rocess permissive=1
[   14.438619][   T24] audit: type=1400 audit(1782165280.770:63): avc:  denied  { siginh } for  pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts.
2026/06/22 21:54:50 parsed 1 programs
2026/06/22 21:54:50 serving rpc on tcp://42743
[   24.065066][   T24] audit: type=1400 audit(1782165290.470:64): avc:  denied  { node_bind } for  pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   24.086745][   T24] audit: type=1400 audit(1782165290.470:65): avc:  denied  { create } for  pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   24.107246][   T24] audit: type=1400 audit(1782165290.470:66): avc:  denied  { module_request } for  pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   24.739664][   T24] audit: type=1400 audit(1782165291.140:67): avc:  denied  { mounton } for  pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.740659][  T293] cgroup: Unknown subsys name 'net'
[   24.763086][   T24] audit: type=1400 audit(1782165291.140:68): avc:  denied  { mount } for  pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.791465][   T24] audit: type=1400 audit(1782165291.170:69): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.791621][  T293] cgroup: Unknown subsys name 'devices'
[   24.902532][  T293] cgroup: Unknown subsys name 'hugetlb'
[   24.908751][  T293] cgroup: Unknown subsys name 'rlimit'
[   25.110559][   T24] audit: type=1400 audit(1782165291.510:70): avc:  denied  { setattr } for  pid=293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.135980][   T24] audit: type=1400 audit(1782165291.510:71): avc:  denied  { create } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   25.139786][  T298] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.158189][   T24] audit: type=1400 audit(1782165291.510:72): avc:  denied  { write } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.189577][   T24] audit: type=1400 audit(1782165291.510:73): avc:  denied  { read } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.210897][  T293] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.697011][  T300] request_module fs-gadgetfs succeeded, but still no fs?
[   25.707032][  T300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   26.236199][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.244750][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.252526][  T350] device bridge_slave_0 entered promiscuous mode
[   26.259880][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.267605][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.275222][  T350] device bridge_slave_1 entered promiscuous mode
[   26.314243][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.321716][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.329498][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.336657][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.360032][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.367961][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.375612][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.383642][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.396398][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.404834][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.412145][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.421446][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.430195][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.437649][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.452971][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.462090][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.475808][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.490138][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.498952][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.509074][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.518545][  T350] device veth0_vlan entered promiscuous mode
[   26.534430][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.543555][  T350] device veth1_macvtap entered promiscuous mode
[   26.553282][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.564953][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/06/22 21:54:53 executed programs: 0
[   26.838522][  T378] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.846555][  T378] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.854791][  T378] device bridge_slave_0 entered promiscuous mode
