Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts.
2026/06/02 18:41:37 parsed 1 programs
[   27.396757][   T30] audit: type=1400 audit(1780425697.657:64): avc:  denied  { node_bind } for  pid=294 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   27.418120][   T30] audit: type=1400 audit(1780425697.657:65): avc:  denied  { module_request } for  pid=294 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   28.373139][   T30] audit: type=1400 audit(1780425698.637:66): avc:  denied  { mounton } for  pid=300 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   28.376736][  T300] cgroup: Unknown subsys name 'net'
[   28.396007][   T30] audit: type=1400 audit(1780425698.637:67): avc:  denied  { mount } for  pid=300 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.423258][   T30] audit: type=1400 audit(1780425698.667:68): avc:  denied  { unmount } for  pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.423754][  T300] cgroup: Unknown subsys name 'devices'
[   28.572201][  T300] cgroup: Unknown subsys name 'hugetlb'
[   28.577830][  T300] cgroup: Unknown subsys name 'rlimit'
[   28.725970][   T30] audit: type=1400 audit(1780425698.987:69): avc:  denied  { setattr } for  pid=300 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   28.749199][   T30] audit: type=1400 audit(1780425698.987:70): avc:  denied  { create } for  pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.769616][   T30] audit: type=1400 audit(1780425698.987:71): avc:  denied  { write } for  pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.790222][   T30] audit: type=1400 audit(1780425698.987:72): avc:  denied  { read } for  pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   28.810505][   T30] audit: type=1400 audit(1780425698.997:73): avc:  denied  { mounton } for  pid=300 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   28.816220][  T304] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   28.869678][  T300] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   29.276967][  T306] request_module fs-gadgetfs succeeded, but still no fs?
[   29.991506][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.998579][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.006109][  T353] device bridge_slave_0 entered promiscuous mode
[   30.013024][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.020110][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.027500][  T353] device bridge_slave_1 entered promiscuous mode
[   30.073607][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.080678][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.088102][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.095185][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.115636][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.123346][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.130852][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.144659][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.152900][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.159921][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.168777][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.177051][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.184148][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.202425][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.211613][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.231698][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   30.242914][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   30.251025][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   30.258398][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   30.267018][  T353] device veth0_vlan entered promiscuous mode
[   30.281855][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.290989][  T353] device veth1_macvtap entered promiscuous mode
[   30.299943][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.317151][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.361016][  T353] syz-executor (353) used greatest stack depth: 21440 bytes left
2026/06/02 18:41:40 executed programs: 0
[   30.613076][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.620304][  T367] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.627820][  T367] device bridge_slave_0 entered promiscuous mode
[   30.635334][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.642591][  T367] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.650276][  T367] device bridge_slave_1 entered promiscuous mode
[   30.700712][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.707760][  T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.715065][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.722116][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.742910][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.750557][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.757708][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.767213][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.775978][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.783060][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.791898][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.800328][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.807376][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.819338][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.828643][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.843085][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   30.854513][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   30.862821][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   30.870404][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   30.883867][  T367] device veth0_vlan entered promiscuous mode
[   30.894009][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.907535][  T367] device veth1_macvtap entered promiscuous mode
[   30.917006][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.927262][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.990302][    C0] ==================================================================
[   30.998408][    C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480
[   31.006145][    C0] Read of size 4 at addr ffffc90000007b38 by task swapper/0/0
[   31.013592][    C0] 
[   31.015916][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
[   31.022930][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   31.032984][    C0] Call Trace:
[   31.036260][    C0]  <IRQ>
[   31.039095][    C0]  __dump_stack+0x21/0x30
[   31.043425][    C0]  dump_stack_lvl+0x110/0x170
[   31.048100][    C0]  ? show_regs_print_info+0x20/0x20
[   31.053291][    C0]  ? load_image+0x3e0/0x3e0
[   31.057788][    C0]  print_address_description+0x7f/0x2c0
[   31.063337][    C0]  ? __xfrm_dst_hash+0x399/0x480
[   31.068273][    C0]  kasan_report+0xf1/0x140
[   31.072705][    C0]  ? __xfrm_dst_hash+0x399/0x480
[   31.077643][    C0]  __asan_report_load4_noabort+0x14/0x20
[   31.083270][    C0]  __xfrm_dst_hash+0x399/0x480
[   31.088032][    C0]  xfrm_state_find+0x28a/0x2a10
[   31.092889][    C0]  ? xfrm_sad_getinfo+0x170/0x170
[   31.097911][    C0]  ? _raw_spin_lock_irqsave+0xc2/0x130
[   31.103369][    C0]  ? xfrm_pol_bin_cmp+0x19e/0x310
[   31.108391][    C0]  xfrm_resolve_and_create_bundle+0x697/0x29f0
[   31.114543][    C0]  ? xfrm_sk_policy_lookup+0x480/0x480
[   31.120156][    C0]  ? xfrm_policy_lookup+0xcba/0xd10
[   31.125406][    C0]  ? __xfrm_policy_check+0x2980/0x2980
[   31.130875][    C0]  xfrm_lookup_with_ifid+0x4e9/0x2080
[   31.136249][    C0]  ? rt_set_nexthop+0x5b9/0x780
[   31.141197][    C0]  ? __xfrm_sk_clone_policy+0x680/0x680
[   31.146739][    C0]  ? ip_route_output_key_hash_rcu+0x15af/0x20e0
[   31.153031][    C0]  xfrm_lookup_route+0x3c/0x170
[   31.157889][    C0]  ip_route_output_flow+0x1f8/0x2f0
[   31.163109][    C0]  ? ipv4_sk_update_pmtu+0x14b0/0x14b0
[   31.168588][    C0]  ? make_kuid+0x1db/0x680
[   31.173047][    C0]  ? __put_user_ns+0x60/0x60
[   31.177757][    C0]  ? __kasan_check_write+0x14/0x20
[   31.182889][    C0]  ? __alloc_skb+0x463/0x740
[   31.187530][    C0]  igmpv3_newpack+0x280/0xcd0
[   31.192251][    C0]  ? igmpv3_sendpack+0x190/0x190
[   31.197211][    C0]  ? is_in+0x137/0x5b0
[   31.201293][    C0]  add_grec+0x99b/0x1410
[   31.205555][    C0]  igmp_ifc_timer_expire+0x104/0xf80
[   31.210845][    C0]  ? __kasan_check_write+0x14/0x20
[   31.215966][    C0]  ? _raw_spin_trylock_bh+0x150/0x150
[   31.221549][    C0]  ? igmp_gq_timer_expire+0xe0/0xe0
[   31.226769][    C0]  call_timer_fn+0x38/0x290
[   31.231286][    C0]  ? igmp_gq_timer_expire+0xe0/0xe0
[   31.236496][    C0]  __run_timers+0x650/0x9e0
[   31.241005][    C0]  ? calc_index+0x200/0x200
[   31.245517][    C0]  ? sched_clock_cpu+0x18/0x3c0
[   31.250378][    C0]  run_timer_softirq+0x6a/0xf0
[   31.255161][    C0]  handle_softirqs+0x250/0x560
[   31.259938][    C0]  __irq_exit_rcu+0x52/0xf0
[   31.264444][    C0]  irq_exit_rcu+0x9/0x10
[   31.268707][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   31.274341][    C0]  </IRQ>
[   31.277285][    C0]  <TASK>
[   31.280229][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   31.286222][    C0] RIP: 0010:default_idle+0xf/0x20
[   31.291258][    C0] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[   31.311054][    C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000242
[   31.317130][    C0] RAX: 0000000000003abc RBX: ffffffff8661c400 RCX: 0000000000003abc
[   31.325187][    C0] RDX: 0000000000000001 RSI: ffffffff8563aba0 RDI: ffffffff8563ab60
[   31.333169][    C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e
[   31.341160][    C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000
[   31.349143][    C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000
[   31.357124][    C0]  arch_cpu_idle+0xa/0x10
[   31.361467][    C0]  default_idle_call+0x71/0x1d0
[   31.366376][    C0]  do_idle+0x368/0x620
[   31.370537][    C0]  ? idle_inject_timer_fn+0x60/0x60
[   31.375757][    C0]  cpu_startup_entry+0x18/0x20
[   31.380537][    C0]  rest_init+0x10a/0x130
[   31.384787][    C0]  ? time_init+0x40/0x40
[   31.389038][    C0]  arch_call_rest_init+0xe/0x10
[   31.393898][    C0]  start_kernel+0x46d/0x4e0
[   31.398407][    C0]  x86_64_start_reservations+0x2a/0x30
[   31.403869][    C0]  x86_64_start_kernel+0x5b/0x60
[   31.408816][    C0]  secondary_startup_64_no_verify+0xb1/0xbb
[   31.414711][    C0]  </TASK>
[   31.417737][    C0] 
[   31.420071][    C0] 
[   31.422407][    C0] Memory state around the buggy address:
[   31.428036][    C0]  ffffc90000007a00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   31.436092][    C0]  ffffc90000007a80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   31.444149][    C0] >ffffc90000007b00: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[   31.452216][    C0]                                         ^
[   31.458112][    C0]  ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.466209][    C0]  ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.474390][    C0] ==================================================================
[   31.482462][    C0] Disabling lock debugging due to kernel taint
[   31.707271][    T8] device bridge_slave_1 left promiscuous mode
[   31.713647][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.721629][    T8] device bridge_slave_0 left promiscuous mode
[   31.727759][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.736276][    T8] device veth1_macvtap left promiscuous mode
[   31.742474][    T8] device veth0_vlan left promiscuous mode
2026/06/02 18:41:45 executed programs: 240
2026/06/02 18:41:50 executed programs: 540