UBSAN: signed-integer-overflow in ip_idents_reserve

================================================================================
UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
1648931972 + 931318806 cannot be represented in type 'int'
CPU: 1 PID: 5335 Comm: udevd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <IRQ>
 dump_stack+0xfd/0x16e lib/dump_stack.c:118
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:148
 handle_overflow+0x192/0x1b0 lib/ubsan.c:180
 arch_atomic_add_return arch/x86/include/asm/atomic.h:165 [inline]
 atomic_add_return include/asm-generic/atomic-instrumented.h:73 [inline]
 ip_idents_reserve+0x14a/0x170 net/ipv4/route.c:521
 __ip_select_ident+0xe4/0x1c0 net/ipv4/route.c:538
 iptunnel_xmit+0x468/0x850 net/ipv4/ip_tunnel_core.c:80
 udp_tunnel_xmit_skb+0x1ba/0x290 net/ipv4/udp_tunnel_core.c:190
 geneve_xmit_skb drivers/net/geneve.c:1004 [inline]
 geneve_xmit+0x1d03/0x2130 drivers/net/geneve.c:1117
 __netdev_start_xmit include/linux/netdevice.h:4824 [inline]
 netdev_start_xmit include/linux/netdevice.h:4838 [inline]
 xmit_one net/core/dev.c:3601 [inline]
 dev_hard_start_xmit+0x2a8/0x7f0 net/core/dev.c:3617
 __dev_queue_xmit+0x1690/0x2970 net/core/dev.c:4203
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x101e/0x1490 net/ipv6/ip6_output.c:130
 NF_HOOK+0x45/0x2c0 include/linux/netfilter.h:297
 mld_sendpack+0x5f7/0xa60 net/ipv6/mcast.c:1676
 mld_send_cr net/ipv6/mcast.c:1972 [inline]
 mld_ifc_timer_expire+0x7e1/0x990 net/ipv6/mcast.c:2471
 call_timer_fn+0x103/0x490 kernel/time/timer.c:1444
 expire_timers kernel/time/timer.c:1489 [inline]
 __run_timers+0x5d8/0x7a0 kernel/time/timer.c:1783
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1796
 __do_softirq+0x267/0x92e kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x9b/0xe0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu+0x227/0x230 kernel/softirq.c:423
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0xea/0x100 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:193
Code: 66 2e 0f 1f 84 00 00 00 00 00 be 0d 00 00 00 48 c7 c7 20 b4 54 8b e8 8f 64 3e 00 c3 cc cc cc cc 00 00 cc cc 00 00 cc cc 00 00 <48> 8b 04 24 65 48 8b 0d 34 d7 90 7e 65 8b 15 39 d7 90 7e f7 c2 00
RSP: 0018:ffffc90000f5fbe8 EFLAGS: 00000287
RAX: ffffffff8354fa11 RBX: ffff8880242ccfda RCX: 0000000000000000
RDX: ffff88802e700000 RSI: 000000000000000e RDI: 000000000000005e
RBP: 000000000000000e R08: 0000000059ee1630 R09: 0000000004ea9dbc
R10: 00000000e66b8ec4 R11: 1ffffffff1964e1d R12: 000000000000002f
R13: 0000000000000023 R14: 0000000000000000 R15: ffff888019809300
 tomoyo_encode2+0x26c/0x480 security/tomoyo/realpath.c:57
 tomoyo_encode security/tomoyo/realpath.c:80 [inline]
 tomoyo_realpath_from_path+0x5ce/0x620 security/tomoyo/realpath.c:288
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x15b/0x450 security/tomoyo/file.c:822
 security_inode_getattr+0xd2/0x130 security/security.c:1295
 vfs_getattr fs/stat.c:129 [inline]
 vfs_fstat fs/stat.c:154 [inline]
 __do_sys_newfstat fs/stat.c:393 [inline]
 __se_sys_newfstat fs/stat.c:390 [inline]
 __x64_sys_newfstat+0xa7/0x160 fs/stat.c:390
 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f14545d9ad7
Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8
RSP: 002b:00007ffe7f42e5c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000005
RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f14545d9ad7
RDX: 0000000000090800 RSI: 00007ffe7f42e5d0 RDI: 000000000000000d
RBP: 00007ffe7f42e5d0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000202 R12: 000055a2452227b0
R13: 00000000000000ff R14: 000055a2354e0be0 R15: 00007ffe7f42e8f0
================================================================================
----------------
Code disassembly (best guess):
   0:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   7:	00 00 00
   a:	be 0d 00 00 00       	mov    $0xd,%esi
   f:	48 c7 c7 20 b4 54 8b 	mov    $0xffffffff8b54b420,%rdi
  16:	e8 8f 64 3e 00       	call   0x3e64aa
  1b:	c3                   	ret
  1c:	cc                   	int3
  1d:	cc                   	int3
  1e:	cc                   	int3
  1f:	cc                   	int3
