Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
2026/06/14 21:13:09 parsed 1 programs
[ 23.837929][ T28] audit: type=1400 audit(1781471589.017:64): avc: denied { node_bind } for pid=295 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.858826][ T28] audit: type=1400 audit(1781471589.017:65): avc: denied { module_request } for pid=295 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 24.602338][ T28] audit: type=1400 audit(1781471589.787:66): avc: denied { mounton } for pid=303 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 24.603369][ T303] cgroup: Unknown subsys name 'net'
[ 24.625019][ T28] audit: type=1400 audit(1781471589.787:67): avc: denied { mount } for pid=303 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.652318][ T28] audit: type=1400 audit(1781471589.817:68): avc: denied { unmount } for pid=303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.652457][ T303] cgroup: Unknown subsys name 'devices'
[ 24.792783][ T303] cgroup: Unknown subsys name 'hugetlb'
[ 24.798396][ T303] cgroup: Unknown subsys name 'rlimit'
[ 24.906120][ T28] audit: type=1400 audit(1781471590.087:69): avc: denied { setattr } for pid=303 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.929292][ T28] audit: type=1400 audit(1781471590.087:70): avc: denied { create } for pid=303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.949820][ T28] audit: type=1400 audit(1781471590.087:71): avc: denied { write } for pid=303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.970399][ T28] audit: type=1400 audit(1781471590.087:72): avc: denied { read } for pid=303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.981930][ T306] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 24.991202][ T28] audit: type=1400 audit(1781471590.087:73): avc: denied { mounton } for pid=303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 25.042109][ T303] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 25.758737][ T313] request_module fs-gadgetfs succeeded, but still no fs?
[ 26.145546][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.160668][ T326] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.168315][ T326] device bridge_slave_0 entered promiscuous mode
[ 26.192096][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.199153][ T326] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.210091][ T326] device bridge_slave_1 entered promiscuous mode
[ 26.392636][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.399786][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.407119][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.414273][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.439754][ T368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.448570][ T368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.456762][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 26.464376][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.478592][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.486974][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.494242][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.502350][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.510695][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.517779][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.535172][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.543625][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.559753][ T326] device veth0_vlan entered promiscuous mode
[ 26.567609][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 26.576436][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.584788][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.593023][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.607641][ T326] device veth1_macvtap entered promiscuous mode
[ 26.615690][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.628373][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2026/06/14 21:13:11 executed programs: 0
[ 26.642643][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.698563][ T326] syz-executor (326) used greatest stack depth: 22304 bytes left
[ 26.813105][ T375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.820162][ T375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.827806][ T375] device bridge_slave_0 entered promiscuous mode
[ 26.862003][ T375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.869059][ T375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.876465][ T375] device bridge_slave_1 entered promiscuous mode
[ 26.907343][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.914572][ T376] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.922178][ T376] device bridge_slave_0 entered promiscuous mode
[ 26.942084][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.949246][ T376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.956689][ T376] device bridge_slave_1 entered promiscuous mode
[ 26.971022][ T378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.978158][ T378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.985600][ T378] device bridge_slave_0 entered promiscuous mode
[ 26.995202][ T378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.002360][ T378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.009676][ T378] device bridge_slave_1 entered promiscuous mode
[ 27.039624][ T379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.046696][ T379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.054183][ T379] device bridge_slave_0 entered promiscuous mode
[ 27.066770][ T379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.074118][ T379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.081636][ T379] device bridge_slave_1 entered promiscuous mode
[ 27.088150][ T380] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.095425][ T380] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.103042][ T380] device bridge_slave_0 entered promiscuous mode
[ 27.109906][ T380] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.117044][ T380] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.124431][ T380] device bridge_slave_1 entered promiscuous mode
[ 27.363423][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.370837][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.388309][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.395869][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.428772][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.437096][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.445337][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.452378][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.459780][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.468350][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.476830][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.483975][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.491458][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.498874][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.506609][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.515020][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.523261][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.530271][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.537723][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.546060][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.554246][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.561330][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.568723][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.576906][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 27.584639][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 27.594194][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.611395][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.618910][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.626398][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.634834][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.643643][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.651871][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.658884][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.685777][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 27.693378][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.701416][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.709654][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.718121][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.725210][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.732705][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.741301][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.749390][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.756423][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.764442][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 27.777956][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.786307][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.794750][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.801841][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.814451][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.832938][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.841240][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.849141][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.857365][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.865612][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.875234][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.882778][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.892163][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.900380][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.908027][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.919795][ T375] device veth0_vlan entered promiscuous mode
[ 27.929543][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.937675][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.945218][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.958943][ T380] device veth0_vlan entered promiscuous mode
[ 27.966465][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.975343][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.983783][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.992186][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.999311][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.006885][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 28.015309][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.023519][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.030532][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.038043][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 28.055788][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.064275][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.072826][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.080719][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.088342][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.098390][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.106886][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.114360][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.123099][ T375] device veth1_macvtap entered promiscuous mode
[ 28.131912][ T379] device veth0_vlan entered promiscuous mode
[ 28.142986][ T378] device veth0_vlan entered promiscuous mode
[ 28.156628][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.164885][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.187311][ T380] device veth1_macvtap entered promiscuous mode
[ 28.194257][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 28.202745][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 28.212026][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 28.220329][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 28.228993][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.237376][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.245663][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.253913][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.262036][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.270136][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.278474][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 28.289038][ T379] device veth1_macvtap entered promiscuous mode
[ 28.320989][ T376] device veth0_vlan entered promiscuous mode
[ 28.331260][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 28.339825][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 28.348881][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 28.357467][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 28.366285][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 28.374846][ T398] ==================================================================
[ 28.375186][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 28.382909][ T398] BUG: KASAN: use-after-free in mutex_lock+0x86/0x1b0
[ 28.382955][ T398] Write of size 8 at addr ffff88810fe82d50 by task syz.0.17/398
[ 28.382970][ T398]
[ 28.382975][ T398] CPU: 1 PID: 398 Comm: syz.0.17 Not tainted syzkaller #0
[ 28.382992][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 28.383009][ T398] Call Trace:
[ 28.383013][ T398]
[ 28.383020][ T398] __dump_stack+0x21/0x24
[ 28.383039][ T398] dump_stack_lvl+0x110/0x170
[ 28.392136][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.397854][ T398] ? __cfi_dump_stack_lvl+0x8/0x8
[ 28.406098][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 28.407764][ T398] ? mutex_lock+0x86/0x1b0
[ 28.415716][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.424946][ T398] print_address_description+0x71/0x200
[ 28.424971][ T398] print_report+0x4a/0x60
[ 28.424986][ T398] kasan_report+0x122/0x150
[ 28.425003][ T398] ? mutex_lock+0x86/0x1b0
[ 28.428971][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.431201][ T398] kasan_check_range+0x249/0x2a0
[ 28.431226][ T398] __kasan_check_write+0x14/0x20
[ 28.431242][ T398] mutex_lock+0x86/0x1b0
[ 28.436051][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.440313][ T398] ? __cfi_mutex_lock+0x10/0x10
[ 28.450709][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.453385][ T398] ? kfree+0x6f/0xf0
[ 28.453408][ T398] ? l2tp_session_put+0xaf/0x1a0
[ 28.453423][ T398] ? l2tp_session_delete+0x3df/0x4d0
[ 28.453439][ T398] pppol2tp_release+0x178/0x2b0
[ 28.453456][ T398] sock_close+0xc9/0x220
[ 28.461902][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.465488][ T398] ? __cfi_sock_close+0x10/0x10
[ 28.568768][ T398] __fput+0x1fd/0x8f0
[ 28.572737][ T398] ____fput+0x15/0x20
[ 28.576703][ T398] task_work_run+0x1e1/0x250
[ 28.581281][ T398] ? __cfi_task_work_run+0x10/0x10
[ 28.586386][ T398] ? free_nsproxy+0x21f/0x270
[ 28.591058][ T398] do_exit+0xa7c/0x27c0
[ 28.595237][ T398] ? _raw_spin_lock+0x94/0xf0
[ 28.599905][ T398] ? __cfi_do_exit+0x10/0x10
[ 28.604478][ T398] ? plist_del+0x3ec/0x400
