syzkaller
syzkaller login: [ 13.707381][ T28] kauditd_printk_skb: 48 callbacks suppressed
[ 13.707397][ T28] audit: type=1400 audit(1782099309.186:59): avc: denied { transition } for pid=226 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.717866][ T28] audit: type=1400 audit(1782099309.186:60): avc: denied { noatsecure } for pid=226 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.724578][ T28] audit: type=1400 audit(1782099309.196:61): avc: denied { write } for pid=226 comm="sh" path="pipe:[7617]" dev="pipefs" ino=7617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 13.743127][ T28] audit: type=1400 audit(1782099309.196:62): avc: denied { rlimitinh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.766914][ T28] audit: type=1400 audit(1782099309.196:63): avc: denied { siginh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.186' (ED25519) to the list of known hosts.
2026/06/22 03:35:18 parsed 1 programs
2026/06/22 03:35:18 serving rpc on tcp://40573
[ 23.366796][ T28] audit: type=1400 audit(1782099318.846:64): avc: denied { node_bind } for pid=296 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.393355][ T28] audit: type=1400 audit(1782099318.846:65): avc: denied { module_request } for pid=296 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 24.240098][ T28] audit: type=1400 audit(1782099319.726:66): avc: denied { mounton } for pid=302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 24.241403][ T302] cgroup: Unknown subsys name 'net'
[ 24.265304][ T28] audit: type=1400 audit(1782099319.726:67): avc: denied { mount } for pid=302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.296768][ T28] audit: type=1400 audit(1782099319.756:68): avc: denied { unmount } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.296971][ T302] cgroup: Unknown subsys name 'devices'
[ 24.439814][ T302] cgroup: Unknown subsys name 'hugetlb'
[ 24.455717][ T302] cgroup: Unknown subsys name 'rlimit'
[ 24.564532][ T28] audit: type=1400 audit(1782099320.046:69): avc: denied { setattr } for pid=302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.596289][ T28] audit: type=1400 audit(1782099320.046:70): avc: denied { create } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.617127][ T307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 24.620954][ T28] audit: type=1400 audit(1782099320.046:71): avc: denied { write } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 24.659530][ T28] audit: type=1400 audit(1782099320.046:72): avc: denied { read } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.684929][ T28] audit: type=1400 audit(1782099320.046:73): avc: denied { mounton } for pid=302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.720203][ T302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 25.559752][ T315] request_module fs-gadgetfs succeeded, but still no fs?
[ 26.115422][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.122991][ T356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.131182][ T356] device bridge_slave_0 entered promiscuous mode
[ 26.156570][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.165745][ T356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.173782][ T356] device bridge_slave_1 entered promiscuous mode
[ 26.248780][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.259592][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.268940][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.276596][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.299392][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.307519][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.316105][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.326597][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.335308][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.342483][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.352628][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.361910][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.369144][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.383041][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.393450][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.408162][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 26.420364][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.428894][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.436488][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.445210][ T356] device veth0_vlan entered promiscuous mode
[ 26.462087][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.471470][ T356] device veth1_macvtap entered promiscuous mode
[ 26.481326][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2026/06/22 03:35:22 executed programs: 0
[ 26.492031][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.549725][ T356] syz-executor (356) used greatest stack depth: 21536 bytes left
[ 26.768215][ T378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.776525][ T378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.785598][ T378] device bridge_slave_0 entered promiscuous mode
[ 26.804201][ T378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.813328][ T378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.824074][ T378] device bridge_slave_1 entered promiscuous mode
[ 26.888389][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.895535][ T376] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.904130][ T376] device bridge_slave_0 entered promiscuous mode
[ 26.913448][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.921709][ T376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.929546][ T376] device bridge_slave_1 entered promiscuous mode
[ 26.936856][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.946340][ T372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.954306][ T372] device bridge_slave_0 entered promiscuous mode
[ 26.992405][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.000422][ T372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.008830][ T372] device bridge_slave_1 entered promiscuous mode
[ 27.074245][ T375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.084906][ T375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.096592][ T375] device bridge_slave_0 entered promiscuous mode
[ 27.118305][ T375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.125571][ T375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.134458][ T375] device bridge_slave_1 entered promiscuous mode
[ 27.158072][ T379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.166473][ T379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.174251][ T379] device bridge_slave_0 entered promiscuous mode
[ 27.198929][ T379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.206867][ T379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.216607][ T379] device bridge_slave_1 entered promiscuous mode
[ 27.277312][ T378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.284486][ T378] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.292252][ T378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.300648][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.381810][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.389515][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.396981][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.404051][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.424218][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.432240][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.441120][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.450250][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.458458][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.493194][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.504874][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.549358][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.559088][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.569703][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.581051][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.589433][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.597485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 27.617408][ T378] device veth0_vlan entered promiscuous mode
[ 27.628320][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.637130][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.645072][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.658817][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.667192][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.674348][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.696925][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.715123][ T378] device veth1_macvtap entered promiscuous mode
[ 27.724310][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.736084][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.745840][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.756061][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.764477][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.787032][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.798476][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.807479][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.817007][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.841295][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 27.850344][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.860783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 27.869975][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.879354][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.888667][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.898210][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.909948][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.940256][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.949714][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.963862][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.972419][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.980326][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.989378][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.997101][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.005302][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 28.013068][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.021703][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 28.030485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.039190][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.046212][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.053942][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 28.062505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.072033][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.079205][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.086723][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.095755][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.103904][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 28.113153][ T375] device veth0_vlan entered promiscuous mode
[ 28.142862][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.157474][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.166143][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.176235][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.187371][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.195880][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.209074][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 28.218719][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.227456][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.234952][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.245219][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 28.255739][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.266874][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.274325][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.282168][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 28.315764][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.325796][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.337958][ C0] ==================================================================
[ 28.346055][ C0] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0
[ 28.354085][ C0] Read of size 8 at addr ffff88810fc9a990 by task ksoftirqd/0/13
[ 28.362212][ C0]
[ 28.364592][ C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted syzkaller #0
[ 28.372184][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 28.382441][ C0] Call Trace:
[ 28.385914][ C0]
[ 28.388927][ C0] __dump_stack+0x21/0x24
[ 28.393365][ C0] dump_stack_lvl+0x110/0x170
[ 28.398083][ C0] ? __cfi_dump_stack_lvl+0x8/0x8
[ 28.403117][ C0] ? debug_smp_processor_id+0x17/0x20
[ 28.408757][ C0] ? rcu_cblist_dequeue+0x6c/0xb0
[ 28.414646][ C0] print_address_description+0x71/0x200
[ 28.421887][ C0] print_report+0x4a/0x60
[ 28.426416][ C0] kasan_report+0x122/0x150
[ 28.431020][ C0] ? rcu_cblist_dequeue+0x6c/0xb0
[ 28.436427][ C0] __asan_report_load8_noabort+0x14/0x20
[ 28.442242][ C0] rcu_cblist_dequeue+0x6c/0xb0
[ 28.447383][ C0] rcu_do_batch+0x4bc/0xc30
[ 28.454486][ C0] ? rcu_core+0xf00/0xf00
[ 28.459449][ C0] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 28.465371][ C0] ? rcu_report_qs_rnp+0x2b9/0x390
[ 28.470849][ C0] rcu_core+0x486/0xf00
[ 28.475126][ C0] ? rcu_cpu_kthread_park+0x90/0x90
[ 28.480776][ C0] ? __this_cpu_preempt_check+0x13/0x20
[ 28.486603][ C0] ? rcu_softirq_qs+0xd5/0x340
[ 28.491838][ C0] ? __cfi_rcu_softirq_qs+0x10/0x10
[ 28.498192][ C0] ? irqtime_account_irq+0x75/0x240
[ 28.504426][ C0] rcu_core_si+0x9/0x10
[ 28.508722][ C0] handle_softirqs+0x1d7/0x600
[ 28.514301][ C0] ? __cfi_run_ksoftirqd+0x10/0x10
[ 28.520130][ C0] run_ksoftirqd+0x28/0x30
[ 28.524653][ C0] smpboot_thread_fn+0x48c/0x8e0
[ 28.533106][ C0] kthread+0x281/0x320
[ 28.537196][ C0] ? __cfi_smpboot_thread_fn+0x10/0x10
[ 28.543350][ C0] ? __cfi_kthread+0x10/0x10
[ 28.549006][ C0] ret_from_fork+0x1f/0x30
[ 28.556595][ C0]
[ 28.559808][ C0]
[ 28.562212][ C0] Allocated by task 398:
[ 28.567781][ C0] kasan_set_track+0x4b/0x70
[ 28.572458][ C0] kasan_save_alloc_info+0x1f/0x30
[ 28.579251][ C0] __kasan_kmalloc+0x95/0xb0
[ 28.584201][ C0] __kmalloc+0xb4/0x1e0