  20:	00 00                	add    %al,(%rax)
  22:	cc                   	int3
  23:	cc                   	int3
  24:	00 00                	add    %al,(%rax)
  26:	cc                   	int3
  27:	cc                   	int3
  28:	00 00                	add    %al,(%rax)
* 2a:	48 8b 04 24          	mov    (%rsp),%rax <-- trapping instruction
  2e:	65 48 8b 0d 34 d7 90 	mov    %gs:0x7e90d734(%rip),%rcx        # 0x7e90d76a
  35:	7e
  36:	65 8b 15 39 d7 90 7e 	mov    %gs:0x7e90d739(%rip),%edx        # 0x7e90d776
  3d:	f7                   	.byte 0xf7
  3e:	c2                   	.byte 0xc2


Warning: Permanently added '10.128.0.141' (ED25519) to the list of known hosts.
2025/10/29 07:41:45 parsed 1 programs
[   52.762165][ T6010] cgroup: Unknown subsys name 'net'
[   52.889851][ T6010] cgroup: Unknown subsys name 'rlimit'
[   54.590926][ T6010] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.600197][ T6020] IPVS: ftp: loaded support on port[0] = 21
[   55.715539][ T6027] IPVS: ftp: loaded support on port[0] = 21
[   55.801305][ T6033] IPVS: ftp: loaded support on port[0] = 21
[   55.874511][ T6038] IPVS: ftp: loaded support on port[0] = 21
[   55.907657][ T6033] syz-executor (6033) used greatest stack depth: 24032 bytes left
[   55.944826][ T6043] IPVS: ftp: loaded support on port[0] = 21
[   56.019446][ T6049] IPVS: ftp: loaded support on port[0] = 21
[   56.086697][ T6057] IPVS: ftp: loaded support on port[0] = 21
[   56.120195][ T1389] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.132578][ T1389] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.138830][    T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.140553][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   56.147765][    T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.162562][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   56.292175][ T6065] IPVS: ftp: loaded support on port[0] = 21
[   56.394371][ T6071] IPVS: ftp: loaded support on port[0] = 21
[   56.480919][ T6076] IPVS: ftp: loaded support on port[0] = 21
[   56.529167][ T6076] chnl_net:caif_netlink_parms(): no params data found
[   56.556369][ T6076] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.563454][ T6076] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.571195][ T6076] device bridge_slave_0 entered promiscuous mode
[   56.578957][ T6076] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.586106][ T6076] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.593850][ T6076] device bridge_slave_1 entered promiscuous mode
[   56.612860][ T6076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.623371][ T6076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.639587][ T6076] team0: Port device team_slave_0 added
[   56.646366][ T6076] team0: Port device team_slave_1 added
[   56.667972][ T6076] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.674923][ T6076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   56.701306][ T6076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.713013][ T6076] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.720168][ T6076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   56.746249][ T6076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.767929][ T6076] device hsr_slave_0 entered promiscuous mode
[   56.774704][ T6076] device hsr_slave_1 entered promiscuous mode
[   56.838946][ T6076] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.847444][ T6076] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.855634][ T6076] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.864026][ T6076] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.884165][ T6076] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.891299][ T6076] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.898690][ T6076] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.905745][ T6076] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.914318][   T23] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.921842][   T23] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.957882][ T6076] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.968605][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.976718][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.985854][ T6076] 8021q: adding VLAN 0 to HW filter on device team0
