Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts.
2026/06/11 06:54:41 parsed 1 programs
[ 20.999277][ T28] audit: type=1400 audit(1781160881.076:64): avc: denied { node_bind } for pid=295 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 21.002143][ T28] audit: type=1400 audit(1781160881.076:65): avc: denied { module_request } for pid=295 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 21.691792][ T28] audit: type=1400 audit(1781160881.776:66): avc: denied { mounton } for pid=302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 21.692822][ T302] cgroup: Unknown subsys name 'net'
[ 21.714456][ T28] audit: type=1400 audit(1781160881.776:67): avc: denied { mount } for pid=302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.741713][ T28] audit: type=1400 audit(1781160881.796:68): avc: denied { unmount } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.741861][ T302] cgroup: Unknown subsys name 'devices'
[ 21.882190][ T302] cgroup: Unknown subsys name 'hugetlb'
[ 21.887782][ T302] cgroup: Unknown subsys name 'rlimit'
[ 21.994801][ T28] audit: type=1400 audit(1781160882.076:69): avc: denied { setattr } for pid=302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 22.013804][ T305] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 22.017978][ T28] audit: type=1400 audit(1781160882.076:70): avc: denied { create } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 22.046854][ T28] audit: type=1400 audit(1781160882.076:71): avc: denied { write } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 22.067126][ T28] audit: type=1400 audit(1781160882.076:72): avc: denied { read } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 22.079373][ T302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 22.087505][ T28] audit: type=1400 audit(1781160882.076:73): avc: denied { mounton } for pid=302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 22.860267][ T314] request_module fs-gadgetfs succeeded, but still no fs?
[ 22.955138][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 22.962308][ T312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 22.969820][ T312] device bridge_slave_0 entered promiscuous mode
[ 22.996654][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.006838][ T312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.015306][ T312] device bridge_slave_1 entered promiscuous mode
[ 23.234897][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.241977][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.249249][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.256296][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.379794][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.393135][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.408197][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 23.416979][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.428740][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.453387][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 23.475264][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 23.491308][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 23.499328][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 23.507486][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 23.516678][ T312] device veth0_vlan entered promiscuous mode
2026/06/11 06:54:43 executed programs: 0
[ 23.527986][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 23.537398][ T312] device veth1_macvtap entered promiscuous mode
[ 23.547579][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 23.561861][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 23.613313][ T312] syz-executor (312) used greatest stack depth: 21984 bytes left
[ 23.731024][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.738072][ T374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.745423][ T374] device bridge_slave_0 entered promiscuous mode
[ 23.753827][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.760913][ T374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.768210][ T374] device bridge_slave_1 entered promiscuous mode
[ 23.827292][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.834381][ T376] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.842023][ T376] device bridge_slave_0 entered promiscuous mode
[ 23.862579][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.869614][ T376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.877065][ T376] device bridge_slave_1 entered promiscuous mode
[ 23.902329][ T379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.909364][ T379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.916817][ T379] device bridge_slave_0 entered promiscuous mode
[ 23.926392][ T379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.933660][ T379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.940995][ T379] device bridge_slave_1 entered promiscuous mode
[ 23.958150][ T378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.965297][ T378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.972676][ T378] device bridge_slave_0 entered promiscuous mode
[ 23.999206][ T378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.006262][ T378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.013588][ T378] device bridge_slave_1 entered promiscuous mode
[ 24.022088][ T380] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.029117][ T380] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.036465][ T380] device bridge_slave_0 entered promiscuous mode
[ 24.057879][ T380] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.064922][ T380] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.072234][ T380] device bridge_slave_1 entered promiscuous mode
[ 24.227542][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.234959][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.277608][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 24.286019][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.294995][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.302026][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.309535][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 24.335871][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 24.344173][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.352506][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.359526][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.384217][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.392221][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.418757][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.427734][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.460861][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.469220][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.477694][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.486136][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.493566][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.501119][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.508458][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 24.516785][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.525096][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.532133][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.539468][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 24.547764][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.555868][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.562883][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.570172][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.578158][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.586144][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 24.596590][ T376] device veth0_vlan entered promiscuous mode
[ 24.607754][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.643002][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.651102][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.658113][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.665560][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.673881][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.680927][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.688372][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.695871][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.703470][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.711653][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.718656][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.726043][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.734081][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.741600][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.749430][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.757404][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 24.765055][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 24.772786][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.780106][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.791532][ T374] device veth0_vlan entered promiscuous mode
[ 24.807497][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.815641][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.822675][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.831252][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.839346][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.846365][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.853805][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.861970][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.868983][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.876469][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 24.897351][ T43] device bridge_slave_1 left promiscuous mode
[ 24.903662][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.911807][ T43] device bridge_slave_0 left promiscuous mode
[ 24.917959][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.926406][ T43] device veth1_macvtap left promiscuous mode
[ 24.932438][ T43] device veth0_vlan left promiscuous mode
[ 25.008739][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 25.016857][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.024917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 25.032988][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.041561][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 25.049777][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.057738][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 25.065861][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.077177][ T376] device veth1_macvtap entered promiscuous mode
[ 25.086303][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 25.094636][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.102747][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 25.110990][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 25.119280][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.133541][ T374] device veth1_macvtap entered promiscuous mode
[ 25.140820][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 25.148933][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.157225][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 25.169349][ T379] device veth0_vlan entered promiscuous mode
[ 25.177085][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 25.185283][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.193729][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 25.201594][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.209492][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 25.217908][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.226289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 25.233719][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 25.241853][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 25.250114][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.263199][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 25.271506][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.291618][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 25.299900][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.308634][ T396] ==================================================================
[ 25.312345][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 25.316694][ T396] BUG: KASAN: use-after-free in mutex_lock+0x86/0x1b0
[ 25.325209][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.331382][ T396] Write of size 8 at addr ffff88812f1bdd50 by task syz.1.18/396
[ 25.331397][ T396]
[ 25.331409][ T396] CPU: 0 PID: 396 Comm: syz.1.18 Not tainted syzkaller #0
[ 25.331424][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 25.331439][ T396] Call Trace:
[ 25.343854][ T379] device veth1_macvtap entered promiscuous mode
[ 25.347068][ T396]
[ 25.347076][ T396] __dump_stack+0x21/0x24
[ 25.353958][ T378] device veth0_vlan entered promiscuous mode
[ 25.356482][ T396] dump_stack_lvl+0x110/0x170