[ 28.589010][ C0] l2tp_session_create+0x38/0xbd0
[ 28.594245][ C0] pppol2tp_connect+0xbf5/0x1640
[ 28.599633][ C0] __sys_connect+0x3da/0x460
[ 28.604329][ C0] __x64_sys_connect+0x7a/0x90
[ 28.609271][ C0] x64_sys_call+0x88d/0x9a0
[ 28.614212][ C0] do_syscall_64+0x4c/0xa0
[ 28.618617][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.625300][ C0]
[ 28.627710][ C0] Freed by task 8:
[ 28.631618][ C0] kasan_set_track+0x4b/0x70
[ 28.636659][ C0] kasan_save_free_info+0x2b/0x40
[ 28.641905][ C0] ____kasan_slab_free+0x132/0x180
[ 28.650349][ C0] __kasan_slab_free+0x11/0x20
[ 28.656298][ C0] slab_free_freelist_hook+0xc2/0x190
[ 28.662209][ C0] __kmem_cache_free+0xb7/0x1b0
[ 28.667347][ C0] kfree+0x6f/0xf0
[ 28.671155][ C0] l2tp_session_put+0xaf/0x1a0
[ 28.675938][ C0] l2tp_session_delete+0x3df/0x4d0
[ 28.681474][ C0] l2tp_tunnel_del_work+0x199/0x410
[ 28.687691][ C0] process_one_work+0x717/0xc30
[ 28.692583][ C0] worker_thread+0xa4d/0x11d0
[ 28.697455][ C0] kthread+0x281/0x320
[ 28.701630][ C0] ret_from_fork+0x1f/0x30
[ 28.707349][ C0]
[ 28.709746][ C0] Last potentially related work creation:
[ 28.717210][ C0] kasan_save_stack+0x3a/0x60
[ 28.722258][ C0] __kasan_record_aux_stack+0xb6/0xc0
[ 28.727862][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 28.734119][ C0] call_rcu+0xcf/0xf50
[ 28.738207][ C0] pppol2tp_release+0x1e3/0x2b0
[ 28.743063][ C0] sock_close+0xc9/0x220
[ 28.747674][ C0] __fput+0x1fd/0x8f0
[ 28.751681][ C0] ____fput+0x15/0x20
[ 28.755686][ C0] task_work_run+0x1e1/0x250
[ 28.760794][ C0] do_exit+0xaf2/0x2850
[ 28.765130][ C0] __cfi___ia32_sys_exit+0x0/0x10
[ 28.770346][ C0] x64_sys_call+0x67/0x9a0
[ 28.775058][ C0] do_syscall_64+0x4c/0xa0
[ 28.779483][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 28.786571][ C0]
[ 28.788995][ C0] The buggy address belongs to the object at ffff88810fc9a800
[ 28.788995][ C0] which belongs to the cache kmalloc-512 of size 512
[ 28.803765][ C0] The buggy address is located 400 bytes inside of
[ 28.803765][ C0] 512-byte region [ffff88810fc9a800, ffff88810fc9aa00)
[ 28.818923][ C0]
[ 28.821733][ C0] The buggy address belongs to the physical page:
[ 28.828341][ C0] page:ffffea00043f2600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fc98
[ 28.838858][ C0] head:ffffea00043f2600 order:2 compound_mapcount:0 compound_pincount:0
[ 28.847265][ C0] flags: 0x4000000000010200(slab|head|zone=1)
[ 28.853359][ C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00
[ 28.862035][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 28.870692][ C0] page dumped because: kasan: bad access detected
[ 28.877089][ C0] page_owner tracks the page as allocated
[ 28.882955][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 376, tgid 376 (syz-executor), ts 28137201446, free_ts 26022580782
[ 28.905728][ C0] post_alloc_hook+0x1f5/0x210
[ 28.910496][ C0] prep_new_page+0x1c/0x110
[ 28.915171][ C0] get_page_from_freelist+0x2ca9/0x2d20
[ 28.920805][ C0] __alloc_pages+0x1fa/0x610
[ 28.925574][ C0] alloc_slab_page+0x6e/0xf0
[ 28.930145][ C0] new_slab+0x98/0x3e0
[ 28.934193][ C0] ___slab_alloc+0x70f/0xb70
[ 28.938949][ C0] __slab_alloc+0x5e/0xa0
[ 28.943308][ C0] __kmem_cache_alloc_node+0x204/0x2d0
[ 28.948848][ C0] __kmalloc_node_track_caller+0xa1/0x1e0
[ 28.954552][ C0] __alloc_skb+0x226/0x4a0
[ 28.958990][ C0] netlink_ack+0x373/0x1160
[ 28.963525][ C0] netlink_rcv_skb+0x27e/0x450
[ 28.968291][ C0] rtnetlink_rcv+0x1c/0x20
[ 28.972694][ C0] netlink_unicast+0x8c1/0xa60
[ 28.977561][ C0] netlink_sendmsg+0x8b9/0xbd0
[ 28.982439][ C0] page last free stack trace:
[ 28.987099][ C0] free_unref_page_prepare+0x80c/0x820
[ 28.992824][ C0] free_unref_page+0x93/0x530
[ 28.997608][ C0] __free_pages+0x67/0x100
[ 29.002052][ C0] __vunmap+0xa3c/0xc00
[ 29.006214][ C0] vfree+0x61/0x90
[ 29.009932][ C0] kcov_close+0x2b/0x50
[ 29.014081][ C0] __fput+0x1fd/0x8f0
[ 29.018076][ C0] ____fput+0x15/0x20
[ 29.022145][ C0] task_work_run+0x1e1/0x250
[ 29.026984][ C0] do_exit+0xaf2/0x2850
[ 29.031162][ C0] do_group_exit+0x21b/0x2e0
[ 29.036438][ C0] get_signal+0x1382/0x14f0
[ 29.040957][ C0] arch_do_signal_or_restart+0xd1/0x11c0
[ 29.046595][ C0] exit_to_user_mode_loop+0x7a/0xb0
[ 29.051880][ C0] exit_to_user_mode_prepare+0x87/0xd0
[ 29.057377][ C0] syscall_exit_to_user_mode+0x1a/0x30
[ 29.063042][ C0]
[ 29.065371][ C0] Memory state around the buggy address:
[ 29.070991][ C0] ffff88810fc9a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.079151][ C0] ffff88810fc9a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.087220][ C0] >ffff88810fc9a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.095283][ C0] ^
[ 29.099970][ C0] ffff88810fc9aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.108378][ C0] ffff88810fc9aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.116963][ C0] ==================================================================
[ 29.125723][ C0] Disabling lock debugging due to kernel taint
[ 29.131034][ T375] device veth1_macvtap entered promiscuous mode
[ 29.143518][ T28] kauditd_printk_skb: 35 callbacks suppressed
[ 29.143531][ T28] audit: type=1400 audit(1782099324.626:109): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 29.160839][ T372] device veth0_vlan entered promiscuous mode
[ 29.187982][ T28] audit: type=1400 audit(1782099324.626:110): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.218805][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.227303][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.227759][ T28] audit: type=1400 audit(1782099324.626:111): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.236766][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.259924][ T28] audit: type=1400 audit(1782099324.626:112): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.269200][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.291417][ T28] audit: type=1400 audit(1782099324.626:113): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.299133][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.320838][ T28] audit: type=1400 audit(1782099324.626:114): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.328903][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 29.352332][ T28] audit: type=1400 audit(1782099324.626:115): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.359728][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 29.415208][ T372] device veth1_macvtap entered promiscuous mode
[ 29.429296][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.436851][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.444428][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.452994][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.462299][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.471059][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.481532][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 29.489903][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.498805][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.509097][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.519147][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.528633][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.538501][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.546982][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.555699][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.570523][ T379] device veth0_vlan entered promiscuous mode
[ 29.591810][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.603193][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.612274][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.622628][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.663917][ T379] device veth1_macvtap entered promiscuous mode
[ 29.673684][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.686481][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.706365][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.716250][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.728138][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 29.740377][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.752746][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.770714][ T43] device bridge_slave_1 left promiscuous mode
[ 29.778622][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.788535][ T43] device bridge_slave_0 left promiscuous mode
[ 29.796902][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.813584][ T43] device veth1_macvtap left promiscuous mode
[ 29.820806][ T43] device veth0_vlan left promiscuous mode
[ 29.912843][ T491] ------------[ cut here ]------------
[ 29.920664][ T491] WARNING: CPU: 0 PID: 491 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 29.931443][ T491] Modules linked in:
[ 29.935909][ T491] CPU: 0 PID: 491 Comm: syz.3.51 Tainted: G B syzkaller #0
[ 29.945246][ T491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 29.956156][ T491] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 29.963478][ T491] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 29.987944][ T491] RSP: 0018:ffffc90000d37b90 EFLAGS: 00010293
[ 29.994025][ T491] RAX: ffffffff849ba2a7 RBX: ffff88811a838000 RCX: ffff88811a282880
[ 30.003037][ T491] RDX: 0000000000000000 RSI: 000000002f0028c0 RDI: 000000000c04eb7d
[ 30.011257][ T491] RBP: ffffc90000d37bb0 R08: ffff88811a838083 R09: 1ffff11023507010
[ 30.020983][ T491] R10: dffffc0000000000 R11: ffffed1023507011 R12: dffffc0000000000
[ 30.029351][ T491] R13: dffffc0000000000 R14: 000000002f0028c0 R15: ffff88812fddc400
[ 30.037357][ T491] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 30.049863][ T491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.057477][ T491] CR2: 00005555582fa908 CR3: 000000000700f000 CR4: 00000000003506b0
[ 30.069855][ T491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.079077][ T491] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.088400][ T491] Call Trace:
[ 30.091958][ T491]
[ 30.095324][ T491] pppol2tp_release+0x150/0x2b0
[ 30.100317][ T491] sock_close+0xc9/0x220
[ 30.105624][ T491] ? __cfi_sock_close+0x10/0x10
[ 30.110839][ T491] __fput+0x1fd/0x8f0
[ 30.115113][ T491] ____fput+0x15/0x20
[ 30.119167][ T491] task_work_run+0x1e1/0x250
[ 30.123968][ T491] ? __cfi_task_work_run+0x10/0x10
[ 30.130533][ T491] ? free_nsproxy+0x21f/0x270
[ 30.136305][ T491] do_exit+0xaf2/0x2850
[ 30.141980][ T491] ? __cfi_do_exit+0x10/0x10
[ 30.147316][ T491] ? xfd_validate_state+0x70/0x150
[ 30.152787][ T491] ? __kasan_check_write+0x14/0x20
[ 30.158272][ T491] __x64_sys_exit+0x40/0x40
[ 30.165263][ T491] x64_sys_call+0x67/0x9a0
[ 30.170965][ T491] do_syscall_64+0x4c/0xa0
[ 30.175582][ T491] ? clear_bhb_loop+0x30/0x80
[ 30.180774][ T491] ? clear_bhb_loop+0x30/0x80
[ 30.185911][ T491] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.192356][ T491] RIP: 0033:0x7fad24d9ce59
[ 30.196887][ T491] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 30.204515][ T491] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 30.213628][ T491] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 30.226705][ T491] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 30.236737][ T491] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 30.248343][ T491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.260979][ T491] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 30.270339][ T491]
[ 30.273836][ T491] ---[ end trace 0000000000000000 ]---
[ 30.290906][ T376] device veth0_vlan entered promiscuous mode
[ 30.299936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.322359][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.369338][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.391065][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.403365][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 30.417528][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.445588][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 30.469460][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.485559][ T376] device veth1_macvtap entered promiscuous mode
[ 30.552464][ T600] ------------[ cut here ]------------
[ 30.558616][ T600] WARNING: CPU: 0 PID: 600 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 30.573252][ T600] Modules linked in:
[ 30.578677][ T600] CPU: 0 PID: 600 Comm: syz.5.17 Tainted: G B W syzkaller #0
[ 30.588880][ T600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 30.602322][ T600] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 30.611042][ T600] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 30.635564][ T600] RSP: 0018:ffffc90001157b90 EFLAGS: 00010293
[ 30.642653][ T600] RAX: ffffffff849ba2a7 RBX: ffff88811d24b000 RCX: ffff88811d1d6540
[ 30.653885][ T600] RDX: 0000000000000000 RSI: 000000002e312e40 RDI: 000000000c04eb7d
[ 30.665090][ T600] RBP: ffffc90001157bb0 R08: ffff88811d24b083 R09: 1ffff11023a49610
[ 30.674108][ T600] R10: dffffc0000000000 R11: ffffed1023a49611 R12: dffffc0000000000
[ 30.683631][ T600] R13: dffffc0000000000 R14: 000000002e312e40 R15: ffff888121b57000
[ 30.692908][ T600] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 30.702889][ T600] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.713033][ T600] CR2: 00007f9956748060 CR3: 000000000700f000 CR4: 00000000003506b0
[ 30.723162][ T600] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.731859][ T600] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.743020][ T600] Call Trace:
[ 30.747470][ T600]
[ 30.750701][ T600] pppol2tp_release+0x150/0x2b0
[ 30.756113][ T600] sock_close+0xc9/0x220
[ 30.760709][ T600] ? __cfi_sock_close+0x10/0x10
[ 30.766015][ T600] __fput+0x1fd/0x8f0
[ 30.770417][ T600] ____fput+0x15/0x20
[ 30.775036][ T600] task_work_run+0x1e1/0x250
[ 30.781046][ T600] ? __cfi_task_work_run+0x10/0x10
[ 30.786966][ T600] ? free_nsproxy+0x21f/0x270
[ 30.792589][ T600] do_exit+0xaf2/0x2850
[ 30.797753][ T600] ? __cfi_do_exit+0x10/0x10
[ 30.803907][ T600] ? xfd_validate_state+0x70/0x150
[ 30.809781][ T600] ? __kasan_check_write+0x14/0x20
[ 30.815208][ T600] __x64_sys_exit+0x40/0x40
[ 30.820745][ T600] x64_sys_call+0x67/0x9a0
[ 30.825533][ T600] do_syscall_64+0x4c/0xa0
[ 30.830296][ T600] ? clear_bhb_loop+0x30/0x80
[ 30.835256][ T600] ? clear_bhb_loop+0x30/0x80
[ 30.841817][ T600] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.847917][ T600] RIP: 0033:0x7f995599ce59
[ 30.852615][ T600] Code: Unable to access opcode bytes at 0x7f995599ce2f.