[ 28.608897][ T398] ? _raw_spin_unlock+0x4c/0x70
[ 28.613731][ T398] ? __kasan_check_write+0x14/0x20
[ 28.618828][ T398] ? _raw_spin_lock_irq+0x95/0xf0
[ 28.623870][ T398] do_group_exit+0x21b/0x2e0
[ 28.628448][ T398] ? __kasan_check_write+0x14/0x20
[ 28.633629][ T398] ? recalc_sigpending+0x168/0x1c0
[ 28.638743][ T398] get_signal+0x1382/0x14f0
[ 28.643231][ T398] arch_do_signal_or_restart+0xd1/0x11c0
[ 28.648846][ T398] ? do_futex+0x2e2/0x430
[ 28.653155][ T398] ? __cfi_do_futex+0x10/0x10
[ 28.657822][ T398] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 28.663991][ T398] ? __se_sys_futex+0x136/0x310
[ 28.668911][ T398] exit_to_user_mode_loop+0x7a/0xb0
[ 28.674102][ T398] exit_to_user_mode_prepare+0x87/0xd0
[ 28.679547][ T398] syscall_exit_to_user_mode+0x1a/0x30
[ 28.685011][ T398] do_syscall_64+0x58/0xa0
[ 28.689468][ T398] ? clear_bhb_loop+0x30/0x80
[ 28.694124][ T398] ? clear_bhb_loop+0x30/0x80
[ 28.698817][ T398] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.704691][ T398] RIP: 0033:0x7fe56c79ce59
[ 28.709105][ T398] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 28.716101][ T398] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 28.724500][ T398] RAX: fffffffffffffe00 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 28.732450][ T398] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe56ca15fa8
[ 28.740491][ T398] RBP: 00007fe56ca15fa0 R08: 0000000000000000 R09: 0000000000000000
[ 28.748441][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.756392][ T398] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 28.764344][ T398]
[ 28.767342][ T398]
[ 28.769674][ T398] Allocated by task 398:
[ 28.773899][ T398] kasan_set_track+0x4b/0x70
[ 28.778471][ T398] kasan_save_alloc_info+0x1f/0x30
[ 28.783561][ T398] __kasan_kmalloc+0x95/0xb0
[ 28.788131][ T398] __kmalloc+0xb4/0x1e0
[ 28.792279][ T398] l2tp_session_create+0x38/0xbd0
[ 28.797288][ T398] pppol2tp_connect+0xbf5/0x1640
[ 28.802220][ T398] __sys_connect+0x3da/0x460
[ 28.806786][ T398] __x64_sys_connect+0x7a/0x90
[ 28.811614][ T398] x64_sys_call+0x88d/0x9a0
[ 28.816115][ T398] do_syscall_64+0x4c/0xa0
[ 28.820512][ T398] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.826387][ T398]
[ 28.828693][ T398] Freed by task 398:
[ 28.832558][ T398] kasan_set_track+0x4b/0x70
[ 28.837221][ T398] kasan_save_free_info+0x2b/0x40
[ 28.842228][ T398] ____kasan_slab_free+0x132/0x180
[ 28.847322][ T398] __kasan_slab_free+0x11/0x20
[ 28.852064][ T398] slab_free_freelist_hook+0xc2/0x190
[ 28.857414][ T398] __kmem_cache_free+0xb7/0x1b0
[ 28.862244][ T398] kfree+0x6f/0xf0
[ 28.865950][ T398] l2tp_session_put+0xaf/0x1a0
[ 28.870711][ T398] l2tp_session_delete+0x3df/0x4d0
[ 28.875797][ T398] pppol2tp_release+0x169/0x2b0
[ 28.880626][ T398] sock_close+0xc9/0x220
[ 28.884847][ T398] __fput+0x1fd/0x8f0
[ 28.888809][ T398] ____fput+0x15/0x20
[ 28.892831][ T398] task_work_run+0x1e1/0x250
[ 28.897415][ T398] do_exit+0xa7c/0x27c0
[ 28.901560][ T398] do_group_exit+0x21b/0x2e0
[ 28.906134][ T398] get_signal+0x1382/0x14f0
[ 28.910625][ T398] arch_do_signal_or_restart+0xd1/0x11c0
[ 28.916339][ T398] exit_to_user_mode_loop+0x7a/0xb0
[ 28.921530][ T398] exit_to_user_mode_prepare+0x87/0xd0
[ 28.926970][ T398] syscall_exit_to_user_mode+0x1a/0x30
[ 28.932407][ T398] do_syscall_64+0x58/0xa0
[ 28.936808][ T398] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.942711][ T398]
[ 28.945031][ T398] The buggy address belongs to the object at ffff88810fe82c00
[ 28.945031][ T398] which belongs to the cache kmalloc-512 of size 512
[ 28.959098][ T398] The buggy address is located 336 bytes inside of
[ 28.959098][ T398] 512-byte region [ffff88810fe82c00, ffff88810fe82e00)
[ 28.972732][ T398]
[ 28.975041][ T398] The buggy address belongs to the physical page:
[ 28.981443][ T398] page:ffffea00043fa000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fe80
[ 28.991682][ T398] head:ffffea00043fa000 order:2 compound_mapcount:0 compound_pincount:0
[ 29.000161][ T398] flags: 0x4000000000010200(slab|head|zone=1)
[ 29.006234][ T398] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00
[ 29.014819][ T398] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 29.023407][ T398] page dumped because: kasan: bad access detected
[ 29.029799][ T398] page_owner tracks the page as allocated
[ 29.035487][ T398] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8, tgid 8 (kworker/u4:0), ts 28310096049, free_ts 28302395219
[ 29.057702][ T398] post_alloc_hook+0x1f5/0x210
[ 29.062455][ T398] prep_new_page+0x1c/0x110
[ 29.066937][ T398] get_page_from_freelist+0x2ca9/0x2d20
[ 29.072472][ T398] __alloc_pages+0x1fa/0x610
[ 29.077043][ T398] alloc_slab_page+0x6e/0xf0
[ 29.081614][ T398] new_slab+0x98/0x3e0
[ 29.085659][ T398] ___slab_alloc+0x70f/0xb70
[ 29.090225][ T398] __slab_alloc+0x5e/0xa0
[ 29.094537][ T398] __kmem_cache_alloc_node+0x204/0x2d0
[ 29.099984][ T398] __kmalloc_node_track_caller+0xa1/0x1e0
[ 29.105678][ T398] __alloc_skb+0x226/0x4a0
[ 29.110074][ T398] inet_netconf_notify_devconf+0x169/0x220
[ 29.115854][ T398] inetdev_event+0x80a/0x10a0
[ 29.120510][ T398] raw_notifier_call_chain+0xa1/0x110
[ 29.125860][ T398] unregister_netdevice_many+0x104a/0x1910
[ 29.131654][ T398] sit_exit_batch_net+0x618/0x670
[ 29.136660][ T398] page last free stack trace:
[ 29.141308][ T398] free_unref_page_prepare+0x80c/0x820
[ 29.146751][ T398] free_unref_page+0x93/0x530
[ 29.151414][ T398] __free_pages+0x67/0x100
[ 29.156007][ T398] free_pages+0x82/0x90
[ 29.160162][ T398] __stack_depot_save+0x45f/0x490
[ 29.165166][ T398] kasan_set_track+0x60/0x70
[ 29.169738][ T398] kasan_save_alloc_info+0x1f/0x30
[ 29.174832][ T398] __kasan_slab_alloc+0x72/0x80
[ 29.179751][ T398] slab_post_alloc_hook+0x4f/0x2d0
[ 29.184875][ T398] kmem_cache_alloc_node+0x179/0x330
[ 29.190151][ T398] __alloc_skb+0xe8/0x4a0
[ 29.194481][ T398] __neigh_notify+0x84/0x130
[ 29.199069][ T398] neigh_cleanup_and_release+0x2c/0x1a0
[ 29.204616][ T398] neigh_flush_dev+0x79a/0x950
[ 29.209371][ T398] __neigh_ifdown+0x3f/0x400
[ 29.214103][ T398] neigh_ifdown+0x1f/0x30
[ 29.218427][ T398]
[ 29.220735][ T398] Memory state around the buggy address:
[ 29.226350][ T398] ffff88810fe82c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.234395][ T398] ffff88810fe82c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.242443][ T398] >ffff88810fe82d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.250485][ T398] ^
[ 29.257198][ T398] ffff88810fe82d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.265254][ T398] ffff88810fe82e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.273575][ T398] ==================================================================
[ 29.286921][ T398] Disabling lock debugging due to kernel taint
[ 29.311191][ T28] kauditd_printk_skb: 34 callbacks suppressed
[ 29.311207][ T28] audit: type=1400 audit(1781471594.477:108): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 29.340017][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.348950][ T28] audit: type=1400 audit(1781471594.497:109): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.361508][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.379567][ T28] audit: type=1400 audit(1781471594.497:110): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.391406][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.400928][ T28] audit: type=1400 audit(1781471594.497:111): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.410786][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.430006][ T28] audit: type=1400 audit(1781471594.497:112): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.458640][ T401] ------------[ cut here ]------------
[ 29.458826][ T28] audit: type=1400 audit(1781471594.497:113): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.464161][ T401] WARNING: CPU: 0 PID: 401 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 29.486986][ T28] audit: type=1400 audit(1781471594.497:114): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.519576][ T401] Modules linked in:
[ 29.523500][ T401] CPU: 0 PID: 401 Comm: syz.0.22 Tainted: G B syzkaller #0
[ 29.532107][ T401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 29.542204][ T401] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 29.548554][ T401] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 29.568191][ T401] RSP: 0018:ffffc90000af77f0 EFLAGS: 00010293
[ 29.574275][ T401] RAX: ffffffff849b9307 RBX: ffff888118d94000 RCX: ffff888114b05100
[ 29.582265][ T401] RDX: 0000000000000000 RSI: 0000000022833f00 RDI: 000000000c04eb7d
[ 29.590235][ T401] RBP: ffffc90000af7810 R08: ffff888118d94083 R09: 1ffff110231b2810
[ 29.598229][ T401] R10: dffffc0000000000 R11: ffffed10231b2811 R12: dffffc0000000000
[ 29.606224][ T401] R13: dffffc0000000000 R14: 0000000022833f00 R15: ffff88812ed65400
[ 29.614230][ T401] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 29.623175][ T401] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.629744][ T401] CR2: 00007fe56d6d0d58 CR3: 000000012c45a000 CR4: 00000000003506b0
[ 29.637764][ T401] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.645758][ T401] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.653937][ T401] Call Trace:
[ 29.657208][ T401]
[ 29.660126][ T401] pppol2tp_release+0x150/0x2b0
[ 29.665006][ T401] sock_close+0xc9/0x220
[ 29.669247][ T401] ? __cfi_sock_close+0x10/0x10
[ 29.674148][ T401] __fput+0x1fd/0x8f0
[ 29.678165][ T401] ____fput+0x15/0x20
[ 29.682180][ T401] task_work_run+0x1e1/0x250
[ 29.686769][ T401] ? __cfi_task_work_run+0x10/0x10
[ 29.691927][ T401] ? free_nsproxy+0x21f/0x270
[ 29.696617][ T401] do_exit+0xa7c/0x27c0
[ 29.700797][ T401] ? ttwu_do_wakeup+0x102/0x490
[ 29.705681][ T401] ? __cfi_do_exit+0x10/0x10
[ 29.710291][ T401] ? try_to_wake_up+0x6c6/0x1250
[ 29.715249][ T401] ? __kasan_check_write+0x14/0x20
[ 29.720356][ T401] ? _raw_spin_lock_irq+0x95/0xf0
[ 29.725400][ T401] do_group_exit+0x21b/0x2e0
[ 29.729993][ T401] ? __kasan_check_write+0x14/0x20
[ 29.735181][ T401] ? recalc_sigpending+0x168/0x1c0
[ 29.740290][ T401] get_signal+0x1382/0x14f0
[ 29.744813][ T401] arch_do_signal_or_restart+0xd1/0x11c0
[ 29.750440][ T401] ? do_futex+0x2bf/0x430
[ 29.754864][ T401] ? __cfi_do_futex+0x10/0x10
[ 29.759547][ T401] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 29.765735][ T401] ? __se_sys_futex+0x136/0x310
[ 29.770585][ T401] exit_to_user_mode_loop+0x7a/0xb0
[ 29.775804][ T401] exit_to_user_mode_prepare+0x87/0xd0
[ 29.781291][ T401] syscall_exit_to_user_mode+0x1a/0x30
[ 29.786742][ T401] do_syscall_64+0x58/0xa0
[ 29.791193][ T401] ? clear_bhb_loop+0x30/0x80
[ 29.795871][ T401] ? clear_bhb_loop+0x30/0x80
[ 29.800547][ T401] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.806460][ T401] RIP: 0033:0x7fe56c79ce59
[ 29.810882][ T401] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 29.817926][ T401] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 29.826365][ T401] RAX: 0000000000000001 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 29.834376][ T401] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe56ca15fac
[ 29.842366][ T401] RBP: 00007fe56ca15fa0 R08: 00187e6ae52d80f7 R09: 0000000000000000
[ 29.850416][ T401] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 29.858434][ T401] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 29.866456][ T401]
[ 29.869461][ T401] ---[ end trace 0000000000000000 ]---
[ 29.880707][ T378] device veth1_macvtap entered promiscuous mode
[ 29.896408][ T376] device veth1_macvtap entered promiscuous mode
[ 29.941811][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.950019][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.979040][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 29.986931][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.011437][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.011457][ T408] ------------[ cut here ]------------
[ 30.025083][ T408] WARNING: CPU: 1 PID: 408 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.030597][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 30.035118][ T408] Modules linked in:
[ 30.046982][ T408] CPU: 1 PID: 408 Comm: syz.1.18 Tainted: G B W syzkaller #0
[ 30.051407][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.055739][ T408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 30.073916][ T408] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.080260][ T408] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 30.100454][ T408] RSP: 0018:ffffc90000b677f0 EFLAGS: 00010293
[ 30.106562][ T408] RAX: ffffffff849b9307 RBX: ffff8881193cb000 RCX: ffff888119235100
[ 30.114602][ T408] RDX: 0000000000000000 RSI: 00000000223ac8c0 RDI: 000000000c04eb7d
[ 30.122721][ T408] RBP: ffffc90000b67810 R08: ffff8881193cb083 R09: 1ffff11023279610
[ 30.130703][ T408] R10: dffffc0000000000 R11: ffffed1023279611 R12: dffffc0000000000
[ 30.138717][ T408] R13: dffffc0000000000 R14: 00000000223ac8c0 R15: ffff8881101c4800
[ 30.146727][ T408] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 30.155715][ T408] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.162403][ T408] CR2: 00007fc875df2ff8 CR3: 000000000700f000 CR4: 00000000003506a0
[ 30.170451][ T408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.178547][ T408] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.186564][ T408] Call Trace:
[ 30.189828][ T408]
[ 30.192771][ T408] pppol2tp_release+0x150/0x2b0
[ 30.197623][ T408] sock_close+0xc9/0x220
[ 30.201907][ T408] ? __cfi_sock_close+0x10/0x10
[ 30.206757][ T408] __fput+0x1fd/0x8f0
[ 30.210724][ T408] ____fput+0x15/0x20
[ 30.214746][ T408] task_work_run+0x1e1/0x250
[ 30.219448][ T408] ? __cfi_task_work_run+0x10/0x10
[ 30.224617][ T408] ? free_nsproxy+0x21f/0x270
[ 30.229312][ T408] do_exit+0xa7c/0x27c0
[ 30.233545][ T408] ? _raw_spin_lock+0x94/0xf0
[ 30.238226][ T408] ? __cfi_do_exit+0x10/0x10
[ 30.243022][ T408] ? plist_del+0x3ec/0x400
[ 30.247447][ T408] ? _raw_spin_unlock+0x4c/0x70
[ 30.252418][ T408] ? __kasan_check_write+0x14/0x20
[ 30.257557][ T408] ? _raw_spin_lock_irq+0x95/0xf0
[ 30.262659][ T408] do_group_exit+0x21b/0x2e0
[ 30.267428][ T408] ? __kasan_check_write+0x14/0x20
[ 30.272583][ T408] ? recalc_sigpending+0x168/0x1c0
[ 30.277718][ T408] get_signal+0x1382/0x14f0
[ 30.282242][ T408] arch_do_signal_or_restart+0xd1/0x11c0
[ 30.287875][ T408] ? do_futex+0x2e2/0x430
[ 30.292304][ T408] ? __cfi_do_futex+0x10/0x10
[ 30.296986][ T408] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 30.303376][ T408] ? __se_sys_futex+0x136/0x310
[ 30.308260][ T408] exit_to_user_mode_loop+0x7a/0xb0
[ 30.313497][ T408] exit_to_user_mode_prepare+0x87/0xd0
[ 30.318964][ T408] syscall_exit_to_user_mode+0x1a/0x30
[ 30.324462][ T408] do_syscall_64+0x58/0xa0
[ 30.328882][ T408] ? clear_bhb_loop+0x30/0x80
[ 30.333621][ T408] ? clear_bhb_loop+0x30/0x80
[ 30.338307][ T408] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.344241][ T408] RIP: 0033:0x7fc874f9ce59
[ 30.348677][ T408] Code: Unable to access opcode bytes at 0x7fc874f9ce2f.