[ 25.379341][ T378] device veth1_macvtap entered promiscuous mode
[ 25.383215][ T396] ? __cfi_dump_stack_lvl+0x8/0x8
[ 25.383240][ T396] ? mutex_lock+0x86/0x1b0
[ 25.409429][ T396] print_address_description+0x71/0x200
[ 25.414957][ T396] print_report+0x4a/0x60
[ 25.419261][ T396] kasan_report+0x122/0x150
[ 25.423745][ T396] ? mutex_lock+0x86/0x1b0
[ 25.428140][ T396] kasan_check_range+0x249/0x2a0
[ 25.433055][ T396] __kasan_check_write+0x14/0x20
[ 25.437991][ T396] mutex_lock+0x86/0x1b0
[ 25.442212][ T396] ? __cfi_mutex_lock+0x10/0x10
[ 25.447038][ T396] ? l2tp_session_put+0xaf/0x1a0
[ 25.451950][ T396] ? l2tp_session_delete+0x3f0/0x4e0
[ 25.457210][ T396] pppol2tp_release+0x194/0x2d0
[ 25.462032][ T396] sock_close+0xf1/0x290
[ 25.466252][ T396] ? __cfi_sock_close+0x10/0x10
[ 25.471093][ T396] __fput+0x1fc/0x8f0
[ 25.475057][ T396] ____fput+0x15/0x20
[ 25.479014][ T396] task_work_run+0x1e1/0x250
[ 25.483579][ T396] ? __cfi_task_work_run+0x10/0x10
[ 25.488667][ T396] ? __cfi___close_range+0x10/0x10
[ 25.493757][ T396] exit_to_user_mode_loop+0x9b/0xb0
[ 25.498940][ T396] exit_to_user_mode_prepare+0x87/0xd0
[ 25.504382][ T396] syscall_exit_to_user_mode+0x1a/0x30
[ 25.509821][ T396] do_syscall_64+0x58/0xa0
[ 25.514218][ T396] ? clear_bhb_loop+0x30/0x80
[ 25.518872][ T396] ? clear_bhb_loop+0x30/0x80
[ 25.523528][ T396] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 25.529407][ T396] RIP: 0033:0x7f213fd9ce59
[ 25.533815][ T396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 25.553399][ T396] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 25.561799][ T396] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 25.569749][ T396] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 25.577699][ T396] RBP: 00000000000062c6 R08: 0000000000000001 R09: 0000000000000000
[ 25.585660][ T396] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 25.593613][ T396] R13: 00007f2140015fac R14: 00000000000062f9 R15: 00007f2140015fa0
[ 25.601569][ T396]
[ 25.604577][ T396]
[ 25.606881][ T396] Allocated by task 397:
[ 25.611103][ T396] kasan_set_track+0x4b/0x70
[ 25.615686][ T396] kasan_save_alloc_info+0x25/0x30
[ 25.620776][ T396] __kasan_kmalloc+0x95/0xb0
[ 25.625345][ T396] __kmalloc+0xb1/0x1e0
[ 25.629478][ T396] l2tp_session_create+0x38/0xbe0
[ 25.634480][ T396] pppol2tp_connect+0xbef/0x1620
[ 25.639396][ T396] __sys_connect+0x3da/0x460
[ 25.643968][ T396] __x64_sys_connect+0x7a/0x90
[ 25.648711][ T396] x64_sys_call+0x88d/0x9a0
[ 25.653198][ T396] do_syscall_64+0x4c/0xa0
[ 25.657595][ T396] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 25.663470][ T396]
[ 25.665770][ T396] Freed by task 396:
[ 25.669638][ T396] kasan_set_track+0x4b/0x70
[ 25.674207][ T396] kasan_save_free_info+0x31/0x50
[ 25.679210][ T396] ____kasan_slab_free+0x132/0x180
[ 25.684302][ T396] __kasan_slab_free+0x11/0x20
[ 25.689044][ T396] slab_free_freelist_hook+0xc2/0x190
[ 25.694394][ T396] __kmem_cache_free+0xb7/0x1b0
[ 25.699225][ T396] kfree+0x6f/0xf0
[ 25.702933][ T396] l2tp_session_put+0xaf/0x1a0
[ 25.707677][ T396] l2tp_session_delete+0x3f0/0x4e0
[ 25.712765][ T396] pppol2tp_release+0x185/0x2d0
[ 25.717594][ T396] sock_close+0xf1/0x290
[ 25.721820][ T396] __fput+0x1fc/0x8f0
[ 25.725784][ T396] ____fput+0x15/0x20
[ 25.729747][ T396] task_work_run+0x1e1/0x250
[ 25.734331][ T396] exit_to_user_mode_loop+0x9b/0xb0
[ 25.739510][ T396] exit_to_user_mode_prepare+0x87/0xd0
[ 25.744947][ T396] syscall_exit_to_user_mode+0x1a/0x30
[ 25.750382][ T396] do_syscall_64+0x58/0xa0
[ 25.754778][ T396] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 25.760653][ T396]
[ 25.762965][ T396] The buggy address belongs to the object at ffff88812f1bdc00
[ 25.762965][ T396] which belongs to the cache kmalloc-512 of size 512
[ 25.776994][ T396] The buggy address is located 336 bytes inside of
[ 25.776994][ T396] 512-byte region [ffff88812f1bdc00, ffff88812f1bde00)
[ 25.790244][ T396]
[ 25.792545][ T396] The buggy address belongs to the physical page:
[ 25.798941][ T396] page:ffffea0004bc6f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f1bc
[ 25.809160][ T396] head:ffffea0004bc6f00 order:2 compound_mapcount:0 compound_pincount:0
[ 25.817459][ T396] flags: 0x4000000000010200(slab|head|zone=1)
[ 25.823514][ T396] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00
[ 25.832081][ T396] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 25.840635][ T396] page dumped because: kasan: bad access detected
[ 25.847033][ T396] page_owner tracks the page as allocated
[ 25.852721][ T396] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 397, tgid 396 (syz.1.18), ts 25308155712, free_ts 23680535640
[ 25.875009][ T396] post_alloc_hook+0x1f5/0x210
[ 25.879759][ T396] prep_new_page+0x1c/0x110
[ 25.884252][ T396] get_page_from_freelist+0x2d12/0x2d80
[ 25.889786][ T396] __alloc_pages+0x1fa/0x610
[ 25.894371][ T396] alloc_slab_page+0x6e/0xf0
[ 25.898939][ T396] new_slab+0x98/0x3d0
[ 25.902984][ T396] ___slab_alloc+0x6bd/0xb20
[ 25.907555][ T396] __slab_alloc+0x5e/0xa0
[ 25.911868][ T396] __kmem_cache_alloc_node+0x203/0x2c0
[ 25.917306][ T396] kmalloc_trace+0x29/0xb0
[ 25.921697][ T396] l2tp_tunnel_create+0x97/0x430
[ 25.926616][ T396] pppol2tp_connect+0x7e2/0x1620
[ 25.931533][ T396] __sys_connect+0x3da/0x460
[ 25.936105][ T396] __x64_sys_connect+0x7a/0x90
[ 25.940845][ T396] x64_sys_call+0x88d/0x9a0
[ 25.945330][ T396] do_syscall_64+0x4c/0xa0
[ 25.949724][ T396] page last free stack trace:
[ 25.954369][ T396] free_unref_page_prepare+0x7f8/0x800
[ 25.959811][ T396] free_unref_page+0x95/0x540
[ 25.964468][ T396] __free_pages+0x67/0x100
[ 25.968865][ T396] __vunmap+0x9c0/0xb80
[ 25.972999][ T396] vfree+0x61/0x90
[ 25.976696][ T396] kcov_close+0x2b/0x50
[ 25.980827][ T396] __fput+0x1fc/0x8f0
[ 25.984789][ T396] ____fput+0x15/0x20
[ 25.988749][ T396] task_work_run+0x1e1/0x250
[ 25.993320][ T396] do_exit+0xa35/0x2660
[ 25.997457][ T396] do_group_exit+0x225/0x2e0
[ 26.002026][ T396] get_signal+0x13b5/0x1520
[ 26.006513][ T396] arch_do_signal_or_restart+0xd1/0x1140
[ 26.012126][ T396] exit_to_user_mode_loop+0x7a/0xb0
[ 26.017303][ T396] exit_to_user_mode_prepare+0x87/0xd0
[ 26.022742][ T396] syscall_exit_to_user_mode+0x1a/0x30
[ 26.028184][ T396]
[ 26.030486][ T396] Memory state around the buggy address:
[ 26.036091][ T396] ffff88812f1bdc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.044127][ T396] ffff88812f1bdc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.052163][ T396] >ffff88812f1bdd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.060194][ T396] ^
[ 26.066843][ T396] ffff88812f1bdd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.074878][ T396] ffff88812f1bde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.082911][ T396] ==================================================================
[ 26.091868][ T396] Disabling lock debugging due to kernel taint
[ 26.106003][ T28] kauditd_printk_skb: 34 callbacks suppressed
[ 26.106014][ T28] audit: type=1400 audit(1781160886.186:108): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 26.109267][ T380] device veth0_vlan entered promiscuous mode
[ 26.122472][ T28] audit: type=1400 audit(1781160886.186:109): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 26.161557][ T399] ------------[ cut here ]------------
[ 26.163239][ T28] audit: type=1400 audit(1781160886.186:110): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 26.167086][ T399] WARNING: CPU: 0 PID: 399 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 26.190524][ T28] audit: type=1400 audit(1781160886.186:111): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 26.198522][ T399] Modules linked in:
[ 26.219250][ T28] audit: type=1400 audit(1781160886.186:112): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 26.222923][ T399] CPU: 0 PID: 399 Comm: syz.1.22 Tainted: G B syzkaller #0
[ 26.243768][ T28] audit: type=1400 audit(1781160886.186:113): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 26.252096][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 26.275032][ T28] audit: type=1400 audit(1781160886.186:114): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 26.285107][ T399] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 26.313972][ T399] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 26.333640][ T399] RSP: 0018:ffffc90000a77c98 EFLAGS: 00010293
[ 26.339713][ T399] RAX: ffffffff849cebf7 RBX: ffff88810e570000 RCX: ffff888118aed100
[ 26.347688][ T399] RDX: 0000000000000000 RSI: 000000001175f770 RDI: 000000000c04eb7d
[ 26.355664][ T399] RBP: ffffc90000a77cb8 R08: ffff88810e570083 R09: 1ffff11021cae010
[ 26.363664][ T399] R10: dffffc0000000000 R11: ffffed1021cae011 R12: dffffc0000000000
[ 26.371647][ T399] R13: 1ffff1102660be1b R14: 000000001175f770 R15: ffff888117cd6000
[ 26.379595][ T399] FS: 0000555572615500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 26.388539][ T399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.395126][ T399] CR2: 00007f213fc72780 CR3: 0000000121e1e000 CR4: 00000000003506b0
[ 26.403096][ T399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.411066][ T399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.419023][ T399] Call Trace:
[ 26.422302][ T399]
[ 26.425221][ T399] pppol2tp_release+0x16c/0x2d0
[ 26.430056][ T399] sock_close+0xf1/0x290
[ 26.434296][ T399] ? __cfi_sock_close+0x10/0x10
[ 26.439141][ T399] __fput+0x1fc/0x8f0
[ 26.443145][ T399] ____fput+0x15/0x20
[ 26.447120][ T399] task_work_run+0x1e1/0x250
[ 26.451726][ T399] ? __cfi_task_work_run+0x10/0x10
[ 26.456830][ T399] ? __cfi___close_range+0x10/0x10
[ 26.461947][ T399] exit_to_user_mode_loop+0x9b/0xb0
[ 26.467135][ T399] exit_to_user_mode_prepare+0x87/0xd0
[ 26.472622][ T399] syscall_exit_to_user_mode+0x1a/0x30
[ 26.478072][ T399] do_syscall_64+0x58/0xa0
[ 26.482486][ T399] ? clear_bhb_loop+0x30/0x80
[ 26.487150][ T399] ? clear_bhb_loop+0x30/0x80
[ 26.491824][ T399] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 26.497713][ T399] RIP: 0033:0x7f213fd9ce59
[ 26.502127][ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 26.521737][ T399] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 26.530130][ T399] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 26.538109][ T399] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 26.546081][ T399] RBP: 000000000000660a R08: 0000000000000001 R09: 0000000000000000
[ 26.554047][ T399] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 26.562021][ T399] R13: 00007f2140015fac R14: 000000000000664e R15: 00007f2140015fa0
[ 26.569971][ T399]
[ 26.572995][ T399] ---[ end trace 0000000000000000 ]---
[ 26.596286][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 26.617339][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.618038][ T405] ------------[ cut here ]------------
[ 26.625639][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 26.630749][ T405] WARNING: CPU: 0 PID: 405 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 26.630780][ T405] Modules linked in:
[ 26.630790][ T405] CPU: 0 PID: 405 Comm: syz.5.25 Tainted: G B W syzkaller #0
[ 26.630805][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 26.639709][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 26.648146][ T405] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 26.652444][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.660578][ T405] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 26.660614][ T405] RSP: 0018:ffffc90000a77c98 EFLAGS: 00010293
[ 26.671241][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 26.678270][ T405] RAX: ffffffff849cebf7 RBX: ffff888118fcc000 RCX: ffff888110c9e540
[ 26.684985][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.692242][ T405] RDX: 0000000000000000 RSI: 0000000018eb8800 RDI: 000000000c04eb7d
[ 26.692256][ T405] RBP: ffffc90000a77cb8 R08: ffff888118fcc083 R09: 1ffff110231f9810
[ 26.712730][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 26.717911][ T405] R10: dffffc0000000000 R11: ffffed10231f9811 R12: dffffc0000000000
[ 26.726253][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 26.733781][ T405] R13: 1ffff1102660ead3 R14: 0000000018eb8800 R15: ffff8881171af800
[ 26.742119][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.749607][ T405] FS: 0000555561186500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 26.758262][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 26.764944][ T405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.773364][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.780905][ T405] CR2: 00007f213fc72780 CR3: 0000000121cc2000 CR4: 00000000003506b0
[ 26.789294][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 26.796915][ T405] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.796927][ T405] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.806350][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.813820][ T405] Call Trace:
[ 26.820907][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 26.828432][ T405]
[ 26.836832][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.844221][ T405] pppol2tp_release+0x16c/0x2d0