[ 30.860478][ T600] RSP: 002b:00007f995679bef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 30.869537][ T600] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f995599ce59
[ 30.877985][ T600] RDX: 00007f995679c9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 30.886315][ T600] RBP: 00007f9955a32e6f R08: 0000000000000000 R09: 0000000000000058
[ 30.894530][ T600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 30.903426][ T600] R13: 00007f9955c16038 R14: 00007f9955c15fa0 R15: 00007ffe854062b8
[ 30.912117][ T600]
[ 30.915592][ T600] ---[ end trace 0000000000000000 ]---
[ 30.929720][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 30.946412][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.980608][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.018966][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.041131][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.265360][ T816] ------------[ cut here ]------------
[ 31.272150][ T816] WARNING: CPU: 0 PID: 816 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.285748][ T816] Modules linked in:
[ 31.290977][ T816] CPU: 0 PID: 816 Comm: syz.4.155 Tainted: G B W syzkaller #0
[ 31.302759][ T816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 31.315155][ T816] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.323239][ T816] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 31.349197][ T816] RSP: 0018:ffffc9000192fb90 EFLAGS: 00010293
[ 31.356824][ T816] RAX: ffffffff849ba2a7 RBX: ffff888108980000 RCX: ffff8881090ea880
[ 31.366792][ T816] RDX: 0000000000000000 RSI: 000000002e577140 RDI: 000000000c04eb7d
[ 31.375540][ T816] RBP: ffffc9000192fbb0 R08: ffff888108980083 R09: 1ffff11021130010
[ 31.386534][ T816] R10: dffffc0000000000 R11: ffffed1021130011 R12: dffffc0000000000
[ 31.395231][ T816] R13: dffffc0000000000 R14: 000000002e577140 R15: ffff88810962b000
[ 31.404196][ T816] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 31.414999][ T816] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.423040][ T816] CR2: 00007f042c217dac CR3: 000000000700f000 CR4: 00000000003506b0
[ 31.431991][ T816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.440823][ T816] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.449798][ T816] Call Trace:
[ 31.453302][ T816]
[ 31.457212][ T816] pppol2tp_release+0x150/0x2b0
[ 31.462610][ T816] sock_close+0xc9/0x220
[ 31.467728][ T816] ? __cfi_sock_close+0x10/0x10
[ 31.475321][ T816] __fput+0x1fd/0x8f0
[ 31.481073][ T816] ____fput+0x15/0x20
[ 31.485818][ T816] task_work_run+0x1e1/0x250
[ 31.491184][ T816] ? __cfi_task_work_run+0x10/0x10
[ 31.497034][ T816] ? free_nsproxy+0x21f/0x270
[ 31.501981][ T816] do_exit+0xaf2/0x2850
[ 31.506952][ T816] ? __cfi_do_exit+0x10/0x10
[ 31.515482][ T816] ? xfd_validate_state+0x70/0x150
[ 31.521702][ T816] ? __kasan_check_write+0x14/0x20
[ 31.527508][ T816] __x64_sys_exit+0x40/0x40
[ 31.533261][ T816] x64_sys_call+0x67/0x9a0
[ 31.538436][ T816] do_syscall_64+0x4c/0xa0
[ 31.542975][ T816] ? clear_bhb_loop+0x30/0x80
[ 31.549293][ T816] ? clear_bhb_loop+0x30/0x80
[ 31.556177][ T816] entry_SYSCALL_64_after_hwframe+0x68/0xd2
2026/06/22 03:35:27 executed programs: 183
[ 31.559042][ T28] audit: type=1400 audit(1782099327.036:116): avc: denied { write } for pid=296 comm="syz-execprog" path="pipe:[15137]" dev="pipefs" ino=15137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 31.564637][ T816] RIP: 0033:0x7fc2e8b9ce59
[ 31.601286][ T816] Code: Unable to access opcode bytes at 0x7fc2e8b9ce2f.
[ 31.609746][ T816] RSP: 002b:00007fc2e9a1cef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 31.621456][ T816] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fc2e8b9ce59
[ 31.629733][ T816] RDX: 00007fc2e9a1d9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 31.639324][ T816] RBP: 00007fc2e8c32e6f R08: 0000000000000000 R09: 0000000000000058
[ 31.648805][ T816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 31.657063][ T816] R13: 00007fc2e8e16038 R14: 00007fc2e8e15fa0 R15: 00007fff3ab0f438
[ 31.666232][ T816]
[ 31.669667][ T816] ---[ end trace 0000000000000000 ]---
[ 31.713143][ T919] ------------[ cut here ]------------
[ 31.721281][ T919] WARNING: CPU: 1 PID: 919 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 31.737114][ T919] Modules linked in:
[ 31.742549][ T919] CPU: 1 PID: 919 Comm: syz.3.191 Tainted: G B W syzkaller #0
[ 31.752756][ T919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 31.766258][ T919] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 31.773431][ T919] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 31.795625][ T919] RSP: 0018:ffffc9000124fb90 EFLAGS: 00010293
[ 31.803151][ T919] RAX: ffffffff849ba2a7 RBX: ffff88810e4fb000 RCX: ffff88810e5de540
[ 31.812787][ T919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 31.822126][ T919] RBP: ffffc9000124fbb0 R08: ffff88810e4fb083 R09: 1ffff11021c9f610
[ 31.833505][ T919] R10: dffffc0000000000 R11: ffffed1021c9f611 R12: dffffc0000000000
[ 31.841993][ T919] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811fa87400
[ 31.851498][ T919] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 31.861761][ T919] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.869109][ T919] CR2: 00007f042c1ea2f8 CR3: 000000000700f000 CR4: 00000000003506a0
[ 31.878524][ T919] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.886971][ T919] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.895474][ T919] Call Trace:
[ 31.899856][ T919]
[ 31.903884][ T919] pppol2tp_release+0x150/0x2b0
[ 31.909689][ T919] sock_close+0xc9/0x220
[ 31.915001][ T919] ? __cfi_sock_close+0x10/0x10
[ 31.920500][ T919] __fput+0x1fd/0x8f0
[ 31.924510][ T919] ____fput+0x15/0x20
[ 31.929562][ T919] task_work_run+0x1e1/0x250
[ 31.935308][ T919] ? __cfi_task_work_run+0x10/0x10
[ 31.941616][ T919] ? free_nsproxy+0x21f/0x270
[ 31.946350][ T919] do_exit+0xaf2/0x2850
[ 31.951036][ T919] ? __cfi_do_exit+0x10/0x10
[ 31.955654][ T919] ? xfd_validate_state+0x70/0x150
[ 31.962661][ T919] ? __kasan_check_write+0x14/0x20
[ 31.968622][ T919] __x64_sys_exit+0x40/0x40
[ 31.973519][ T919] x64_sys_call+0x67/0x9a0
[ 31.978981][ T919] do_syscall_64+0x4c/0xa0
[ 31.984164][ T919] ? clear_bhb_loop+0x30/0x80
[ 31.990305][ T919] ? clear_bhb_loop+0x30/0x80
[ 31.995879][ T919] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.002456][ T919] RIP: 0033:0x7fad24d9ce59
[ 32.007321][ T919] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 32.015667][ T919] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 32.024540][ T919] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 32.034918][ T919] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 32.043834][ T919] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 32.052892][ T919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.062085][ T919] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 32.072574][ T919]
[ 32.076224][ T919] ---[ end trace 0000000000000000 ]---
[ 32.128736][ T1008] ------------[ cut here ]------------
[ 32.135995][ T1008] WARNING: CPU: 0 PID: 1008 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.147439][ T1008] Modules linked in:
[ 32.151633][ T1008] CPU: 0 PID: 1008 Comm: syz.3.217 Tainted: G B W syzkaller #0
[ 32.163302][ T1008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 32.175517][ T1008] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.182478][ T1008] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 32.203176][ T1008] RSP: 0018:ffffc900028f7b90 EFLAGS: 00010293
[ 32.209473][ T1008] RAX: ffffffff849ba2a7 RBX: ffff888110ef9000 RCX: ffff88812396d100
[ 32.219657][ T1008] RDX: 0000000000000000 RSI: 000000002e577980 RDI: 000000000c04eb7d
[ 32.228294][ T1008] RBP: ffffc900028f7bb0 R08: ffff888110ef9083 R09: 1ffff110221df210
[ 32.236374][ T1008] R10: dffffc0000000000 R11: ffffed10221df211 R12: dffffc0000000000
[ 32.244739][ T1008] R13: dffffc0000000000 R14: 000000002e577980 R15: ffff8881103c8c00
[ 32.253028][ T1008] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 32.262430][ T1008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.269470][ T1008] CR2: 00007f042cd48060 CR3: 000000000700f000 CR4: 00000000003506b0
[ 32.278107][ T1008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.286446][ T1008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.295046][ T1008] Call Trace:
[ 32.298515][ T1008]
[ 32.301459][ T1008] pppol2tp_release+0x150/0x2b0
[ 32.306499][ T1008] sock_close+0xc9/0x220
[ 32.310866][ T1008] ? __cfi_sock_close+0x10/0x10
[ 32.315755][ T1008] __fput+0x1fd/0x8f0
[ 32.320324][ T1008] ____fput+0x15/0x20
[ 32.329200][ T1008] task_work_run+0x1e1/0x250
[ 32.333859][ T1008] ? __cfi_task_work_run+0x10/0x10
[ 32.339125][ T1008] ? free_nsproxy+0x21f/0x270
[ 32.343856][ T1008] do_exit+0xaf2/0x2850
[ 32.348174][ T1008] ? __cfi_do_exit+0x10/0x10
[ 32.353214][ T1008] ? xfd_validate_state+0x70/0x150
[ 32.358501][ T1008] ? __kasan_check_write+0x14/0x20
[ 32.363714][ T1008] __x64_sys_exit+0x40/0x40
[ 32.368389][ T1008] x64_sys_call+0x67/0x9a0
[ 32.372995][ T1008] do_syscall_64+0x4c/0xa0
[ 32.377527][ T1008] ? clear_bhb_loop+0x30/0x80
[ 32.382800][ T1008] ? clear_bhb_loop+0x30/0x80
[ 32.387791][ T1008] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.393727][ T1008] RIP: 0033:0x7fad24d9ce59
[ 32.398197][ T1008] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 32.405313][ T1008] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 32.413983][ T1008] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 32.422009][ T1008] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 32.430143][ T1008] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 32.438235][ T1008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.446342][ T1008] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 32.454383][ T1008]
[ 32.457776][ T1008] ---[ end trace 0000000000000000 ]---
[ 32.542247][ T1107] ------------[ cut here ]------------
[ 32.548174][ T1107] WARNING: CPU: 1 PID: 1107 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.559792][ T1107] Modules linked in:
[ 32.563790][ T1107] CPU: 1 PID: 1107 Comm: syz.4.251 Tainted: G B W syzkaller #0
[ 32.572847][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 32.583483][ T1107] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 32.589929][ T1107] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 32.609802][ T1107] RSP: 0018:ffffc90002c97b90 EFLAGS: 00010293
[ 32.615885][ T1107] RAX: ffffffff849ba2a7 RBX: ffff88811361c000 RCX: ffff88812e42bcc0
[ 32.624081][ T1107] RDX: 0000000000000000 RSI: 0000000023cb1b00 RDI: 000000000c04eb7d
[ 32.632419][ T1107] RBP: ffffc90002c97bb0 R08: ffff88811361c083 R09: 1ffff110226c3810
[ 32.641346][ T1107] R10: dffffc0000000000 R11: ffffed10226c3811 R12: dffffc0000000000
[ 32.650381][ T1107] R13: dffffc0000000000 R14: 0000000023cb1b00 R15: ffff88810e3d6400
[ 32.659506][ T1107] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 32.669007][ T1107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.675873][ T1107] CR2: 00007fad25015fac CR3: 000000000700f000 CR4: 00000000003506a0
[ 32.684441][ T1107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.692475][ T1107] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.700584][ T1107] Call Trace:
[ 32.704007][ T1107]
[ 32.707132][ T1107] pppol2tp_release+0x150/0x2b0
[ 32.712814][ T1107] sock_close+0xc9/0x220
[ 32.717524][ T1107] ? __cfi_sock_close+0x10/0x10
[ 32.722448][ T1107] __fput+0x1fd/0x8f0
[ 32.726535][ T1107] ____fput+0x15/0x20
[ 32.730870][ T1107] task_work_run+0x1e1/0x250
[ 32.735650][ T1107] ? __cfi_task_work_run+0x10/0x10
[ 32.741352][ T1107] ? free_nsproxy+0x21f/0x270
[ 32.746050][ T1107] do_exit+0xaf2/0x2850
[ 32.750448][ T1107] ? __cfi_do_exit+0x10/0x10
[ 32.755396][ T1107] ? xfd_validate_state+0x70/0x150
[ 32.760598][ T1107] ? __kasan_check_write+0x14/0x20
[ 32.765715][ T1107] __x64_sys_exit+0x40/0x40
[ 32.770384][ T1107] x64_sys_call+0x67/0x9a0
[ 32.775019][ T1107] do_syscall_64+0x4c/0xa0
[ 32.779473][ T1107] ? clear_bhb_loop+0x30/0x80
[ 32.784164][ T1107] ? clear_bhb_loop+0x30/0x80
[ 32.788974][ T1107] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.795060][ T1107] RIP: 0033:0x7fc2e8b9ce59
[ 32.799554][ T1107] Code: Unable to access opcode bytes at 0x7fc2e8b9ce2f.
[ 32.806573][ T1107] RSP: 002b:00007fc2e9a1cef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 32.815229][ T1107] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fc2e8b9ce59
[ 32.823330][ T1107] RDX: 00007fc2e9a1d9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 32.831446][ T1107] RBP: 00007fc2e8c32e6f R08: 0000000000000000 R09: 0000000000000058
[ 32.839723][ T1107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 32.847818][ T1107] R13: 00007fc2e8e16038 R14: 00007fc2e8e15fa0 R15: 00007fff3ab0f438
[ 32.855888][ T1107]
[ 32.858994][ T1107] ---[ end trace 0000000000000000 ]---
[ 32.979085][ T1239] ------------[ cut here ]------------
[ 32.984595][ T1239] WARNING: CPU: 0 PID: 1239 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 32.995004][ T1239] Modules linked in:
[ 32.999044][ T1239] CPU: 0 PID: 1239 Comm: syz.1.283 Tainted: G B W syzkaller #0
[ 33.007933][ T1239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 33.018315][ T1239] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.024749][ T1239] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 33.044492][ T1239] RSP: 0018:ffffc90002edfb90 EFLAGS: 00010293
[ 33.051088][ T1239] RAX: ffffffff849ba2a7 RBX: ffff8881323fc000 RCX: ffff8881159ba880
[ 33.059138][ T1239] RDX: 0000000000000000 RSI: 000000001b95fc90 RDI: 000000000c04eb7d
[ 33.067677][ T1239] RBP: ffffc90002edfbb0 R08: ffff8881323fc083 R09: 1ffff1102647f810
[ 33.075661][ T1239] R10: dffffc0000000000 R11: ffffed102647f811 R12: dffffc0000000000
[ 33.085196][ T1239] R13: dffffc0000000000 R14: 000000001b95fc90 R15: ffff888130612000
[ 33.093326][ T1239] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 33.102584][ T1239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.109334][ T1239] CR2: 00007f042cd48060 CR3: 000000000700f000 CR4: 00000000003506b0
[ 33.118667][ T1239] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.126909][ T1239] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.135565][ T1239] Call Trace:
[ 33.139138][ T1239]
[ 33.142196][ T1239] pppol2tp_release+0x150/0x2b0
[ 33.147080][ T1239] sock_close+0xc9/0x220
[ 33.151649][ T1239] ? __cfi_sock_close+0x10/0x10
[ 33.156841][ T1239] __fput+0x1fd/0x8f0
[ 33.160904][ T1239] ____fput+0x15/0x20
[ 33.164989][ T1239] task_work_run+0x1e1/0x250
[ 33.170571][ T1239] ? __cfi_task_work_run+0x10/0x10
[ 33.176153][ T1239] ? free_nsproxy+0x21f/0x270
[ 33.180908][ T1239] do_exit+0xaf2/0x2850
[ 33.185084][ T1239] ? __cfi_do_exit+0x10/0x10
[ 33.189754][ T1239] ? xfd_validate_state+0x70/0x150
[ 33.195148][ T1239] ? __kasan_check_write+0x14/0x20
[ 33.200632][ T1239] __x64_sys_exit+0x40/0x40
[ 33.205250][ T1239] x64_sys_call+0x67/0x9a0
[ 33.209857][ T1239] do_syscall_64+0x4c/0xa0
[ 33.214481][ T1239] ? clear_bhb_loop+0x30/0x80
[ 33.219517][ T1239] ? clear_bhb_loop+0x30/0x80
[ 33.224390][ T1239] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.230711][ T1239] RIP: 0033:0x7f2ad719ce59
[ 33.235316][ T1239] Code: Unable to access opcode bytes at 0x7f2ad719ce2f.
[ 33.242564][ T1239] RSP: 002b:00007f2ad7facef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 33.251374][ T1239] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f2ad719ce59
[ 33.259879][ T1239] RDX: 00007f2ad7fad9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 33.268319][ T1239] RBP: 00007f2ad7232e6f R08: 0000000000000000 R09: 0000000000000058
[ 33.276607][ T1239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 33.285093][ T1239] R13: 00007f2ad7416038 R14: 00007f2ad7415fa0 R15: 00007fff9b770998
[ 33.293136][ T1239]
[ 33.296348][ T1239] ---[ end trace 0000000000000000 ]---
[ 33.474066][ T1413] ------------[ cut here ]------------
[ 33.480124][ T1413] WARNING: CPU: 0 PID: 1413 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.490701][ T1413] Modules linked in:
[ 33.495048][ T1413] CPU: 0 PID: 1413 Comm: syz.1.346 Tainted: G B W syzkaller #0
[ 33.505722][ T1413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 33.516454][ T1413] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.523477][ T1413] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 33.545054][ T1413] RSP: 0018:ffffc900036f7b90 EFLAGS: 00010293
[ 33.553445][ T1413] RAX: ffffffff849ba2a7 RBX: ffff8881177a6000 RCX: ffff88812bfa9440
[ 33.563925][ T1413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d
[ 33.573209][ T1413] RBP: ffffc900036f7bb0 R08: ffff8881177a6083 R09: 1ffff11022ef4c10
[ 33.581992][ T1413] R10: dffffc0000000000 R11: ffffed1022ef4c11 R12: dffffc0000000000
[ 33.590247][ T1413] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888123b3c800
[ 33.598739][ T1413] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 33.607938][ T1413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.614818][ T1413] CR2: 00007f99567456b8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 33.624035][ T1413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.632390][ T1413] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.641996][ T1413] Call Trace:
[ 33.646239][ T1413]
[ 33.649233][ T1413] pppol2tp_release+0x150/0x2b0
[ 33.655648][ T1413] sock_close+0xc9/0x220
[ 33.660440][ T1413] ? __cfi_sock_close+0x10/0x10
[ 33.666005][ T1413] __fput+0x1fd/0x8f0
[ 33.670187][ T1413] ____fput+0x15/0x20
[ 33.674472][ T1413] task_work_run+0x1e1/0x250
[ 33.679482][ T1413] ? __cfi_task_work_run+0x10/0x10
[ 33.685834][ T1413] ? free_nsproxy+0x21f/0x270
[ 33.690978][ T1413] do_exit+0xaf2/0x2850
[ 33.695521][ T1413] ? __cfi_do_exit+0x10/0x10
[ 33.701261][ T1413] ? xfd_validate_state+0x70/0x150
[ 33.707094][ T1413] ? __kasan_check_write+0x14/0x20
[ 33.712302][ T1413] __x64_sys_exit+0x40/0x40
[ 33.717915][ T1413] x64_sys_call+0x67/0x9a0
[ 33.723422][ T1413] do_syscall_64+0x4c/0xa0
[ 33.728076][ T1413] ? clear_bhb_loop+0x30/0x80
[ 33.733456][ T1413] ? clear_bhb_loop+0x30/0x80
[ 33.738849][ T1413] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.745206][ T1413] RIP: 0033:0x7f2ad719ce59
[ 33.750842][ T1413] Code: Unable to access opcode bytes at 0x7f2ad719ce2f.
[ 33.758596][ T1413] RSP: 002b:00007f2ad7facef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 33.768705][ T1413] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f2ad719ce59
[ 33.777051][ T1413] RDX: 00007f2ad7fad9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 33.785839][ T1413] RBP: 00007f2ad7232e6f R08: 0000000000000000 R09: 0000000000000058
[ 33.795027][ T1413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 33.803732][ T1413] R13: 00007f2ad7416038 R14: 00007f2ad7415fa0 R15: 00007fff9b770998
[ 33.812725][ T1413]
[ 33.816051][ T1413] ---[ end trace 0000000000000000 ]---
[ 33.869023][ T1539] ------------[ cut here ]------------
[ 33.874732][ T1539] WARNING: CPU: 1 PID: 1539 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 33.885309][ T1539] Modules linked in:
[ 33.889781][ T1539] CPU: 1 PID: 1539 Comm: syz.6.390 Tainted: G B W syzkaller #0
[ 33.899403][ T1539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 33.909892][ T1539] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 33.916560][ T1539] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 33.936800][ T1539] RSP: 0018:ffffc900032cfb90 EFLAGS: 00010293
[ 33.943054][ T1539] RAX: ffffffff849ba2a7 RBX: ffff888112a4c000 RCX: ffff88811a3bbcc0
[ 33.952390][ T1539] RDX: 0000000000000000 RSI: 0000000021a58100 RDI: 000000000c04eb7d
[ 33.961418][ T1539] RBP: ffffc900032cfbb0 R08: ffff888112a4c083 R09: 1ffff11022549810
[ 33.969623][ T1539] R10: dffffc0000000000 R11: ffffed1022549811 R12: dffffc0000000000
[ 33.977604][ T1539] R13: dffffc0000000000 R14: 0000000021a58100 R15: ffff88812c56b000
[ 33.986224][ T1539] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 33.995460][ T1539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.002438][ T1539] CR2: 00007f042cd48060 CR3: 000000012d991000 CR4: 00000000003506a0
[ 34.011001][ T1539] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.020452][ T1539] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.029346][ T1539] Call Trace:
[ 34.032915][ T1539]
[ 34.035945][ T1539] pppol2tp_release+0x150/0x2b0
[ 34.041183][ T1539] sock_close+0xc9/0x220
[ 34.045823][ T1539] ? __cfi_sock_close+0x10/0x10
[ 34.051184][ T1539] __fput+0x1fd/0x8f0
[ 34.055810][ T1539] ____fput+0x15/0x20
[ 34.060031][ T1539] task_work_run+0x1e1/0x250
[ 34.064657][ T1539] ? __cfi_task_work_run+0x10/0x10
[ 34.070895][ T1539] ? free_nsproxy+0x21f/0x270
[ 34.077813][ T1539] do_exit+0xaf2/0x2850
[ 34.082011][ T1539] ? __cfi_do_exit+0x10/0x10
[ 34.087212][ T1539] ? xfd_validate_state+0x70/0x150
[ 34.093273][ T1539] ? __kasan_check_write+0x14/0x20
[ 34.098696][ T1539] __x64_sys_exit+0x40/0x40
[ 34.103667][ T1539] x64_sys_call+0x67/0x9a0
[ 34.108351][ T1539] do_syscall_64+0x4c/0xa0
[ 34.113063][ T1539] ? clear_bhb_loop+0x30/0x80
[ 34.118289][ T1539] ? clear_bhb_loop+0x30/0x80
[ 34.122992][ T1539] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.129731][ T1539] RIP: 0033:0x7f042bf9ce59
[ 34.134327][ T1539] Code: Unable to access opcode bytes at 0x7f042bf9ce2f.
[ 34.141610][ T1539] RSP: 002b:00007f042ce48ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 34.150097][ T1539] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f042bf9ce59
[ 34.158250][ T1539] RDX: 00007f042ce499c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 34.166413][ T1539] RBP: 00007f042c032e6f R08: 0000000000000000 R09: 0000000000000058
[ 34.174616][ T1539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 34.182752][ T1539] R13: 00007f042c216038 R14: 00007f042c215fa0 R15: 00007fff8d445248
[ 34.191084][ T1539]
[ 34.194295][ T1539] ---[ end trace 0000000000000000 ]---
[ 34.312703][ T1651] ------------[ cut here ]------------
[ 34.318453][ T1651] WARNING: CPU: 0 PID: 1651 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.329380][ T1651] Modules linked in:
[ 34.333663][ T1651] CPU: 0 PID: 1651 Comm: syz.5.413 Tainted: G B W syzkaller #0
[ 34.342664][ T1651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.352942][ T1651] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.360099][ T1651] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 34.380570][ T1651] RSP: 0018:ffffc90004027b90 EFLAGS: 00010293
[ 34.387982][ T1651] RAX: ffffffff849ba2a7 RBX: ffff88811d1e9000 RCX: ffff88811a650000
[ 34.396892][ T1651] RDX: 0000000000000000 RSI: 000000001463ec80 RDI: 000000000c04eb7d
[ 34.406865][ T1651] RBP: ffffc90004027bb0 R08: ffff88811d1e9083 R09: 1ffff11023a3d210
[ 34.416117][ T1651] R10: dffffc0000000000 R11: ffffed1023a3d211 R12: dffffc0000000000
[ 34.425231][ T1651] R13: dffffc0000000000 R14: 000000001463ec80 R15: ffff888121b4fc00
[ 34.435260][ T1651] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 34.444860][ T1651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.452300][ T1651] CR2: 00007fad24e4f270 CR3: 000000012140f000 CR4: 00000000003506b0
[ 34.461138][ T1651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.470675][ T1651] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.479402][ T1651] Call Trace:
[ 34.482893][ T1651]
[ 34.486018][ T1651] pppol2tp_release+0x150/0x2b0
[ 34.491510][ T1651] sock_close+0xc9/0x220
[ 34.496567][ T1651] ? __cfi_sock_close+0x10/0x10
[ 34.503305][ T1651] __fput+0x1fd/0x8f0
[ 34.508780][ T1651] ____fput+0x15/0x20
[ 34.513131][ T1651] task_work_run+0x1e1/0x250
[ 34.517876][ T1651] ? __cfi_task_work_run+0x10/0x10
[ 34.523174][ T1651] ? free_nsproxy+0x21f/0x270
[ 34.527924][ T1651] do_exit+0xaf2/0x2850
[ 34.532713][ T1651] ? __cfi_do_exit+0x10/0x10
[ 34.537499][ T1651] ? xfd_validate_state+0x70/0x150
[ 34.542804][ T1651] ? __kasan_check_write+0x14/0x20
[ 34.548261][ T1651] __x64_sys_exit+0x40/0x40
[ 34.552813][ T1651] x64_sys_call+0x67/0x9a0
[ 34.557264][ T1651] do_syscall_64+0x4c/0xa0
[ 34.561872][ T1651] ? clear_bhb_loop+0x30/0x80
[ 34.566821][ T1651] ? clear_bhb_loop+0x30/0x80
[ 34.571939][ T1651] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.578031][ T1651] RIP: 0033:0x7f995599ce59
[ 34.583004][ T1651] Code: Unable to access opcode bytes at 0x7f995599ce2f.
[ 34.591589][ T1651] RSP: 002b:00007f995679bef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 34.600137][ T1651] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f995599ce59
[ 34.608342][ T1651] RDX: 00007f995679c9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 34.616336][ T1651] RBP: 00007f9955a32e6f R08: 0000000000000000 R09: 0000000000000058
[ 34.624374][ T1651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 34.632428][ T1651] R13: 00007f9955c16038 R14: 00007f9955c15fa0 R15: 00007ffe854062b8
[ 34.640549][ T1651]
[ 34.643580][ T1651] ---[ end trace 0000000000000000 ]---
[ 34.716117][ T1759] ------------[ cut here ]------------
[ 34.721699][ T1759] WARNING: CPU: 1 PID: 1759 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 34.732088][ T1759] Modules linked in:
[ 34.736058][ T1759] CPU: 1 PID: 1759 Comm: syz.6.463 Tainted: G B W syzkaller #0
[ 34.745920][ T1759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.756190][ T1759] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 34.762830][ T1759] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 34.783710][ T1759] RSP: 0018:ffffc90004237b90 EFLAGS: 00010293
[ 34.792286][ T1759] RAX: ffffffff849ba2a7 RBX: ffff88811b1db000 RCX: ffff88812c29bcc0
[ 34.800789][ T1759] RDX: 0000000000000000 RSI: 000000001c9bcc00 RDI: 000000000c04eb7d
[ 34.809791][ T1759] RBP: ffffc90004237bb0 R08: ffff88811b1db083 R09: 1ffff1102363b610
[ 34.818025][ T1759] R10: dffffc0000000000 R11: ffffed102363b611 R12: dffffc0000000000
[ 34.826501][ T1759] R13: dffffc0000000000 R14: 000000001c9bcc00 R15: ffff88811677cc00
[ 34.839765][ T1759] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 34.849166][ T1759] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.855927][ T1759] CR2: 00007fad24e4f270 CR3: 0000000123a82000 CR4: 00000000003506a0
[ 34.864031][ T1759] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.872330][ T1759] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.880608][ T1759] Call Trace:
[ 34.883898][ T1759]
[ 34.887358][ T1759] pppol2tp_release+0x150/0x2b0
[ 34.892465][ T1759] sock_close+0xc9/0x220
[ 34.896735][ T1759] ? __cfi_sock_close+0x10/0x10
[ 34.901636][ T1759] __fput+0x1fd/0x8f0
[ 34.905644][ T1759] ____fput+0x15/0x20
[ 34.909982][ T1759] task_work_run+0x1e1/0x250
[ 34.914594][ T1759] ? __cfi_task_work_run+0x10/0x10
[ 34.919768][ T1759] ? free_nsproxy+0x21f/0x270
[ 34.924912][ T1759] do_exit+0xaf2/0x2850
[ 34.929337][ T1759] ? __cfi_do_exit+0x10/0x10
[ 34.933953][ T1759] ? xfd_validate_state+0x70/0x150
[ 34.939142][ T1759] ? __kasan_check_write+0x14/0x20
[ 34.944446][ T1759] __x64_sys_exit+0x40/0x40
[ 34.949018][ T1759] x64_sys_call+0x67/0x9a0
[ 34.953461][ T1759] do_syscall_64+0x4c/0xa0
[ 34.958032][ T1759] ? clear_bhb_loop+0x30/0x80
[ 34.962812][ T1759] ? clear_bhb_loop+0x30/0x80
[ 34.968056][ T1759] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 34.973977][ T1759] RIP: 0033:0x7f042bf9ce59
[ 34.979058][ T1759] Code: Unable to access opcode bytes at 0x7f042bf9ce2f.
[ 34.986259][ T1759] RSP: 002b:00007f042ce48ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 34.995528][ T1759] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f042bf9ce59
[ 35.003644][ T1759] RDX: 00007f042ce499c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 35.012037][ T1759] RBP: 00007f042c032e6f R08: 0000000000000000 R09: 0000000000000058
[ 35.020321][ T1759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 35.028526][ T1759] R13: 00007f042c216038 R14: 00007f042c215fa0 R15: 00007fff8d445248
[ 35.036602][ T1759]
[ 35.039753][ T1759] ---[ end trace 0000000000000000 ]---
[ 35.115961][ T1890] ------------[ cut here ]------------
[ 35.121620][ T1890] WARNING: CPU: 0 PID: 1890 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 35.132969][ T1890] Modules linked in:
[ 35.136881][ T1890] CPU: 0 PID: 1890 Comm: syz.3.500 Tainted: G B W syzkaller #0
[ 35.146101][ T1890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 35.156378][ T1890] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 35.163048][ T1890] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 35.183328][ T1890] RSP: 0018:ffffc9000492fb90 EFLAGS: 00010293
[ 35.189470][ T1890] RAX: ffffffff849ba2a7 RBX: ffff88811f72c000 RCX: ffff88811fd4d100
[ 35.197525][ T1890] RDX: 0000000000000000 RSI: 000000000fda8b10 RDI: 000000000c04eb7d
[ 35.205691][ T1890] RBP: ffffc9000492fbb0 R08: ffff88811f72c083 R09: 1ffff11023ee5810
[ 35.214139][ T1890] R10: dffffc0000000000 R11: ffffed1023ee5811 R12: dffffc0000000000
[ 35.222594][ T1890] R13: dffffc0000000000 R14: 000000000fda8b10 R15: ffff8881321f2800
[ 35.231079][ T1890] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 35.240241][ T1890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.246925][ T1890] CR2: 00007fc2e8e17dac CR3: 000000000700f000 CR4: 00000000003506b0
[ 35.255475][ T1890] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.264120][ T1890] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.272772][ T1890] Call Trace:
[ 35.276083][ T1890]
[ 35.279279][ T1890] pppol2tp_release+0x150/0x2b0
[ 35.284153][ T1890] sock_close+0xc9/0x220
[ 35.289338][ T1890] ? __cfi_sock_close+0x10/0x10
[ 35.294230][ T1890] __fput+0x1fd/0x8f0
[ 35.298279][ T1890] ____fput+0x15/0x20
[ 35.302461][ T1890] task_work_run+0x1e1/0x250
[ 35.307079][ T1890] ? __cfi_task_work_run+0x10/0x10
[ 35.312257][ T1890] ? free_nsproxy+0x21f/0x270
[ 35.317039][ T1890] do_exit+0xaf2/0x2850
[ 35.321419][ T1890] ? __cfi_do_exit+0x10/0x10
[ 35.326216][ T1890] ? xfd_validate_state+0x70/0x150
[ 35.331605][ T1890] ? __kasan_check_write+0x14/0x20
[ 35.336863][ T1890] __x64_sys_exit+0x40/0x40
[ 35.341468][ T1890] x64_sys_call+0x67/0x9a0
[ 35.345976][ T1890] do_syscall_64+0x4c/0xa0
[ 35.350658][ T1890] ? clear_bhb_loop+0x30/0x80
[ 35.355694][ T1890] ? clear_bhb_loop+0x30/0x80
[ 35.360953][ T1890] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.366863][ T1890] RIP: 0033:0x7fad24d9ce59
[ 35.371338][ T1890] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 35.378405][ T1890] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 35.386925][ T1890] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 35.395205][ T1890] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 35.403214][ T1890] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 35.411246][ T1890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 35.419254][ T1890] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 35.427330][ T1890]
[ 35.430406][ T1890] ---[ end trace 0000000000000000 ]---
[ 35.520727][ T2009] ------------[ cut here ]------------
[ 35.526442][ T2009] WARNING: CPU: 1 PID: 2009 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 35.536771][ T2009] Modules linked in:
[ 35.540942][ T2009] CPU: 1 PID: 2009 Comm: syz.4.542 Tainted: G B W syzkaller #0
[ 35.550913][ T2009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 35.562767][ T2009] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 35.569628][ T2009] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 35.590143][ T2009] RSP: 0018:ffffc90000c67b90 EFLAGS: 00010293
[ 35.596414][ T2009] RAX: ffffffff849ba2a7 RBX: ffff888114e61000 RCX: ffff888109275100
[ 35.604468][ T2009] RDX: 0000000000000000 RSI: 000000001b0a4240 RDI: 000000000c04eb7d
[ 35.613591][ T2009] RBP: ffffc90000c67bb0 R08: ffff888114e61083 R09: 1ffff110229cc210
[ 35.622171][ T2009] R10: dffffc0000000000 R11: ffffed10229cc211 R12: dffffc0000000000
[ 35.631488][ T2009] R13: dffffc0000000000 R14: 000000001b0a4240 R15: ffff88811fa7e800
[ 35.639860][ T2009] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 35.649177][ T2009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.656028][ T2009] CR2: 00007f2ad7417dac CR3: 000000000700f000 CR4: 00000000003506a0
[ 35.664269][ T2009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.672370][ T2009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.680482][ T2009] Call Trace:
[ 35.683759][ T2009]
[ 35.686698][ T2009] pppol2tp_release+0x150/0x2b0
[ 35.691948][ T2009] sock_close+0xc9/0x220
[ 35.696218][ T2009] ? __cfi_sock_close+0x10/0x10
[ 35.701509][ T2009] __fput+0x1fd/0x8f0
[ 35.705519][ T2009] ____fput+0x15/0x20
[ 35.709558][ T2009] task_work_run+0x1e1/0x250
[ 35.714168][ T2009] ? __cfi_task_work_run+0x10/0x10
[ 35.719375][ T2009] ? free_nsproxy+0x21f/0x270
[ 35.724263][ T2009] do_exit+0xaf2/0x2850
[ 35.728467][ T2009] ? __cfi_do_exit+0x10/0x10
[ 35.733082][ T2009] ? xfd_validate_state+0x70/0x150
[ 35.738231][ T2009] ? __kasan_check_write+0x14/0x20
[ 35.743358][ T2009] __x64_sys_exit+0x40/0x40
[ 35.747935][ T2009] x64_sys_call+0x67/0x9a0
[ 35.752374][ T2009] do_syscall_64+0x4c/0xa0
[ 35.756808][ T2009] ? clear_bhb_loop+0x30/0x80
[ 35.763054][ T2009] ? clear_bhb_loop+0x30/0x80
[ 35.767849][ T2009] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.773881][ T2009] RIP: 0033:0x7fc2e8b9ce59
[ 35.778356][ T2009] Code: Unable to access opcode bytes at 0x7fc2e8b9ce2f.
[ 35.785409][ T2009] RSP: 002b:00007fc2e9a1cef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 35.794136][ T2009] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fc2e8b9ce59
[ 35.802322][ T2009] RDX: 00007fc2e9a1d9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 35.810371][ T2009] RBP: 00007fc2e8c32e6f R08: 0000000000000000 R09: 0000000000000058
[ 35.818553][ T2009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 35.828509][ T2009] R13: 00007fc2e8e16038 R14: 00007fc2e8e15fa0 R15: 00007fff3ab0f438
[ 35.837284][ T2009]
[ 35.840353][ T2009] ---[ end trace 0000000000000000 ]---
[ 36.006385][ T2147] ------------[ cut here ]------------
[ 36.012232][ T2147] WARNING: CPU: 0 PID: 2147 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.022683][ T2147] Modules linked in:
[ 36.026599][ T2147] CPU: 0 PID: 2147 Comm: syz.3.571 Tainted: G B W syzkaller #0
[ 36.035688][ T2147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 36.045968][ T2147] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 36.052438][ T2147] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 36.072807][ T2147] RSP: 0018:ffffc9000121fb90 EFLAGS: 00010293
[ 36.079840][ T2147] RAX: ffffffff849ba2a7 RBX: ffff888115039000 RCX: ffff88810fd4bcc0
[ 36.088047][ T2147] RDX: 0000000000000000 RSI: 0000000020a22f00 RDI: 000000000c04eb7d
[ 36.096118][ T2147] RBP: ffffc9000121fbb0 R08: ffff888115039083 R09: 1ffff11022a07210
[ 36.104248][ T2147] R10: dffffc0000000000 R11: ffffed1022a07211 R12: dffffc0000000000
[ 36.112275][ T2147] R13: dffffc0000000000 R14: 0000000020a22f00 R15: ffff888112ee0400
[ 36.120287][ T2147] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 36.129557][ T2147] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.136219][ T2147] CR2: 0000200000000240 CR3: 0000000131721000 CR4: 00000000003506b0
[ 36.144354][ T2147] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 36.152388][ T2147] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 36.160506][ T2147] Call Trace:
[ 36.163811][ T2147]
[ 36.166753][ T2147] pppol2tp_release+0x150/0x2b0
[ 36.171671][ T2147] sock_close+0xc9/0x220
[ 36.176015][ T2147] ? __cfi_sock_close+0x10/0x10
[ 36.180929][ T2147] __fput+0x1fd/0x8f0
[ 36.184932][ T2147] ____fput+0x15/0x20
[ 36.188977][ T2147] task_work_run+0x1e1/0x250
[ 36.193675][ T2147] ? __cfi_task_work_run+0x10/0x10
[ 36.199055][ T2147] ? free_nsproxy+0x21f/0x270
[ 36.203753][ T2147] do_exit+0xaf2/0x2850
[ 36.208497][ T2147] ? __cfi_do_exit+0x10/0x10
[ 36.213209][ T2147] ? xfd_validate_state+0x70/0x150
[ 36.218487][ T2147] ? __kasan_check_write+0x14/0x20
[ 36.223715][ T2147] __x64_sys_exit+0x40/0x40
[ 36.228496][ T2147] x64_sys_call+0x67/0x9a0
[ 36.232930][ T2147] do_syscall_64+0x4c/0xa0
[ 36.237367][ T2147] ? clear_bhb_loop+0x30/0x80
[ 36.242264][ T2147] ? clear_bhb_loop+0x30/0x80
[ 36.247122][ T2147] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 36.253086][ T2147] RIP: 0033:0x7fad24d9ce59
[ 36.257707][ T2147] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 36.264738][ T2147] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 36.273202][ T2147] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 36.281238][ T2147] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 36.289268][ T2147] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 36.297515][ T2147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 36.305819][ T2147] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 36.313915][ T2147]
[ 36.316945][ T2147] ---[ end trace 0000000000000000 ]---
[ 36.375193][ T2277] ------------[ cut here ]------------
[ 36.380829][ T2277] WARNING: CPU: 1 PID: 2277 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.391246][ T2277] Modules linked in:
[ 36.395322][ T2277] CPU: 1 PID: 2277 Comm: syz.3.631 Tainted: G B W syzkaller #0
[ 36.404222][ T2277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 36.414422][ T2277] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 36.420998][ T2277] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 36.441022][ T2277] RSP: 0018:ffffc900016dfb90 EFLAGS: 00010293
[ 36.447689][ T2277] RAX: ffffffff849ba2a7 RBX: ffff88810925f000 RCX: ffff888114209440
[ 36.455858][ T2277] RDX: 0000000000000000 RSI: 000000001d559dc0 RDI: 000000000c04eb7d
[ 36.464884][ T2277] RBP: ffffc900016dfbb0 R08: ffff88810925f083 R09: 1ffff1102124be10
[ 36.473195][ T2277] R10: dffffc0000000000 R11: ffffed102124be11 R12: dffffc0000000000
[ 36.482119][ T2277] R13: dffffc0000000000 R14: 000000001d559dc0 R15: ffff888112ee4000
[ 36.490378][ T2277] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 36.499648][ T2277] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.506506][ T2277] CR2: 00007f9956748060 CR3: 000000000700f000 CR4: 00000000003506a0
[ 36.514787][ T2277] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 36.524009][ T2277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 36.532407][ T2277] Call Trace:
[ 36.536174][ T2277]
[ 36.539373][ T2277] pppol2tp_release+0x150/0x2b0
[ 36.544599][ T2277] sock_close+0xc9/0x220
[ 36.549209][ T2277] ? __cfi_sock_close+0x10/0x10
[ 36.554087][ T2277] __fput+0x1fd/0x8f0
[ 36.558178][ T2277] ____fput+0x15/0x20
[ 36.562272][ T2277] task_work_run+0x1e1/0x250
[ 36.567048][ T2277] ? __cfi_task_work_run+0x10/0x10
2026/06/22 03:35:32 executed programs: 664
[ 36.572417][ T2277] ? free_nsproxy+0x21f/0x270
[ 36.577219][ T2277] do_exit+0xaf2/0x2850
[ 36.581874][ T2277] ? __cfi_do_exit+0x10/0x10
[ 36.586748][ T2277] ? xfd_validate_state+0x70/0x150
[ 36.591985][ T2277] ? __kasan_check_write+0x14/0x20
[ 36.597467][ T2277] __x64_sys_exit+0x40/0x40
[ 36.602694][ T2277] x64_sys_call+0x67/0x9a0
[ 36.607392][ T2277] do_syscall_64+0x4c/0xa0
[ 36.611904][ T2277] ? clear_bhb_loop+0x30/0x80
[ 36.616681][ T2277] ? clear_bhb_loop+0x30/0x80
[ 36.621589][ T2277] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 36.627502][ T2277] RIP: 0033:0x7fad24d9ce59
[ 36.632080][ T2277] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 36.639758][ T2277] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 36.649190][ T2277] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 36.657549][ T2277] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 36.666259][ T2277] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 36.674931][ T2277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 36.683383][ T2277] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 36.691577][ T2277]
[ 36.694596][ T2277] ---[ end trace 0000000000000000 ]---
[ 36.863360][ T2436] ------------[ cut here ]------------
[ 36.869269][ T2436] WARNING: CPU: 1 PID: 2436 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 36.880180][ T2436] Modules linked in:
[ 36.884086][ T2436] CPU: 1 PID: 2436 Comm: syz.3.676 Tainted: G B W syzkaller #0
[ 36.892993][ T2436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 36.903234][ T2436] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 36.909695][ T2436] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 36.930137][ T2436] RSP: 0018:ffffc9000170fb90 EFLAGS: 00010293
[ 36.936318][ T2436] RAX: ffffffff849ba2a7 RBX: ffff8881168fa000 RCX: ffff888111dd0000
[ 36.944659][ T2436] RDX: 0000000000000000 RSI: 00000000227c02a0 RDI: 000000000c04eb7d
[ 36.952981][ T2436] RBP: ffffc9000170fbb0 R08: ffff8881168fa083 R09: 1ffff11022d1f410
[ 36.961156][ T2436] R10: dffffc0000000000 R11: ffffed1022d1f411 R12: dffffc0000000000
[ 36.969322][ T2436] R13: dffffc0000000000 R14: 00000000227c02a0 R15: ffff88812ad5c400
[ 36.977390][ T2436] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 36.986451][ T2436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.993179][ T2436] CR2: 00007f2ad7157f70 CR3: 000000012f82d000 CR4: 00000000003506a0
[ 37.001305][ T2436] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.009338][ T2436] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.017716][ T2436] Call Trace:
[ 37.021000][ T2436]
[ 37.023954][ T2436] pppol2tp_release+0x150/0x2b0
[ 37.028852][ T2436] sock_close+0xc9/0x220
[ 37.033199][ T2436] ? __cfi_sock_close+0x10/0x10
[ 37.038102][ T2436] __fput+0x1fd/0x8f0
[ 37.042098][ T2436] ____fput+0x15/0x20
[ 37.046088][ T2436] task_work_run+0x1e1/0x250
[ 37.050742][ T2436] ? __cfi_task_work_run+0x10/0x10
[ 37.055870][ T2436] ? free_nsproxy+0x21f/0x270
[ 37.060602][ T2436] do_exit+0xaf2/0x2850
[ 37.064775][ T2436] ? __cfi_do_exit+0x10/0x10
[ 37.069428][ T2436] ? xfd_validate_state+0x70/0x150
[ 37.074549][ T2436] ? __kasan_check_write+0x14/0x20
[ 37.079734][ T2436] __x64_sys_exit+0x40/0x40
[ 37.084425][ T2436] x64_sys_call+0x67/0x9a0
[ 37.089066][ T2436] do_syscall_64+0x4c/0xa0
[ 37.093491][ T2436] ? clear_bhb_loop+0x30/0x80
[ 37.098315][ T2436] ? clear_bhb_loop+0x30/0x80
[ 37.103110][ T2436] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.109030][ T2436] RIP: 0033:0x7fad24d9ce59
[ 37.113458][ T2436] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 37.120527][ T2436] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 37.129201][ T2436] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 37.137377][ T2436] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 37.145432][ T2436] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 37.153437][ T2436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 37.161454][ T2436] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 37.169465][ T2436]
[ 37.172516][ T2436] ---[ end trace 0000000000000000 ]---
[ 37.201349][ T2559] ------------[ cut here ]------------
[ 37.206947][ T2559] WARNING: CPU: 0 PID: 2559 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 37.218180][ T2559] Modules linked in:
[ 37.222532][ T2559] CPU: 0 PID: 2559 Comm: syz.6.722 Tainted: G B W syzkaller #0
[ 37.231653][ T2559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 37.242564][ T2559] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 37.249046][ T2559] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 37.269452][ T2559] RSP: 0018:ffffc9000211fb90 EFLAGS: 00010293
[ 37.275649][ T2559] RAX: ffffffff849ba2a7 RBX: ffff8881193f1000 RCX: ffff888131bfbcc0
[ 37.283965][ T2559] RDX: 0000000000000000 RSI: 0000000008fe0e40 RDI: 000000000c04eb7d
[ 37.292069][ T2559] RBP: ffffc9000211fbb0 R08: ffff8881193f1083 R09: 1ffff1102327e210
[ 37.300273][ T2559] R10: dffffc0000000000 R11: ffffed102327e211 R12: dffffc0000000000
[ 37.308546][ T2559] R13: dffffc0000000000 R14: 0000000008fe0e40 R15: ffff88810940cc00
[ 37.316643][ T2559] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 37.326241][ T2559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.332966][ T2559] CR2: 00007f9955c15fa4 CR3: 000000000700f000 CR4: 00000000003506b0
[ 37.341000][ T2559] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.349008][ T2559] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.357084][ T2559] Call Trace:
[ 37.360421][ T2559]
[ 37.363536][ T2559] pppol2tp_release+0x150/0x2b0
[ 37.368540][ T2559] sock_close+0xc9/0x220
[ 37.372794][ T2559] ? __cfi_sock_close+0x10/0x10
[ 37.377697][ T2559] __fput+0x1fd/0x8f0
[ 37.381700][ T2559] ____fput+0x15/0x20
[ 37.385705][ T2559] task_work_run+0x1e1/0x250
[ 37.390509][ T2559] ? __cfi_task_work_run+0x10/0x10
[ 37.395907][ T2559] ? free_nsproxy+0x21f/0x270
[ 37.400644][ T2559] do_exit+0xaf2/0x2850
[ 37.404824][ T2559] ? __cfi_do_exit+0x10/0x10
[ 37.409466][ T2559] ? xfd_validate_state+0x70/0x150
[ 37.414598][ T2559] ? __kasan_check_write+0x14/0x20
[ 37.419776][ T2559] __x64_sys_exit+0x40/0x40
[ 37.424393][ T2559] x64_sys_call+0x67/0x9a0
[ 37.428890][ T2559] do_syscall_64+0x4c/0xa0
[ 37.433342][ T2559] ? clear_bhb_loop+0x30/0x80
[ 37.438163][ T2559] ? clear_bhb_loop+0x30/0x80
[ 37.443029][ T2559] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.449176][ T2559] RIP: 0033:0x7f042bf9ce59
[ 37.453696][ T2559] Code: Unable to access opcode bytes at 0x7f042bf9ce2f.
[ 37.460841][ T2559] RSP: 002b:00007f042ce48ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 37.469385][ T2559] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f042bf9ce59
[ 37.477373][ T2559] RDX: 00007f042ce499c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 37.485407][ T2559] RBP: 00007f042c032e6f R08: 0000000000000000 R09: 0000000000000058
[ 37.493610][ T2559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 37.501915][ T2559] R13: 00007f042c216038 R14: 00007f042c215fa0 R15: 00007fff8d445248
[ 37.509979][ T2559]
[ 37.513100][ T2559] ---[ end trace 0000000000000000 ]---
[ 37.544585][ T2650] ------------[ cut here ]------------
[ 37.550576][ T2650] WARNING: CPU: 1 PID: 2650 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 37.561250][ T2650] Modules linked in:
[ 37.565349][ T2650] CPU: 1 PID: 2650 Comm: syz.5.750 Tainted: G B W syzkaller #0
[ 37.574286][ T2650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 37.584622][ T2650] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 37.591284][ T2650] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 37.611669][ T2650] RSP: 0018:ffffc90002277b90 EFLAGS: 00010293
[ 37.617941][ T2650] RAX: ffffffff849ba2a7 RBX: ffff88811b569000 RCX: ffff88811aa79440
[ 37.625927][ T2650] RDX: 0000000000000000 RSI: 000000003166a800 RDI: 000000000c04eb7d
[ 37.634948][ T2650] RBP: ffffc90002277bb0 R08: ffff88811b569083 R09: 1ffff110236ad210
[ 37.639955][ T2675] ------------[ cut here ]------------
[ 37.643242][ T2650] R10: dffffc0000000000 R11: ffffed10236ad211 R12: dffffc0000000000
[ 37.648599][ T2675] WARNING: CPU: 0 PID: 2675 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 37.656743][ T2650] R13: dffffc0000000000 R14: 000000003166a800 R15: ffff88812cea2800
[ 37.666944][ T2675] Modules linked in:
[ 37.674937][ T2650] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 37.674968][ T2650] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.678958][ T2675]
[ 37.678965][ T2675] CPU: 0 PID: 2675 Comm: syz.3.758 Tainted: G B W syzkaller #0
[ 37.678981][ T2675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 37.678990][ T2675] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 37.687939][ T2650] CR2: 00007ffe85405ff8 CR3: 000000000700f000 CR4: 00000000003506a0
[ 37.694511][ T2675] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 37.696806][ T2650] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.705756][ T2675] RSP: 0018:ffffc900024efb90 EFLAGS: 00010293
[ 37.716164][ T2650] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.716178][ T2650] Call Trace:
[ 37.716184][ T2650]
[ 37.723467][ T2675]
[ 37.723473][ T2675] RAX: ffffffff849ba2a7 RBX: ffff888113de4000 RCX: ffff88811a285100
[ 37.731451][ T2650] pppol2tp_release+0x150/0x2b0
[ 37.731479][ T2650] sock_close+0xc9/0x220
[ 37.731497][ T2650] ? __cfi_sock_close+0x10/0x10
[ 37.731516][ T2650] __fput+0x1fd/0x8f0
[ 37.731537][ T2650] ____fput+0x15/0x20
[ 37.751155][ T2675] RDX: 0000000000000000 RSI: 000000002cea2800 RDI: 000000000c04eb7d
[ 37.759444][ T2650] task_work_run+0x1e1/0x250
[ 37.765783][ T2675] RBP: ffffc900024efbb0 R08: ffff888113de4083 R09: 1ffff110227bc810
[ 37.773889][ T2650] ? __cfi_task_work_run+0x10/0x10
[ 37.777319][ T2675] R10: dffffc0000000000 R11: ffffed10227bc811 R12: dffffc0000000000
[ 37.780545][ T2650] ? free_nsproxy+0x21f/0x270
[ 37.782755][ T2675] R13: dffffc0000000000 R14: 000000002cea2800 R15: ffff88811a511800
[ 37.790834][ T2650] do_exit+0xaf2/0x2850
[ 37.798429][ T2675] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 37.802756][ T2650] ? __cfi_do_exit+0x10/0x10
[ 37.807597][ T2675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.811714][ T2650] ? xfd_validate_state+0x70/0x150
[ 37.815719][ T2675] CR2: 00007f2ad7facff8 CR3: 000000000700f000 CR4: 00000000003506b0
[ 37.823732][ T2650] ? __kasan_check_write+0x14/0x20
[ 37.823764][ T2650] __x64_sys_exit+0x40/0x40
[ 37.823786][ T2650] x64_sys_call+0x67/0x9a0
[ 37.823805][ T2650] do_syscall_64+0x4c/0xa0
[ 37.828448][ T2675] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.836427][ T2650] ? clear_bhb_loop+0x30/0x80
[ 37.841743][ T2675] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.849755][ T2650] ? clear_bhb_loop+0x30/0x80
[ 37.854424][ T2675] Call Trace:
[ 37.854435][ T2675]
[ 37.862440][ T2650] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.866685][ T2675] pppol2tp_release+0x150/0x2b0
[ 37.875823][ T2650] RIP: 0033:0x7f995599ce59
[ 37.880402][ T2675] sock_close+0xc9/0x220
[ 37.887052][ T2650] Code: Unable to access opcode bytes at 0x7f995599ce2f.
[ 37.892193][ T2675] ? __cfi_sock_close+0x10/0x10
[ 37.900164][ T2650] RSP: 002b:00007f995679bef8 EFLAGS: 00000246
[ 37.905255][ T2675] __fput+0x1fd/0x8f0
[ 37.909750][ T2650] ORIG_RAX: 000000000000003c
[ 37.909759][ T2650] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f995599ce59
[ 37.909770][ T2650] RDX: 00007f995679c9c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 37.914427][ T2675] ____fput+0x15/0x20
[ 37.918853][ T2650] RBP: 00007f9955a32e6f R08: 0000000000000000 R09: 0000000000000058
[ 37.926984][ T2675] task_work_run+0x1e1/0x250
[ 37.931757][ T2650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 37.931770][ T2650] R13: 00007f9955c16038 R14: 00007f9955c15fa0 R15: 00007ffe854062b8
[ 37.931782][ T2650]
[ 37.931787][ T2650] ---[ end trace 0000000000000000 ]---
[ 38.055334][ T2675] ? __cfi_task_work_run+0x10/0x10
[ 38.060601][ T2675] ? free_nsproxy+0x21f/0x270
[ 38.065316][ T2675] do_exit+0xaf2/0x2850
[ 38.069535][ T2675] ? __cfi_do_exit+0x10/0x10
[ 38.074689][ T2675] ? xfd_validate_state+0x70/0x150
[ 38.080169][ T2675] ? __kasan_check_write+0x14/0x20
[ 38.085335][ T2675] __x64_sys_exit+0x40/0x40
[ 38.089949][ T2675] x64_sys_call+0x67/0x9a0
[ 38.094399][ T2675] do_syscall_64+0x4c/0xa0
[ 38.098877][ T2675] ? clear_bhb_loop+0x30/0x80
[ 38.103646][ T2675] ? clear_bhb_loop+0x30/0x80
[ 38.108379][ T2675] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 38.114284][ T2675] RIP: 0033:0x7fad24d9ce59
[ 38.118757][ T2675] Code: Unable to access opcode bytes at 0x7fad24d9ce2f.
[ 38.125817][ T2675] RSP: 002b:00007fad25ca7ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[ 38.134305][ T2675] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fad24d9ce59
[ 38.142570][ T2675] RDX: 00007fad25ca89c8 RSI: 0000000000000000 RDI: 0000000000000000
[ 38.150614][ T2675] RBP: 00007fad24e32e6f R08: 0000000000000000 R09: 0000000000000058
[ 38.158717][ T2675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 38.166703][ T2675] R13: 00007fad25016038 R14: 00007fad25015fa0 R15: 00007ffef3b659d8
[ 38.174740][ T2675]
[ 38.177869][ T2675] ---[ end trace 0000000000000000 ]---
[ 38.258991][ T2787] ------------[ cut here ]------------
[ 38.264693][ T2787] WARNING: CPU: 1 PID: 2787 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0
[ 38.275165][ T2787] Modules linked in:
[ 38.279304][ T2787] CPU: 1 PID: 2787 Comm: syz.6.795 Tainted: G B W syzkaller #0
[ 38.288429][ T2787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 38.298811][ T2787] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0
[ 38.305361][ T2787] Code: 5d c3 e8 ac c1 d5 fc be 02 00 00 00 eb 0a e8 a0 c1 d5 fc be 01 00 00 00 4c 89 f7 e8 73 20 cd fd e9 0f ff ff ff e8 89 c1 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 78 c1 d5 fc 4c 89 f7 be 03
[ 38.325503][ T2787] RSP: 0018:ffffc90002907b90 EFLAGS: 00010293
[ 38.331611][ T2787] RAX: ffffffff849ba2a7 RBX: ffff88811db75000 RCX: ffff888119fc6540
[ 38.339630][ T2787] RDX: 0000000000000000 RSI: 0000000017cf0ba8 RDI: 000000000c04eb7d
[ 38.348262][ T2787] RBP: ffffc90002907bb0 R08: ffff88811db75083 R09: 1ffff11023b6ea10