Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts.
2026/06/22 21:37:39 parsed 1 programs
2026/06/22 21:37:39 serving rpc on tcp://32961
[   26.502359][   T24] audit: type=1400 audit(1782164259.460:64): avc:  denied  { node_bind } for  pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   26.523188][   T24] audit: type=1400 audit(1782164259.460:65): avc:  denied  { create } for  pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   26.542719][   T24] audit: type=1400 audit(1782164259.460:66): avc:  denied  { module_request } for  pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   27.431942][   T24] audit: type=1400 audit(1782164260.390:67): avc:  denied  { mounton } for  pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   27.435273][  T293] cgroup: Unknown subsys name 'net'
[   27.454710][   T24] audit: type=1400 audit(1782164260.390:68): avc:  denied  { mount } for  pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.481928][   T24] audit: type=1400 audit(1782164260.420:69): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.482351][  T293] cgroup: Unknown subsys name 'devices'
[   27.627034][  T293] cgroup: Unknown subsys name 'hugetlb'
[   27.632745][  T293] cgroup: Unknown subsys name 'rlimit'
[   27.780168][   T24] audit: type=1400 audit(1782164260.740:70): avc:  denied  { setattr } for  pid=293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.803407][   T24] audit: type=1400 audit(1782164260.740:71): avc:  denied  { create } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.823877][   T24] audit: type=1400 audit(1782164260.740:72): avc:  denied  { write } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.840441][  T297] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.844446][   T24] audit: type=1400 audit(1782164260.740:73): avc:  denied  { read } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.910899][  T293] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   28.331527][  T301] request_module fs-gadgetfs succeeded, but still no fs?
[   28.342630][  T301] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   28.417614][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.424753][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.432456][  T306] device bridge_slave_0 entered promiscuous mode
[   28.439541][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.446699][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.454157][  T306] device bridge_slave_1 entered promiscuous mode
[   28.497145][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.504509][  T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.511831][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.518886][  T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.538162][  T307] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.545604][  T307] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.552885][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   28.560756][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.570808][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.578977][  T307] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.586031][  T307] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.594642][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.602983][  T307] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.610040][  T307] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.622642][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.631761][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.645123][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.657386][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.665674][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   28.673056][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   28.681921][  T306] device veth0_vlan entered promiscuous mode
[   28.691876][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.700895][  T306] device veth1_macvtap entered promiscuous mode
[   28.711267][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.721308][  T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.416314][    T7] device bridge_slave_1 left promiscuous mode
[   29.422540][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.430359][    T7] device bridge_slave_0 left promiscuous mode
[   29.436608][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.445134][    T7] device veth1_macvtap left promiscuous mode
[   29.451493][    T7] device veth0_vlan left promiscuous mode
2026/06/22 21:37:42 executed programs: 0