[ 26.852616][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 26.860250][ T405] sock_close+0xf1/0x290
[ 26.868355][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.871175][ T405] ? __cfi_sock_close+0x10/0x10
[ 26.879550][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.882046][ T405] __fput+0x1fc/0x8f0
[ 26.890491][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.894926][ T405] ____fput+0x15/0x20
[ 26.903310][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.907106][ T405] task_work_run+0x1e1/0x250
[ 26.915587][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.919997][ T405] ? __cfi_task_work_run+0x10/0x10
[ 26.966311][ T405] ? __cfi___close_range+0x10/0x10
[ 26.971421][ T405] exit_to_user_mode_loop+0x9b/0xb0
[ 26.976628][ T405] exit_to_user_mode_prepare+0x87/0xd0
[ 26.982090][ T405] syscall_exit_to_user_mode+0x1a/0x30
[ 26.987540][ T405] do_syscall_64+0x58/0xa0
[ 26.991959][ T405] ? clear_bhb_loop+0x30/0x80
[ 26.996625][ T405] ? clear_bhb_loop+0x30/0x80
[ 27.001297][ T405] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 27.007184][ T405] RIP: 0033:0x7fe6c9d9ce59
[ 27.011603][ T405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 27.031218][ T405] RSP: 002b:00007ffc2319c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 27.039609][ T405] RAX: 0000000000000000 RBX: 00007ffc2319c690 RCX: 00007fe6c9d9ce59
[ 27.047584][ T405] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 27.055557][ T405] RBP: 00000000000067e3 R08: 0000000000000001 R09: 0000000000000000
[ 27.063532][ T405] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007ffc2319c6d0
[ 27.071511][ T405] R13: 00007fe6ca015fac R14: 0000000000006816 R15: 00007fe6ca015fa0
[ 27.079465][ T405]
[ 27.082508][ T405] ---[ end trace 0000000000000000 ]---
[ 27.119508][ T416] ------------[ cut here ]------------
[ 27.125147][ T416] WARNING: CPU: 1 PID: 416 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 27.127052][ T380] device veth1_macvtap entered promiscuous mode
[ 27.135335][ T416] Modules linked in:
[ 27.145563][ T416] CPU: 1 PID: 416 Comm: syz.1.28 Tainted: G B W syzkaller #0
[ 27.154240][ T416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 27.164375][ T416] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 27.170786][ T416] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 27.190492][ T416] RSP: 0018:ffffc9000576fc98 EFLAGS: 00010293
[ 27.196648][ T416] RAX: ffffffff849cebf7 RBX: ffff8881196c3000 RCX: ffff888119746540
[ 27.204675][ T416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 27.212767][ T416] RBP: ffffc9000576fcb8 R08: ffff8881196c3083 R09: 1ffff110232d8610
[ 27.220827][ T416] R10: dffffc0000000000 R11: ffffed10232d8611 R12: dffffc0000000000
[ 27.228782][ T416] R13: 1ffff110266103c3 R14: 0000000000000000 R15: ffff88811689e400
[ 27.236829][ T416] FS: 0000555572615500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 27.245813][ T416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.252499][ T416] CR2: 00007f213fc72780 CR3: 000000012ef91000 CR4: 00000000003506a0
[ 27.260464][ T416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 27.268514][ T416] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 27.276562][ T416] Call Trace:
[ 27.279820][ T416]
[ 27.282828][ T416] pppol2tp_release+0x16c/0x2d0
[ 27.287678][ T416] sock_close+0xf1/0x290
[ 27.291996][ T416] ? __cfi_sock_close+0x10/0x10
[ 27.296847][ T416] __fput+0x1fc/0x8f0
[ 27.300921][ T416] ____fput+0x15/0x20
[ 27.304901][ T416] task_work_run+0x1e1/0x250
[ 27.309468][ T416] ? __cfi_task_work_run+0x10/0x10
[ 27.314650][ T416] ? __cfi___close_range+0x10/0x10
[ 27.319754][ T416] exit_to_user_mode_loop+0x9b/0xb0
[ 27.325034][ T416] exit_to_user_mode_prepare+0x87/0xd0
[ 27.330493][ T416] syscall_exit_to_user_mode+0x1a/0x30
[ 27.336029][ T416] do_syscall_64+0x58/0xa0
[ 27.340453][ T416] ? clear_bhb_loop+0x30/0x80
[ 27.345203][ T416] ? clear_bhb_loop+0x30/0x80
[ 27.349871][ T416] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 27.355854][ T416] RIP: 0033:0x7f213fd9ce59
[ 27.360261][ T416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 27.379958][ T416] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 27.388476][ T416] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 27.396576][ T416] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 27.404637][ T416] RBP: 00000000000069d9 R08: 0000000000000001 R09: 0000000000000000
[ 27.412674][ T416] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 27.420705][ T416] R13: 00007f2140015fac R14: 0000000000006a0c R15: 00007f2140015fa0
[ 27.428666][ T416]
[ 27.431737][ T416] ---[ end trace 0000000000000000 ]---
[ 27.447375][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.457405][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.460070][ T425] ------------[ cut here ]------------
[ 27.465837][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 27.470804][ T425] WARNING: CPU: 0 PID: 425 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 27.478631][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.488141][ T425] Modules linked in:
[ 27.488153][ T425] CPU: 0 PID: 425 Comm: syz.1.30 Tainted: G B W syzkaller #0
[ 27.496809][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.499988][ T425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 27.508926][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.516828][ T425] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 27.527118][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.534797][ T425] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 27.534810][ T425] RSP: 0018:ffffc90000b07c98 EFLAGS: 00010293
[ 27.534824][ T425] RAX: ffffffff849cebf7 RBX: ffff88811a195000 RCX: ffff88811a019440
[ 27.534836][ T425] RDX: 0000000000000000 RSI: 0000000019f9b060 RDI: 000000000c04eb7d
[ 27.590788][ T425] RBP: ffffc90000b07cb8 R08: ffff88811a195083 R09: 1ffff11023432a10
[ 27.598749][ T425] R10: dffffc0000000000 R11: ffffed1023432a11 R12: dffffc0000000000
[ 27.606737][ T425] R13: 1ffff110247dbf83 R14: 0000000019f9b060 R15: ffff888115c51c00
[ 27.614894][ T425] FS: 0000555572615500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 27.623832][ T425] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.630406][ T425] CR2: 00007fe18d617dac CR3: 0000000118d76000 CR4: 00000000003506b0
[ 27.638390][ T425] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 27.646377][ T425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 27.654361][ T425] Call Trace:
[ 27.657627][ T425]
[ 27.660536][ T425] pppol2tp_release+0x16c/0x2d0
[ 27.665401][ T425] sock_close+0xf1/0x290
[ 27.669639][ T425] ? __cfi_sock_close+0x10/0x10
[ 27.674502][ T425] __fput+0x1fc/0x8f0
[ 27.678481][ T425] ____fput+0x15/0x20
[ 27.682477][ T425] task_work_run+0x1e1/0x250
[ 27.687063][ T425] ? __cfi_task_work_run+0x10/0x10
[ 27.692193][ T425] ? __cfi___close_range+0x10/0x10
[ 27.697305][ T425] exit_to_user_mode_loop+0x9b/0xb0
[ 27.702522][ T425] exit_to_user_mode_prepare+0x87/0xd0
[ 27.707973][ T425] syscall_exit_to_user_mode+0x1a/0x30
[ 27.713515][ T425] do_syscall_64+0x58/0xa0
[ 27.717926][ T425] ? clear_bhb_loop+0x30/0x80
[ 27.722611][ T425] ? clear_bhb_loop+0x30/0x80
[ 27.727277][ T425] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 27.733169][ T425] RIP: 0033:0x7f213fd9ce59
[ 27.737576][ T425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 27.757197][ T425] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 27.765619][ T425] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 27.773618][ T425] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 27.781615][ T425] RBP: 0000000000006b1f R08: 0000000000000001 R09: 0000000000000000
[ 27.789567][ T425] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 27.797551][ T425] R13: 00007f2140015fac R14: 0000000000006b5d R15: 00007f2140015fa0
[ 27.805629][ T425]
[ 27.808632][ T425] ---[ end trace 0000000000000000 ]---
[ 27.850859][ T439] ------------[ cut here ]------------
[ 27.856353][ T439] WARNING: CPU: 1 PID: 439 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 27.866551][ T439] Modules linked in:
[ 27.870454][ T439] CPU: 1 PID: 439 Comm: syz.0.34 Tainted: G B W syzkaller #0
[ 27.879413][ T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 27.889569][ T439] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 27.896032][ T439] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 27.915777][ T439] RSP: 0018:ffffc90000ba7c98 EFLAGS: 00010293
[ 27.921955][ T439] RAX: ffffffff849cebf7 RBX: ffff88811a541000 RCX: ffff888119d99440
[ 27.929917][ T439] RDX: 0000000000000000 RSI: 000000001a5a4400 RDI: 000000000c04eb7d
[ 27.937959][ T439] RBP: ffffc90000ba7cb8 R08: ffff88811a541083 R09: 1ffff110234a8210
[ 27.945990][ T439] R10: dffffc0000000000 R11: ffffed10234a8211 R12: dffffc0000000000
[ 27.954028][ T439] R13: 1ffff1102661307b R14: 000000001a5a4400 R15: ffff888115fc9c00
[ 27.962120][ T439] FS: 000055557df83500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 27.971116][ T439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.977692][ T439] CR2: 00007fe6c9fec4b8 CR3: 0000000121c4e000 CR4: 00000000003506a0
[ 27.985725][ T439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 27.993736][ T439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.001758][ T439] Call Trace:
[ 28.005025][ T439]
[ 28.007935][ T439] pppol2tp_release+0x16c/0x2d0
[ 28.012855][ T439] sock_close+0xf1/0x290
[ 28.017102][ T439] ? __cfi_sock_close+0x10/0x10
[ 28.022030][ T439] __fput+0x1fc/0x8f0
[ 28.026013][ T439] ____fput+0x15/0x20
[ 28.029974][ T439] task_work_run+0x1e1/0x250
[ 28.034639][ T439] ? __cfi_task_work_run+0x10/0x10
[ 28.039751][ T439] ? __cfi___close_range+0x10/0x10
[ 28.044942][ T439] exit_to_user_mode_loop+0x9b/0xb0
[ 28.050135][ T439] exit_to_user_mode_prepare+0x87/0xd0
[ 28.055670][ T439] syscall_exit_to_user_mode+0x1a/0x30
[ 28.061174][ T439] do_syscall_64+0x58/0xa0
[ 28.065592][ T439] ? clear_bhb_loop+0x30/0x80
[ 28.070246][ T439] ? clear_bhb_loop+0x30/0x80
[ 28.074977][ T439] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.080920][ T439] RIP: 0033:0x7fe18d39ce59
[ 28.085313][ T439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 28.105047][ T439] RSP: 002b:00007ffd320de638 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 28.113569][ T439] RAX: 0000000000000000 RBX: 00007ffd320de720 RCX: 00007fe18d39ce59
[ 28.121751][ T439] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 28.129713][ T439] RBP: 0000000000006ca9 R08: 0000000000000001 R09: 0000000000000000
[ 28.137768][ T439] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffd320de760
[ 28.145785][ T439] R13: 00007fe18d615fac R14: 0000000000006ce6 R15: 00007fe18d615fa0
[ 28.153816][ T439]
[ 28.156834][ T439] ---[ end trace 0000000000000000 ]---
[ 28.176659][ T443] ------------[ cut here ]------------
[ 28.182237][ T443] WARNING: CPU: 0 PID: 443 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 28.192301][ T443] Modules linked in:
[ 28.196186][ T443] CPU: 0 PID: 443 Comm: syz.4.36 Tainted: G B W syzkaller #0
[ 28.204830][ T443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 28.215152][ T443] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 28.221730][ T443] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 28.241432][ T443] RSP: 0018:ffffc90000be7c98 EFLAGS: 00010293
[ 28.247494][ T443] RAX: ffffffff849cebf7 RBX: ffff88811a956000 RCX: ffff88811a6ae540
[ 28.255526][ T443] RDX: 0000000000000000 RSI: 000000002f5a58c0 RDI: 000000000c04eb7d
[ 28.263540][ T443] RBP: ffffc90000be7cb8 R08: ffff88811a956083 R09: 1ffff1102352ac10
[ 28.271576][ T443] R10: dffffc0000000000 R11: ffffed102352ac11 R12: dffffc0000000000
[ 28.279544][ T443] R13: 1ffff1102660c70b R14: 000000002f5a58c0 R15: ffff8881126af000
[ 28.287730][ T443] FS: 0000555579da9500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 28.296729][ T443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.303365][ T443] CR2: 00007fe18e148060 CR3: 000000010d474000 CR4: 00000000003506b0
[ 28.311572][ T443] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 28.319533][ T443] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.327557][ T443] Call Trace:
[ 28.330894][ T443]
[ 28.333808][ T443] pppol2tp_release+0x16c/0x2d0
[ 28.338647][ T443] sock_close+0xf1/0x290
[ 28.342995][ T443] ? __cfi_sock_close+0x10/0x10
[ 28.347871][ T443] __fput+0x1fc/0x8f0
[ 28.352020][ T443] ____fput+0x15/0x20
[ 28.355993][ T443] task_work_run+0x1e1/0x250
[ 28.360694][ T443] ? __cfi_task_work_run+0x10/0x10
[ 28.365806][ T443] ? __cfi___close_range+0x10/0x10
[ 28.371126][ T443] exit_to_user_mode_loop+0x9b/0xb0
[ 28.376313][ T443] exit_to_user_mode_prepare+0x87/0xd0
[ 28.381871][ T443] syscall_exit_to_user_mode+0x1a/0x30
[ 28.387342][ T443] do_syscall_64+0x58/0xa0
[ 28.391823][ T443] ? clear_bhb_loop+0x30/0x80
[ 28.396500][ T443] ? clear_bhb_loop+0x30/0x80
[ 28.401236][ T443] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.407131][ T443] RIP: 0033:0x7f8a6919ce59
