syzkaller syzkaller login: [ 15.372812][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 15.372828][ T30] audit: type=1400 audit(1783124356.962:59): avc: denied { transition } for pid=223 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.385394][ T30] audit: type=1400 audit(1783124356.962:60): avc: denied { noatsecure } for pid=223 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.396306][ T30] audit: type=1400 audit(1783124356.982:61): avc: denied { write } for pid=223 comm="sh" path="pipe:[14942]" dev="pipefs" ino=14942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.418962][ T30] audit: type=1400 audit(1783124356.982:62): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.438135][ T30] audit: type=1400 audit(1783124356.982:63): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. 2026/07/04 00:19:27 parsed 1 programs 2026/07/04 00:19:27 serving rpc on tcp://35713 [ 25.572154][ T30] audit: type=1400 audit(1783124367.162:64): avc: denied { node_bind } for pid=293 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 25.593791][ T30] audit: type=1400 audit(1783124367.162:65): avc: denied { module_request } for pid=293 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 26.624688][ T30] audit: type=1400 audit(1783124368.212:66): avc: denied { mounton } for pid=299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.628766][ T299] cgroup: Unknown subsys name 'net' [ 26.647863][ T30] audit: type=1400 audit(1783124368.212:67): avc: denied { mount } for pid=299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.675513][ T30] audit: type=1400 audit(1783124368.242:68): avc: denied { unmount } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.676014][ T299] cgroup: Unknown subsys name 'devices' [ 26.852987][ T299] cgroup: Unknown subsys name 'hugetlb' [ 26.858892][ T299] cgroup: Unknown subsys name 'rlimit' [ 27.006612][ T30] audit: type=1400 audit(1783124368.592:69): avc: denied { setattr } for pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.030723][ T30] audit: type=1400 audit(1783124368.592:70): avc: denied { create } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.051464][ T30] audit: type=1400 audit(1783124368.592:71): avc: denied { write } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.072061][ T30] audit: type=1400 audit(1783124368.592:72): avc: denied { read } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.073345][ T303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 27.093513][ T30] audit: type=1400 audit(1783124368.592:73): avc: denied { mounton } for pid=299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.140670][ T299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.659563][ T311] request_module fs-gadgetfs succeeded, but still no fs? [ 27.950655][ T324] syz-executor (324) used greatest stack depth: 22136 bytes left [ 28.226218][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.233411][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.241008][ T351] device bridge_slave_0 entered promiscuous mode [ 28.248911][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.256074][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.263616][ T351] device bridge_slave_1 entered promiscuous mode [ 28.350804][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.358220][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.365666][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.373276][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.407688][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.419309][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.436607][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.471225][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.479566][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.487161][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.495431][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.504459][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.512259][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.524820][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.533169][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.549506][ T351] device veth0_vlan entered promiscuous mode [ 28.556690][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.566010][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.575577][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.584645][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.599942][ T351] device veth1_macvtap entered promiscuous mode [ 28.607646][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.620038][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.637877][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/07/04 00:19:30 executed programs: 0 [ 28.712354][ T351] syz-executor (351) used greatest stack depth: 20864 bytes left [ 28.836989][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.865209][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.873027][ T370] device bridge_slave_0 entered promiscuous