syzkaller syzkaller login: [ 12.465173][ T24] kauditd_printk_skb: 48 callbacks suppressed [ 12.465183][ T24] audit: type=1400 audit(1766991012.150:59): avc: denied { transition } for pid=217 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.471812][ T24] audit: type=1400 audit(1766991012.150:60): avc: denied { noatsecure } for pid=217 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.475836][ T24] audit: type=1400 audit(1766991012.150:61): avc: denied { write } for pid=217 comm="sh" path="pipe:[14445]" dev="pipefs" ino=14445 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.480430][ T24] audit: type=1400 audit(1766991012.150:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.490278][ T24] audit: type=1400 audit(1766991012.150:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. 2025/12/29 06:50:20 parsed 1 programs [ 21.096127][ T24] audit: type=1400 audit(1766991020.780:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.100562][ T24] audit: type=1400 audit(1766991020.780:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 21.104376][ T24] audit: type=1400 audit(1766991020.780:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 21.697061][ T24] audit: type=1400 audit(1766991021.380:67): avc: denied { mounton } for pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.698044][ T284] cgroup: Unknown subsys name 'net' [ 21.719843][ T24] audit: type=1400 audit(1766991021.380:68): avc: denied { mount } for pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.747246][ T24] audit: type=1400 audit(1766991021.410:69): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.747406][ T284] cgroup: Unknown subsys name 'devices' [ 21.980290][ T284] cgroup: Unknown subsys name 'hugetlb' [ 21.986133][ T284] cgroup: Unknown subsys name 'rlimit' [ 22.219383][ T24] audit: type=1400 audit(1766991021.910:70): avc: denied { setattr } for pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.242798][ T24] audit: type=1400 audit(1766991021.910:71): avc: denied { create } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.263620][ T24] audit: type=1400 audit(1766991021.910:72): avc: denied { write } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.268863][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.284453][ T24] audit: type=1400 audit(1766991021.910:73): avc: denied { read } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.318199][ T284] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.687523][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 22.697954][ T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 22.877572][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.884857][ T301] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.892573][ T301] device bridge_slave_0 entered promiscuous mode [ 22.900264][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.907369][ T301] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.914746][ T301] device bridge_slave_1 entered promiscuous mode [ 22.945329][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.952576][ T301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.960045][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.967151][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.982626][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.990323][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.997747][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.005832][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.015877][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.024226][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.032075][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.041065][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.049445][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.056453][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.067622][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.076959][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.089526][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.101247][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.109656][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.117056][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.125698][ T301] device veth0_vlan entered promiscuous mode [ 23.135245][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.144369][ T301] device veth1_macvtap entered promiscuous mode [ 23.158434][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.167199][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/12/29 06:50:23 executed programs: 0 [ 23.732371][ T9] device bridge_slave_1 left promiscuous mode [ 23.748715][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.756497][ T9] device bridge_slave_0 left promiscuous mode [ 23.772541][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.793470][ T9] device veth1_macvtap left promiscuous mode [ 23.799595][ T9] device veth0_vlan left promiscuous mode [ 23.899094][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.906383][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.914070][ T354] device bridge_slave_0 entered promiscuous mode [ 23.921191][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.928411][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.936170][ T354] device bridge_slave_1 entered promiscuous mode [ 23.975233][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.982826][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.991931][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.000896][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.009222][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.016308][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.023848][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.032612][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.041076][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.049221][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.056319][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.073099][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.081088][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.095706][ T354] device veth0_vlan entered promiscuous mode [ 24.102361][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.110813][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.119759][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.128323][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.140483][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.149495][ T354] device veth1_macvtap entered promiscuous mode [ 24.158186][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.169659][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.192769][ T367] erofs: (device loop2): mounted with root inode @ nid 36. [ 24.201354][ T367] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 24.211909][ T367] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 24.219907][ T367] #PF: supervisor instruction fetch in kernel mode [ 24.226391][ T367] #PF: error_code(0x0010) - not-present page [ 24.232427][ T367] PGD 10ffb6067 P4D 10ffb6067 PUD 0 [ 24.237698][ T367] Oops: 0010 [#1] PREEMPT SMP KASAN [ 24.242873][ T367] CPU: 0 PID: 367 Comm: syz.2.17 Not tainted syzkaller #0 [ 24.250302][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 24.260367][ T367] RIP: 0010:0x0 [ 24.263804][ T367] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 24.271613][ T367] RSP: 0018:ffffc90000da6bc8 EFLAGS: 00010246 [ 24.277765][ T367] RAX: 1ffffffff0a3b5ce RBX: ffffc90000da7520 RCX: ffff8881101a13c0 [ 24.285874][ T367] RDX: 0000000000000000 RSI: ffffc90000da7520 RDI: ffffc90000da7080 [ 24.293922][ T367] RBP: ffffc90000da6bf0 R08: dffffc0000000000 R09: ffffc90000da70aa [ 24.302260][ T367] R10: fffff520001b4e16 R11: 1ffff920001b4e15 R12: dffffc0000000000 [ 24.310333][ T367] R13: 000000000000073b R14: ffffc90000da7080 R15: ffffffff851dae70 [ 24.318283][ T367] FS: 000055555db6a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.327283][ T367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.333939][ T367] CR2: ffffffffffffffd6 CR3: 000000010b9d8000 CR4: 00000000003506b0 [ 24.342014][ T367] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.349967][ T367] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.358082][ T367] Call Trace: [ 24.361476][ T367] z_erofs_decompress+0x79/0xb0 [ 24.366416][ T367] z_erofs_decompress_queue+0x1066/0x1a10 [ 24.372331][ T367] ? z_erofs_onlinepage_endio+0x170/0x170 [ 24.378060][ T367] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.383350][ T367] ? wait_for_common_io+0x212/0x2d0 [ 24.388539][ T367] ? z_erofs_decompress_kickoff+0xfc/0x370 [ 24.394417][ T367] ? wait_for_completion_io+0x20/0x20 [ 24.399882][ T367] z_erofs_runqueue+0x11c9/0x1230 [ 24.405130][ T367] ? z_erofs_do_read_page+0x26dd/0x2780 [ 24.410767][ T367] ? z_erofs_do_read_page+0x2780/0x2780 [ 24.416470][ T367] z_erofs_readpage+0x1f3/0x480 [ 24.421309][ T367] ? z_erofs_rcu_callback+0x170/0x170 [ 24.426832][ T367] ? pagevec_add_and_need_flush+0x198/0x2e0 [ 24.432787][ T367] ? lru_cache_add+0x164/0x380 [ 24.437790][ T367] ? add_to_page_cache_lru+0x186/0x210 [ 24.443229][ T367] ? add_to_page_cache_lru+0x18e/0x210 [ 24.448672][ T367] ? z_erofs_rcu_callback+0x170/0x170 [ 24.454106][ T367] do_read_cache_page+0x69b/0xaa0 [ 24.459223][ T367] read_cache_page+0x50/0x70 [ 24.463881][ T367] erofs_namei+0x162/0x10d0 [ 24.468449][ T367] ? legitimize_links+0x287/0x3f0 [ 24.473455][ T367] ? avc_denied+0x1b0/0x1b0 [ 24.478024][ T367] erofs_lookup+0xa5/0x260 [ 24.482680][ T367] __lookup_slow+0x2aa/0x3e0 [ 24.487270][ T367] ? lookup_one_len+0x2c0/0x2c0 [ 24.492151][ T367] ? lookup_fast+0x2fa/0x700 [ 24.496818][ T367] ? __kasan_check_write+0x14/0x20 [ 24.501906][ T367] lookup_slow+0x57/0x70 [ 24.506137][ T367] walk_component+0x325/0x460 [ 24.510966][ T367] ? inode_permission+0xf1/0x520 [ 24.515973][ T367] link_path_walk+0x5b2/0xb80 [ 24.520631][ T367] ? handle_lookup_down+0x130/0x130 [ 24.525810][ T367] path_openat+0x27c/0x3160 [ 24.530376][ T367] ? __stack_depot_save+0x479/0x4c0 [ 24.535561][ T367] ? __kasan_slab_alloc+0xcf/0xf0 [ 24.540845][ T367] ? kmem_cache_alloc+0x165/0x2e0 [ 24.545850][ T367] ? getname+0x19/0x20 [ 24.549900][ T367] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.556034][ T367] ? do_filp_open+0x3e0/0x3e0 [ 24.560772][ T367] ? expand_files+0xde/0x8e0 [ 24.565345][ T367] do_filp_open+0x1b3/0x3e0 [ 24.569863][ T367] ? vfs_tmpfile+0x2c0/0x2c0 [ 24.574428][ T367] ? get_unused_fd_flags+0x92/0xa0 [ 24.579705][ T367] do_sys_openat2+0x14c/0x6d0 [ 24.584448][ T367] ? __se_sys_futex+0x2b4/0x360 [ 24.589359][ T367] ? do_sys_open+0xe0/0xe0 [ 24.594025][ T367] __x64_sys_open+0x11c/0x140 [ 24.598680][ T367] do_syscall_64+0x31/0x40 [ 24.603075][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.609032][ T367] RIP: 0033:0x7f4768bac749 [ 24.613521][ T367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 24.633804][ T367] RSP: 002b:00007ffc55344648 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 24.642291][ T367] RAX: ffffffffffffffda RBX: 00007f4768e02fa0 RCX: 00007f4768bac749 [ 24.650543][ T367] RDX: 0000000000000000 RSI: 00000000001a1342 RDI: 0000200000000000 [ 24.658594][ T367] RBP: 00007f4768c30f91 R08: 0000000000000000 R09: 0000000000000000 [ 24.666542][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 24.674596][ T367] R13: 00007f4768e02fa0 R14: 00007f4768e02fa0 R15: 0000000000000003 [ 24.682542][ T367] Modules linked in: [ 24.686520][ T367] CR2: 0000000000000000 [ 24.690760][ T367] ---[ end trace b09bedc3b357de73 ]--- [ 24.696383][ T367] RIP: 0010:0x0 [ 24.699817][ T367] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 24.707679][ T367] RSP: 0018:ffffc90000da6bc8 EFLAGS: 00010246 [ 24.713718][ T367] RAX: 1ffffffff0a3b5ce RBX: ffffc90000da7520 RCX: ffff8881101a13c0 [ 24.721789][ T367] RDX: 0000000000000000 RSI: ffffc90000da7520 RDI: ffffc90000da7080 [ 24.729825][ T367] RBP: ffffc90000da6bf0 R08: dffffc0000000000 R09: ffffc90000da70aa [ 24.737773][ T367] R10: fffff520001b4e16 R11: 1ffff920001b4e15 R12: dffffc0000000000 [ 24.745895][ T367] R13: 000000000000073b R14: ffffc90000da7080 R15: ffffffff851dae70 [ 24.753859][ T367] FS: 000055555db6a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.763145][ T367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.769706][ T367] CR2: ffffffffffffffd6 CR3: 000000010b9d8000 CR4: 00000000003506b0 [ 24.777828][ T367] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.785891][ T367] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.793858][ T367] Kernel panic - not syncing: Fatal exception [ 24.800277][ T367] Kernel Offset: disabled [ 24.804582][ T367] Rebooting in 86400 seconds..