Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts.
2026/01/31 15:16:45 parsed 1 programs
[   28.476120][   T30] audit: type=1400 audit(1769872605.214:64): avc:  denied  { node_bind } for  pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   28.497751][   T30] audit: type=1400 audit(1769872605.214:65): avc:  denied  { module_request } for  pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   29.180860][   T30] audit: type=1400 audit(1769872605.914:66): avc:  denied  { mounton } for  pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   29.181888][  T287] cgroup: Unknown subsys name 'net'
[   29.203703][   T30] audit: type=1400 audit(1769872605.914:67): avc:  denied  { mount } for  pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   29.231445][   T30] audit: type=1400 audit(1769872605.954:68): avc:  denied  { unmount } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   29.231706][  T287] cgroup: Unknown subsys name 'devices'
[   29.377435][  T287] cgroup: Unknown subsys name 'hugetlb'
[   29.383429][  T287] cgroup: Unknown subsys name 'rlimit'
[   29.554886][   T30] audit: type=1400 audit(1769872606.284:69): avc:  denied  { setattr } for  pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   29.578370][   T30] audit: type=1400 audit(1769872606.294:70): avc:  denied  { create } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   29.584135][  T291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   29.599091][   T30] audit: type=1400 audit(1769872606.294:71): avc:  denied  { write } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   29.628231][   T30] audit: type=1400 audit(1769872606.294:72): avc:  denied  { read } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   29.648810][   T30] audit: type=1400 audit(1769872606.294:73): avc:  denied  { mounton } for  pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   29.682721][  T287] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   30.192135][  T293] request_module fs-gadgetfs succeeded, but still no fs?
[   30.709089][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.716343][  T342] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.723811][  T342] device bridge_slave_0 entered promiscuous mode
[   30.731294][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.738867][  T342] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.746190][  T342] device bridge_slave_1 entered promiscuous mode
[   30.783791][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.791248][  T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.798696][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.805762][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.824866][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.833043][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.840956][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.850174][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.858492][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.865535][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.874143][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.882506][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.890014][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.901481][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.910751][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.923765][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   30.934778][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   30.943176][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   30.950855][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   30.959404][  T342] device veth0_vlan entered promiscuous mode
[   30.969169][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.978365][  T342] device veth1_macvtap entered promiscuous mode
[   30.987732][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.997748][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   31.032334][  T342] syz-executor (342) used greatest stack depth: 21088 bytes left
2026/01/31 15:16:47 executed programs: 0
[   31.258983][  T359] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.266222][  T359] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.273507][  T359] device bridge_slave_0 entered promiscuous mode
[   31.280640][  T359] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.287836][  T359] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.296267][  T359] device bridge_slave_1 entered promiscuous mode
[   31.348658][  T359] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.355864][  T359] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.363310][  T359] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.370626][  T359] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.387746][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.395762][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.403136][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.418746][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.427290][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.434599][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.443444][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.451840][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.458921][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.475107][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.484526][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.498851][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   31.517343][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   31.525593][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   31.532965][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   31.541700][  T359] device veth0_vlan entered promiscuous mode
[   31.559696][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   31.568765][  T359] device veth1_macvtap entered promiscuous mode
[   31.578260][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   31.594557][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   31.845374][    C1] ==================================================================
[   31.853478][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[   31.861196][    C1] Read of size 4 at addr ffffc900001d0ad8 by task swapper/1/0
[   31.868640][    C1] 
[   31.870953][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[   31.878042][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   31.888256][    C1] Call Trace:
[   31.891530][    C1]  <IRQ>
[   31.894361][    C1]  __dump_stack+0x21/0x30
[   31.898682][    C1]  dump_stack_lvl+0x110/0x170
[   31.903461][    C1]  ? show_regs_print_info+0x20/0x20
[   31.908668][    C1]  ? load_image+0x3e0/0x3e0
[   31.913205][    C1]  ? tcp_ack_update_rtt+0xbb6/0x1420
[   31.918481][    C1]  print_address_description+0x7f/0x2c0
[   31.924276][    C1]  ? __xfrm_dst_hash+0x399/0x480
[   31.929217][    C1]  kasan_report+0xf1/0x140
[   31.933723][    C1]  ? __xfrm_dst_hash+0x399/0x480
[   31.938855][    C1]  __asan_report_load4_noabort+0x14/0x20
[   31.944569][    C1]  __xfrm_dst_hash+0x399/0x480
[   31.949321][    C1]  xfrm_state_find+0x28a/0x2a10
[   31.954159][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   31.959278][    C1]  ? secondary_startup_64_no_verify+0xb1/0xbb
[   31.965346][    C1]  ? xfrm_pol_bin_cmp+0x19e/0x310
[   31.970476][    C1]  xfrm_resolve_and_create_bundle+0x697/0x29f0
[   31.976634][    C1]  ? xfrm_sk_policy_lookup+0x480/0x480
[   31.982565][    C1]  ? xfrm_policy_lookup+0xcba/0xd10
[   31.987942][    C1]  ? __xfrm_policy_check+0x2980/0x2980
[   31.993581][    C1]  xfrm_lookup_with_ifid+0x4e9/0x2080
[   31.998964][    C1]  ? rt_set_nexthop+0x5b9/0x780
[   32.004120][    C1]  ? __xfrm_sk_clone_policy+0x680/0x680
[   32.009670][    C1]  ? ip_route_output_key_hash_rcu+0x15af/0x20e0
[   32.015916][    C1]  xfrm_lookup_route+0x3c/0x170
[   32.020766][    C1]  ip_route_output_flow+0x1f8/0x2f0
[   32.025960][    C1]  ? ipv4_sk_update_pmtu+0x14b0/0x14b0
[   32.031406][    C1]  ? make_kuid+0x1db/0x680
[   32.035986][    C1]  ? __put_user_ns+0x60/0x60
[   32.040659][    C1]  ? __kasan_check_write+0x14/0x20
[   32.045846][    C1]  ? __alloc_skb+0x463/0x740
[   32.050432][    C1]  igmpv3_newpack+0x280/0xcd0
[   32.055100][    C1]  ? igmpv3_sendpack+0x190/0x190
[   32.060165][    C1]  add_grhead+0x75/0x2e0
[   32.064407][    C1]  add_grec+0x116c/0x1410
[   32.068818][    C1]  ? __kasan_check_write+0x14/0x20
[   32.074099][    C1]  igmp_ifc_timer_expire+0x89e/0xf80
[   32.079389][    C1]  ? __kasan_check_write+0x14/0x20
[   32.084537][    C1]  ? _raw_spin_lock_irq+0x95/0xf0
[   32.089559][    C1]  ? _raw_spin_lock_irqsave+0x130/0x130
[   32.095105][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[   32.100483][    C1]  call_timer_fn+0x38/0x290
[   32.104996][    C1]  ? igmp_gq_timer_expire+0xe0/0xe0
[   32.110463][    C1]  __run_timers+0x650/0x9e0
[   32.114958][    C1]  ? calc_index+0x200/0x200
[   32.119455][    C1]  ? sched_clock_cpu+0x18/0x3c0
[   32.124290][    C1]  run_timer_softirq+0x6a/0xf0
[   32.129038][    C1]  handle_softirqs+0x250/0x560
[   32.133796][    C1]  __irq_exit_rcu+0x52/0xf0
[   32.138283][    C1]  irq_exit_rcu+0x9/0x10
[   32.142506][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   32.148476][    C1]  </IRQ>
[   32.151400][    C1]  <TASK>
[   32.154318][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   32.160283][    C1] RIP: 0010:default_idle+0xf/0x20
[   32.165306][    C1] Code: ff 4c 89 f7 e8 d2 27 f5 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d 93 93 51 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[   32.185263][    C1] RSP: 0018:ffffc90000157d98 EFLAGS: 00000242
[   32.191338][    C1] RAX: 0000000000002d8c RBX: ffff88810030a780 RCX: 0000000000002d8c
[   32.199318][    C1] RDX: 0000000000000001 RSI: ffffffff85639520 RDI: ffffffff856394e0
[   32.207453][    C1] RBP: ffffc90000157d98 R08: ffff8881f7138c73 R09: 1ffff1103ee2718e
[   32.215796][    C1] R10: dffffc0000000000 R11: ffffed103ee2718f R12: 1ffff110200614f0
[   32.223753][    C1] R13: 0000000000000001 R14: 0000000000000000 R15: dffffc0000000000
[   32.231723][    C1]  arch_cpu_idle+0xa/0x10
[   32.236332][    C1]  default_idle_call+0x71/0x1d0
[   32.241457][    C1]  do_idle+0x1dc/0x570
[   32.245815][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   32.251106][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[   32.257006][    C1]  cpu_startup_entry+0x18/0x20
[   32.261767][    C1]  start_secondary+0x2e6/0x3a0
[   32.266524][    C1]  secondary_startup_64_no_verify+0xb1/0xbb
[   32.272795][    C1]  </TASK>
[   32.275921][    C1] 
[   32.278236][    C1] 
[   32.280579][    C1] Memory state around the buggy address:
[   32.286285][    C1]  ffffc900001d0980: f8 f8 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[   32.294334][    C1]  ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.302583][    C1] >ffffc900001d0a80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[   32.310630][    C1]                                                     ^
[   32.317811][    C1]  ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.325865][    C1]  ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.334002][    C1] ==================================================================
[   32.342130][    C1] Disabling lock debugging due to kernel taint
[   32.687008][   T45] device bridge_slave_1 left promiscuous mode
[   32.693227][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.705852][   T45] device bridge_slave_0 left promiscuous mode
[   32.712416][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.720824][   T45] device veth1_macvtap left promiscuous mode
[   32.726968][   T45] device veth0_vlan left promiscuous mode
2026/01/31 15:16:52 executed programs: 249
2026/01/31 15:16:57 executed programs: 550