[ 28.411605][ T443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 28.431295][ T443] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 28.439717][ T443] RAX: 0000000000000000 RBX: 00007f8a69417da0 RCX: 00007f8a6919ce59
[ 28.447826][ T443] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 28.455938][ T443] RBP: 00007f8a69417da0 R08: 00007f8a69416038 R09: 0000000000000000
[ 28.464048][ T443] R10: 000000000003fda8 R11: 0000000000000246 R12: 0000000000007011
[ 28.472064][ T443] R13: 00007f8a6941609c R14: 0000000000006d35 R15: 00007f8a69416090
[ 28.480029][ T443]
[ 28.483050][ T443] ---[ end trace 0000000000000000 ]---
[ 28.495438][ T461] ------------[ cut here ]------------
[ 28.500931][ T461] WARNING: CPU: 0 PID: 461 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 28.510947][ T461] Modules linked in:
[ 28.514837][ T461] CPU: 0 PID: 461 Comm: syz.4.41 Tainted: G B W syzkaller #0
[ 28.523583][ T461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 28.533653][ T461] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 28.540018][ T461] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 28.559769][ T461] RSP: 0018:ffffc90000c57c98 EFLAGS: 00010293
[ 28.565976][ T461] RAX: ffffffff849cebf7 RBX: ffff88811ae85000 RCX: ffff88811ac53cc0
[ 28.574001][ T461] RDX: 0000000000000000 RSI: 00000000117d5440 RDI: 000000000c04eb7d
[ 28.581994][ T461] RBP: ffffc90000c57cb8 R08: ffff88811ae85083 R09: 1ffff110235d0a10
[ 28.589945][ T461] R10: dffffc0000000000 R11: ffffed10235d0a11 R12: dffffc0000000000
[ 28.597926][ T461] R13: 1ffff1102660dd2b R14: 00000000117d5440 R15: ffff8881153f1400
[ 28.605925][ T461] FS: 0000555579da9500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 28.614869][ T461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.621459][ T461] CR2: 00007f8a69072780 CR3: 000000010d474000 CR4: 00000000003506b0
[ 28.629434][ T461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 28.637417][ T461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.645401][ T461] Call Trace:
[ 28.648662][ T461]
[ 28.651593][ T461] pppol2tp_release+0x16c/0x2d0
[ 28.656450][ T461] sock_close+0xf1/0x290
[ 28.660703][ T461] ? __cfi_sock_close+0x10/0x10
[ 28.665552][ T461] __fput+0x1fc/0x8f0
[ 28.669516][ T461] ____fput+0x15/0x20
[ 28.673506][ T461] task_work_run+0x1e1/0x250
[ 28.678098][ T461] ? __cfi_task_work_run+0x10/0x10
[ 28.683308][ T461] ? __cfi___close_range+0x10/0x10
[ 28.688408][ T461] exit_to_user_mode_loop+0x9b/0xb0
[ 28.693608][ T461] exit_to_user_mode_prepare+0x87/0xd0
[ 28.699062][ T461] syscall_exit_to_user_mode+0x1a/0x30
[ 28.704535][ T461] do_syscall_64+0x58/0xa0
[ 28.708949][ T461] ? clear_bhb_loop+0x30/0x80
[ 28.713625][ T461] ? clear_bhb_loop+0x30/0x80
[ 28.718320][ T461] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.724232][ T461] RIP: 0033:0x7f8a6919ce59
[ 28.728728][ T461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 28.748350][ T461] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 28.756769][ T461] RAX: 0000000000000000 RBX: 00007ffc8ec32250 RCX: 00007f8a6919ce59
[ 28.764941][ T461] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 28.772938][ T461] RBP: 0000000000006f39 R08: 0000000000000001 R09: 0000000000000000
[ 28.780911][ T461] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007ffc8ec32290
[ 28.788874][ T461] R13: 00007f8a69415fac R14: 0000000000006f6c R15: 00007f8a69415fa0
[ 28.796851][ T461]
[ 28.799851][ T461] ---[ end trace 0000000000000000 ]---
[ 28.811003][ T463] ------------[ cut here ]------------
[ 28.816497][ T463] WARNING: CPU: 1 PID: 463 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 28.826588][ T463] Modules linked in:
[ 28.830482][ T463] CPU: 1 PID: 463 Comm: syz.5.43 Tainted: G B W syzkaller #0
[ 28.839152][ T463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 28.849530][ T463] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
2026/06/11 06:54:48 executed programs: 38
[ 28.855999][ T463] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 28.875855][ T463] RSP: 0018:ffffc90000c47c98 EFLAGS: 00010293
[ 28.882020][ T463] RAX: ffffffff849cebf7 RBX: ffff88811b558000 RCX: ffff88811a552880
[ 28.889991][ T463] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 28.898046][ T463] RBP: ffffc90000c47cb8 R08: ffff88811b558083 R09: 1ffff110236ab010
[ 28.906106][ T463] R10: dffffc0000000000 R11: ffffed10236ab011 R12: dffffc0000000000
[ 28.914167][ T463] R13: 1ffff11026613ad3 R14: 0000000000000000 R15: ffff888117cba800
[ 28.922479][ T463] FS: 0000555561186500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 28.931515][ T463] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.938094][ T463] CR2: 00007f8a693ea2f8 CR3: 0000000118d5c000 CR4: 00000000003506a0
[ 28.946226][ T463] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 28.954366][ T463] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.962493][ T463] Call Trace:
[ 28.965768][ T463]
[ 28.968694][ T463] pppol2tp_release+0x16c/0x2d0
[ 28.971696][ T28] audit: type=1400 audit(1781160888.986:115): avc: denied { write } for pid=295 comm="syz-execprog" path="pipe:[15156]" dev="pipefs" ino=15156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 28.973630][ T463] sock_close+0xf1/0x290
[ 29.000999][ T463] ? __cfi_sock_close+0x10/0x10
[ 29.005858][ T463] __fput+0x1fc/0x8f0
[ 29.009866][ T463] ____fput+0x15/0x20
[ 29.013917][ T463] task_work_run+0x1e1/0x250
[ 29.018519][ T463] ? __cfi_task_work_run+0x10/0x10
[ 29.023658][ T463] ? __cfi___close_range+0x10/0x10
[ 29.028774][ T463] exit_to_user_mode_loop+0x9b/0xb0
[ 29.033999][ T463] exit_to_user_mode_prepare+0x87/0xd0
[ 29.039457][ T463] syscall_exit_to_user_mode+0x1a/0x30
[ 29.044963][ T463] do_syscall_64+0x58/0xa0
[ 29.049384][ T463] ? clear_bhb_loop+0x30/0x80
[ 29.054071][ T463] ? clear_bhb_loop+0x30/0x80
[ 29.058741][ T463] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.064661][ T463] RIP: 0033:0x7fe6c9d9ce59
[ 29.069074][ T463] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 29.088730][ T463] RSP: 002b:00007ffc2319c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 29.097168][ T463] RAX: 0000000000000000 RBX: 00007fe6ca017da0 RCX: 00007fe6c9d9ce59
[ 29.105184][ T463] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 29.113170][ T463] RBP: 00007fe6ca017da0 R08: 00007fe6ca016038 R09: 0000000000000000
[ 29.121174][ T463] R10: 000000000003fda8 R11: 0000000000000246 R12: 0000000000007290
[ 29.129145][ T463] R13: 00007fe6ca01609c R14: 0000000000006fb4 R15: 00007fe6ca016090
[ 29.137160][ T463]
[ 29.140177][ T463] ---[ end trace 0000000000000000 ]---
[ 29.162972][ T535] ------------[ cut here ]------------
[ 29.168453][ T535] WARNING: CPU: 1 PID: 535 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 29.178519][ T535] Modules linked in:
[ 29.182439][ T535] CPU: 1 PID: 535 Comm: syz.3.77 Tainted: G B W syzkaller #0
[ 29.191040][ T535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 29.201100][ T535] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 29.207413][ T535] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 29.227035][ T535] RSP: 0018:ffffc90000ba7c98 EFLAGS: 00010293
[ 29.233118][ T535] RAX: ffffffff849cebf7 RBX: ffff88811d010000 RCX: ffff88811cdc8000
[ 29.241242][ T535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 29.249205][ T535] RBP: ffffc90000ba7cb8 R08: ffff88811d010083 R09: 1ffff11023a02010
[ 29.257193][ T535] R10: dffffc0000000000 R11: ffffed1023a02011 R12: dffffc0000000000
[ 29.265172][ T535] R13: 1ffff110266155a3 R14: 0000000000000000 R15: ffff88812ee2b800
[ 29.273140][ T535] FS: 0000555581b0c500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 29.282079][ T535] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.288640][ T535] CR2: 00007f0d14672780 CR3: 000000010d636000 CR4: 00000000003506a0
[ 29.296628][ T535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.304604][ T535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.312589][ T535] Call Trace:
[ 29.315858][ T535]
[ 29.318787][ T535] pppol2tp_release+0x16c/0x2d0
[ 29.323689][ T535] sock_close+0xf1/0x290
[ 29.327928][ T535] ? __cfi_sock_close+0x10/0x10
[ 29.332785][ T535] __fput+0x1fc/0x8f0
[ 29.336763][ T535] ____fput+0x15/0x20
[ 29.340753][ T535] task_work_run+0x1e1/0x250
[ 29.345337][ T535] ? __cfi_task_work_run+0x10/0x10
[ 29.350426][ T535] ? __cfi___close_range+0x10/0x10
[ 29.355543][ T535] exit_to_user_mode_loop+0x9b/0xb0
[ 29.360748][ T535] exit_to_user_mode_prepare+0x87/0xd0
[ 29.366187][ T535] syscall_exit_to_user_mode+0x1a/0x30
[ 29.371645][ T535] do_syscall_64+0x58/0xa0
[ 29.376052][ T535] ? clear_bhb_loop+0x30/0x80
[ 29.380726][ T535] ? clear_bhb_loop+0x30/0x80
[ 29.385391][ T535] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.391288][ T535] RIP: 0033:0x7f0d1479ce59
[ 29.395724][ T535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 29.415442][ T535] RSP: 002b:00007ffd558cb1f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 29.423867][ T535] RAX: 0000000000000000 RBX: 00007ffd558cb2e0 RCX: 00007f0d1479ce59
[ 29.431844][ T535] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 29.439794][ T535] RBP: 00000000000071d5 R08: 0000000000000001 R09: 0000000000000000
[ 29.447782][ T535] R10: 0000001b33720000 R11: 0000000000000246 R12: 00007ffd558cb320
[ 29.455759][ T535] R13: 00007f0d14a15fac R14: 0000000000007208 R15: 00007f0d14a15fa0
[ 29.463733][ T535]
[ 29.466740][ T535] ---[ end trace 0000000000000000 ]---
[ 29.505176][ T548] ------------[ cut here ]------------
[ 29.510810][ T548] WARNING: CPU: 0 PID: 548 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 29.520959][ T548] Modules linked in:
[ 29.524850][ T548] CPU: 0 PID: 548 Comm: syz.4.82 Tainted: G B W syzkaller #0
[ 29.533639][ T548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 29.543786][ T548] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 29.550117][ T548] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 29.569824][ T548] RSP: 0018:ffffc900010b7c98 EFLAGS: 00010293
[ 29.575944][ T548] RAX: ffffffff849cebf7 RBX: ffff88811d2e5000 RCX: ffff88811d06a880
[ 29.584007][ T548] RDX: 0000000000000000 RSI: 000000001950c0c0 RDI: 000000000c04eb7d
[ 29.592018][ T548] RBP: ffffc900010b7cb8 R08: ffff88811d2e5083 R09: 1ffff11023a5ca10
[ 29.599993][ T548] R10: dffffc0000000000 R11: ffffed1023a5ca11 R12: dffffc0000000000
[ 29.607983][ T548] R13: 1ffff1102661e70b R14: 000000001950c0c0 R15: ffff88811c8bb400
[ 29.615963][ T548] FS: 0000555579da9500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 29.624915][ T548] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.631499][ T548] CR2: 00007fe6cab48060 CR3: 0000000115c58000 CR4: 00000000003506b0
[ 29.639473][ T548] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.647442][ T548] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.655426][ T548] Call Trace:
[ 29.658683][ T548]
[ 29.661620][ T548] pppol2tp_release+0x16c/0x2d0
[ 29.666468][ T548] sock_close+0xf1/0x290
[ 29.670718][ T548] ? __cfi_sock_close+0x10/0x10
[ 29.675562][ T548] __fput+0x1fc/0x8f0
[ 29.679528][ T548] ____fput+0x15/0x20
[ 29.683524][ T548] task_work_run+0x1e1/0x250
[ 29.688109][ T548] ? __cfi_task_work_run+0x10/0x10
[ 29.693231][ T548] ? __cfi___close_range+0x10/0x10
[ 29.698337][ T548] exit_to_user_mode_loop+0x9b/0xb0
[ 29.703542][ T548] exit_to_user_mode_prepare+0x87/0xd0
[ 29.709009][ T548] syscall_exit_to_user_mode+0x1a/0x30
[ 29.714473][ T548] do_syscall_64+0x58/0xa0
[ 29.718880][ T548] ? clear_bhb_loop+0x30/0x80
[ 29.723556][ T548] ? clear_bhb_loop+0x30/0x80
[ 29.728225][ T548] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.734123][ T548] RIP: 0033:0x7f8a6919ce59
[ 29.738527][ T548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 29.758131][ T548] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 29.766555][ T548] RAX: 0000000000000000 RBX: 00007ffc8ec32250 RCX: 00007f8a6919ce59
[ 29.774540][ T548] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 29.782512][ T548] RBP: 0000000000007326 R08: 0000000000000001 R09: 0000000000000000
[ 29.790465][ T548] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007ffc8ec32290
[ 29.798454][ T548] R13: 00007f8a69415fac R14: 0000000000007359 R15: 00007f8a69415fa0
[ 29.806579][ T548]
[ 29.809583][ T548] ---[ end trace 0000000000000000 ]---
[ 29.832892][ T566] ------------[ cut here ]------------
[ 29.838392][ T566] WARNING: CPU: 1 PID: 566 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 29.848436][ T566] Modules linked in:
[ 29.852348][ T566] CPU: 1 PID: 566 Comm: syz.1.88 Tainted: G B W syzkaller #0
[ 29.860969][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 29.871045][ T566] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 29.877378][ T566] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 29.897189][ T566] RSP: 0018:ffffc90000c97c98 EFLAGS: 00010293
[ 29.903317][ T566] RAX: ffffffff849cebf7 RBX: ffff88811a44d000 RCX: ffff88811d5a3cc0
[ 29.911314][ T566] RDX: 0000000000000000 RSI: 00000000174caaa0 RDI: 000000000c04eb7d
[ 29.919280][ T566] RBP: ffffc90000c97cb8 R08: ffff88811a44d083 R09: 1ffff11023489a10