[   57.000775][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   57.009397][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   57.017915][   T23] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.024986][   T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.034664][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   57.043651][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   57.052353][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.059422][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.069264][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   57.086208][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   57.096392][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   57.105116][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   57.113880][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   57.128986][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   57.137517][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   57.148336][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   57.156564][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.167288][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   57.175546][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.185362][ T6076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   57.245154][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.253095][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.262418][ T6076] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.280281][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   57.289126][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.310768][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   57.319606][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.328599][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   57.336290][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   57.345386][ T6076] device veth0_vlan entered promiscuous mode
[   57.356188][ T6076] device veth1_vlan entered promiscuous mode
[   57.380237][ T6076] device veth0_macvtap entered promiscuous mode
[   57.388136][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   57.397218][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   57.405258][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   57.414356][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   57.422971][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   57.434451][ T6076] device veth1_macvtap entered promiscuous mode
[   57.451925][ T6076] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.459716][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   57.467942][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   57.476921][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.487661][ T6076] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.497109][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   57.505841][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.515082][ T6076] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.524045][ T6076] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.532999][ T6076] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.542687][ T6076] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.596174][    C1] ================================================================================
[   57.605482][    C1] UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
[   57.614205][    C1] 1648931972 + 931318806 cannot be represented in type 'int'
[   57.621709][    C1] CPU: 1 PID: 5335 Comm: udevd Not tainted syzkaller #0
[   57.628644][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   57.636275][ T6103] IPVS: ftp: loaded support on port[0] = 21
[   57.638698][    C1] Call Trace:
[   57.647934][    C1]  <IRQ>
[   57.650792][    C1]  dump_stack+0xfd/0x16e
[   57.655044][    C1]  ubsan_epilogue+0xa/0x30
[   57.659458][    C1]  handle_overflow+0x192/0x1b0