[   29.587274][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.594309][  T364] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.601740][  T364] device bridge_slave_0 entered promiscuous mode
[   29.608648][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.615730][  T364] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.623038][  T364] device bridge_slave_1 entered promiscuous mode
[   29.662444][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.669496][  T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.676909][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.683972][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.701085][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.708803][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.716954][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.725749][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.733886][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.740936][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.749484][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.757809][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.764818][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.776978][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.786089][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.799135][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.811591][  T364] device veth0_vlan entered promiscuous mode
[   29.818639][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.826760][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.834147][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.847279][  T364] device veth1_macvtap entered promiscuous mode
[   29.854118][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.865080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.875925][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.901101][  T376] ==================================================================
[   29.909230][  T376] BUG: KASAN: use-after-free in mutex_lock+0x85/0xf0
[   29.915902][  T376] Write of size 8 at addr ffff888111479950 by task syz.2.17/376
[   29.923513][  T376] 
[   29.925840][  T376] CPU: 0 PID: 376 Comm: syz.2.17 Not tainted syzkaller #0
[   29.933117][  T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[   29.943170][  T376] Call Trace:
[   29.946564][  T376]  __dump_stack+0x21/0x24
[   29.950900][  T376]  dump_stack_lvl+0x1a7/0x208
[   29.955581][  T376]  ? show_regs_print_info+0x18/0x18
[   29.960783][  T376]  ? thaw_kernel_threads+0x220/0x220
[   29.966057][  T376]  ? debug_smp_processor_id+0x17/0x20
[   29.971415][  T376]  print_address_description+0x7f/0x2c0
[   29.976951][  T376]  ? mutex_lock+0x85/0xf0
[   29.981269][  T376]  kasan_report+0x100/0x140
[   29.985769][  T376]  ? mutex_lock+0x85/0xf0
[   29.990098][  T376]  kasan_check_range+0x249/0x2a0
[   29.995019][  T376]  __kasan_check_write+0x14/0x20
[   29.999949][  T376]  mutex_lock+0x85/0xf0
[   30.004090][  T376]  ? mutex_trylock+0xb0/0xb0
[   30.008679][  T376]  ? l2tp_session_put+0xb2/0x1a0
[   30.013685][  T376]  ? l2tp_session_delete+0x3a9/0x4a0
[   30.018966][  T376]  pppol2tp_release+0x178/0x2b0
[   30.023809][  T376]  sock_close+0xb8/0x200
[   30.028040][  T376]  ? sock_mmap+0xa0/0xa0
[   30.032272][  T376]  __fput+0x2dc/0x730
[   30.036243][  T376]  ____fput+0x15/0x20
[   30.040210][  T376]  task_work_run+0x127/0x190
[   30.044785][  T376]  exit_to_user_mode_loop+0xcb/0xe0
[   30.049971][  T376]  exit_to_user_mode_prepare+0x76/0xa0
[   30.055417][  T376]  syscall_exit_to_user_mode+0x1d/0x40
[   30.060859][  T376]  do_syscall_64+0x3d/0x40
[   30.065262][  T376]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.071149][  T376] RIP: 0033:0x7f647f2b3e59
[   30.075559][  T376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   30.095158][  T376] RSP: 002b:00007ffc4732e868 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   30.103586][  T376] RAX: 0000000000000000 RBX: 00007ffc4732e950 RCX: 00007f647f2b3e59
[   30.111549][  T376] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   30.119507][  T376] RBP: 00000000000074b2 R08: 0000000000000001 R09: 0000000000000000
[   30.127466][  T376] R10: 0000001b32b20000 R11: 0000000000000246 R12: 0000000000000000
[   30.135423][  T376] R13: 00007f647f52cfac R14: 00007f647f52cfa8 R15: 00007f647f52cfa0
[   30.143380][  T376] 
[   30.145703][  T376] Allocated by task 376:
[   30.149949][  T376]  __kasan_kmalloc+0xd4/0x100
[   30.154612][  T376]  __kmalloc+0x19f/0x330
[   30.158840][  T376]  l2tp_session_create+0x39/0xb60
[   30.163851][  T376]  pppol2tp_connect+0xbf5/0x1640