[ 29.927289][ T566] R10: dffffc0000000000 R11: ffffed1023489a11 R12: dffffc0000000000
[ 29.935295][ T566] R13: 1ffff11026625da3 R14: 00000000174caaa0 R15: ffff888117dd4400
[ 29.943311][ T566] FS: 0000555572615500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 29.952270][ T566] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.958850][ T566] CR2: 00007f0d1484f156 CR3: 000000011d315000 CR4: 00000000003506a0
[ 29.966853][ T566] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.974848][ T566] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.982845][ T566] Call Trace:
[ 29.986115][ T566]
[ 29.989041][ T566] pppol2tp_release+0x16c/0x2d0
[ 29.993940][ T566] sock_close+0xf1/0x290
[ 29.998191][ T566] ? __cfi_sock_close+0x10/0x10
[ 30.003082][ T566] __fput+0x1fc/0x8f0
[ 30.007070][ T566] ____fput+0x15/0x20
[ 30.011085][ T566] task_work_run+0x1e1/0x250
[ 30.015689][ T566] ? __cfi_task_work_run+0x10/0x10
[ 30.020831][ T566] ? __cfi___close_range+0x10/0x10
[ 30.025940][ T566] exit_to_user_mode_loop+0x9b/0xb0
[ 30.031173][ T566] exit_to_user_mode_prepare+0x87/0xd0
[ 30.036634][ T566] syscall_exit_to_user_mode+0x1a/0x30
[ 30.042142][ T566] do_syscall_64+0x58/0xa0
[ 30.046569][ T566] ? clear_bhb_loop+0x30/0x80
[ 30.051293][ T566] ? clear_bhb_loop+0x30/0x80
[ 30.055975][ T566] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.061900][ T566] RIP: 0033:0x7f213fd9ce59
[ 30.066313][ T566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 30.085969][ T566] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 30.094403][ T566] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 30.102398][ T566] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 30.110370][ T566] RBP: 0000000000007473 R08: 0000000000000001 R09: 0000000000000000
[ 30.118377][ T566] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 30.126470][ T566] R13: 00007f2140015fac R14: 00000000000074a5 R15: 00007f2140015fa0
[ 30.134470][ T566]
[ 30.137486][ T566] ---[ end trace 0000000000000000 ]---
[ 30.153753][ T628] ------------[ cut here ]------------
[ 30.159238][ T628] WARNING: CPU: 1 PID: 628 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.169365][ T628] Modules linked in:
[ 30.173412][ T628] CPU: 1 PID: 628 Comm: syz.1.117 Tainted: G B W syzkaller #0
[ 30.182224][ T628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 30.192332][ T628] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.198649][ T628] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 30.218404][ T628] RSP: 0018:ffffc900013d7c98 EFLAGS: 00010293
[ 30.224541][ T628] RAX: ffffffff849cebf7 RBX: ffff88811fbdc000 RCX: ffff88811a401440
[ 30.232604][ T628] RDX: 0000000000000000 RSI: 000000001c075ac0 RDI: 000000000c04eb7d
[ 30.240677][ T628] RBP: ffffc900013d7cb8 R08: ffff88811fbdc083 R09: 1ffff11023f7b810
[ 30.248646][ T628] R10: dffffc0000000000 R11: ffffed1023f7b811 R12: dffffc0000000000
[ 30.256665][ T628] R13: 1ffff11022e820f3 R14: 000000001c075ac0 R15: ffff888117dd5800
[ 30.264640][ T628] FS: 0000555572615500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 30.273572][ T628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.280144][ T628] CR2: 00007f8a69f48060 CR3: 000000011fc95000 CR4: 00000000003506a0
[ 30.288157][ T628] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.296140][ T628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.304116][ T628] Call Trace:
[ 30.307384][ T628]
[ 30.310298][ T628] pppol2tp_release+0x16c/0x2d0
[ 30.315168][ T628] sock_close+0xf1/0x290
[ 30.319405][ T628] ? __cfi_sock_close+0x10/0x10
[ 30.324263][ T628] __fput+0x1fc/0x8f0
[ 30.328240][ T628] ____fput+0x15/0x20
[ 30.332231][ T628] task_work_run+0x1e1/0x250
[ 30.336820][ T628] ? __cfi_task_work_run+0x10/0x10
[ 30.341948][ T628] ? __cfi___close_range+0x10/0x10
[ 30.347052][ T628] exit_to_user_mode_loop+0x9b/0xb0
[ 30.352273][ T628] exit_to_user_mode_prepare+0x87/0xd0
[ 30.357727][ T628] syscall_exit_to_user_mode+0x1a/0x30
[ 30.363229][ T628] do_syscall_64+0x58/0xa0
[ 30.367647][ T628] ? clear_bhb_loop+0x30/0x80
[ 30.372337][ T628] ? clear_bhb_loop+0x30/0x80
[ 30.377006][ T628] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.382900][ T628] RIP: 0033:0x7f213fd9ce59
[ 30.387303][ T628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 30.406931][ T628] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 30.415360][ T628] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 30.423333][ T628] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 30.431308][ T628] RBP: 00000000000075b0 R08: 0000000000000001 R09: 0000000000000000
[ 30.439258][ T628] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 30.447289][ T628] R13: 00007f2140015fac R14: 00000000000075e6 R15: 00007f2140015fa0
[ 30.455273][ T628]
[ 30.458270][ T628] ---[ end trace 0000000000000000 ]---
[ 30.515759][ T663] ------------[ cut here ]------------
[ 30.521393][ T663] WARNING: CPU: 1 PID: 663 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.531503][ T663] Modules linked in:
[ 30.535400][ T663] CPU: 1 PID: 663 Comm: syz.4.133 Tainted: G B W syzkaller #0
[ 30.544118][ T663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 30.554236][ T663] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.560565][ T663] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 30.580315][ T663] RSP: 0018:ffffc900013d7c98 EFLAGS: 00010293
[ 30.586436][ T663] RAX: ffffffff849cebf7 RBX: ffff888109333000 RCX: ffff8881102b1440
[ 30.594484][ T663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 30.602531][ T663] RBP: ffffc900013d7cb8 R08: ffff888109333083 R09: 1ffff11021266610
[ 30.610495][ T663] R10: dffffc0000000000 R11: ffffed1021266611 R12: dffffc0000000000
[ 30.618550][ T663] R13: 1ffff11022e8fe1b R14: 0000000000000000 R15: ffff8881097f6000
[ 30.626595][ T663] FS: 0000555579da9500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 30.635569][ T663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.642195][ T663] CR2: 00007f8a69072780 CR3: 000000011fc83000 CR4: 00000000003506a0
[ 30.650162][ T663] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.658186][ T663] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.666190][ T663] Call Trace:
[ 30.669446][ T663]
[ 30.672486][ T663] pppol2tp_release+0x16c/0x2d0
[ 30.677339][ T663] sock_close+0xf1/0x290
[ 30.681660][ T663] ? __cfi_sock_close+0x10/0x10
[ 30.686509][ T663] __fput+0x1fc/0x8f0
[ 30.690475][ T663] ____fput+0x15/0x20
[ 30.694528][ T663] task_work_run+0x1e1/0x250
[ 30.699117][ T663] ? __cfi_task_work_run+0x10/0x10
[ 30.704346][ T663] ? __cfi___close_range+0x10/0x10
[ 30.709440][ T663] exit_to_user_mode_loop+0x9b/0xb0
[ 30.714695][ T663] exit_to_user_mode_prepare+0x87/0xd0
[ 30.720146][ T663] syscall_exit_to_user_mode+0x1a/0x30
[ 30.725658][ T663] do_syscall_64+0x58/0xa0
[ 30.730069][ T663] ? clear_bhb_loop+0x30/0x80
[ 30.734862][ T663] ? clear_bhb_loop+0x30/0x80
[ 30.739534][ T663] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.745495][ T663] RIP: 0033:0x7f8a6919ce59
[ 30.749901][ T663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 30.769570][ T663] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 30.778051][ T663] RAX: 0000000000000000 RBX: 00007ffc8ec32250 RCX: 00007f8a6919ce59
[ 30.786052][ T663] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 30.794028][ T663] RBP: 000000000000771d R08: 0000000000000001 R09: 0000000000000000
[ 30.802008][ T663] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007ffc8ec32290
[ 30.809968][ T663] R13: 00007f8a69415fac R14: 0000000000007750 R15: 00007f8a69415fa0
[ 30.817942][ T663]
[ 30.820959][ T663] ---[ end trace 0000000000000000 ]---
[ 30.839627][ T674] ------------[ cut here ]------------
[ 30.845335][ T674] WARNING: CPU: 1 PID: 674 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.855572][ T674] Modules linked in:
[ 30.859471][ T674] CPU: 1 PID: 674 Comm: syz.4.137 Tainted: G B W syzkaller #0
[ 30.868240][ T674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 30.878359][ T674] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.884956][ T674] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 30.904645][ T674] RSP: 0018:ffffc9000144fc98 EFLAGS: 00010293
[ 30.910790][ T674] RAX: ffffffff849cebf7 RBX: ffff888119319000 RCX: ffff888108cba880
[ 30.918745][ T674] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 30.926777][ T674] RBP: ffffc9000144fcb8 R08: ffff888119319083 R09: 1ffff11023263210
[ 30.934783][ T674] R10: dffffc0000000000 R11: ffffed1023263211 R12: dffffc0000000000
[ 30.942913][ T674] R13: 1ffff11022e8f61b R14: 0000000000000000 R15: ffff8881003e3000
[ 30.950935][ T674] FS: 0000555579da9500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 30.959854][ T674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.966496][ T674] CR2: 00007f8a69f48060 CR3: 000000010d6b5000 CR4: 00000000003506a0
[ 30.974532][ T674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.982586][ T674] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.990552][ T674] Call Trace:
[ 30.993893][ T674]
[ 30.996817][ T674] pppol2tp_release+0x16c/0x2d0
[ 31.001780][ T674] sock_close+0xf1/0x290
[ 31.006025][ T674] ? __cfi_sock_close+0x10/0x10
[ 31.010947][ T674] __fput+0x1fc/0x8f0
[ 31.014925][ T674] ____fput+0x15/0x20
[ 31.018884][ T674] task_work_run+0x1e1/0x250
[ 31.023546][ T674] ? __cfi_task_work_run+0x10/0x10
[ 31.028656][ T674] ? __cfi___close_range+0x10/0x10
[ 31.033849][ T674] exit_to_user_mode_loop+0x9b/0xb0
[ 31.039041][ T674] exit_to_user_mode_prepare+0x87/0xd0
[ 31.044584][ T674] syscall_exit_to_user_mode+0x1a/0x30
[ 31.050040][ T674] do_syscall_64+0x58/0xa0
[ 31.054532][ T674] ? clear_bhb_loop+0x30/0x80
[ 31.059200][ T674] ? clear_bhb_loop+0x30/0x80
[ 31.063946][ T674] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 31.069839][ T674] RIP: 0033:0x7f8a6919ce59
[ 31.074318][ T674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 31.094044][ T674] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 31.102579][ T674] RAX: 0000000000000000 RBX: 00007ffc8ec32250 RCX: 00007f8a6919ce59
[ 31.110530][ T674] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 31.118525][ T674] RBP: 0000000000007861 R08: 0000000000000001 R09: 0000000000000000
[ 31.126524][ T674] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007ffc8ec32290
[ 31.134494][ T674] R13: 00007f8a69415fac R14: 0000000000007894 R15: 00007f8a69415fa0
[ 31.142482][ T674]
[ 31.145482][ T674] ---[ end trace 0000000000000000 ]---
[ 31.171145][ T688] ------------[ cut here ]------------
[ 31.176634][ T688] WARNING: CPU: 1 PID: 688 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.186662][ T688] Modules linked in:
[ 31.190556][ T688] CPU: 1 PID: 688 Comm: syz.0.141 Tainted: G B W syzkaller #0
[ 31.199245][ T688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 31.209381][ T688] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.215860][ T688] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 31.235503][ T688] RSP: 0018:ffffc900014e7c98 EFLAGS: 00010293
[ 31.241578][ T688] RAX: ffffffff849cebf7 RBX: ffff88811931c000 RCX: ffff88813012d100
[ 31.249531][ T688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 31.257707][ T688] RBP: ffffc900014e7cb8 R08: ffff88811931c083 R09: 1ffff11023263810
[ 31.265688][ T688] R10: dffffc0000000000 R11: ffffed1023263811 R12: dffffc0000000000
[ 31.273658][ T688] R13: 1ffff11022eabb4b R14: 0000000000000000 R15: ffff888109965c00
[ 31.281634][ T688] FS: 000055557df83500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 31.290539][ T688] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.297145][ T688] CR2: 00007f8a691c58d2 CR3: 000000012075c000 CR4: 00000000003506a0
[ 31.305135][ T688] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.313102][ T688] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.321178][ T688] Call Trace:
[ 31.324440][ T688]
[ 31.327355][ T688] pppol2tp_release+0x16c/0x2d0
[ 31.332217][ T688] sock_close+0xf1/0x290
[ 31.336457][ T688] ? __cfi_sock_close+0x10/0x10
[ 31.341318][ T688] __fput+0x1fc/0x8f0
[ 31.345292][ T688] ____fput+0x15/0x20
[ 31.349251][ T688] task_work_run+0x1e1/0x250
[ 31.353859][ T688] ? __cfi_task_work_run+0x10/0x10
[ 31.358960][ T688] ? __cfi___close_range+0x10/0x10
[ 31.364068][ T688] exit_to_user_mode_loop+0x9b/0xb0
[ 31.369261][ T688] exit_to_user_mode_prepare+0x87/0xd0
[ 31.374719][ T688] syscall_exit_to_user_mode+0x1a/0x30
[ 31.380169][ T688] do_syscall_64+0x58/0xa0
[ 31.384585][ T688] ? clear_bhb_loop+0x30/0x80
[ 31.389250][ T688] ? clear_bhb_loop+0x30/0x80
[ 31.393935][ T688] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 31.399824][ T688] RIP: 0033:0x7fe18d39ce59
[ 31.404476][ T688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 31.424099][ T688] RSP: 002b:00007ffd320de638 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 31.432521][ T688] RAX: 0000000000000000 RBX: 00007ffd320de720 RCX: 00007fe18d39ce59
[ 31.440469][ T688] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 31.448440][ T688] RBP: 00000000000079a0 R08: 0000000000000001 R09: 0000000000000000