[ 30.355702][ T408] RSP: 002b:00007fc875e140e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 30.364127][ T408] RAX: fffffffffffffe00 RBX: 00007fc875215fa8 RCX: 00007fc874f9ce59
[ 30.372168][ T408] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc875215fa8
[ 30.380227][ T408] RBP: 00007fc875215fa0 R08: 0000000000000000 R09: 0000000000000000
[ 30.388530][ T408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.396541][ T408] R13: 00007fc875216038 R14: 00007fffc74ce040 R15: 00007fffc74ce128
[ 30.404531][ T408]
[ 30.407537][ T408] ---[ end trace 0000000000000000 ]---
[ 30.441759][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.450129][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.501402][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 30.509745][ T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.610803][ T419] ------------[ cut here ]------------
[ 30.616480][ T419] WARNING: CPU: 0 PID: 419 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.626636][ T419] Modules linked in:
[ 30.630538][ T419] CPU: 0 PID: 419 Comm: syz.1.26 Tainted: G B W syzkaller #0
[ 30.639246][ T419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 30.649491][ T419] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.655949][ T419] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 30.675784][ T419] RSP: 0018:ffffc90000c077f0 EFLAGS: 00010293
[ 30.681943][ T419] RAX: ffffffff849b9307 RBX: ffff888119714000 RCX: ffff88811971e540
[ 30.690007][ T419] RDX: 0000000000000000 RSI: 0000000016e543c0 RDI: 000000000c04eb7d
[ 30.698027][ T419] RBP: ffffc90000c07810 R08: ffff888119714083 R09: 1ffff110232e2810
[ 30.706221][ T419] R10: dffffc0000000000 R11: ffffed10232e2811 R12: dffffc0000000000
[ 30.714238][ T419] R13: dffffc0000000000 R14: 0000000016e543c0 R15: ffff88810d967400
[ 30.722239][ T419] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 30.731227][ T419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.737818][ T419] CR2: 00007fc875df2ff8 CR3: 0000000117a42000 CR4: 00000000003506b0
[ 30.745879][ T419] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.753883][ T419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.761890][ T419] Call Trace:
[ 30.765864][ T419]
[ 30.768796][ T419] pppol2tp_release+0x150/0x2b0
[ 30.773686][ T419] sock_close+0xc9/0x220
[ 30.777953][ T419] ? __cfi_sock_close+0x10/0x10
[ 30.782855][ T419] __fput+0x1fd/0x8f0
[ 30.786846][ T419] ____fput+0x15/0x20
[ 30.790852][ T419] task_work_run+0x1e1/0x250
[ 30.795492][ T419] ? __cfi_task_work_run+0x10/0x10
[ 30.800622][ T419] ? free_nsproxy+0x21f/0x270
[ 30.805419][ T419] do_exit+0xa7c/0x27c0
[ 30.809581][ T419] ? ttwu_do_wakeup+0x102/0x490
[ 30.814465][ T419] ? __cfi_do_exit+0x10/0x10
[ 30.819096][ T419] ? try_to_wake_up+0x6c6/0x1250
[ 30.824086][ T419] ? __kasan_check_write+0x14/0x20
[ 30.829194][ T419] ? _raw_spin_lock_irq+0x95/0xf0
[ 30.834266][ T419] do_group_exit+0x21b/0x2e0
[ 30.839041][ T419] ? __kasan_check_write+0x14/0x20
[ 30.844182][ T419] ? recalc_sigpending+0x168/0x1c0
[ 30.849293][ T419] get_signal+0x1382/0x14f0
[ 30.853958][ T419] arch_do_signal_or_restart+0xd1/0x11c0
[ 30.859684][ T419] ? do_futex+0x2bf/0x430
[ 30.864314][ T419] ? __cfi_do_futex+0x10/0x10
[ 30.868998][ T419] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 30.875202][ T419] ? __se_sys_futex+0x136/0x310
[ 30.880062][ T419] exit_to_user_mode_loop+0x7a/0xb0
[ 30.885301][ T419] exit_to_user_mode_prepare+0x87/0xd0
[ 30.890773][ T419] syscall_exit_to_user_mode+0x1a/0x30
[ 30.896370][ T419] do_syscall_64+0x58/0xa0
[ 30.900810][ T419] ? clear_bhb_loop+0x30/0x80
[ 30.905538][ T419] ? clear_bhb_loop+0x30/0x80
[ 30.910219][ T419] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.916151][ T419] RIP: 0033:0x7fc874f9ce59
[ 30.920563][ T419] Code: Unable to access opcode bytes at 0x7fc874f9ce2f.
[ 30.927601][ T419] RSP: 002b:00007fc875e140e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 30.936046][ T419] RAX: 0000000000000001 RBX: 00007fc875215fa8 RCX: 00007fc874f9ce59
[ 30.944210][ T419] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc875215fac
[ 30.952272][ T419] RBP: 00007fc875215fa0 R08: 002207d2d6c0cf33 R09: 0000000000000000
[ 30.960330][ T419] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 30.968349][ T419] R13: 00007fc875216038 R14: 00007fffc74ce040 R15: 00007fffc74ce128
[ 30.976353][ T419]
[ 30.979358][ T419] ---[ end trace 0000000000000000 ]---
[ 31.072257][ T8] device bridge_slave_1 left promiscuous mode
[ 31.081226][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.111617][ T8] device bridge_slave_0 left promiscuous mode
[ 31.117781][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.151867][ T8] device veth1_macvtap left promiscuous mode
[ 31.158228][ T436] ------------[ cut here ]------------
[ 31.163902][ T436] WARNING: CPU: 0 PID: 436 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.171154][ T8] device veth0_vlan left promiscuous mode
[ 31.173926][ T436] Modules linked in:
[ 31.183638][ T436] CPU: 0 PID: 436 Comm: syz.6.27 Tainted: G B W syzkaller #0
[ 31.192276][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 31.202367][ T436] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.208716][ T436] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 31.228365][ T436] RSP: 0018:ffffc90000cf77f0 EFLAGS: 00010293
[ 31.234460][ T436] RAX: ffffffff849b9307 RBX: ffff888119f5d000 RCX: ffff88811a05d100
[ 31.242565][ T436] RDX: 0000000000000000 RSI: 0000000019fa8780 RDI: 000000000c04eb7d
[ 31.250539][ T436] RBP: ffffc90000cf7810 R08: ffff888119f5d083 R09: 1ffff110233eba10
[ 31.258567][ T436] R10: dffffc0000000000 R11: ffffed10233eba11 R12: dffffc0000000000
[ 31.266633][ T436] R13: dffffc0000000000 R14: 0000000019fa8780 R15: ffff8881307ab400
[ 31.274649][ T436] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 31.283614][ T436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.290201][ T436] CR2: 00007fdbf01feff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 31.298310][ T436] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.306360][ T436] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.314378][ T436] Call Trace:
[ 31.317651][ T436]
[ 31.320570][ T436] pppol2tp_release+0x150/0x2b0
[ 31.325489][ T436] sock_close+0xc9/0x220
[ 31.329758][ T436] ? __cfi_sock_close+0x10/0x10
[ 31.334637][ T436] __fput+0x1fd/0x8f0
[ 31.338625][ T436] ____fput+0x15/0x20
[ 31.342979][ T436] task_work_run+0x1e1/0x250
[ 31.347575][ T436] ? __cfi_task_work_run+0x10/0x10
[ 31.352704][ T436] ? free_nsproxy+0x21f/0x270
[ 31.357403][ T436] do_exit+0xa7c/0x27c0
[ 31.361582][ T436] ? ttwu_do_wakeup+0x102/0x490
[ 31.366437][ T436] ? __cfi_do_exit+0x10/0x10
[ 31.371076][ T436] ? try_to_wake_up+0x6c6/0x1250
[ 31.376014][ T436] ? __kasan_check_write+0x14/0x20
[ 31.381144][ T436] ? _raw_spin_lock_irq+0x95/0xf0
[ 31.386181][ T436] do_group_exit+0x21b/0x2e0
[ 31.390767][ T436] ? __kasan_check_write+0x14/0x20
[ 31.395922][ T436] ? recalc_sigpending+0x168/0x1c0
[ 31.401101][ T436] get_signal+0x1382/0x14f0
[ 31.405614][ T436] arch_do_signal_or_restart+0xd1/0x11c0
[ 31.411296][ T436] ? do_futex+0x2bf/0x430
[ 31.415651][ T436] ? __cfi_do_futex+0x10/0x10
[ 31.420317][ T436] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 31.426654][ T436] ? __se_sys_futex+0x136/0x310
[ 31.431548][ T436] exit_to_user_mode_loop+0x7a/0xb0
[ 31.436749][ T436] exit_to_user_mode_prepare+0x87/0xd0
[ 31.442220][ T436] syscall_exit_to_user_mode+0x1a/0x30
[ 31.447703][ T436] do_syscall_64+0x58/0xa0
[ 31.452152][ T436] ? clear_bhb_loop+0x30/0x80
[ 31.456831][ T436] ? clear_bhb_loop+0x30/0x80
[ 31.461537][ T436] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 31.467450][ T436] RIP: 0033:0x7f4d4ff9ce59
[ 31.471893][ T436] Code: Unable to access opcode bytes at 0x7f4d4ff9ce2f.