mode [ 28.881945][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.889437][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.896972][ T370] device bridge_slave_1 entered promiscuous mode [ 28.959275][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.966627][ T371] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.974326][ T371] device bridge_slave_0 entered promiscuous mode [ 28.984831][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.992248][ T371] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.999824][ T371] device bridge_slave_1 entered promiscuous mode [ 29.136925][ T380] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.144401][ T380] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.153529][ T380] device bridge_slave_0 entered promiscuous mode [ 29.162683][ T380] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.170091][ T380] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.177857][ T380] device bridge_slave_1 entered promiscuous mode [ 29.250826][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.258102][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.266228][ T376] device bridge_slave_0 entered promiscuous mode [ 29.278103][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.285245][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.292584][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.299720][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.307740][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.314884][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.322651][ T375] device bridge_slave_0 entered promiscuous mode [ 29.337330][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.344828][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.353296][ T376] device bridge_slave_1 entered promiscuous mode [ 29.371875][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.379025][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.387241][ T375] device bridge_slave_1 entered promiscuous mode [ 29.494038][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.501997][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.512190][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.520163][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.544756][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.554490][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.561614][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.602440][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.610510][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.618723][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.627924][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.635730][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.644956][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.653470][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.671831][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.680918][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.690668][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.698647][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.731118][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.739714][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 29.747851][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.756675][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.763810][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.771659][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.779848][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.787232][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.795222][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 29.803853][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.812414][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.819466][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.827042][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.835227][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.848295][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 29.865650][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.884635][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.893090][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.900930][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.908621][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.916987][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.925845][ T371] device veth0_vlan entered promiscuous mode [ 29.946929][ T370] device veth0_vlan entered promiscuous mode [ 29.955770][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.964914][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.973427][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.981239][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.001102][ T380] device veth0_vlan entered promiscuous mode [ 30.010696][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 