[ 31.456420][ T688] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffd320de760
[ 31.464391][ T688] R13: 00007fe18d615fac R14: 00000000000079df R15: 00007fe18d615fa0
[ 31.472369][ T688]
[ 31.475369][ T688] ---[ end trace 0000000000000000 ]---
[ 31.498743][ T706] ------------[ cut here ]------------
[ 31.504251][ T706] WARNING: CPU: 1 PID: 706 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.514301][ T706] Modules linked in:
[ 31.518188][ T706] CPU: 1 PID: 706 Comm: syz.5.147 Tainted: G B W syzkaller #0
[ 31.526876][ T706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 31.536939][ T706] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.543280][ T706] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 31.563002][ T706] RSP: 0018:ffffc900010d7c98 EFLAGS: 00010293
[ 31.569055][ T706] RAX: ffffffff849cebf7 RBX: ffff88810933b000 RCX: ffff888109a28000
[ 31.577165][ T706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 31.585161][ T706] RBP: ffffc900010d7cb8 R08: ffff88810933b083 R09: 1ffff11021267610
[ 31.593151][ T706] R10: dffffc0000000000 R11: ffffed1021267611 R12: dffffc0000000000
[ 31.601140][ T706] R13: 1ffff11022eaba5b R14: 0000000000000000 R15: ffff888109964400
[ 31.609117][ T706] FS: 0000555561186500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 31.618059][ T706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.624653][ T706] CR2: 00007fe6c9c72780 CR3: 000000012073a000 CR4: 00000000003506a0
[ 31.632633][ T706] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.640696][ T706] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.648650][ T706] Call Trace:
[ 31.651981][ T706]
[ 31.654903][ T706] pppol2tp_release+0x16c/0x2d0
[ 31.659746][ T706] sock_close+0xf1/0x290
[ 31.663999][ T706] ? __cfi_sock_close+0x10/0x10
[ 31.668846][ T706] __fput+0x1fc/0x8f0
[ 31.672844][ T706] ____fput+0x15/0x20
[ 31.676819][ T706] task_work_run+0x1e1/0x250
[ 31.681421][ T706] ? __cfi_task_work_run+0x10/0x10
[ 31.686525][ T706] ? __cfi___close_range+0x10/0x10
[ 31.691634][ T706] exit_to_user_mode_loop+0x9b/0xb0
[ 31.696831][ T706] exit_to_user_mode_prepare+0x87/0xd0
[ 31.702299][ T706] syscall_exit_to_user_mode+0x1a/0x30
[ 31.707746][ T706] do_syscall_64+0x58/0xa0
[ 31.712165][ T706] ? clear_bhb_loop+0x30/0x80
[ 31.716831][ T706] ? clear_bhb_loop+0x30/0x80
[ 31.721721][ T706] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 31.727614][ T706] RIP: 0033:0x7fe6c9d9ce59
[ 31.732143][ T706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 31.751766][ T706] RSP: 002b:00007ffc2319c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 31.760170][ T706] RAX: 0000000000000000 RBX: 00007ffc2319c690 RCX: 00007fe6c9d9ce59
[ 31.768144][ T706] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 31.776127][ T706] RBP: 0000000000007af5 R08: 0000000000000001 R09: 0000000000000000
[ 31.784113][ T706] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007ffc2319c6d0
[ 31.792123][ T706] R13: 00007fe6ca015fac R14: 0000000000007b27 R15: 00007fe6ca015fa0
[ 31.800084][ T706]
[ 31.803314][ T706] ---[ end trace 0000000000000000 ]---
[ 31.814772][ T717] ------------[ cut here ]------------
[ 31.820235][ T717] WARNING: CPU: 1 PID: 717 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.830275][ T717] Modules linked in:
[ 31.834239][ T717] CPU: 1 PID: 717 Comm: syz.5.151 Tainted: G B W syzkaller #0
[ 31.843009][ T717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 31.853124][ T717] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.859472][ T717] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 31.879200][ T717] RSP: 0018:ffffc90001757c98 EFLAGS: 00010293
[ 31.885448][ T717] RAX: ffffffff849cebf7 RBX: ffff88810d1cf000 RCX: ffff88810d89e540
[ 31.893480][ T717] RDX: 0000000000000000 RSI: 0000000023c42770 RDI: 000000000c04eb7d
[ 31.901462][ T717] RBP: ffffc90001757cb8 R08: ffff88810d1cf083 R09: 1ffff11021a39e10
[ 31.909414][ T717] R10: dffffc0000000000 R11: ffffed1021a39e11 R12: dffffc0000000000
[ 31.917400][ T717] R13: 1ffff11022eb025b R14: 0000000023c42770 R15: ffff8881147e6c00
[ 31.925392][ T717] FS: 0000555561186500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 31.934337][ T717] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.940930][ T717] CR2: 00007fe6c9c72780 CR3: 000000011ea5c000 CR4: 00000000003506a0
[ 31.948905][ T717] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.956919][ T717] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.965209][ T717] Call Trace:
[ 31.968475][ T717]
[ 31.971602][ T717] pppol2tp_release+0x16c/0x2d0
[ 31.976444][ T717] sock_close+0xf1/0x290
[ 31.980695][ T717] ? __cfi_sock_close+0x10/0x10
[ 31.985543][ T717] __fput+0x1fc/0x8f0
[ 31.989514][ T717] ____fput+0x15/0x20
[ 31.993498][ T717] task_work_run+0x1e1/0x250
[ 31.998084][ T717] ? __cfi_task_work_run+0x10/0x10
[ 32.003201][ T717] ? __cfi___close_range+0x10/0x10
[ 32.008313][ T717] exit_to_user_mode_loop+0x9b/0xb0
[ 32.013528][ T717] exit_to_user_mode_prepare+0x87/0xd0
[ 32.018981][ T717] syscall_exit_to_user_mode+0x1a/0x30
[ 32.024456][ T717] do_syscall_64+0x58/0xa0
[ 32.028866][ T717] ? clear_bhb_loop+0x30/0x80
[ 32.033541][ T717] ? clear_bhb_loop+0x30/0x80
[ 32.038214][ T717] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.044417][ T717] RIP: 0033:0x7fe6c9d9ce59
[ 32.048820][ T717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 32.068652][ T717] RSP: 002b:00007ffc2319c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 32.077078][ T717] RAX: 0000000000000000 RBX: 00007ffc2319c690 RCX: 00007fe6c9d9ce59
[ 32.085061][ T717] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 32.093037][ T717] RBP: 0000000000007c31 R08: 0000000000000001 R09: 0000000000000000
[ 32.101022][ T717] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007ffc2319c6d0
[ 32.108979][ T717] R13: 00007fe6ca015fac R14: 0000000000007c63 R15: 00007fe6ca015fa0
[ 32.116970][ T717]
[ 32.119978][ T717] ---[ end trace 0000000000000000 ]---
[ 32.154725][ T740] ------------[ cut here ]------------
[ 32.160210][ T740] WARNING: CPU: 1 PID: 740 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.170404][ T740] Modules linked in:
[ 32.174516][ T740] CPU: 1 PID: 740 Comm: syz.0.161 Tainted: G B W syzkaller #0
[ 32.183448][ T740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 32.193627][ T740] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.199948][ T740] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 32.219919][ T740] RSP: 0018:ffffc900019bfc98 EFLAGS: 00010293
[ 32.226228][ T740] RAX: ffffffff849cebf7 RBX: ffff88810e5fa000 RCX: ffff888109a2bcc0
[ 32.234227][ T740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 32.242205][ T740] RBP: ffffc900019bfcb8 R08: ffff88810e5fa083 R09: 1ffff11021cbf410
[ 32.250164][ T740] R10: dffffc0000000000 R11: ffffed1021cbf411 R12: dffffc0000000000
[ 32.258158][ T740] R13: 1ffff1102662796b R14: 0000000000000000 R15: ffff88812354f800
[ 32.266138][ T740] FS: 000055557df83500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 32.275071][ T740] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.281747][ T740] CR2: 00007fe18d272780 CR3: 0000000122d78000 CR4: 00000000003506a0
[ 32.289713][ T740] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.297755][ T740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.305733][ T740] Call Trace:
[ 32.309006][ T740]
[ 32.311948][ T740] pppol2tp_release+0x16c/0x2d0
[ 32.316803][ T740] sock_close+0xf1/0x290
[ 32.321055][ T740] ? __cfi_sock_close+0x10/0x10
[ 32.325901][ T740] __fput+0x1fc/0x8f0
[ 32.329872][ T740] ____fput+0x15/0x20
[ 32.333883][ T740] task_work_run+0x1e1/0x250
[ 32.338468][ T740] ? __cfi_task_work_run+0x10/0x10
[ 32.343602][ T740] ? __cfi___close_range+0x10/0x10
[ 32.348703][ T740] exit_to_user_mode_loop+0x9b/0xb0
[ 32.353903][ T740] exit_to_user_mode_prepare+0x87/0xd0
[ 32.359369][ T740] syscall_exit_to_user_mode+0x1a/0x30
[ 32.365079][ T740] do_syscall_64+0x58/0xa0
[ 32.369487][ T740] ? clear_bhb_loop+0x30/0x80
[ 32.374359][ T740] ? clear_bhb_loop+0x30/0x80
[ 32.379020][ T740] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.384918][ T740] RIP: 0033:0x7fe18d39ce59
[ 32.389341][ T740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 32.408957][ T740] RSP: 002b:00007ffd320de638 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 32.417374][ T740] RAX: 0000000000000000 RBX: 00007ffd320de720 RCX: 00007fe18d39ce59
[ 32.425346][ T740] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 32.433321][ T740] RBP: 0000000000007d85 R08: 0000000000000001 R09: 0000000000000000
[ 32.441433][ T740] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffd320de760
[ 32.449388][ T740] R13: 00007fe18d615fac R14: 0000000000007db7 R15: 00007fe18d615fa0
[ 32.457447][ T740]
[ 32.460457][ T740] ---[ end trace 0000000000000000 ]---
[ 32.468185][ T738] ------------[ cut here ]------------
[ 32.473680][ T738] WARNING: CPU: 1 PID: 738 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.483801][ T738] Modules linked in:
[ 32.487692][ T738] CPU: 1 PID: 738 Comm: syz.3.162 Tainted: G B W syzkaller #0
[ 32.496455][ T738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 32.506596][ T738] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.513001][ T738] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 32.532691][ T738] RSP: 0018:ffffc900019dfc98 EFLAGS: 00010293
[ 32.538752][ T738] RAX: ffffffff849cebf7 RBX: ffff888115ef2000 RCX: ffff88810e6a6540
[ 32.546907][ T738] RDX: 0000000000000000 RSI: 0000000023cc2330 RDI: 000000000c04eb7d
[ 32.554970][ T738] RBP: ffffc900019dfcb8 R08: ffff888115ef2083 R09: 1ffff11022bde410
[ 32.562988][ T738] R10: dffffc0000000000 R11: ffffed1022bde411 R12: dffffc0000000000
[ 32.571036][ T738] R13: 1ffff11022eaf003 R14: 0000000023cc2330 R15: ffff88810e88d400
[ 32.579004][ T738] FS: 0000555581b0c500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 32.587995][ T738] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.594624][ T738] CR2: 00007fe18d272780 CR3: 0000000122d05000 CR4: 00000000003506a0
[ 32.602824][ T738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.610909][ T738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.618878][ T738] Call Trace:
[ 32.622219][ T738]
[ 32.625144][ T738] pppol2tp_release+0x16c/0x2d0
[ 32.629987][ T738] sock_close+0xf1/0x290
[ 32.634309][ T738] ? __cfi_sock_close+0x10/0x10
[ 32.639161][ T738] __fput+0x1fc/0x8f0
[ 32.643225][ T738] ____fput+0x15/0x20
[ 32.647204][ T738] task_work_run+0x1e1/0x250
[ 32.651832][ T738] ? __cfi_task_work_run+0x10/0x10
[ 32.656937][ T738] ? __cfi___close_range+0x10/0x10
[ 32.662053][ T738] exit_to_user_mode_loop+0x9b/0xb0
[ 32.667248][ T738] exit_to_user_mode_prepare+0x87/0xd0
[ 32.672711][ T738] syscall_exit_to_user_mode+0x1a/0x30
[ 32.678160][ T738] do_syscall_64+0x58/0xa0
[ 32.682595][ T738] ? clear_bhb_loop+0x30/0x80
[ 32.687259][ T738] ? clear_bhb_loop+0x30/0x80
[ 32.691971][ T738] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.697866][ T738] RIP: 0033:0x7f0d1479ce59
[ 32.702290][ T738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 32.721903][ T738] RSP: 002b:00007ffd558cb1f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 32.730300][ T738] RAX: 0000000000000000 RBX: 00007f0d14a17da0 RCX: 00007f0d1479ce59
[ 32.738277][ T738] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 32.746256][ T738] RBP: 00007f0d14a17da0 R08: 00007f0d14a16038 R09: 0000000000000000
[ 32.754237][ T738] R10: 000000000003fda8 R11: 0000000000000246 R12: 00000000000080c4
[ 32.762224][ T738] R13: 00007f0d14a1609c R14: 0000000000007e02 R15: 00007f0d14a16090
[ 32.770190][ T738]
[ 32.773227][ T738] ---[ end trace 0000000000000000 ]---
[ 32.800974][ T766] ------------[ cut here ]------------
[ 32.806472][ T766] WARNING: CPU: 0 PID: 766 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.816563][ T766] Modules linked in:
[ 32.820457][ T766] CPU: 0 PID: 766 Comm: syz.1.171 Tainted: G B W syzkaller #0
[ 32.829232][ T766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 32.839366][ T766] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.845990][ T766] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 32.865707][ T766] RSP: 0018:ffffc90001abfc98 EFLAGS: 00010293
[ 32.871838][ T766] RAX: ffffffff849cebf7 RBX: ffff88810fcff000 RCX: ffff88810e1e3cc0
[ 32.879810][ T766] RDX: 0000000000000000 RSI: 0000000023ca5bb0 RDI: 000000000c04eb7d
[ 32.887852][ T766] RBP: ffffc90001abfcb8 R08: ffff88810fcff083 R09: 1ffff11021f9fe10
[ 32.895877][ T766] R10: dffffc0000000000 R11: ffffed1021f9fe11 R12: dffffc0000000000
[ 32.903933][ T766] R13: 1ffff1102663b34b R14: 0000000023ca5bb0 R15: ffff888121bf7c00
[ 32.911962][ T766] FS: 0000555572615500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 32.920990][ T766] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.927590][ T766] CR2: 00007f213fc72780 CR3: 0000000108fc7000 CR4: 00000000003506b0
[ 32.935708][ T766] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.943719][ T766] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.951736][ T766] Call Trace:
[ 32.955004][ T766]
[ 32.957942][ T766] pppol2tp_release+0x16c/0x2d0
[ 32.962850][ T766] sock_close+0xf1/0x290
[ 32.967100][ T766] ? __cfi_sock_close+0x10/0x10
[ 32.972018][ T766] __fput+0x1fc/0x8f0
[ 32.975992][ T766] ____fput+0x15/0x20
[ 32.979956][ T766] task_work_run+0x1e1/0x250
[ 32.984610][ T766] ? __cfi_task_work_run+0x10/0x10
[ 32.989722][ T766] ? __cfi___close_range+0x10/0x10
[ 32.994921][ T766] exit_to_user_mode_loop+0x9b/0xb0
[ 33.000110][ T766] exit_to_user_mode_prepare+0x87/0xd0
[ 33.005609][ T766] syscall_exit_to_user_mode+0x1a/0x30
[ 33.011072][ T766] do_syscall_64+0x58/0xa0
[ 33.015468][ T766] ? clear_bhb_loop+0x30/0x80
[ 33.020118][ T766] ? clear_bhb_loop+0x30/0x80
[ 33.024794][ T766] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.030692][ T766] RIP: 0033:0x7f213fd9ce59
[ 33.035084][ T766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 33.054719][ T766] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 33.063134][ T766] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 33.071121][ T766] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 33.079083][ T766] RBP: 0000000000008005 R08: 0000000000000001 R09: 0000000000000000
[ 33.087066][ T766] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 33.095045][ T766] R13: 00007f2140015fac R14: 000000000000803e R15: 00007f2140015fa0
[ 33.103031][ T766]
[ 33.106060][ T766] ---[ end trace 0000000000000000 ]---
[ 33.135420][ T789] ------------[ cut here ]------------
[ 33.140952][ T789] WARNING: CPU: 0 PID: 789 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.150997][ T789] Modules linked in:
[ 33.154888][ T789] CPU: 0 PID: 789 Comm: syz.5.179 Tainted: G B W syzkaller #0
[ 33.163651][ T789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 33.173870][ T789] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.180217][ T789] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 33.199837][ T789] RSP: 0018:ffffc90001cdfc98 EFLAGS: 00010293
[ 33.205919][ T789] RAX: ffffffff849cebf7 RBX: ffff88810fe05000 RCX: ffff888118122880
[ 33.213898][ T789] RDX: 0000000000000000 RSI: 0000000023c9cbb0 RDI: 000000000c04eb7d
[ 33.221879][ T789] RBP: ffffc90001cdfcb8 R08: ffff88810fe05083 R09: 1ffff11021fc0a10
[ 33.229836][ T789] R10: dffffc0000000000 R11: ffffed1021fc0a11 R12: dffffc0000000000
[ 33.237812][ T789] R13: 1ffff1102663c52b R14: 0000000023c9cbb0 R15: ffff888110050400
[ 33.245811][ T789] FS: 0000555561186500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 33.254758][ T789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.261346][ T789] CR2: 00007fe6c9c72780 CR3: 000000010b991000 CR4: 00000000003506b0
[ 33.269299][ T789] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.277277][ T789] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.285249][ T789] Call Trace:
[ 33.288509][ T789]
[ 33.291443][ T789] pppol2tp_release+0x16c/0x2d0
[ 33.296289][ T789] sock_close+0xf1/0x290
[ 33.300518][ T789] ? __cfi_sock_close+0x10/0x10
[ 33.305385][ T789] __fput+0x1fc/0x8f0
[ 33.309367][ T789] ____fput+0x15/0x20
[ 33.313347][ T789] task_work_run+0x1e1/0x250
[ 33.317933][ T789] ? __cfi_task_work_run+0x10/0x10
[ 33.323175][ T789] ? __cfi___close_range+0x10/0x10
[ 33.328273][ T789] exit_to_user_mode_loop+0x9b/0xb0
[ 33.333564][ T789] exit_to_user_mode_prepare+0x87/0xd0
[ 33.339044][ T789] syscall_exit_to_user_mode+0x1a/0x30
[ 33.344500][ T789] do_syscall_64+0x58/0xa0
[ 33.348953][ T789] ? clear_bhb_loop+0x30/0x80
[ 33.353625][ T789] ? clear_bhb_loop+0x30/0x80
[ 33.358290][ T789] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.364180][ T789] RIP: 0033:0x7fe6c9d9ce59
[ 33.368585][ T789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 33.388192][ T789] RSP: 002b:00007ffc2319c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 33.396608][ T789] RAX: 0000000000000000 RBX: 00007ffc2319c690 RCX: 00007fe6c9d9ce59
[ 33.404721][ T789] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 33.412733][ T789] RBP: 0000000000008159 R08: 0000000000000001 R09: 0000000000000000
[ 33.420709][ T789] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007ffc2319c6d0
[ 33.428664][ T789] R13: 00007fe6ca015fac R14: 000000000000818c R15: 00007fe6ca015fa0
[ 33.436644][ T789]
[ 33.439648][ T789] ---[ end trace 0000000000000000 ]---
[ 33.449815][ T795] ------------[ cut here ]------------
[ 33.455369][ T795] WARNING: CPU: 0 PID: 795 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.465449][ T795] Modules linked in:
[ 33.468884][ T793] ------------[ cut here ]------------
[ 33.469334][ T795] CPU: 0 PID: 795 Comm: syz.0.183 Tainted: G B W syzkaller #0
[ 33.474807][ T793] WARNING: CPU: 1 PID: 793 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.474840][ T793] Modules linked in:
[ 33.474850][ T793] CPU: 1 PID: 793 Comm: syz.4.182 Tainted: G B W syzkaller #0
[ 33.474866][ T793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 33.483595][ T795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 33.483605][ T795] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.483629][ T795] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 33.483642][ T795] RSP: 0018:ffffc90001d17c98 EFLAGS: 00010293
[ 33.483657][ T795] RAX: ffffffff849cebf7 RBX: ffff8881093ee000 RCX: ffff888118119440
[ 33.483670][ T795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 33.483680][ T795] RBP: ffffc90001d17cb8 R08: ffff8881093ee083 R09: 1ffff1102127dc10
[ 33.483693][ T795] R10: dffffc0000000000 R11: ffffed102127dc11 R12: dffffc0000000000
[ 33.483703][ T795] R13: 1ffff110247a761b R14: 0000000000000000 R15: ffff8881102e3800
[ 33.483715][ T795] FS: 000055557df83500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 33.483731][ T795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.483743][ T795] CR2: 00007f0d155456b8 CR3: 0000000121aaf000 CR4: 00000000003506b0
[ 33.483758][ T795] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.483768][ T795] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.483779][ T795] Call Trace:
[ 33.483784][ T795]
[ 33.483790][ T795] pppol2tp_release+0x16c/0x2d0
[ 33.483809][ T795] sock_close+0xf1/0x290
[ 33.483830][ T795] ? __cfi_sock_close+0x10/0x10
[ 33.483850][ T795] __fput+0x1fc/0x8f0
[ 33.483869][ T795] ____fput+0x15/0x20
[ 33.493961][ T793] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.497805][ T795] task_work_run+0x1e1/0x250
[ 33.506478][ T793] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 33.506492][ T793] RSP: 0018:ffffc90001c47c98 EFLAGS: 00010293
[ 33.506507][ T793] RAX: ffffffff849cebf7 RBX: ffff8881093ed000 RCX: ffff888118118000
[ 33.506519][ T793] RDX: 0000000000000000 RSI: 00000000102e3800 RDI: 000000000c04eb7d
[ 33.506529][ T793] RBP: ffffc90001c47cb8 R08: ffff8881093ed083 R09: 1ffff1102127da10
[ 33.506539][ T793] R10: dffffc0000000000 R11: ffffed102127da11 R12: dffffc0000000000
[ 33.506550][ T793] R13: 1ffff110247a707b R14: 00000000102e3800 R15: ffff8881102e3000
[ 33.506560][ T793] FS: 0000555579da9500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 33.506573][ T793] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.506583][ T793] CR2: 00007f0d14672780 CR3: 0000000122fb2000 CR4: 00000000003506a0
[ 33.506599][ T793] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.506608][ T793] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.506618][ T793] Call Trace:
[ 33.506623][ T793]
[ 33.506629][ T793] pppol2tp_release+0x16c/0x2d0
[ 33.506648][ T793] sock_close+0xf1/0x290
[ 33.506668][ T793] ? __cfi_sock_close+0x10/0x10
[ 33.506689][ T793] __fput+0x1fc/0x8f0
[ 33.506709][ T793] ____fput+0x15/0x20
[ 33.516827][ T795] ? __cfi_task_work_run+0x10/0x10
[ 33.526809][ T793] task_work_run+0x1e1/0x250
[ 33.526830][ T793] ? __cfi_task_work_run+0x10/0x10
[ 33.526849][ T793] ? __cfi___close_range+0x10/0x10
[ 33.533260][ T795] ? __cfi___close_range+0x10/0x10
[ 33.552806][ T793] exit_to_user_mode_loop+0x9b/0xb0
[ 33.552828][ T793] exit_to_user_mode_prepare+0x87/0xd0
[ 33.552845][ T793] syscall_exit_to_user_mode+0x1a/0x30
[ 33.558884][ T795] exit_to_user_mode_loop+0x9b/0xb0
[ 33.567164][ T793] do_syscall_64+0x58/0xa0
[ 33.575060][ T795] exit_to_user_mode_prepare+0x87/0xd0
[ 33.575081][ T795] syscall_exit_to_user_mode+0x1a/0x30
[ 33.575098][ T795] do_syscall_64+0x58/0xa0
[ 33.575113][ T795] ? clear_bhb_loop+0x30/0x80
[ 33.575126][ T795] ? clear_bhb_loop+0x30/0x80
[ 33.575139][ T795] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.583105][ T793] ? clear_bhb_loop+0x30/0x80
[ 33.591076][ T795] RIP: 0033:0x7fe18d39ce59
[ 33.599022][ T793] ? clear_bhb_loop+0x30/0x80
[ 33.607942][ T795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 33.614529][ T793] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.622465][ T795] RSP: 002b:00007ffd320de638 EFLAGS: 00000246
[ 33.630413][ T793] RIP: 0033:0x7f8a6919ce59
[ 33.638373][ T795] ORIG_RAX: 00000000000001b4
[ 33.641850][ T793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 33.644648][ T795] RAX: 0000000000000000 RBX: 00007fe18d617da0 RCX: 00007fe18d39ce59
[ 33.649466][ T793] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246
[ 33.653753][ T795] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 33.653766][ T795] RBP: 00007fe18d617da0 R08: 00007fe18d616038 R09: 0000000000000000
[ 33.653775][ T795] R10: 000000000003fda8 R11: 0000000000000246 R12: 00000000000084a7
[ 33.653783][ T795] R13: 00007fe18d61609c R14: 00000000000081e4 R15: 00007fe18d616090
[ 33.653795][ T795]
[ 33.653800][ T795] ---[ end trace 0000000000000000 ]---
[ 34.021339][ T793] ORIG_RAX: 00000000000001b4
[ 34.025992][ T793] RAX: 0000000000000000 RBX: 00007f8a69417da0 RCX: 00007f8a6919ce59
[ 34.033980][ T793] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 34.041956][ T793] RBP: 00007f8a69417da0 R08: 00007f8a69416038 R09: 0000000000000000
[ 34.049903][ T793] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000849e
[ 34.057873][ T793] R13: 00007f8a6941609c R14: 00000000000081e5 R15: 00007f8a69416090
[ 34.065850][ T793]
[ 34.068852][ T793] ---[ end trace 0000000000000000 ]---
[ 34.089010][ T813] ------------[ cut here ]------------
[ 34.094641][ T813] WARNING: CPU: 0 PID: 813 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
2026/06/11 06:54:54 executed programs: 181
[ 34.104778][ T813] Modules linked in:
[ 34.108676][ T813] CPU: 0 PID: 813 Comm: syz.4.189 Tainted: G B W syzkaller #0
[ 34.117436][ T813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 34.127628][ T813] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.134194][ T813] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 34.153976][ T813] RSP: 0018:ffffc90001be7c98 EFLAGS: 00010293
[ 34.160028][ T813] RAX: ffffffff849cebf7 RBX: ffff888110e09000 RCX: ffff888117ff0000
[ 34.168121][ T813] RDX: 0000000000000000 RSI: 00000000101ce100 RDI: 000000000c04eb7d
[ 34.176191][ T813] RBP: ffffc90001be7cb8 R08: ffff888110e09083 R09: 1ffff110221c1210
[ 34.184187][ T813] R10: dffffc0000000000 R11: ffffed10221c1211 R12: dffffc0000000000
[ 34.192208][ T813] R13: 1ffff1102663cf83 R14: 00000000101ce100 R15: ffff88810ffa9400
[ 34.200173][ T813] FS: 0000555579da9500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 34.209127][ T813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.215726][ T813] CR2: 00007fe6ca017dac CR3: 00000001092f8000 CR4: 00000000003506b0
[ 34.223703][ T813] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.231676][ T813] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.239641][ T813] Call Trace:
[ 34.242921][ T813]
[ 34.245846][ T813] pppol2tp_release+0x16c/0x2d0
[ 34.250718][ T813] sock_close+0xf1/0x290
[ 34.254955][ T813] ? __cfi_sock_close+0x10/0x10
[ 34.259784][ T813] __fput+0x1fc/0x8f0
[ 34.263762][ T813] ____fput+0x15/0x20
[ 34.267740][ T813] task_work_run+0x1e1/0x250
[ 34.272344][ T813] ? __cfi_task_work_run+0x10/0x10
[ 34.277447][ T813] ? __cfi___close_range+0x10/0x10
[ 34.282557][ T813] exit_to_user_mode_loop+0x9b/0xb0
[ 34.287746][ T813] exit_to_user_mode_prepare+0x87/0xd0
[ 34.293208][ T813] syscall_exit_to_user_mode+0x1a/0x30
[ 34.298659][ T813] do_syscall_64+0x58/0xa0
[ 34.303076][ T813] ? clear_bhb_loop+0x30/0x80
[ 34.307742][ T813] ? clear_bhb_loop+0x30/0x80
[ 34.312431][ T813] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.318318][ T813] RIP: 0033:0x7f8a6919ce59
[ 34.322730][ T813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 34.342349][ T813] RSP: 002b:00007ffc8ec32168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 34.350757][ T813] RAX: 0000000000000000 RBX: 00007ffc8ec32250 RCX: 00007f8a6919ce59
[ 34.358723][ T813] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 34.366692][ T813] RBP: 0000000000008512 R08: 0000000000000001 R09: 0000000000000000
[ 34.374666][ T813] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007ffc8ec32290
[ 34.382639][ T813] R13: 00007f8a69415fac R14: 0000000000008546 R15: 00007f8a69415fa0
[ 34.390626][ T813]
[ 34.393630][ T813] ---[ end trace 0000000000000000 ]---
[ 34.414990][ T329] ------------[ cut here ]------------
[ 34.420475][ T329] refcount_t: underflow; use-after-free.