[ 31.478930][ T436] RSP: 002b:00007f4d50dfd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 31.487369][ T436] RAX: 0000000000000001 RBX: 00007f4d50215fa8 RCX: 00007f4d4ff9ce59
[ 31.495370][ T436] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4d50215fac
[ 31.503719][ T436] RBP: 00007f4d50215fa0 R08: 000604315029a14a R09: 0000000000000000
[ 31.511721][ T436] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 31.519697][ T436] R13: 00007f4d50216038 R14: 00007ffc34698340 R15: 00007ffc34698428
[ 31.527791][ T436]
[ 31.530806][ T436] ---[ end trace 0000000000000000 ]---
[ 31.722762][ T451] ------------[ cut here ]------------
[ 31.728262][ T451] WARNING: CPU: 1 PID: 451 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.738369][ T451] Modules linked in:
[ 31.742549][ T451] CPU: 1 PID: 451 Comm: syz.0.34 Tainted: G B W syzkaller #0
[ 31.751252][ T451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 31.761426][ T451] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
2026/06/14 21:13:16 executed programs: 30
[ 31.767770][ T451] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 31.787734][ T451] RSP: 0018:ffffc90000cf77f0 EFLAGS: 00010293
[ 31.794115][ T451] RAX: ffffffff849b9307 RBX: ffff88811a7db000 RCX: ffff88811a72e540
[ 31.802175][ T451] RDX: 0000000000000000 RSI: 000000003266cc00 RDI: 000000000c04eb7d
[ 31.810154][ T451] RBP: ffffc90000cf7810 R08: ffff88811a7db083 R09: 1ffff110234fb610
[ 31.818176][ T451] R10: dffffc0000000000 R11: ffffed10234fb611 R12: dffffc0000000000
[ 31.826292][ T451] R13: dffffc0000000000 R14: 000000003266cc00 R15: ffff888118f9b400
[ 31.831121][ T28] audit: type=1400 audit(1781471596.987:115): avc: denied { write } for pid=295 comm="syz-execprog" path="pipe:[14028]" dev="pipefs" ino=14028 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 31.834299][ T451] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 31.866820][ T451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.873461][ T451] CR2: 00005555715af4e8 CR3: 000000012177e000 CR4: 00000000003506a0
[ 31.881467][ T451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.889448][ T451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.897465][ T451] Call Trace:
[ 31.900749][ T451]
[ 31.903803][ T451] pppol2tp_release+0x150/0x2b0
[ 31.908772][ T451] sock_close+0xc9/0x220
[ 31.913104][ T451] ? __cfi_sock_close+0x10/0x10
[ 31.917970][ T451] __fput+0x1fd/0x8f0
[ 31.922009][ T451] ____fput+0x15/0x20
[ 31.926001][ T451] task_work_run+0x1e1/0x250
[ 31.930603][ T451] ? __cfi_task_work_run+0x10/0x10
[ 31.935750][ T451] ? free_nsproxy+0x21f/0x270
[ 31.940435][ T451] do_exit+0xa7c/0x27c0
[ 31.944642][ T451] ? __cfi_do_exit+0x10/0x10
[ 31.949382][ T451] ? try_to_wake_up+0x6c6/0x1250
[ 31.954398][ T451] ? __kasan_check_write+0x14/0x20
[ 31.959512][ T451] ? _raw_spin_lock_irq+0x95/0xf0
[ 31.964579][ T451] do_group_exit+0x21b/0x2e0
[ 31.969176][ T451] ? __kasan_check_write+0x14/0x20
[ 31.974334][ T451] ? recalc_sigpending+0x168/0x1c0
[ 31.979446][ T451] get_signal+0x1382/0x14f0
[ 31.984186][ T451] arch_do_signal_or_restart+0xd1/0x11c0
[ 31.989861][ T451] ? do_futex+0x2bf/0x430
[ 31.994224][ T451] ? __cfi_do_futex+0x10/0x10
[ 31.998902][ T451] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 32.005104][ T451] ? __se_sys_futex+0x136/0x310
[ 32.009966][ T451] exit_to_user_mode_loop+0x7a/0xb0
[ 32.015317][ T451] exit_to_user_mode_prepare+0x87/0xd0
[ 32.020793][ T451] syscall_exit_to_user_mode+0x1a/0x30
[ 32.026307][ T451] do_syscall_64+0x58/0xa0
[ 32.030737][ T451] ? clear_bhb_loop+0x30/0x80
[ 32.035464][ T451] ? clear_bhb_loop+0x30/0x80
[ 32.040143][ T451] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.046270][ T451] RIP: 0033:0x7fe56c79ce59
[ 32.050837][ T451] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 32.057890][ T451] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 32.066408][ T451] RAX: 0000000000000001 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 32.074405][ T451] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe56ca15fac
[ 32.082399][ T451] RBP: 00007fe56ca15fa0 R08: 0027651d4932f332 R09: 0000000000000000
[ 32.090369][ T451] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 32.098383][ T451] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 32.106410][ T451]
[ 32.109418][ T451] ---[ end trace 0000000000000000 ]---
[ 32.290888][ T472] ------------[ cut here ]------------
[ 32.296422][ T472] WARNING: CPU: 1 PID: 472 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.306603][ T472] Modules linked in:
[ 32.310503][ T472] CPU: 1 PID: 472 Comm: syz.0.42 Tainted: G B W syzkaller #0
[ 32.319221][ T472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 32.329308][ T472] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.335677][ T472] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 32.355409][ T472] RSP: 0018:ffffc90000ee77f0 EFLAGS: 00010293
[ 32.361509][ T472] RAX: ffffffff849b9307 RBX: ffff88811ac8a000 RCX: ffff88811b591440
[ 32.369492][ T472] RDX: 0000000000000000 RSI: 000000003266cd40 RDI: 000000000c04eb7d
[ 32.377511][ T472] RBP: ffffc90000ee7810 R08: ffff88811ac8a083 R09: 1ffff11023591410
[ 32.385514][ T472] R10: dffffc0000000000 R11: ffffed1023591411 R12: dffffc0000000000
[ 32.393520][ T472] R13: dffffc0000000000 R14: 000000003266cd40 R15: ffff888116351000
[ 32.401597][ T472] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 32.410535][ T472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.417167][ T472] CR2: 00007fdbf01feff8 CR3: 000000000700f000 CR4: 00000000003506a0
[ 32.425178][ T472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.433198][ T472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.441198][ T472] Call Trace:
[ 32.444614][ T472]
[ 32.447568][ T472] pppol2tp_release+0x150/0x2b0
[ 32.452460][ T472] sock_close+0xc9/0x220
[ 32.456714][ T472] ? __cfi_sock_close+0x10/0x10
[ 32.461629][ T472] __fput+0x1fd/0x8f0
[ 32.465620][ T472] ____fput+0x15/0x20
[ 32.469610][ T472] task_work_run+0x1e1/0x250
[ 32.474241][ T472] ? __cfi_task_work_run+0x10/0x10
[ 32.479466][ T472] ? free_nsproxy+0x21f/0x270
[ 32.484218][ T472] do_exit+0xa7c/0x27c0
[ 32.488381][ T472] ? ttwu_do_wakeup+0x102/0x490
[ 32.493281][ T472] ? __cfi_do_exit+0x10/0x10
[ 32.497880][ T472] ? try_to_wake_up+0x6c6/0x1250
[ 32.502854][ T472] ? __kasan_check_write+0x14/0x20
[ 32.508053][ T472] ? _raw_spin_lock_irq+0x95/0xf0
[ 32.513103][ T472] do_group_exit+0x21b/0x2e0
[ 32.517696][ T472] ? __kasan_check_write+0x14/0x20
[ 32.522834][ T472] ? recalc_sigpending+0x168/0x1c0
[ 32.527943][ T472] get_signal+0x1382/0x14f0
[ 32.532500][ T472] arch_do_signal_or_restart+0xd1/0x11c0
[ 32.538175][ T472] ? do_futex+0x2bf/0x430
[ 32.542563][ T472] ? __cfi_do_futex+0x10/0x10
[ 32.547332][ T472] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 32.553537][ T472] ? __se_sys_futex+0x136/0x310
[ 32.558418][ T472] exit_to_user_mode_loop+0x7a/0xb0
[ 32.563667][ T472] exit_to_user_mode_prepare+0x87/0xd0
[ 32.569152][ T472] syscall_exit_to_user_mode+0x1a/0x30
[ 32.574646][ T472] do_syscall_64+0x58/0xa0
[ 32.579064][ T472] ? clear_bhb_loop+0x30/0x80
[ 32.584017][ T472] ? clear_bhb_loop+0x30/0x80
[ 32.588724][ T472] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.594639][ T472] RIP: 0033:0x7fe56c79ce59
[ 32.599054][ T472] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 32.606116][ T472] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 32.614552][ T472] RAX: 0000000000000001 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 32.622562][ T472] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe56ca15fac
[ 32.630553][ T472] RBP: 00007fe56ca15fa0 R08: 000ef502c1dcc4eb R09: 0000000000000000
[ 32.638555][ T472] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 32.646541][ T472] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 32.654526][ T472]
[ 32.657545][ T472] ---[ end trace 0000000000000000 ]---
[ 32.815299][ T487] ------------[ cut here ]------------
[ 32.820805][ T487] WARNING: CPU: 0 PID: 487 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.830873][ T487] Modules linked in:
[ 32.834801][ T487] CPU: 0 PID: 487 Comm: syz.2.46 Tainted: G B W syzkaller #0
[ 32.843522][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 32.853617][ T487] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.859964][ T487] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 32.879915][ T487] RSP: 0018:ffffc90000d5f7f0 EFLAGS: 00010293
[ 32.886019][ T487] RAX: ffffffff849b9307 RBX: ffff88811bc50000 RCX: ffff88811bc49440
[ 32.894037][ T487] RDX: 0000000000000000 RSI: 0000000022308780 RDI: 000000000c04eb7d
[ 32.902334][ T487] RBP: ffffc90000d5f810 R08: ffff88811bc50083 R09: 1ffff1102378a010
[ 32.910314][ T487] R10: dffffc0000000000 R11: ffffed102378a011 R12: dffffc0000000000
[ 32.918430][ T487] R13: dffffc0000000000 R14: 0000000022308780 R15: ffff88811af9e800
[ 32.926443][ T487] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 32.935432][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.942083][ T487] CR2: 00007fdbf01feff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 32.950069][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.958091][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.966115][ T487] Call Trace:
[ 32.969404][ T487]
[ 32.972359][ T487] pppol2tp_release+0x150/0x2b0
[ 32.977222][ T487] sock_close+0xc9/0x220
[ 32.981517][ T487] ? __cfi_sock_close+0x10/0x10
[ 32.986371][ T487] __fput+0x1fd/0x8f0
[ 32.990363][ T487] ____fput+0x15/0x20
[ 32.994389][ T487] task_work_run+0x1e1/0x250
[ 32.998980][ T487] ? __cfi_task_work_run+0x10/0x10
[ 33.004131][ T487] ? free_nsproxy+0x21f/0x270
[ 33.008865][ T487] do_exit+0xa7c/0x27c0
[ 33.013046][ T487] ? ttwu_do_wakeup+0x102/0x490
[ 33.017925][ T487] ? __cfi_do_exit+0x10/0x10
[ 33.022644][ T487] ? try_to_wake_up+0x6c6/0x1250
[ 33.027592][ T487] ? __kasan_check_write+0x14/0x20
[ 33.032773][ T487] ? _raw_spin_lock_irq+0x95/0xf0
[ 33.037809][ T487] do_group_exit+0x21b/0x2e0
[ 33.042419][ T487] ? __kasan_check_write+0x14/0x20
[ 33.047540][ T487] ? recalc_sigpending+0x168/0x1c0
[ 33.052691][ T487] get_signal+0x1382/0x14f0
[ 33.057378][ T487] arch_do_signal_or_restart+0xd1/0x11c0
[ 33.063034][ T487] ? do_futex+0x2bf/0x430
[ 33.067363][ T487] ? __cfi_do_futex+0x10/0x10
[ 33.072062][ T487] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 33.078215][ T487] ? __se_sys_futex+0x136/0x310
[ 33.083102][ T487] exit_to_user_mode_loop+0x7a/0xb0
[ 33.088300][ T487] exit_to_user_mode_prepare+0x87/0xd0
[ 33.093797][ T487] syscall_exit_to_user_mode+0x1a/0x30
[ 33.099256][ T487] do_syscall_64+0x58/0xa0
[ 33.103739][ T487] ? clear_bhb_loop+0x30/0x80
[ 33.108411][ T487] ? clear_bhb_loop+0x30/0x80
[ 33.113110][ T487] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.119007][ T487] RIP: 0033:0x7fdbf039ce59
[ 33.123438][ T487] Code: Unable to access opcode bytes at 0x7fdbf039ce2f.
[ 33.130455][ T487] RSP: 002b:00007fdbf11720e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 33.138903][ T487] RAX: 0000000000000001 RBX: 00007fdbf0615fa8 RCX: 00007fdbf039ce59
[ 33.146892][ T487] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdbf0615fac
[ 33.154881][ T487] RBP: 00007fdbf0615fa0 R08: 002e8c2b3b459702 R09: 0000000000000000
[ 33.162869][ T487] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 33.170834][ T487] R13: 00007fdbf0616038 R14: 00007ffed496a690 R15: 00007ffed496a778
[ 33.178875][ T487]
[ 33.182227][ T487] ---[ end trace 0000000000000000 ]---
[ 33.200005][ T488] ------------[ cut here ]------------
[ 33.205551][ T488] WARNING: CPU: 1 PID: 488 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.215584][ T488] Modules linked in:
[ 33.219477][ T488] CPU: 1 PID: 488 Comm: syz.0.45 Tainted: G B W syzkaller #0
[ 33.228087][ T488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 33.238237][ T488] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.244813][ T488] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 33.264599][ T488] RSP: 0018:ffffc90000f977f0 EFLAGS: 00010293
[ 33.270681][ T488] RAX: ffffffff849b9307 RBX: ffff888116e9d000 RCX: ffff88811bc48000
[ 33.278749][ T488] RDX: 0000000000000000 RSI: 000000003266c840 RDI: 000000000c04eb7d
[ 33.286769][ T488] RBP: ffffc90000f97810 R08: ffff888116e9d083 R09: 1ffff11022dd3a10
[ 33.294769][ T488] R10: dffffc0000000000 R11: ffffed1022dd3a11 R12: dffffc0000000000
[ 33.302772][ T488] R13: dffffc0000000000 R14: 000000003266c840 R15: ffff88811aa38400
[ 33.310751][ T488] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 33.319712][ T488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.326342][ T488] CR2: 00007fc875217dac CR3: 000000000700f000 CR4: 00000000003506a0
[ 33.334352][ T488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.342355][ T488] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.350338][ T488] Call Trace:
[ 33.353650][ T488]
[ 33.356582][ T488] pppol2tp_release+0x150/0x2b0
[ 33.361520][ T488] sock_close+0xc9/0x220
[ 33.365768][ T488] ? __cfi_sock_close+0x10/0x10
[ 33.370635][ T488] __fput+0x1fd/0x8f0
[ 33.374659][ T488] ____fput+0x15/0x20
[ 33.378644][ T488] task_work_run+0x1e1/0x250
[ 33.383283][ T488] ? __cfi_task_work_run+0x10/0x10
[ 33.388399][ T488] ? free_nsproxy+0x21f/0x270
[ 33.393125][ T488] do_exit+0xa7c/0x27c0
[ 33.397297][ T488] ? _raw_spin_lock+0x94/0xf0
[ 33.402001][ T488] ? __cfi_do_exit+0x10/0x10
[ 33.406603][ T488] ? plist_del+0x3ec/0x400
[ 33.411023][ T488] ? _raw_spin_unlock+0x4c/0x70
[ 33.415914][ T488] ? __kasan_check_write+0x14/0x20
[ 33.421084][ T488] ? _raw_spin_lock_irq+0x95/0xf0
[ 33.426113][ T488] do_group_exit+0x21b/0x2e0
[ 33.430713][ T488] ? __kasan_check_write+0x14/0x20
[ 33.435855][ T488] ? recalc_sigpending+0x168/0x1c0
[ 33.440980][ T488] get_signal+0x1382/0x14f0
[ 33.445552][ T488] arch_do_signal_or_restart+0xd1/0x11c0
[ 33.451225][ T488] ? do_futex+0x2e2/0x430
[ 33.455558][ T488] ? __cfi_do_futex+0x10/0x10
[ 33.460236][ T488] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 33.466420][ T488] ? __se_sys_futex+0x136/0x310
[ 33.471303][ T488] exit_to_user_mode_loop+0x7a/0xb0
[ 33.476509][ T488] exit_to_user_mode_prepare+0x87/0xd0
[ 33.481995][ T488] syscall_exit_to_user_mode+0x1a/0x30
[ 33.487457][ T488] do_syscall_64+0x58/0xa0
[ 33.491897][ T488] ? clear_bhb_loop+0x30/0x80
[ 33.496570][ T488] ? clear_bhb_loop+0x30/0x80
[ 33.501275][ T488] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.507179][ T488] RIP: 0033:0x7fe56c79ce59
[ 33.511625][ T488] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 33.518807][ T488] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 33.527428][ T488] RAX: fffffffffffffe00 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 33.535414][ T488] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe56ca15fa8
[ 33.543397][ T488] RBP: 00007fe56ca15fa0 R08: 0000000000000000 R09: 0000000000000000
[ 33.551401][ T488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 33.559385][ T488] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 33.567421][ T488]
[ 33.570436][ T488] ---[ end trace 0000000000000000 ]---
[ 33.755048][ T516] ------------[ cut here ]------------
[ 33.760647][ T516] WARNING: CPU: 1 PID: 516 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.770722][ T516] Modules linked in:
[ 33.774650][ T516] CPU: 1 PID: 516 Comm: syz.6.57 Tainted: G B W syzkaller #0
[ 33.783263][ T516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 33.793349][ T516] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.799682][ T516] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 33.819334][ T516] RSP: 0018:ffffc90000df77f0 EFLAGS: 00010293
[ 33.825640][ T516] RAX: ffffffff849b9307 RBX: ffff88811c3bc000 RCX: ffff88811c89a880
[ 33.833733][ T516] RDX: 0000000000000000 RSI: 0000000017a2bec0 RDI: 000000000c04eb7d
[ 33.841771][ T516] RBP: ffffc90000df7810 R08: ffff88811c3bc083 R09: 1ffff11023877810
[ 33.849750][ T516] R10: dffffc0000000000 R11: ffffed1023877811 R12: dffffc0000000000
[ 33.857768][ T516] R13: dffffc0000000000 R14: 0000000017a2bec0 R15: ffff88811acc5c00
[ 33.865770][ T516] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 33.874731][ T516] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.881420][ T516] CR2: 0000000000000000 CR3: 000000000700f000 CR4: 00000000003506a0
[ 33.889397][ T516] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.897398][ T516] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.905742][ T516] Call Trace:
[ 33.909039][ T516]
[ 33.912238][ T516] pppol2tp_release+0x150/0x2b0
[ 33.917101][ T516] sock_close+0xc9/0x220
[ 33.921394][ T516] ? __cfi_sock_close+0x10/0x10
[ 33.926256][ T516] __fput+0x1fd/0x8f0
[ 33.930244][ T516] ____fput+0x15/0x20
[ 33.934273][ T516] task_work_run+0x1e1/0x250
[ 33.938876][ T516] ? __cfi_task_work_run+0x10/0x10
[ 33.944117][ T516] ? free_nsproxy+0x21f/0x270
[ 33.948803][ T516] do_exit+0xa7c/0x27c0
[ 33.953019][ T516] ? ttwu_do_wakeup+0x102/0x490
[ 33.957873][ T516] ? __cfi_do_exit+0x10/0x10
[ 33.962516][ T516] ? try_to_wake_up+0x6c6/0x1250
[ 33.967540][ T516] ? __kasan_check_write+0x14/0x20
[ 33.972688][ T516] ? _raw_spin_lock_irq+0x95/0xf0
[ 33.977710][ T516] do_group_exit+0x21b/0x2e0
[ 33.982435][ T516] ? __kasan_check_write+0x14/0x20
[ 33.987554][ T516] ? recalc_sigpending+0x168/0x1c0
[ 33.992779][ T516] get_signal+0x1382/0x14f0
[ 33.997290][ T516] arch_do_signal_or_restart+0xd1/0x11c0
[ 34.002934][ T516] ? do_futex+0x2bf/0x430
[ 34.007258][ T516] ? __cfi_do_futex+0x10/0x10
[ 34.011969][ T516] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 34.018123][ T516] ? __se_sys_futex+0x136/0x310
[ 34.023084][ T516] exit_to_user_mode_loop+0x7a/0xb0
[ 34.028282][ T516] exit_to_user_mode_prepare+0x87/0xd0
[ 34.033773][ T516] syscall_exit_to_user_mode+0x1a/0x30
[ 34.039223][ T516] do_syscall_64+0x58/0xa0
[ 34.043653][ T516] ? clear_bhb_loop+0x30/0x80
[ 34.048335][ T516] ? clear_bhb_loop+0x30/0x80
[ 34.053034][ T516] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.058931][ T516] RIP: 0033:0x7f4d4ff9ce59
[ 34.063442][ T516] Code: Unable to access opcode bytes at 0x7f4d4ff9ce2f.
[ 34.070455][ T516] RSP: 002b:00007f4d50dfd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 34.079038][ T516] RAX: 0000000000000001 RBX: 00007f4d50215fa8 RCX: 00007f4d4ff9ce59
[ 34.087037][ T516] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4d50215fac
[ 34.095193][ T516] RBP: 00007f4d50215fa0 R08: 002a600dafb51151 R09: 0000000000000000
[ 34.103174][ T516] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 34.111159][ T516] R13: 00007f4d50216038 R14: 00007ffc34698340 R15: 00007ffc34698428
[ 34.119151][ T516]
[ 34.122179][ T516] ---[ end trace 0000000000000000 ]---
[ 34.351766][ T531] ------------[ cut here ]------------
[ 34.357263][ T531] WARNING: CPU: 1 PID: 531 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.367382][ T531] Modules linked in:
[ 34.371339][ T531] CPU: 1 PID: 531 Comm: syz.4.63 Tainted: G B W syzkaller #0
[ 34.379926][ T531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.390325][ T531] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.396897][ T531] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 34.416646][ T531] RSP: 0018:ffffc900011ef7f0 EFLAGS: 00010293
[ 34.422749][ T531] RAX: ffffffff849b9307 RBX: ffff88811d143000 RCX: ffff88811cd81440
[ 34.430728][ T531] RDX: 0000000000000000 RSI: 0000000032659040 RDI: 000000000c04eb7d
[ 34.438743][ T531] RBP: ffffc900011ef810 R08: ffff88811d143083 R09: 1ffff11023a28610
[ 34.446775][ T531] R10: dffffc0000000000 R11: ffffed1023a28611 R12: dffffc0000000000
[ 34.454782][ T531] R13: dffffc0000000000 R14: 0000000032659040 R15: ffff88811a1ae400
[ 34.463024][ T531] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 34.472107][ T531] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.478703][ T531] CR2: 00007fe56d6cfff8 CR3: 000000012323f000 CR4: 00000000003506a0
[ 34.486794][ T531] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.494792][ T531] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.502787][ T531] Call Trace:
[ 34.506072][ T531]
[ 34.509002][ T531] pppol2tp_release+0x150/0x2b0
[ 34.513884][ T531] sock_close+0xc9/0x220
[ 34.518134][ T531] ? __cfi_sock_close+0x10/0x10
[ 34.523031][ T531] __fput+0x1fd/0x8f0
[ 34.527026][ T531] ____fput+0x15/0x20
[ 34.531129][ T531] task_work_run+0x1e1/0x250
[ 34.535754][ T531] ? __cfi_task_work_run+0x10/0x10
[ 34.540962][ T531] ? free_nsproxy+0x21f/0x270
[ 34.545865][ T531] do_exit+0xa7c/0x27c0
[ 34.550187][ T531] ? ttwu_do_wakeup+0x102/0x490
[ 34.555067][ T531] ? __cfi_do_exit+0x10/0x10
[ 34.559657][ T531] ? try_to_wake_up+0x6c6/0x1250
[ 34.564691][ T531] ? __kasan_check_write+0x14/0x20
[ 34.569797][ T531] ? _raw_spin_lock_irq+0x95/0xf0
[ 34.574854][ T531] do_group_exit+0x21b/0x2e0
[ 34.579449][ T531] ? __kasan_check_write+0x14/0x20
[ 34.584570][ T531] ? recalc_sigpending+0x168/0x1c0
[ 34.589684][ T531] get_signal+0x1382/0x14f0
[ 34.594209][ T531] arch_do_signal_or_restart+0xd1/0x11c0
[ 34.599841][ T531] ? do_futex+0x2bf/0x430
[ 34.604182][ T531] ? __cfi_do_futex+0x10/0x10
[ 34.608853][ T531] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 34.615016][ T531] ? __se_sys_futex+0x136/0x310
[ 34.619860][ T531] ? __kasan_check_write+0x14/0x20
[ 34.625240][ T531] exit_to_user_mode_loop+0x7a/0xb0
[ 34.630444][ T531] exit_to_user_mode_prepare+0x87/0xd0
[ 34.636025][ T531] syscall_exit_to_user_mode+0x1a/0x30
[ 34.641506][ T531] do_syscall_64+0x58/0xa0
[ 34.645921][ T531] ? clear_bhb_loop+0x30/0x80
[ 34.650578][ T531] ? clear_bhb_loop+0x30/0x80
[ 34.655279][ T531] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.661183][ T531] RIP: 0033:0x7fc23199ce59
[ 34.665577][ T531] Code: Unable to access opcode bytes at 0x7fc23199ce2f.
[ 34.672624][ T531] RSP: 002b:00007fc2328610e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 34.681060][ T531] RAX: 0000000000000001 RBX: 00007fc231c15fa8 RCX: 00007fc23199ce59
[ 34.689027][ T531] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc231c15fac
[ 34.697116][ T531] RBP: 00007fc231c15fa0 R08: 0011575ca87eb86f R09: 0000000000000000
[ 34.705296][ T531] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 34.713428][ T531] R13: 00007fc231c16038 R14: 00007ffc1e04c870 R15: 00007ffc1e04c958
[ 34.721418][ T531]
[ 34.724442][ T531] ---[ end trace 0000000000000000 ]---
[ 34.871446][ T553] ------------[ cut here ]------------
[ 34.876948][ T553] WARNING: CPU: 0 PID: 553 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.887091][ T553] Modules linked in:
[ 34.890988][ T553] CPU: 0 PID: 553 Comm: syz.2.68 Tainted: G B W syzkaller #0
[ 34.899794][ T553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.909983][ T553] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.916366][ T553] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 34.936000][ T553] RSP: 0018:ffffc90000e377f0 EFLAGS: 00010293
[ 34.942211][ T553] RAX: ffffffff849b9307 RBX: ffff88811d53a000 RCX: ffff88811d792880
[ 34.950226][ T553] RDX: 0000000000000000 RSI: 00000000222a6840 RDI: 000000000c04eb7d
[ 34.958242][ T553] RBP: ffffc90000e37810 R08: ffff88811d53a083 R09: 1ffff11023aa7410
[ 34.966347][ T553] R10: dffffc0000000000 R11: ffffed1023aa7411 R12: dffffc0000000000
[ 34.974361][ T553] R13: dffffc0000000000 R14: 00000000222a6840 R15: ffff88811254a800
[ 34.982361][ T553] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 34.991339][ T553] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.997927][ T553] CR2: 00007fdbf01feff8 CR3: 000000012323f000 CR4: 00000000003506b0
[ 35.005962][ T553] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.014055][ T553] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.022154][ T553] Call Trace:
[ 35.025428][ T553]
[ 35.028346][ T553] pppol2tp_release+0x150/0x2b0
[ 35.033214][ T553] sock_close+0xc9/0x220
[ 35.037456][ T553] ? __cfi_sock_close+0x10/0x10
[ 35.042319][ T553] __fput+0x1fd/0x8f0
[ 35.046298][ T553] ____fput+0x15/0x20
[ 35.050261][ T553] task_work_run+0x1e1/0x250
[ 35.055138][ T553] ? __cfi_task_work_run+0x10/0x10
[ 35.060249][ T553] ? free_nsproxy+0x21f/0x270
[ 35.064958][ T553] do_exit+0xa7c/0x27c0
[ 35.069115][ T553] ? ttwu_do_wakeup+0x102/0x490
[ 35.073988][ T553] ? __cfi_do_exit+0x10/0x10
[ 35.078592][ T553] ? try_to_wake_up+0x6c6/0x1250
[ 35.083554][ T553] ? __kasan_check_write+0x14/0x20
[ 35.088665][ T553] ? _raw_spin_lock_irq+0x95/0xf0
[ 35.093701][ T553] do_group_exit+0x21b/0x2e0
[ 35.098288][ T553] ? __kasan_check_write+0x14/0x20
[ 35.103522][ T553] ? recalc_sigpending+0x168/0x1c0
[ 35.108634][ T553] get_signal+0x1382/0x14f0
[ 35.113205][ T553] arch_do_signal_or_restart+0xd1/0x11c0
[ 35.118838][ T553] ? do_futex+0x2bf/0x430
[ 35.123250][ T553] ? __cfi_do_futex+0x10/0x10
[ 35.127919][ T553] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 35.134084][ T553] ? __se_sys_futex+0x136/0x310
[ 35.138939][ T553] exit_to_user_mode_loop+0x7a/0xb0
[ 35.144157][ T553] exit_to_user_mode_prepare+0x87/0xd0
[ 35.149610][ T553] syscall_exit_to_user_mode+0x1a/0x30
[ 35.155082][ T553] do_syscall_64+0x58/0xa0
[ 35.159490][ T553] ? clear_bhb_loop+0x30/0x80
[ 35.164186][ T553] ? clear_bhb_loop+0x30/0x80
[ 35.168855][ T553] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.174767][ T553] RIP: 0033:0x7fdbf039ce59
[ 35.179173][ T553] Code: Unable to access opcode bytes at 0x7fdbf039ce2f.
[ 35.186261][ T553] RSP: 002b:00007fdbf11720e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 35.194690][ T553] RAX: 0000000000000001 RBX: 00007fdbf0615fa8 RCX: 00007fdbf039ce59
[ 35.202680][ T553] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdbf0615fac
[ 35.210645][ T553] RBP: 00007fdbf0615fa0 R08: 0031871ba1c7b521 R09: 0000000000000000
[ 35.218632][ T553] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 35.226620][ T553] R13: 00007fdbf0616038 R14: 00007ffed496a690 R15: 00007ffed496a778
[ 35.234618][ T553]
[ 35.237642][ T553] ---[ end trace 0000000000000000 ]---
[ 35.415001][ T571] ------------[ cut here ]------------
[ 35.420608][ T571] WARNING: CPU: 0 PID: 571 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 35.430756][ T571] Modules linked in:
[ 35.434697][ T571] CPU: 0 PID: 571 Comm: syz.2.73 Tainted: G B W syzkaller #0
[ 35.443309][ T571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 35.453564][ T571] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 35.459912][ T571] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 35.479594][ T571] RSP: 0018:ffffc900014377f0 EFLAGS: 00010293
[ 35.485712][ T571] RAX: ffffffff849b9307 RBX: ffff88811d2de000 RCX: ffff88811cdfd100
[ 35.493719][ T571] RDX: 0000000000000000 RSI: 0000000017a203c0 RDI: 000000000c04eb7d
[ 35.501802][ T571] RBP: ffffc90001437810 R08: ffff88811d2de083 R09: 1ffff11023a5bc10
[ 35.509776][ T571] R10: dffffc0000000000 R11: ffffed1023a5bc11 R12: dffffc0000000000
[ 35.517806][ T571] R13: dffffc0000000000 R14: 0000000017a203c0 R15: ffff88811c827000
[ 35.525816][ T571] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 35.534807][ T571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.541413][ T571] CR2: 00007fdbf01feff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 35.549418][ T571] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.557441][ T571] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.565474][ T571] Call Trace:
[ 35.568755][ T571]
[ 35.571719][ T571] pppol2tp_release+0x150/0x2b0
[ 35.576572][ T571] sock_close+0xc9/0x220
[ 35.580842][ T571] ? __cfi_sock_close+0x10/0x10
[ 35.585754][ T571] __fput+0x1fd/0x8f0
[ 35.589743][ T571] ____fput+0x15/0x20
[ 35.593764][ T571] task_work_run+0x1e1/0x250
[ 35.598354][ T571] ? __cfi_task_work_run+0x10/0x10
[ 35.603507][ T571] ? free_nsproxy+0x21f/0x270
[ 35.608188][ T571] do_exit+0xa7c/0x27c0
[ 35.612388][ T571] ? _raw_spin_lock+0x94/0xf0
[ 35.617072][ T571] ? __cfi_do_exit+0x10/0x10
[ 35.621713][ T571] ? plist_del+0x3ec/0x400
[ 35.626229][ T571] ? _raw_spin_unlock+0x4c/0x70
[ 35.631125][ T571] ? __kasan_check_write+0x14/0x20
[ 35.636236][ T571] ? _raw_spin_lock_irq+0x95/0xf0
[ 35.641300][ T571] do_group_exit+0x21b/0x2e0
[ 35.645890][ T571] ? __kasan_check_write+0x14/0x20
[ 35.651005][ T571] ? recalc_sigpending+0x168/0x1c0
[ 35.656156][ T571] get_signal+0x1382/0x14f0
[ 35.660669][ T571] arch_do_signal_or_restart+0xd1/0x11c0
[ 35.666356][ T571] ? do_futex+0x2e2/0x430
[ 35.670686][ T571] ? __kasan_check_read+0x11/0x20
[ 35.675756][ T571] ? __cfi_do_futex+0x10/0x10
[ 35.680432][ T571] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 35.686660][ T571] ? __se_sys_futex+0x136/0x310
[ 35.691534][ T571] exit_to_user_mode_loop+0x7a/0xb0
[ 35.696738][ T571] exit_to_user_mode_prepare+0x87/0xd0
[ 35.702235][ T571] syscall_exit_to_user_mode+0x1a/0x30
[ 35.707700][ T571] do_syscall_64+0x58/0xa0
[ 35.712169][ T571] ? clear_bhb_loop+0x30/0x80
[ 35.716847][ T571] ? clear_bhb_loop+0x30/0x80
[ 35.721546][ T571] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.727444][ T571] RIP: 0033:0x7fdbf039ce59
[ 35.731895][ T571] Code: Unable to access opcode bytes at 0x7fdbf039ce2f.
[ 35.738939][ T571] RSP: 002b:00007fdbf11720e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 35.747414][ T571] RAX: fffffffffffffe00 RBX: 00007fdbf0615fa8 RCX: 00007fdbf039ce59
[ 35.755412][ T571] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdbf0615fa8
[ 35.763400][ T571] RBP: 00007fdbf0615fa0 R08: 0000000000000000 R09: 0000000000000000
[ 35.771390][ T571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 35.779372][ T571] R13: 00007fdbf0616038 R14: 00007ffed496a690 R15: 00007ffed496a778
[ 35.787365][ T571]
[ 35.790381][ T571] ---[ end trace 0000000000000000 ]---
[ 35.991935][ T588] ------------[ cut here ]------------
[ 35.997447][ T588] WARNING: CPU: 0 PID: 588 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.007611][ T588] Modules linked in:
[ 36.011753][ T588] CPU: 0 PID: 588 Comm: syz.1.81 Tainted: G B W syzkaller #0
[ 36.020445][ T588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 36.030702][ T588] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 36.037183][ T588] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 36.057201][ T588] RSP: 0018:ffffc9000133f7f0 EFLAGS: 00010293
[ 36.063500][ T588] RAX: ffffffff849b9307 RBX: ffff88811d873000 RCX: ffff88811e13bcc0
[ 36.071617][ T588] RDX: 0000000000000000 RSI: 000000001d875000 RDI: 000000000c04eb7d
[ 36.079664][ T588] RBP: ffffc9000133f810 R08: ffff88811d873083 R09: 1ffff11023b0e610
[ 36.088314][ T588] R10: dffffc0000000000 R11: ffffed1023b0e611 R12: dffffc0000000000
[ 36.096328][ T588] R13: dffffc0000000000 R14: 000000001d875000 R15: ffff88811d7f9400
[ 36.104352][ T588] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 36.113421][ T588] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.120015][ T588] CR2: 00007f4d50ddbff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 36.128030][ T588] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 36.136046][ T588] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 36.144159][ T588] Call Trace:
[ 36.147443][ T588]
[ 36.150373][ T588] pppol2tp_release+0x150/0x2b0
[ 36.155422][ T588] sock_close+0xc9/0x220
[ 36.159680][ T588] ? __cfi_sock_close+0x10/0x10
[ 36.164585][ T588] __fput+0x1fd/0x8f0
[ 36.168581][ T588] ____fput+0x15/0x20
[ 36.172719][ T588] task_work_run+0x1e1/0x250
[ 36.177578][ T588] ? __cfi_task_work_run+0x10/0x10
[ 36.182752][ T588] ? free_nsproxy+0x21f/0x270
[ 36.187443][ T588] do_exit+0xa7c/0x27c0
[ 36.191650][ T588] ? _raw_spin_lock+0x94/0xf0
[ 36.196335][ T588] ? __cfi_do_exit+0x10/0x10
[ 36.200949][ T588] ? plist_del+0x3ec/0x400
[ 36.205433][ T588] ? _raw_spin_unlock+0x4c/0x70
[ 36.210291][ T588] ? __kasan_check_write+0x14/0x20
[ 36.215444][ T588] ? _raw_spin_lock_irq+0x95/0xf0
[ 36.220472][ T588] do_group_exit+0x21b/0x2e0
[ 36.225146][ T588] ? __kasan_check_write+0x14/0x20
[ 36.230287][ T588] ? recalc_sigpending+0x168/0x1c0
[ 36.235489][ T588] get_signal+0x1382/0x14f0
[ 36.240095][ T588] arch_do_signal_or_restart+0xd1/0x11c0
[ 36.245788][ T588] ? do_futex+0x2e2/0x430
[ 36.250120][ T588] ? __cfi_do_futex+0x10/0x10
[ 36.255038][ T588] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 36.261418][ T588] ? __se_sys_futex+0x136/0x310
[ 36.266283][ T588] exit_to_user_mode_loop+0x7a/0xb0
[ 36.271572][ T588] exit_to_user_mode_prepare+0x87/0xd0
[ 36.277044][ T588] syscall_exit_to_user_mode+0x1a/0x30
[ 36.282543][ T588] do_syscall_64+0x58/0xa0
[ 36.286969][ T588] ? clear_bhb_loop+0x30/0x80
[ 36.291671][ T588] ? clear_bhb_loop+0x30/0x80
[ 36.296351][ T588] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 36.302391][ T588] RIP: 0033:0x7fc874f9ce59
[ 36.306800][ T588] Code: Unable to access opcode bytes at 0x7fc874f9ce2f.
[ 36.313842][ T588] RSP: 002b:00007fc875e140e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 36.322290][ T588] RAX: fffffffffffffe00 RBX: 00007fc875215fa8 RCX: 00007fc874f9ce59
[ 36.330366][ T588] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc875215fa8
[ 36.338360][ T588] RBP: 00007fc875215fa0 R08: 0000000000000000 R09: 0000000000000000
[ 36.346352][ T588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 36.354367][ T588] R13: 00007fc875216038 R14: 00007fffc74ce040 R15: 00007fffc74ce128
[ 36.362387][ T588]
[ 36.365412][ T588] ---[ end trace 0000000000000000 ]---
[ 36.506936][ T612] ------------[ cut here ]------------
[ 36.512518][ T612] WARNING: CPU: 0 PID: 612 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.522622][ T612] Modules linked in:
[ 36.526521][ T612] CPU: 0 PID: 612 Comm: syz.1.88 Tainted: G B W syzkaller #0
[ 36.535132][ T612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 36.545223][ T612] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 36.551609][ T612] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 36.571254][ T612] RSP: 0018:ffffc900015877f0 EFLAGS: 00010293
[ 36.577323][ T612] RAX: ffffffff849b9307 RBX: ffff88811ea49000 RCX: ffff88811e921440
[ 36.585401][ T612] RDX: 0000000000000000 RSI: 000000002223eb00 RDI: 000000000c04eb7d
[ 36.593414][ T612] RBP: ffffc90001587810 R08: ffff88811ea49083 R09: 1ffff11023d49210
[ 36.601444][ T612] R10: dffffc0000000000 R11: ffffed1023d49211 R12: dffffc0000000000
[ 36.609511][ T612] R13: dffffc0000000000 R14: 000000002223eb00 R15: ffff88811dd67c00
[ 36.617530][ T612] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 36.626492][ T612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.633118][ T612] CR2: 00007fc875df2ff8 CR3: 000000012ef99000 CR4: 00000000003506b0
[ 36.641121][ T612] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 36.649097][ T612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 36.657092][ T612] Call Trace:
[ 36.660411][ T612]
[ 36.663733][ T612] pppol2tp_release+0x150/0x2b0
[ 36.668674][ T612] sock_close+0xc9/0x220
[ 36.672933][ T612] ? __cfi_sock_close+0x10/0x10
[ 36.677786][ T612] __fput+0x1fd/0x8f0
[ 36.681901][ T612] ____fput+0x15/0x20
[ 36.686143][ T612] task_work_run+0x1e1/0x250
[ 36.690743][ T612] ? __cfi_task_work_run+0x10/0x10
[ 36.695885][ T612] ? free_nsproxy+0x21f/0x270
[ 36.700571][ T612] do_exit+0xa7c/0x27c0
[ 36.704760][ T612] ? ttwu_do_wakeup+0x102/0x490
[ 36.709610][ T612] ? __cfi_do_exit+0x10/0x10
[ 36.714222][ T612] ? try_to_wake_up+0x6c6/0x1250
[ 36.719163][ T612] ? __kasan_check_write+0x14/0x20
[ 36.724293][ T612] ? _raw_spin_lock_irq+0x95/0xf0
[ 36.729345][ T612] do_group_exit+0x21b/0x2e0
[ 36.733984][ T612] ? __kasan_check_write+0x14/0x20
[ 36.739092][ T612] ? recalc_sigpending+0x168/0x1c0
[ 36.744314][ T612] get_signal+0x1382/0x14f0
[ 36.748819][ T612] arch_do_signal_or_restart+0xd1/0x11c0
[ 36.754484][ T612] ? do_futex+0x2bf/0x430
[ 36.758813][ T612] ? __cfi_do_futex+0x10/0x10
[ 36.763525][ T612] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 36.769683][ T612] ? __se_sys_futex+0x136/0x310
[ 36.774566][ T612] exit_to_user_mode_loop+0x7a/0xb0
[ 36.779762][ T612] exit_to_user_mode_prepare+0x87/0xd0
[ 36.785250][ T612] syscall_exit_to_user_mode+0x1a/0x30
[ 36.790708][ T612] do_syscall_64+0x58/0xa0
[ 36.795155][ T612] ? clear_bhb_loop+0x30/0x80
[ 36.799830][ T612] ? clear_bhb_loop+0x30/0x80
[ 36.804540][ T612] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 36.810438][ T612] RIP: 0033:0x7fc874f9ce59
[ 36.814899][ T612] Code: Unable to access opcode bytes at 0x7fc874f9ce2f.
[ 36.821936][ T612] RSP: 002b:00007fc875e140e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 36.830335][ T612] RAX: 0000000000000001 RBX: 00007fc875215fa8 RCX: 00007fc874f9ce59
[ 36.838330][ T612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc875215fac
[ 36.846370][ T612] RBP: 00007fc875215fa0 R08: 001b795b0d82d5d2 R09: 0000000000000000
[ 36.854358][ T612] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 36.862526][ T612] R13: 00007fc875216038 R14: 00007fffc74ce040 R15: 00007fffc74ce128
[ 36.870492][ T612]
[ 36.873595][ T612] ---[ end trace 0000000000000000 ]---
2026/06/14 21:13:22 executed programs: 86
[ 36.983255][ T626] ------------[ cut here ]------------
[ 36.988795][ T626] WARNING: CPU: 0 PID: 626 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.998930][ T626] Modules linked in:
[ 37.003013][ T626] CPU: 0 PID: 626 Comm: syz.1.93 Tainted: G B W syzkaller #0
[ 37.011648][ T626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 37.021734][ T626] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 37.028088][ T626] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 37.047940][ T626] RSP: 0018:ffffc900015777f0 EFLAGS: 00010293
[ 37.054040][ T626] RAX: ffffffff849b9307 RBX: ffff88811ea48000 RCX: ffff88811ef70000
[ 37.062065][ T626] RDX: 0000000000000000 RSI: 00000000221cb4c0 RDI: 000000000c04eb7d
[ 37.070044][ T626] RBP: ffffc90001577810 R08: ffff88811ea48083 R09: 1ffff11023d49010
[ 37.078069][ T626] R10: dffffc0000000000 R11: ffffed1023d49011 R12: dffffc0000000000
[ 37.086081][ T626] R13: dffffc0000000000 R14: 00000000221cb4c0 R15: ffff88811e0f4c00
[ 37.094122][ T626] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 37.103097][ T626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.109695][ T626] CR2: 00007fc875df2ff8 CR3: 000000011f08f000 CR4: 00000000003506b0
[ 37.117724][ T626] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.125728][ T626] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.133762][ T626] Call Trace:
[ 37.137040][ T626]
[ 37.139975][ T626] pppol2tp_release+0x150/0x2b0
[ 37.144883][ T626] sock_close+0xc9/0x220
[ 37.149353][ T626] ? __cfi_sock_close+0x10/0x10
[ 37.154276][ T626] __fput+0x1fd/0x8f0
[ 37.158259][ T626] ____fput+0x15/0x20
[ 37.162324][ T626] task_work_run+0x1e1/0x250
[ 37.166925][ T626] ? __cfi_task_work_run+0x10/0x10
[ 37.172094][ T626] ? free_nsproxy+0x21f/0x270
[ 37.176777][ T626] do_exit+0xa7c/0x27c0
[ 37.181254][ T626] ? ttwu_do_wakeup+0x102/0x490
[ 37.186651][ T626] ? __cfi_do_exit+0x10/0x10
[ 37.191323][ T626] ? try_to_wake_up+0x6c6/0x1250
[ 37.196281][ T626] ? __kasan_check_write+0x14/0x20
[ 37.201436][ T626] ? _raw_spin_lock_irq+0x95/0xf0
[ 37.206554][ T626] do_group_exit+0x21b/0x2e0
[ 37.211277][ T626] ? __kasan_check_write+0x14/0x20
[ 37.216420][ T626] ? recalc_sigpending+0x168/0x1c0
[ 37.221584][ T626] get_signal+0x1382/0x14f0
[ 37.226097][ T626] arch_do_signal_or_restart+0xd1/0x11c0
[ 37.231770][ T626] ? do_futex+0x2bf/0x430
[ 37.236105][ T626] ? __cfi_do_futex+0x10/0x10
[ 37.240775][ T626] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 37.246982][ T626] ? __se_sys_futex+0x136/0x310
[ 37.251870][ T626] exit_to_user_mode_loop+0x7a/0xb0
[ 37.257329][ T626] exit_to_user_mode_prepare+0x87/0xd0
[ 37.262840][ T626] syscall_exit_to_user_mode+0x1a/0x30
[ 37.268297][ T626] do_syscall_64+0x58/0xa0
[ 37.272728][ T626] ? clear_bhb_loop+0x30/0x80
[ 37.277400][ T626] ? clear_bhb_loop+0x30/0x80
[ 37.282113][ T626] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.288017][ T626] RIP: 0033:0x7fc874f9ce59
[ 37.292462][ T626] Code: Unable to access opcode bytes at 0x7fc874f9ce2f.
[ 37.299475][ T626] RSP: 002b:00007fc875e140e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 37.307918][ T626] RAX: 0000000000000001 RBX: 00007fc875215fa8 RCX: 00007fc874f9ce59
[ 37.315906][ T626] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc875215fac
[ 37.323996][ T626] RBP: 00007fc875215fa0 R08: 0038ae29876afd7d R09: 0000000000000000
[ 37.332074][ T626] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 37.340032][ T626] R13: 00007fc875216038 R14: 00007fffc74ce040 R15: 00007fffc74ce128
[ 37.348152][ T626]
[ 37.351187][ T626] ---[ end trace 0000000000000000 ]---
[ 37.492858][ T648] ------------[ cut here ]------------
[ 37.498354][ T648] WARNING: CPU: 1 PID: 648 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 37.508496][ T648] Modules linked in:
[ 37.512411][ T648] CPU: 1 PID: 648 Comm: syz.0.101 Tainted: G B W syzkaller #0
[ 37.521119][ T648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 37.531198][ T648] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 37.537538][ T648] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 37.557217][ T648] RSP: 0018:ffffc900020677f0 EFLAGS: 00010293
[ 37.563321][ T648] RAX: ffffffff849b9307 RBX: ffff88812003e000 RCX: ffff88812004d100
[ 37.571322][ T648] RDX: 0000000000000000 RSI: 0000000032621180 RDI: 000000000c04eb7d
[ 37.579304][ T648] RBP: ffffc90002067810 R08: ffff88812003e083 R09: 1ffff11024007c10
[ 37.587327][ T648] R10: dffffc0000000000 R11: ffffed1024007c11 R12: dffffc0000000000
[ 37.595333][ T648] R13: dffffc0000000000 R14: 0000000032621180 R15: ffff88811e116c00
[ 37.603328][ T648] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 37.612298][ T648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.618899][ T648] CR2: 00007fe56d6cfff8 CR3: 000000000700f000 CR4: 00000000003506a0
[ 37.627015][ T648] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.635010][ T648] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.643125][ T648] Call Trace:
[ 37.646442][ T648]
[ 37.649374][ T648] pppol2tp_release+0x150/0x2b0
[ 37.654279][ T648] sock_close+0xc9/0x220
[ 37.658663][ T648] ? __cfi_sock_close+0x10/0x10
[ 37.663554][ T648] __fput+0x1fd/0x8f0
[ 37.667557][ T648] ____fput+0x15/0x20
[ 37.671668][ T648] task_work_run+0x1e1/0x250
[ 37.676255][ T648] ? __cfi_task_work_run+0x10/0x10
[ 37.681379][ T648] ? free_nsproxy+0x21f/0x270
[ 37.686055][ T648] do_exit+0xa7c/0x27c0
[ 37.690215][ T648] ? ttwu_do_wakeup+0x102/0x490
[ 37.695082][ T648] ? __cfi_do_exit+0x10/0x10
[ 37.699761][ T648] ? try_to_wake_up+0x6c6/0x1250
[ 37.704745][ T648] ? __kasan_check_write+0x14/0x20
[ 37.709964][ T648] ? _raw_spin_lock_irq+0x95/0xf0
[ 37.715005][ T648] do_group_exit+0x21b/0x2e0
[ 37.719593][ T648] ? __kasan_check_write+0x14/0x20
[ 37.724746][ T648] ? recalc_sigpending+0x168/0x1c0
[ 37.729881][ T648] get_signal+0x1382/0x14f0
[ 37.734416][ T648] arch_do_signal_or_restart+0xd1/0x11c0
[ 37.740041][ T648] ? do_futex+0x2bf/0x430
[ 37.744404][ T648] ? __cfi_do_futex+0x10/0x10
[ 37.749084][ T648] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 37.755247][ T648] ? __se_sys_futex+0x136/0x310
[ 37.760100][ T648] exit_to_user_mode_loop+0x7a/0xb0
[ 37.765315][ T648] exit_to_user_mode_prepare+0x87/0xd0
[ 37.770770][ T648] syscall_exit_to_user_mode+0x1a/0x30
[ 37.776273][ T648] do_syscall_64+0x58/0xa0
[ 37.780700][ T648] ? clear_bhb_loop+0x30/0x80
[ 37.785389][ T648] ? clear_bhb_loop+0x30/0x80
[ 37.790059][ T648] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.795969][ T648] RIP: 0033:0x7fe56c79ce59
[ 37.800380][ T648] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 37.807420][ T648] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 37.815872][ T648] RAX: 0000000000000001 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 37.823880][ T648] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe56ca15fac
[ 37.831866][ T648] RBP: 00007fe56ca15fa0 R08: 001b795b01137a5e R09: 0000000000000000
[ 37.839832][ T648] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 37.847844][ T648] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 37.855842][ T648]
[ 37.858860][ T648] ---[ end trace 0000000000000000 ]---
[ 37.996437][ T662] ------------[ cut here ]------------
[ 38.001998][ T662] WARNING: CPU: 0 PID: 662 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 38.012061][ T662] Modules linked in:
[ 38.015956][ T662] CPU: 0 PID: 662 Comm: syz.0.103 Tainted: G B W syzkaller #0
[ 38.024817][ T662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 38.035067][ T662] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 38.041445][ T662] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03
[ 38.061445][ T662] RSP: 0018:ffffc900020ff7f0 EFLAGS: 00010293
[ 38.067523][ T662] RAX: ffffffff849b9307 RBX: ffff888111d0f000 RCX: ffff88810919a880
[ 38.075875][ T662] RDX: 0000000000000000 RSI: 0000000032617500 RDI: 000000000c04eb7d
[ 38.083882][ T662] RBP: ffffc900020ff810 R08: ffff888111d0f083 R09: 1ffff110223a1e10
[ 38.091908][ T662] R10: dffffc0000000000 R11: ffffed10223a1e11 R12: dffffc0000000000
[ 38.099884][ T662] R13: dffffc0000000000 R14: 0000000032617500 R15: ffff88811ecde400
[ 38.108631][ T662] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 38.117600][ T662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 38.124233][ T662] CR2: 00007fe56d6cfff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 38.132321][ T662] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 38.140298][ T662] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 38.148315][ T662] Call Trace:
[ 38.151610][ T662]
[ 38.154547][ T662] pppol2tp_release+0x150/0x2b0
[ 38.159402][ T662] sock_close+0xc9/0x220
[ 38.163711][ T662] ? __cfi_sock_close+0x10/0x10
[ 38.168569][ T662] __fput+0x1fd/0x8f0
[ 38.172599][ T662] ____fput+0x15/0x20
[ 38.176577][ T662] task_work_run+0x1e1/0x250
[ 38.181203][ T662] ? __cfi_task_work_run+0x10/0x10
[ 38.186323][ T662] ? free_nsproxy+0x21f/0x270
[ 38.190988][ T662] do_exit+0xa7c/0x27c0
[ 38.195245][ T662] ? ttwu_do_wakeup+0x102/0x490
[ 38.200106][ T662] ? __cfi_do_exit+0x10/0x10
[ 38.204725][ T662] ? try_to_wake_up+0x6c6/0x1250
[ 38.209662][ T662] ? __kasan_check_write+0x14/0x20
[ 38.214792][ T662] ? _raw_spin_lock_irq+0x95/0xf0
[ 38.219838][ T662] do_group_exit+0x21b/0x2e0
[ 38.224447][ T662] ? __kasan_check_write+0x14/0x20
[ 38.229560][ T662] ? recalc_sigpending+0x168/0x1c0
[ 38.234691][ T662] get_signal+0x1382/0x14f0
[ 38.239206][ T662] arch_do_signal_or_restart+0xd1/0x11c0
[ 38.244861][ T662] ? do_futex+0x2bf/0x430
[ 38.249185][ T662] ? __cfi_do_futex+0x10/0x10
[ 38.253883][ T662] ? __cfi_arch_do_signal_or_restart+0x10/0x10
[ 38.260034][ T662] ? __se_sys_futex+0x136/0x310
[ 38.264901][ T662] exit_to_user_mode_loop+0x7a/0xb0
[ 38.270095][ T662] exit_to_user_mode_prepare+0x87/0xd0
[ 38.275569][ T662] syscall_exit_to_user_mode+0x1a/0x30
[ 38.281025][ T662] do_syscall_64+0x58/0xa0
[ 38.285474][ T662] ? clear_bhb_loop+0x30/0x80
[ 38.290131][ T662] ? clear_bhb_loop+0x30/0x80
[ 38.294829][ T662] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 38.300723][ T662] RIP: 0033:0x7fe56c79ce59
[ 38.305172][ T662] Code: Unable to access opcode bytes at 0x7fe56c79ce2f.
[ 38.312259][ T662] RSP: 002b:00007fe56d6f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 38.320660][ T662] RAX: 0000000000000001 RBX: 00007fe56ca15fa8 RCX: 00007fe56c79ce59
[ 38.328656][ T662] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe56ca15fac
[ 38.336709][ T662] RBP: 00007fe56ca15fa0 R08: 003946bffadbcca4 R09: 0000000000000000
[ 38.344801][ T662] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[ 38.352791][ T662] R13: 00007fe56ca16038 R14: 00007ffd108dc990 R15: 00007ffd108dca78
[ 38.360752][ T662]
[ 38.363799][ T662] ---[ end trace 0000000000000000 ]---