[   26.864399][  T378] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.871645][  T378] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.879536][  T378] device bridge_slave_1 entered promiscuous mode
[   26.916824][  T378] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.924299][  T378] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.932363][  T378] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.940158][  T378] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.957248][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.965505][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.974307][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.988520][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.996885][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.004109][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.015152][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.023432][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.030629][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.045798][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.056761][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.074652][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.086174][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.094870][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.104276][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.117299][  T378] device veth0_vlan entered promiscuous mode
[   27.127252][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.137158][  T378] device veth1_macvtap entered promiscuous mode
[   27.146626][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.158201][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.182674][  T389] ==================================================================
[   27.191086][  T389] BUG: KASAN: use-after-free in mutex_lock+0x85/0xf0
[   27.198513][  T389] Write of size 8 at addr ffff88810fac2550 by task syz.2.17/389
[   27.207832][  T389] 
[   27.210352][  T389] CPU: 1 PID: 389 Comm: syz.2.17 Not tainted syzkaller #0
[   27.218603][  T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[   27.229215][  T389] Call Trace:
[   27.232864][  T389]  __dump_stack+0x21/0x24
[   27.238017][  T389]  dump_stack_lvl+0x1a7/0x208
[   27.243279][  T389]  ? show_regs_print_info+0x18/0x18
[   27.248781][  T389]  ? thaw_kernel_threads+0x220/0x220
[   27.254458][  T389]  ? debug_smp_processor_id+0x17/0x20
[   27.260464][  T389]  print_address_description+0x7f/0x2c0
[   27.266643][  T389]  ? mutex_lock+0x85/0xf0
[   27.271094][  T389]  kasan_report+0x100/0x140
[   27.276087][  T389]  ? mutex_lock+0x85/0xf0
[   27.280456][  T389]  kasan_check_range+0x249/0x2a0
[   27.285713][  T389]  __kasan_check_write+0x14/0x20
[   27.290848][  T389]  mutex_lock+0x85/0xf0
[   27.295187][  T389]  ? mutex_trylock+0xb0/0xb0
[   27.299873][  T389]  ? l2tp_session_put+0xb2/0x1a0
[   27.305066][  T389]  ? l2tp_session_delete+0x3a9/0x4a0
[   27.310349][  T389]  pppol2tp_release+0x178/0x2b0
[   27.315433][  T389]  sock_close+0xb8/0x200
[   27.320051][  T389]  ? sock_mmap+0xa0/0xa0
[   27.326048][  T389]  __fput+0x2dc/0x730
[   27.330220][  T389]  ____fput+0x15/0x20
[   27.334394][  T389]  task_work_run+0x127/0x190
[   27.339553][  T389]  exit_to_user_mode_loop+0xcb/0xe0
[   27.345793][  T389]  exit_to_user_mode_prepare+0x76/0xa0
[   27.351648][  T389]  syscall_exit_to_user_mode+0x1d/0x40
[   27.358391][  T389]  do_syscall_64+0x3d/0x40
[   27.363752][  T389]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.370535][  T389] RIP: 0033:0x7f7bde80de59
[   27.375442][  T389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   27.399540][  T389] RSP: 002b:00007ffcbb6ce318 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   27.409221][  T389] RAX: 0000000000000000 RBX: 00007ffcbb6ce400 RCX: 00007f7bde80de59
[   27.418415][  T389] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   27.427168][  T389] RBP: 0000000000006a17 R08: 0000000000000001 R09: 0000000000000000
[   27.437219][  T389] R10: 0000001b33820000 R11: 0000000000000246 R12: 0000000000000000
[   27.447692][  T389] R13: 00007f7bdea86fac R14: 00007f7bdea86fa8 R15: 00007f7bdea86fa0
[   27.456330][  T389] 
[   27.459193][  T389] Allocated by task 389:
[   27.463633][  T389]  __kasan_kmalloc+0xd4/0x100
[   27.468441][  T389]  __kmalloc+0x19f/0x330
[   27.473460][  T389]  l2tp_session_create+0x39/0xb60
[   27.479675][  T389]  pppol2tp_connect+0xbf5/0x1640
[   27.485192][  T389]  __sys_connect+0x3ce/0x450
[   27.490511][  T389]  __x64_sys_connect+0x7a/0x90
[   27.495903][  T389]  do_syscall_64+0x31/0x40
[   27.500406][  T389]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.506468][  T389] 
[   27.508965][  T389] Freed by task 389:
[   27.513474][  T389]  kasan_set_track+0x4a/0x70
[   27.518338][  T389]  kasan_set_free_info+0x23/0x40
[   27.523589][  T389]  ____kasan_slab_free+0x125/0x160
[   27.528986][  T389]  __kasan_slab_free+0x11/0x20
[   27.533861][  T389]  slab_free_freelist_hook+0xc5/0x190
[   27.539415][  T389]  kfree+0xc0/0x270
[   27.543423][  T389]  l2tp_session_put+0xb2/0x1a0
[   27.548628][  T389]  l2tp_session_delete+0x3a9/0x4a0
[   27.554309][  T389]  pppol2tp_release+0x169/0x2b0
[   27.559352][  T389]  sock_close+0xb8/0x200
[   27.563686][  T389]  __fput+0x2dc/0x730
[   27.567655][  T389]  ____fput+0x15/0x20
[   27.571816][  T389]  task_work_run+0x127/0x190
[   27.576838][  T389]  exit_to_user_mode_loop+0xcb/0xe0
[   27.583141][  T389]  exit_to_user_mode_prepare+0x76/0xa0
[   27.588968][  T389]  syscall_exit_to_user_mode+0x1d/0x40
[   27.594443][  T389]  do_syscall_64+0x3d/0x40
[   27.598844][  T389]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.606458][  T389] 
[   27.609222][  T389] The buggy address belongs to the object at ffff88810fac2400
[   27.609222][  T389]  which belongs to the cache kmalloc-512 of size 512
[   27.624472][  T389] The buggy address is located 336 bytes inside of
[   27.624472][  T389]  512-byte region [ffff88810fac2400, ffff88810fac2600)
[   27.638277][  T389] The buggy address belongs to the page:
[   27.644700][  T389] page:ffffea00043eb000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fac0
[   27.657803][  T389] head:ffffea00043eb000 order:2 compound_mapcount:0 compound_pincount:0
[   27.667512][  T389] flags: 0x4000000000010200(slab|head)
[   27.672971][  T389] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080
[   27.681551][  T389] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   27.690153][  T389] page dumped because: kasan: bad access detected
[   27.696656][  T389] page_owner tracks the page as allocated
[   27.702394][  T389] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 354, ts 27181085064, free_ts 27172009944
[   27.724729][  T389]  prep_new_page+0x176/0x190
[   27.729466][  T389]  get_page_from_freelist+0x225f/0x23f0
[   27.735204][  T389]  __alloc_pages_nodemask+0x29a/0x640
[   27.740957][  T389]  new_slab+0x84/0x3f0
[   27.745440][  T389]  ___slab_alloc+0x2f8/0x4c0
[   27.750219][  T389]  __slab_alloc+0x63/0xa0
[   27.755079][  T389]  __kmalloc_track_caller+0x1e4/0x310
[   27.760527][  T389]  __alloc_skb+0xdc/0x520
[   27.765037][  T389]  ndisc_send_ns+0x347/0xb10
[   27.769937][  T389]  addrconf_dad_work+0xa40/0x1480
[   27.774971][  T389]  process_one_work+0x6fd/0xbc0
[   27.780473][  T389]  worker_thread+0xa8e/0x13c0
[   27.786609][  T389]  kthread+0x324/0x3b0
[   27.790807][  T389]  ret_from_fork+0x1f/0x30
[   27.795592][  T389] page last free stack trace:
[   27.800595][  T389]  __free_pages_ok+0x80b/0x830
[   27.806369][  T389]  __free_pages+0xd8/0x390
[   27.811422][  T389]  __free_slab+0xcf/0x190
[   27.816064][  T389]  unfreeze_partials+0x150/0x180
[   27.821181][  T389]  put_cpu_partial+0xc1/0x180
[   27.825864][  T389]  __slab_free+0x2c9/0x3a0
[   27.830286][  T389]  ___cache_free+0x10e/0x130
[   27.835049][  T389]  qlink_free+0x50/0x90
[   27.839550][  T389]  qlist_free_all+0x5f/0xb0
[   27.844486][  T389]  kasan_quarantine_reduce+0x14a/0x160
[   27.851189][  T389]  __kasan_slab_alloc+0x2f/0xe0
[   27.857045][  T389]  slab_post_alloc_hook+0x5d/0x2f0
[   27.862869][  T389]  kmem_cache_alloc+0x15a/0x2d0
[   27.868265][  T389]  __alloc_skb+0x9e/0x520
[   27.872785][  T389]  netlink_ack+0x35c/0xb30
[   27.877398][  T389]  netlink_rcv_skb+0x267/0x430
[   27.882335][  T389] 
[   27.884826][  T389] Memory state around the buggy address:
[   27.890489][  T389]  ffff88810fac2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.899344][  T389]  ffff88810fac2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.907603][  T389] >ffff88810fac2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.915657][  T389]                                                  ^
[   27.922817][  T389]  ffff88810fac2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.931260][  T389]  ffff88810fac2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.939884][  T389] ==================================================================
[   27.948374][  T389] Disabling lock debugging due to kernel taint