[ 34.431178][ T836] ------------[ cut here ]------------
[ 34.436657][ T836] WARNING: CPU: 1 PID: 836 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.438648][ T329] WARNING: CPU: 0 PID: 329 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0
[ 34.446680][ T836] Modules linked in:
[ 34.455992][ T329] Modules linked in:
[ 34.459817][ T836] CPU: 1 PID: 836 Comm: syz.1.198 Tainted: G B W syzkaller #0
[ 34.463852][ T329] CPU: 0 PID: 329 Comm: kworker/u4:3 Tainted: G B W syzkaller #0
[ 34.472354][ T836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 34.481270][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 34.491311][ T836] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.501364][ T329] Workqueue: l2tp l2tp_tunnel_del_work
[ 34.501382][ T329] RIP: 0010:refcount_warn_saturate+0x120/0x1a0
[ 34.501406][ T329] Code: 05 01 48 c7 c7 c0 2f ca 85 e8 5c c9 d8 fe 0f 0b eb c3 e8 c3 3f 08 ff c6 05 64 6b 26 05 01 48 c7 c7 20 30 ca 85 e8 40 c9 d8 fe <0f> 0b eb a7 e8 a7 3f 08 ff c6 05 45 6b 26 05 01 48 c7 c7 60 2f ca
[ 34.507704][ T836] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 34.513146][ T329] RSP: 0018:ffffc900057ffc28 EFLAGS: 00010246
[ 34.519266][ T836] RSP: 0018:ffffc90001f0fc98 EFLAGS: 00010293
[ 34.538950][ T329]
[ 34.558539][ T836]
[ 34.564601][ T329] RAX: 5bb83c5c2486ab00 RBX: 0000000000000003 RCX: ffff88810f24d100
[ 34.570650][ T836] RAX: ffffffff849cebf7 RBX: ffff88812e8a3000 RCX: ffff88810fd52880
[ 34.572958][ T329] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 34.575262][ T836] RDX: 0000000000000000 RSI: 0000000023c73bb0 RDI: 000000000c04eb7d
[ 34.583220][ T329] RBP: ffffc900057ffc38 R08: ffffc900057ff807 R09: 1ffff92000afff00
[ 34.591193][ T836] RBP: ffffc90001f0fcb8 R08: ffff88812e8a3083 R09: 1ffff11025d14610
[ 34.599128][ T329] R10: dffffc0000000000 R11: fffff52000afff01 R12: 0000000000000000
[ 34.607095][ T836] R10: dffffc0000000000 R11: ffffed1025d14611 R12: dffffc0000000000
[ 34.615051][ T329] R13: ffff8881102f3400 R14: 0000000000000003 R15: 0000000000000000
[ 34.623013][ T836] R13: 1ffff110247be96b R14: 0000000023c73bb0 R15: ffff88812d0b2000
[ 34.623026][ T836] FS: 0000555572615500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 34.630984][ T329] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 34.638933][ T836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.646890][ T329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.654861][ T836] CR2: 00007ffd558c9cb0 CR3: 0000000121a93000 CR4: 00000000003506a0
[ 34.663761][ T329] CR2: 00007f8a69072780 CR3: 00000001212cb000 CR4: 00000000003506b0
[ 34.663777][ T329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.672688][ T836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.679239][ T329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.679251][ T329] Call Trace:
[ 34.685816][ T836] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.685827][ T836] Call Trace:
[ 34.685833][ T836]
[ 34.693783][ T329]
[ 34.693790][ T329] l2tp_session_put+0xc8/0x1a0
[ 34.701751][ T836] pppol2tp_release+0x16c/0x2d0
[ 34.709698][ T329] l2tp_session_delete+0x3f0/0x4e0
[ 34.717678][ T836] sock_close+0xf1/0x290
[ 34.725616][ T329] l2tp_tunnel_del_work+0x1a1/0x410
[ 34.728875][ T836] ? __cfi_sock_close+0x10/0x10
[ 34.736839][ T329] process_one_work+0x71f/0xc40
[ 34.740098][ T836] __fput+0x1fc/0x8f0
[ 34.743031][ T329] worker_thread+0xa29/0x11e0
[ 34.745933][ T836] ____fput+0x15/0x20
[ 34.750690][ T329] ? __kthread_parkme+0x142/0x180
[ 34.755500][ T836] task_work_run+0x1e1/0x250
[ 34.760578][ T329] kthread+0x281/0x320
[ 34.764811][ T836] ? __cfi_task_work_run+0x10/0x10
[ 34.769978][ T329] ? __cfi_worker_thread+0x10/0x10
[ 34.774883][ T836] ? __cfi___close_range+0x10/0x10
[ 34.779651][ T329] ? __cfi_kthread+0x10/0x10
[ 34.783621][ T836] exit_to_user_mode_loop+0x9b/0xb0
[ 34.788263][ T329] ret_from_fork+0x1f/0x30
[ 34.792230][ T836] exit_to_user_mode_prepare+0x87/0xd0
[ 34.797223][ T329]
[ 34.801804][ T836] syscall_exit_to_user_mode+0x1a/0x30
[ 34.801822][ T836] do_syscall_64+0x58/0xa0
[ 34.805868][ T329] ---[ end trace 0000000000000000 ]---
[ 34.810964][ T836] ? clear_bhb_loop+0x30/0x80
[ 34.864245][ T836] ? clear_bhb_loop+0x30/0x80
[ 34.868910][ T836] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.874870][ T836] RIP: 0033:0x7f213fd9ce59
[ 34.879279][ T836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 34.898958][ T836] RSP: 002b:00007fff8baa9f98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 34.907445][ T836] RAX: 0000000000000000 RBX: 00007fff8baaa080 RCX: 00007f213fd9ce59
[ 34.915482][ T836] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 34.923514][ T836] RBP: 0000000000008665 R08: 0000000000000001 R09: 0000000000000000
[ 34.931538][ T836] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007fff8baaa0c0
[ 34.939488][ T836] R13: 00007f2140015fac R14: 000000000000869c R15: 00007f2140015fa0
[ 34.947527][ T836]
[ 34.950540][ T836] ---[ end trace 0000000000000000 ]---
[ 34.969564][ T852] ------------[ cut here ]------------
[ 34.971028][ T850] ------------[ cut here ]------------
[ 34.975097][ T852] WARNING: CPU: 1 PID: 852 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.980476][ T850] WARNING: CPU: 0 PID: 850 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.990521][ T852] Modules linked in:
[ 34.990536][ T852] CPU: 1 PID: 852 Comm: syz.0.204 Tainted: G B W syzkaller #0
[ 35.000521][ T850] Modules linked in:
[ 35.004412][ T852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 35.004422][ T852] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 35.004446][ T852] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 35.004459][ T852] RSP: 0018:ffffc90001fbfc98 EFLAGS: 00010293
[ 35.013324][ T850] CPU: 0 PID: 850 Comm: syz.1.203 Tainted: G B W syzkaller #0
[ 35.017056][ T852] RAX: ffffffff849cebf7 RBX: ffff888130193000 RCX: ffff8881205be540
[ 35.027106][ T850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 35.033414][ T852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 35.053023][ T850] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 35.059063][ T852] RBP: ffffc90001fbfcb8 R08: ffff888130193083 R09: 1ffff11026032610
[ 35.067759][ T850] Code: 5d c3 e8 ac 91 d4 fc be 02 00 00 00 eb 0a e8 a0 91 d4 fc be 01 00 00 00 4c 89 f7 e8 c3 50 cc fd e9 0f ff ff ff e8 89 91 d4 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 91 d4 fc 4c 89 f7 be 03
[ 35.075679][ T852] R10: dffffc0000000000 R11: ffffed1026032611 R12: dffffc0000000000
[ 35.085724][ T850] RSP: 0018:ffffc90001e57c98 EFLAGS: 00010293
[ 35.085741][ T850] RAX: ffffffff849cebf7 RBX: ffff888131422000 RCX: ffff8881205ba880
[ 35.085751][ T850] RDX: 0000000000000000 RSI: 000000000f9df500 RDI: 000000000c04eb7d
[ 35.085761][ T850] RBP: ffffc90001e57cb8 R08: ffff888131422083 R09: 1ffff11026284410
[ 35.085772][ T850] R10: dffffc0000000000 R11: ffffed1026284411 R12: dffffc0000000000
[ 35.093736][ T852] R13: 1ffff110247c416b R14: 0000000000000000 R15: ffff88811031a000
[ 35.093749][ T852] FS: 000055557df83500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 35.100048][ T850] R13: 1ffff1102663d3c3 R14: 000000000f9df500 R15: ffff8881245a2c00
[ 35.108024][ T852] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.127658][ T850] FS: 0000555572615500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 35.135629][ T852] CR2: 00007f8a69f48060 CR3: 00000001147d8000 CR4: 00000000003506a0
[ 35.141679][ T850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.149625][ T852] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.157603][ T850] CR2: 00007ffc2319afe8 CR3: 00000001218b9000 CR4: 00000000003506b0
[ 35.165678][ T852] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.165699][ T852] Call Trace:
[ 35.165705][ T852]
[ 35.165711][ T852] pppol2tp_release+0x16c/0x2d0
[ 35.165736][ T852] sock_close+0xf1/0x290
[ 35.165756][ T852] ? __cfi_sock_close+0x10/0x10
[ 35.165777][ T852] __fput+0x1fc/0x8f0
[ 35.165796][ T852] ____fput+0x15/0x20
[ 35.165814][ T852] task_work_run+0x1e1/0x250
[ 35.165832][ T852] ? __cfi_task_work_run+0x10/0x10
[ 35.173809][ T850] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.181790][ T852] ? __cfi___close_range+0x10/0x10
[ 35.190712][ T850] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.198664][ T852] exit_to_user_mode_loop+0x9b/0xb0
[ 35.205239][ T850] Call Trace: