load4_noabort+0x14/0x20 [ 30.705362][ C0] __xfrm_dst_hash+0x399/0x480 [ 30.710404][ C0] xfrm_state_find+0x27e/0x2880 [ 30.715596][ C0] ? unwind_next_frame+0x3d5/0x700 [ 30.720974][ C0] ? xfrm_sad_getinfo+0x170/0x170 [ 30.726243][ C0] ? stack_trace_save+0x98/0xe0 [ 30.732707][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 30.738377][ C0] xfrm_resolve_and_create_bundle+0x626/0x28d0 [ 30.745313][ C0] ? xfrm_sk_policy_lookup+0x470/0x470 [ 30.751430][ C0] ? xfrm_selector_match+0xb7e/0x1030 [ 30.758379][ C0] ? __xfrm_policy_check+0x2920/0x2920 [ 30.764010][ C0] ? __kasan_check_write+0x14/0x20 [ 30.769387][ C0] xfrm_lookup_with_ifid+0x6e5/0x1980 [ 30.775537][ C0] ? percpu_counter_add_batch+0x13c/0x160 [ 30.782977][ C0] ? rt_set_nexthop+0x5ce/0x790 [ 30.788253][ C0] ? __xfrm_sk_clone_policy+0x680/0x680 [ 30.794313][ C0] ? ip_route_output_key_hash_rcu+0x15af/0x20e0 [ 30.801258][ C0] xfrm_lookup_route+0x3c/0x170 [ 30.806327][ C0] ip_route_output_flow+0x1d2/0x2d0 [ 30.811971][ C0] ? igmpv3_newpack+0x156/0xc40 [ 30.817177][ C0] ? ipv4_sk_update_pmtu+0x1320/0x1320 [ 30.823642][ C0] ? make_kuid+0x1ad/0x640 [ 30.828444][ C0] ? __put_user_ns+0x60/0x60 [ 30.833645][ C0] ? __kasan_check_write+0x14/0x20 [ 30.839037][ C0] ? __alloc_skb+0x38b/0x520 [ 30.844331][ C0] igmpv3_newpack+0x264/0xc40 [ 30.849653][ C0] ? sysvec_apic_timer_interrupt+0xbf/0xe0 [ 30.855920][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 30.862350][ C0] ? default_idle+0x12/0x20 [ 30.867157][ C0] ? default_idle_call+0x71/0x1d0 [ 30.872316][ C0] ? cpu_startup_entry+0x18/0x20 [ 30.878089][ C0] ? arch_call_rest_init+0xe/0x10 [ 30.883492][ C0] ? igmpv3_sendpack+0x190/0x190 [ 30.889270][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 30.895069][ C0] ? _raw_spin_lock+0xe0/0xe0 [ 30.900252][ C0] add_grhead+0x75/0x2e0 [ 30.905113][ C0] add_grec+0x116b/0x1410 [ 30.909869][ C0] ? __kasan_check_write+0x14/0x20 [ 30.915763][ C0] igmp_ifc_timer_expire+0x89e/0xf80 [ 30.921620][ C0] ? __kasan_check_write+0x14/0x20 [ 30.926936][ C0] ? _raw_spin_lock+0x8e/0xe0 [ 30.932027][ C0] ? _raw_spin_trylock_bh+0x130/0x130 [ 30.937658][ C0] ? igmp_gq_timer_expire+0xe0/0xe0 [ 30.943031][ C0] call_timer_fn+0x38/0x290 [ 30.947748][ C0] ? igmp_gq_timer_expire+0xe0/0xe0 [ 30.953370][ C0] __run_timers+0x639/0x9a0 [ 30.958114][ C0] ? calc_index+0x200/0x200 [ 30.962724][ C0] ? sched_clock_cpu+0x1b/0x3d0 [ 30.968381][ C0] run_timer_softirq+0x6a/0xf0 [ 30.973828][ C0] __do_softirq+0x255/0x563 [ 30.978632][ C0] asm_call_irq_on_stack+0xf/0x20 [ 30.984052][ C0] [ 30.987069][ C0] do_softirq_own_stack+0x60/0x80 [ 30.992084][ C0] __irq_exit_rcu+0x128/0x150 [ 30.996969][ C0] irq_exit_rcu+0x9/0x10 [ 31.001542][ C0] sysvec_apic_timer_interrupt+0xbf/0xe0 [ 31.007945][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 31.014120][ C0] RIP: 0010:default_idle+0x12/0x20 [ 31.019587][ C0] Code: 48 8b 7c 24 10 e8 be 29 00 00 e9 71 ff ff ff e8 54 fe fa ff 00 00 cc cc 55 48 89 e5 0f 1f 44 00 00 0f 00 2d 80 13 4d 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 48 89 e5 41 57 41 56 [ 31.040028][ C0] RSP: 0018:ffffffff86207d58 EFLAGS: 00000246 [ 31.046382][ C0] RAX: ffff8881f7000000 RBX: ffffffff8621c040 RCX: 00000000000063ca [ 31.054567][ C0] RDX: 0000000000000001 RSI: ffffffff85202040 RDI: ffffffff85202000 [ 31.063396][ C0] RBP: ffffffff86207d58 R08: dffffc0000000000 R09: ffffed103ee0ae7b [ 31.072450][ C0] R10: ffffed103ee0ae7b R11: 1ffff1103ee0ae7a R12: 0000000000000000 [ 31.081336][ C0] R13: 1ffffffff0c43808 R14: 0000000000000000 R15: dffffc0000000000 [ 31.090146][ C0] arch_cpu_idle+0xa/0x10 [ 31.094479][ C0] default_idle_call+0x71/0x1d0 [ 31.099504][ C0] do_idle+0x1df/0x530 [ 31.104379][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 31.109871][ C0] ? radix_tree_lookup+0x183/0x1d0 [ 31.115367][ C0] ? debug_smp_processor_id+0x17/0x20 [ 31.120757][ C0] cpu_startup_entry+0x18/0x20 [ 31.125960][ C0] rest_init+0xe8/0xf0 [ 31.130130][ C0] ? time_init+0x38/0x38 [ 31.134667][ C0] arch_call_rest_init+0xe/0x10 [ 31.140024][ C0] start_kernel+0x42e/0x49c [ 31.144866][ C0] x86_64_start_reservations+0x2a/0x2c [ 31.151239][ C0] x86_64_start_kernel+0x60/0x63 [ 31.156974][ C0] secondary_startup_64_no_verify+0xad/0xbb [ 31.163558][ C0] [ 31.166352][ C0] [ 31.168932][ C0] Memory state around the buggy address: [ 31.174835][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.184246][ C0] ffffc90000007a80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 31.194170][ C0] >ffffc90000007b00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 31.203077][ C0] ^ [ 31.208771][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.217510][ C0] ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.226228][ C0] ================================================================== [ 31.235543][ C0] Disabling lock debugging due to kernel taint 2025/09/08 11:06:12 executed programs: 240 2025/09/08 11:06:17 executed programs: 540