[   30.168775][  T376]  __sys_connect+0x3ce/0x450
[   30.173347][  T376]  __x64_sys_connect+0x7a/0x90
[   30.178095][  T376]  do_syscall_64+0x31/0x40
[   30.182494][  T376]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.188366][  T376] 
[   30.190687][  T376] Freed by task 376:
[   30.194559][  T376]  kasan_set_track+0x4a/0x70
[   30.199278][  T376]  kasan_set_free_info+0x23/0x40
[   30.204199][  T376]  ____kasan_slab_free+0x125/0x160
[   30.209297][  T376]  __kasan_slab_free+0x11/0x20
[   30.214039][  T376]  slab_free_freelist_hook+0xc5/0x190
[   30.219391][  T376]  kfree+0xc0/0x270
[   30.223182][  T376]  l2tp_session_put+0xb2/0x1a0
[   30.227932][  T376]  l2tp_session_delete+0x3a9/0x4a0
[   30.233023][  T376]  pppol2tp_release+0x169/0x2b0
[   30.237855][  T376]  sock_close+0xb8/0x200
[   30.242080][  T376]  __fput+0x2dc/0x730
[   30.246045][  T376]  ____fput+0x15/0x20
[   30.250012][  T376]  task_work_run+0x127/0x190
[   30.254588][  T376]  exit_to_user_mode_loop+0xcb/0xe0
[   30.259769][  T376]  exit_to_user_mode_prepare+0x76/0xa0
[   30.265211][  T376]  syscall_exit_to_user_mode+0x1d/0x40
[   30.270651][  T376]  do_syscall_64+0x3d/0x40
[   30.275055][  T376]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.280930][  T376] 
[   30.283254][  T376] The buggy address belongs to the object at ffff888111479800
[   30.283254][  T376]  which belongs to the cache kmalloc-512 of size 512
[   30.297295][  T376] The buggy address is located 336 bytes inside of
[   30.297295][  T376]  512-byte region [ffff888111479800, ffff888111479a00)
[   30.310578][  T376] The buggy address belongs to the page:
[   30.316212][  T376] page:ffffea0004451e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111478
[   30.326433][  T376] head:ffffea0004451e00 order:2 compound_mapcount:0 compound_pincount:0
[   30.334744][  T376] flags: 0x4000000000010200(slab|head)
[   30.340196][  T376] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080
[   30.348767][  T376] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   30.357431][  T376] page dumped because: kasan: bad access detected
[   30.363955][  T376] page_owner tracks the page as allocated
[   30.369665][  T376] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 376, ts 29900620164, free_ts 29895447842
[   30.390046][  T376]  prep_new_page+0x176/0x190
[   30.394620][  T376]  get_page_from_freelist+0x225f/0x23f0
[   30.400147][  T376]  __alloc_pages_nodemask+0x29a/0x640
[   30.405498][  T376]  new_slab+0x84/0x3f0
[   30.409552][  T376]  ___slab_alloc+0x2f8/0x4c0
[   30.414123][  T376]  __slab_alloc+0x63/0xa0
[   30.418519][  T376]  kmem_cache_alloc_trace+0x1a8/0x2e0
[   30.423882][  T376]  l2tp_tunnel_create+0x97/0x460
[   30.428810][  T376]  pppol2tp_connect+0x7ef/0x1640
[   30.433730][  T376]  __sys_connect+0x3ce/0x450
[   30.438300][  T376]  __x64_sys_connect+0x7a/0x90
[   30.443048][  T376]  do_syscall_64+0x31/0x40
[   30.447446][  T376]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.453313][  T376] page last free stack trace:
[   30.457970][  T376]  __free_pages_ok+0x80b/0x830
[   30.462716][  T376]  __free_pages+0xd8/0x390
[   30.467127][  T376]  __free_slab+0xcf/0x190
[   30.471455][  T376]  unfreeze_partials+0x150/0x180
[   30.476377][  T376]  put_cpu_partial+0xc1/0x180
[   30.481035][  T376]  __slab_free+0x2c9/0x3a0
[   30.485447][  T376]  ___cache_free+0x10e/0x130
[   30.490049][  T376]  qlink_free+0x50/0x90
[   30.494186][  T376]  qlist_free_all+0x5f/0xb0
[   30.498670][  T376]  kasan_quarantine_reduce+0x14a/0x160
[   30.504128][  T376]  __kasan_slab_alloc+0x2f/0xe0
[   30.508967][  T376]  slab_post_alloc_hook+0x5d/0x2f0
[   30.514061][  T376]  __kmalloc+0x17b/0x330
[   30.518288][  T376]  cgroup_mkdir+0x2b5/0x16d0
[   30.522863][  T376]  kernfs_iop_mkdir+0x1a3/0x2b0
[   30.527700][  T376]  vfs_mkdir+0x42c/0x600
[   30.531921][  T376] 
[   30.534232][  T376] Memory state around the buggy address:
[   30.539847][  T376]  ffff888111479800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.547889][  T376]  ffff888111479880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.555936][  T376] >ffff888111479900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.563993][  T376]                                                  ^
[   30.570650][  T376]  ffff888111479980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.578698][  T376]  ffff888111479a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.586740][  T376] ==================================================================
[   30.594778][  T376] Disabling lock debugging due to kernel taint