[   57.664231][    C1]  ip_idents_reserve+0x14a/0x170
[   57.669170][    C1]  __ip_select_ident+0xe4/0x1c0
[   57.674024][    C1]  iptunnel_xmit+0x468/0x850
[   57.678608][    C1]  udp_tunnel_xmit_skb+0x1ba/0x290
[   57.683784][    C1]  geneve_xmit+0x1d03/0x2130
[   57.688362][    C1]  dev_hard_start_xmit+0x2a8/0x7f0
[   57.693468][    C1]  __dev_queue_xmit+0x1690/0x2970
[   57.698490][    C1]  ip6_finish_output2+0x101e/0x1490
[   57.703901][    C1]  NF_HOOK+0x45/0x2c0
[   57.707879][    C1]  ? NF_HOOK+0x2c0/0x2c0
[   57.712114][    C1]  mld_sendpack+0x5f7/0xa60
[   57.716612][    C1]  mld_ifc_timer_expire+0x7e1/0x990
[   57.721953][    C1]  ? lock_acquire+0x78/0x330
[   57.726523][    C1]  ? lock_release+0x69/0x640
[   57.731103][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   57.736194][    C1]  call_timer_fn+0x103/0x490
[   57.740767][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   57.745873][    C1]  __run_timers+0x5d8/0x7a0
[   57.750375][    C1]  run_timer_softirq+0x63/0xf0
[   57.755140][    C1]  __do_softirq+0x267/0x92e
[   57.759637][    C1]  ? asm_call_irq_on_stack+0xf/0x20
[   57.764814][    C1]  asm_call_irq_on_stack+0xf/0x20
[   57.769809][    C1]  </IRQ>
[   57.772727][    C1]  do_softirq_own_stack+0x9b/0xe0
[   57.777734][    C1]  __irq_exit_rcu+0x227/0x230
[   57.782383][    C1]  irq_exit_rcu+0x5/0x20
[   57.786602][    C1]  sysvec_apic_timer_interrupt+0xea/0x100
[   57.792290][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   57.798260][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[   57.804302][    C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 be 0d 00 00 00 48 c7 c7 20 b4 54 8b e8 8f 64 3e 00 c3 cc cc cc cc 00 00 cc cc 00 00 cc cc 00 00 <48> 8b 04 24 65 48 8b 0d 34 d7 90 7e 65 8b 15 39 d7 90 7e f7 c2 00
[   57.823981][    C1] RSP: 0018:ffffc90000f5fbe8 EFLAGS: 00000287
[   57.830031][    C1] RAX: ffffffff8354fa11 RBX: ffff8880242ccfda RCX: 0000000000000000
[   57.837990][    C1] RDX: ffff88802e700000 RSI: 000000000000000e RDI: 000000000000005e
[   57.845980][    C1] RBP: 000000000000000e R08: 0000000059ee1630 R09: 0000000004ea9dbc
[   57.854015][    C1] R10: 00000000e66b8ec4 R11: 1ffffffff1964e1d R12: 000000000000002f
[   57.862094][    C1] R13: 0000000000000023 R14: 0000000000000000 R15: ffff888019809300
[   57.870056][    C1]  ? tomoyo_encode2+0x261/0x480
[   57.874883][    C1]  tomoyo_encode2+0x26c/0x480
[   57.879536][    C1]  tomoyo_realpath_from_path+0x5ce/0x620
[   57.885172][    C1]  tomoyo_path_perm+0x15b/0x450
[   57.890017][    C1]  security_inode_getattr+0xd2/0x130
[   57.895302][    C1]  __x64_sys_newfstat+0xa7/0x160
[   57.900235][    C1]  do_syscall_64+0x34/0x50
[   57.904801][    C1]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[   57.910696][    C1] RIP: 0033:0x7f14545d9ad7
[   57.915097][    C1] Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8
[   57.934686][    C1] RSP: 002b:00007ffe7f42e5c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000005
[   57.943080][    C1] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f14545d9ad7
[   57.951032][    C1] RDX: 0000000000090800 RSI: 00007ffe7f42e5d0 RDI: 000000000000000d
[   57.958980][    C1] RBP: 00007ffe7f42e5d0 R08: 0000000000000000 R09: 0000000000000001
[   57.966947][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a2452227b0
[   57.974897][    C1] R13: 00000000000000ff R14: 000055a2354e0be0 R15: 00007ffe7f42e8f0
[   57.982917][    C1] ================================================================================
[   57.992234][    C1] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   57.999416][    C1] CPU: 1 PID: 5335 Comm: udevd Not tainted syzkaller #0
[   58.006329][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   58.016454][    C1] Call Trace:
[   58.019807][    C1]  <IRQ>
[   58.022646][    C1]  dump_stack+0xfd/0x16e
[   58.026862][    C1]  panic+0x2f0/0x9c0
[   58.030733][    C1]  check_panic_on_warn+0x95/0xe0
[   58.035656][    C1]  handle_overflow+0x192/0x1b0
[   58.040394][    C1]  ip_idents_reserve+0x14a/0x170
[   58.045333][    C1]  __ip_select_ident+0xe4/0x1c0
[   58.050526][    C1]  iptunnel_xmit+0x468/0x850