30.019519][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.028190][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.036917][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.045412][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.053011][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.076844][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 30.084454][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.092029][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.101858][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.111384][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.118437][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.126205][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.134972][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.143565][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.150852][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.158725][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.167362][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.175878][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 30.189639][ T370] device veth1_macvtap entered promiscuous mode [ 30.203599][ T371] device veth1_macvtap entered promiscuous mode [ 30.211774][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.219696][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.228463][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.236950][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.244734][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 30.252352][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.277887][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 30.286299][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.295080][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 30.303916][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.312254][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.320788][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.329868][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.338572][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.347152][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.355674][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.363968][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.372510][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.381242][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.389669][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.398602][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.405664][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.413581][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 30.421649][ T380] device veth1_macvtap entered promiscuous mode [ 30.430679][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.438426][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.447351][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.457804][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.466612][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.474997][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.482178][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.504201][ T376] device veth0_vlan entered promiscuous mode [ 30.516360][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 30.525170][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.534318][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.543483][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.560312][ C0] ================================================================== [ 30.568447][ C0] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 [ 30.575901][ C0] Read of size 8 at addr ffff888122415190 by task syz-executor/380 [ 30.577219][ T376] device veth1_macvtap entered promiscuous mode [ 30.583925][ C0] [ 30.583952][ C0] CPU: 0 PID: 380 Comm: syz-executor Not tainted syzkaller #0 [ 30.583976][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 30.583993][ C0] Call Trace: [ 30.615000][ C0] [ 30.617882][ C0] __dump_stack+0x21/0x30 [ 30.622256][ C0] dump_stack_lvl+0x110/0x170 [ 30.626976][ C0] ? show_regs_print_info+0x20/0x20 [ 30.632578][ C0] ? load_image+0x3f0/0x3f0 [ 30.637292][ C0] print_address_description+0x7f/0x2c0 [ 30.643123][ C0] ? rcu_cblist_dequeue+0x6c/0xb0 [ 30.648444][ C0] kasan_report+0x10f/0x150 [ 30.652969][ C0] ? rcu_cblist_dequeue+0x6c/0xb0 [ 30.658023][ C0] __asan_report_load8_noabort+0x14/0x20 [ 30.663684][ C0] rcu_cblist_dequeue+0x6c/0xb0 [ 30.668555][ C0] rcu_do_batch+0x47d/0xbf0 [ 30.673079][ C0] ? local_bh_enable+0x20/0x20 [ 30.677859][ C0] ? queued_spin_lock_slowpath+0x47/0x50 [ 30.683616][ C0] ? _raw_spin_lock_irqsave+0x120/0x130 [ 30.689288][ C0] ? _raw_spin_lock+0xf0/0xf0 [ 30.694140][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 30.700153][ C0] ? rcu_report_qs_rnp+0x2bc/0x390 [ 30.705278][ C0] rcu_core+0x4a3/0xef0 [ 30.709655][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 30.714883][ C0] ? run_rebalance_domains+0xf7/0x1c0 [ 30.720592][ C0] rcu_core_si+0x9/0x10 [ 30.725038][ C0] handle_softirqs+0x250/0x560 [ 30.730051][ C0] __irq_exit_rcu+0x52/0xf0 [ 30.734726][ C0] irq_exit_rcu+0x9/0x10 [ 30.738996][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 30.744662][ C0] [ 30.747768][ C0] [ 30.750721][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.756722][ C0] RIP: 0010:unwind_next_frame+0x171/0x660 [ 30.762573][ C0] Code: 08 00 74 13 49 8d bd 50 ff ff ff e8 e9 6b 77 00 49 8d 95 50 ff ff ff 4c 3b 32 49 be 00 00 00 00 00 fc ff df 0f 84 c3 00 00 00 <49> 8d 85 30 ff ff ff 49 39 c4 0f 85 3c 01 00 00 4c 89 e0 48 c1 e8 [ 30.782640][ C0] RSP: 0018:ffffc90000aa7488 EFLAGS: 00000287 [ 30.788823][ C0] RAX: ffffc90000aa7f40 RBX: ffffc90000aa74e8 RCX: 0000000000154e01 [ 30.796817][ C0] RDX: dffffc0000000000 RSI: ffffffff810046f8 RDI: ffffc90000aa7f48 [ 30.804798][ C0] RBP: ffffc90000aa74d8 R08: ffffc90000aa75b0 R09: ffffc90000aa75a8 [ 30.812778][ C0] R10: 000000000000000a R11: fffff52000154ea9 R12: ffffc90000aa7f00 [ 30.820992][ C0] R13: ffffc90000aa8000 R14: dffffc0000000000 R15: 0000000000000000 [ 30.829161][ C0] ? x64_sys_call+0x178/0x9a0 [ 30.833880][ C0] ? unwind_next_frame+0x39e/0x660 [ 30.839026][ C0] ? stack_trace_save+0xf0/0xf0 [ 30.843929][ C0] arch_stack_walk+0x108/0x140 [ 30.848703][ C0] ? x64_sys_call+0x178/0x9a0 [ 30.853474][ C0] stack_trace_save+0xa6/0xf0 [ 30.858378][ C0] ? stack_trace_snprint+0xe0/0xe0 [ 30.863655][ C0] ? __kasan_slab_alloc+0xc9/0xe0 [ 30.869363][ C0] ? memset+0x35/0x40 [ 30.873590][ C0] __kasan_kmalloc+0xd4/0x100 [ 30.878624][ C0] ? __kasan_kmalloc+0xd4/0x100 [ 30.883522][ C0] ? __kmalloc_track_caller+0x13c/0x2c0 [ 30.890697][ C0] ? __alloc_skb+0x210/0x730 [ 30.895318][ C0] ? netlink_ack+0x35c/0xb10 [ 30.899922][ C0] ? netlink_rcv_skb+0x267/0x430 [ 30.905228][ C0] ? rtnetlink_rcv+0x1c/0x20 [ 30.910124][ C0] ? netlink_unicast+0x86c/0xa30 [ 30.915586][ C0] ? netlink_sendmsg+0x879/0xb80 [ 30.920636][ C0] ? __sys_sendto+0x46d/0x620 [ 30.925690][ C0] ? __x64_sys_sendto+0xe5/0x100 [ 30.931071][ C0] ? x64_sys_call+0x178/0x9a0 [ 30.936434][ C0] __kmalloc_track_caller+0x13c/0x2c0 [ 30.942040][ C0] ? netlink_ack+0x35c/0xb10 [ 30.946974][ C0] ? netlink_ack+0x35c/0xb10 [ 30.951917][ C0] __alloc_skb+0x210/0x730 [ 30.956732][ C0] netlink_ack+0x35c/0xb10 [ 30.961273][ C0] ? selinux_nlmsg_lookup+0x38f/0x440 [ 30.967099][ C0] ? netlink_dump+0xd80/0xd80 [ 30.971809][ C0] netlink_rcv_skb+0x267/0x430 [ 30.979854][ C0] ? rtnetlink_bind+0x80/0x80 [ 30.985530][ C0] ? netlink_ack+0xb10/0xb10 [ 30.990359][ C0] ? _copy_from_iter+0x4a4/0x10a0 [ 30.995808][ C0] ? __netlink_lookup+0x387/0x3b0 [ 31.001307][ C0] rtnetlink_rcv+0x1c/0x20 [ 31.005895][ C0] netlink_unicast+0x86c/0xa30 [ 31.010797][ C0] netlink_sendmsg+0x879/0xb80 [ 31.016242][ C0] ? netlink_getsockopt+0x530/0x530 [ 31.021474][ C0] ? security_socket_sendmsg+0x82/0xa0 [ 31.026998][ C0] __sys_sendto+0x46d/0x620 [ 31.032066][ C0] ? __ia32_sys_getpeername+0x90/0x90 [ 31.037734][ C0] ? __fput+0x67c/0x900 [ 31.041940][ C0] ? unlock_page_memcg+0x130/0x130 [ 31.047095][ C0] ? ____fput+0x15/0x20 [ 31.051381][ C0] __x64_sys_sendto+0xe5/0x100 [ 31.056268][ C0] x64_sys_call+0x178/0x9a0 [ 31.061033][ C0] do_syscall_64+0x4c/0xa0 [ 31.065797][ C0] ? clear_bhb_loop+0x50/0xa0 [ 31.070807][ C0] ? clear_bhb_loop+0x50/0xa0 [ 31.075609][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 31.081733][ C0] RIP: 0033:0x7ff78e09bfd7 [ 31.086482][ C0] Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 31.106461][ C0] RSP: 002b:00007fff070ca190 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 31.116199][ C0] RAX: ffffffffffffffda RBX: 0000555594cb2500 RCX: 00007ff78e09bfd7 [ 31.124495][ C0] RDX: 0000000000000028 RSI: 00007ff78ee97670 RDI: 0000000000000003 [ 31.132759][ C0] RBP: 0000000000000001 R08: 00007fff070ca1f4 R09: 000000000000000c [ 31.141022][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 31.149012][ C0] R13: 0000000000000000 R14: 00007ff78ee97670 R15: 0000000000000000 [ 31.157096][ C0] [ 31.160135][ C0] [ 31.162564][ C0] Allocated by task 395: [ 31.166868][ C0] __kasan_kmalloc+0xd4/0x100 [ 31.171565][ C0] __kmalloc+0x13d/0x2c0 [ 31.175820][ C0] l2tp_session_create+0x39/0xb60 [ 31.181040][ C0] pppol2tp_connect+0xbf5/0x1640 [ 31.185998][ C0] __sys_connect+0x3cb/0x450 [ 31.190617][ C0] __x64_sys_connect+0x7a/0x90 [ 31.195487][ C0] x64_sys_call+0x7c/0x9a0 [ 31.200026][ C0] do_syscall_64+0x4c/0xa0 [ 31.204466][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 31.210478][ C0] [ 31.212819][ C0] Freed by task 10: [ 31.216639][ C0] kasan_set_track+0x4a/0x70 [ 31.221263][ C0] kasan_set_free_info+0x23/0x40 [ 31.226218][ C0] ____kasan_slab_free+0x125/0x160 [ 31.231604][ C0] __kasan_slab_free+0x11/0x20 [ 31.236497][ C0] slab_free_freelist_hook+0xc2/0x190 [ 31.242155][ C0] kfree+0xc4/0x270 [ 31.246067][ C0] l2tp_session_put+0xaf/0x1a0 [ 31.251371][ C0] l2tp_session_delete+0x3a9/0x4a0 [ 31.256758][ C0] l2tp_tunnel_del_work+0x180/0x3d0 [ 31.261970][ C0] process_one_work+0x6c8/0xbb0 [ 31.266861][ C0] worker_thread+0xaa0/0x1250 [ 31.271557][ C0] kthread+0x3f5/0x4f0 [ 31.275739][ C0] ret_from_fork+0x1f/0x30 [ 31.280263][ C0] [ 31.282608][ C0] Last potentially related work creation: [ 31.288341][ C0] kasan_save_stack+0x3a/0x60 [ 31.293135][ C0] __kasan_record_aux_stack+0xd2/0x100 [ 31.298616][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 31.304445][ C0] call_rcu+0x10b/0xf60 [ 31.308619][ C0] pppol2tp_release+0x1e3/0x2b0 [ 31.313489][ C0] sock_close+0xb8/0x200 [ 31.317747][ C0] __fput+0x22b/0x900 [ 31.321747][ C0] ____fput+0x15/0x20 [ 31.325753][ C0] task_work_run+0x127/0x190 [ 31.330359][ C0] exit_to_user_mode_loop+0xd0/0xe0 [ 31.335586][ C0] exit_to_user_mode_prepare+0x87/0xd0 [ 31.341071][ C0] syscall_exit_to_user_mode+0x1a/0x30 [ 31.346554][ C0] do_syscall_64+0x58/0xa0 [ 31.350992][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 31.356901][ C0] [ 31.359238][ C0] The buggy address belongs to the object at ffff888122415000 [ 31.359238][ C0] which belongs to the cache kmalloc-512 of size 512 [ 31.373569][ C0] The buggy address is located 400 bytes inside of [ 31.373569][ C0] 512-byte region [ffff888122415000, ffff888122415200) [ 31.386983][ C0] The buggy address belongs to the page: [ 31.392645][ C0] page:ffffea0004890500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122414 [ 31.402916][ C0] head:ffffea0004890500 order:2 compound_mapcount:0 compound_pincount:0 [ 31.411341][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 31.417436][ C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00 [ 31.426039][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 31.434744][ C0] page dumped because: kasan: bad access detected [ 31.441185][ C0] page_owner tracks the page as allocated [ 31.446941][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 90, ts 30524678489, free_ts 17393374719 [ 31.467545][ C0] post_alloc_hook+0x192/0x1b0 [ 31.472353][ C0] prep_new_page+0x1c/0x110 [ 31.476883][ C0] get_page_from_freelist+0x2c3a/0x2cd0 [ 31.482446][ C0] __alloc_pages+0x1a2/0x460 [ 31.487050][ C0] new_slab+0xa0/0x4d0 [ 31.491143][ C0] ___slab_alloc+0x3ac/0x840 [ 31.495925][ C0] __slab_alloc+0x49/0x90 [ 31.500363][ C0] __kmalloc_track_caller+0x169/0x2c0 [ 31.505858][ C0] __alloc_skb+0x210/0x730 [ 31.510657][ C0] alloc_skb_with_frags+0xa8/0x620 [ 31.515795][ C0] sock_alloc_send_pskb+0x87f/0x9a0 [ 31.521027][ C0] unix_dgram_sendmsg+0x6f3/0x19b0 [ 31.526502][ C0] __sys_sendto+0x46d/0x620 [ 31.531708][ C0] __x64_sys_sendto+0xe5/0x100 [ 31.536694][ C0] x64_sys_call+0x178/0x9a0 [ 31.541599][ C0] do_syscall_64+0x4c/0xa0 [ 31.546396][ C0] page last free stack trace: [ 31.551076][ C0] free_unref_page_prepare+0x5fa/0x600 [ 31.556564][ C0] free_unref_page+0xae/0x540 [ 31.561268][ C0] free_compound_page+0x78/0xa0 [ 31.566137][ C0] __put_compound_page+0x77/0xb0 [ 31.571102][ C0] __put_page+0xbc/0xe0 [ 31.575329][ C0] skb_release_data+0x37c/0xa20 [ 31.580219][ C0] __kfree_skb+0x50/0x70 [ 31.584488][ C0] tcp_recvmsg_locked+0x13d1/0x24f0 [ 31.589807][ C0] tcp_recvmsg+0x233/0x770 [ 31.594246][ C0] inet_recvmsg+0x13a/0x470 [ 31.598775][ C0] sock_read_iter+0x2c2/0x380 [ 31.603470][ C0] vfs_read+0x6c0/0xc20 [ 31.607648][ C0] ksys_read+0x14a/0x260 [ 31.611903][ C0] __x64_sys_read+0x7b/0x90 [ 31.616595][ C0] x64_sys_call+0x96d/0x9a0 [ 31.621176][ C0] do_syscall_64+0x4c/0xa0 [ 31.625618][ C0] [ 31.628110][ C0] Memory state around the buggy address: [ 31.634236][ C0] ffff888122415080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.642316][ C0] ffff888122415100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.650497][ C0] >ffff888122415180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.660120][ C0] ^ [ 31.664735][ C0] ffff888122415200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.672984][ C0] ffff888122415280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.681140][ C0] ================================================================== [ 31.689208][ C0] Disabling lock debugging due to kernel taint [ 31.705879][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 31.705895][ T30] audit: type=1400 audit(1783124373.292:107): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.739258][ T30] audit: type=1400 audit(1783124373.292:108): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 31.762188][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.770626][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.778441][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.780380][ T30] audit: type=1400 audit(1783124373.292:109): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 31.788328][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.819281][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.828896][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.838963][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.842297][ T30] audit: type=1400 audit(1783124373.292:110): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 31.855839][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.878973][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 