[   58.055096][    C1]  udp_tunnel_xmit_skb+0x1ba/0x290
[   58.060281][    C1]  geneve_xmit+0x1d03/0x2130
[   58.064858][    C1]  dev_hard_start_xmit+0x2a8/0x7f0
[   58.069947][    C1]  __dev_queue_xmit+0x1690/0x2970
[   58.074997][    C1]  ip6_finish_output2+0x101e/0x1490
[   58.080172][    C1]  NF_HOOK+0x45/0x2c0
[   58.084137][    C1]  ? NF_HOOK+0x2c0/0x2c0
[   58.088358][    C1]  mld_sendpack+0x5f7/0xa60
[   58.092843][    C1]  mld_ifc_timer_expire+0x7e1/0x990
[   58.098027][    C1]  ? lock_acquire+0x78/0x330
[   58.102587][    C1]  ? lock_release+0x69/0x640
[   58.107152][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   58.112240][    C1]  call_timer_fn+0x103/0x490
[   58.116802][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   58.121880][    C1]  __run_timers+0x5d8/0x7a0
[   58.126446][    C1]  run_timer_softirq+0x63/0xf0
[   58.131181][    C1]  __do_softirq+0x267/0x92e
[   58.135655][    C1]  ? asm_call_irq_on_stack+0xf/0x20
[   58.140924][    C1]  asm_call_irq_on_stack+0xf/0x20
[   58.146007][    C1]  </IRQ>
[   58.148951][    C1]  do_softirq_own_stack+0x9b/0xe0
[   58.153948][    C1]  __irq_exit_rcu+0x227/0x230
[   58.158601][    C1]  irq_exit_rcu+0x5/0x20
[   58.162816][    C1]  sysvec_apic_timer_interrupt+0xea/0x100
[   58.168517][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   58.174470][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[   58.180507][    C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 be 0d 00 00 00 48 c7 c7 20 b4 54 8b e8 8f 64 3e 00 c3 cc cc cc cc 00 00 cc cc 00 00 cc cc 00 00 <48> 8b 04 24 65 48 8b 0d 34 d7 90 7e 65 8b 15 39 d7 90 7e f7 c2 00
[   58.200096][    C1] RSP: 0018:ffffc90000f5fbe8 EFLAGS: 00000287
[   58.206224][    C1] RAX: ffffffff8354fa11 RBX: ffff8880242ccfda RCX: 0000000000000000
[   58.214171][    C1] RDX: ffff88802e700000 RSI: 000000000000000e RDI: 000000000000005e
[   58.222116][    C1] RBP: 000000000000000e R08: 0000000059ee1630 R09: 0000000004ea9dbc
[   58.230069][    C1] R10: 00000000e66b8ec4 R11: 1ffffffff1964e1d R12: 000000000000002f
[   58.238112][    C1] R13: 0000000000000023 R14: 0000000000000000 R15: ffff888019809300
[   58.246077][    C1]  ? tomoyo_encode2+0x261/0x480
[   58.250921][    C1]  tomoyo_encode2+0x26c/0x480
[   58.255576][    C1]  tomoyo_realpath_from_path+0x5ce/0x620
[   58.261186][    C1]  tomoyo_path_perm+0x15b/0x450
[   58.266035][    C1]  security_inode_getattr+0xd2/0x130
[   58.271303][    C1]  __x64_sys_newfstat+0xa7/0x160
[   58.276216][    C1]  do_syscall_64+0x34/0x50
[   58.280633][    C1]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[   58.286497][    C1] RIP: 0033:0x7f14545d9ad7
[   58.290886][    C1] Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8
[   58.310729][    C1] RSP: 002b:00007ffe7f42e5c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000005
[   58.319116][    C1] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f14545d9ad7
[   58.327065][    C1] RDX: 0000000000090800 RSI: 00007ffe7f42e5d0 RDI: 000000000000000d
[   58.335014][    C1] RBP: 00007ffe7f42e5d0 R08: 0000000000000000 R09: 0000000000000001
[   58.342967][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a2452227b0
[   58.350913][    C1] R13: 00000000000000ff R14: 000055a2354e0be0 R15: 00007ffe7f42e8f0
[   58.359252][    C1] Kernel Offset: disabled
[   58.363605][    C1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3025266266=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at b6605ba8b96
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b6605ba8b96835063c5eb766c38d27fac98b84d4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251013-102005"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b6605ba8b96835063c5eb766c38d27fac98b84d4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251013-102005"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b6605ba8b96835063c5eb766c38d27fac98b84d4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251013-102005"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b6605ba8b96835063c5eb766c38d27fac98b84d4\"
/usr/bin/ld: /tmp/ccYc8exG.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null