31.887501][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.896006][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.905196][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.906886][ T30] audit: type=1400 audit(1783124373.292:111): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.918077][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.955148][ T30] audit: type=1400 audit(1783124373.292:112): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.979014][ T30] audit: type=1400 audit(1783124373.292:113): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.990389][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.020966][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.029136][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.037593][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.104540][ T421] ------------[ cut here ]------------ [ 32.110929][ T415] ------------[ cut here ]------------ [ 32.122405][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 32.123814][ T421] WARNING: CPU: 0 PID: 421 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 32.140997][ T421] Modules linked in: [ 32.144991][ T421] CPU: 0 PID: 421 Comm: syz.5.21 Tainted: G B syzkaller #0 [ 32.155207][ T421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 32.164877][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.167084][ T421] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 32.180036][ T421] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 32.200842][ T421] RSP: 0018:ffffc90000c57d10 EFLAGS: 00010293 [ 32.207019][ T421] RAX: ffffffff845dbbf7 RBX: ffff888115b53000 RCX: ffff888115a23b40 [ 32.210493][ T415] WARNING: CPU: 1 PID: 415 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 32.215566][ T421] RDX: 0000000000000000 RSI: 0000000013f9b280 RDI: 000000000c04eb7d [ 32.234878][ T421] RBP: ffffc90000c57d30 R08: ffff888115b53083 R09: 1ffff11022b6a610 [ 32.236456][ T425] ------------[ cut here ]------------ [ 32.249397][ T415] Modules linked in: [ 32.250103][ T421] R10: dffffc0000000000 R11: ffffed1022b6a611 R12: dffffc0000000000 [ 32.254046][ T415] CPU: 0 PID: 415 Comm: syz.2.30 Tainted: G B syzkaller #0 [ 32.270090][ T415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 32.273686][ T425] WARNING: CPU: 1 PID: 425 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 32.292292][ T415] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 32.298802][ T415] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 32.312434][ T421] R13: dffffc0000000000 R14: 0000000013f9b280 R15: ffff888120bab000 [ 32.322174][ T425] Modules linked in: [ 32.331112][ T425] CPU: 0 PID: 425 Comm: syz.0.34 Tainted: G B syzkaller #0 [ 32.349172][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 32.361626][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.362987][ T425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 32.369431][ T421] FS: 0000555594cb2500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.382252][ T415] RSP: 0018:ffffc90000c27d10 EFLAGS: 00010293 [ 32.396550][ T375] device veth0_vlan entered promiscuous mode [ 32.408730][ T425] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 32.415847][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.423264][ T421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.426198][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.431097][ T421] CR2: 000011a2e76dc000 CR3: 0000000111f05000 CR4: 00000000003506a0 [ 32.439216][ T425] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 32.447196][ T421] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.470609][ T415] RAX: ffffffff845dbbf7 RBX: ffff8881157d8000 RCX: ffff888115330000 [ 32.478907][ T421] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.484107][ T415] RDX: 0000000000000000 RSI: 0000000013f9b140 RDI: 000000000c04eb7d [ 32.495098][ T421] Call Trace: [ 32.501097][ T425] RSP: 0018:ffffc90000c37d10 EFLAGS: 00010293 [ 32.503535][ T421] [ 32.509254][ T425] RAX: ffffffff845dbbf7 RBX: ffff888114055000 RCX: ffff888113ff0000 [ 32.520465][ T421] pppol2tp_release+0x150/0x2b0 [ 32.520501][ T421] sock_close+0xb8/0x200 [ 32.520519][ T421] ? sock_mmap+0xa0/0xa0 [ 32.520537][ T421] __fput+0x22b/0x900 [ 32.520559][ T421] ____fput+0x15/0x20 [ 32.528225][ T425] RDX: 0000000000000000 RSI: 000000001270e400 RDI: 000000000c04eb7d [ 32.541048][ T415] RBP: ffffc90000c27d30 R08: ffff8881157d8083 R09: 1ffff11022afb010 [ 32.543212][ T425] RBP: ffffc90000c37d30 R08: ffff888114055083 R09: 1ffff1102280aa10 [ 32.551138][ T415] R10: dffffc0000000000 R11: ffffed1022afb011 R12: dffffc0000000000 [ 32.566811][ T425] R10: dffffc0000000000 R11: ffffed102280aa11 R12: dffffc0000000000 [ 32.566836][ T425] R13: dffffc0000000000 R14: 000000001270e400 R15: ffff888120b40000 [ 32.566852][ T425] FS: 0000555593b7a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 32.566879][ T425] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.607254][ T421] task_work_run+0x127/0x190 [ 32.612194][ T421] exit_to_user_mode_loop+0xd0/0xe0 [ 32.617577][ T421] exit_to_user_mode_prepare+0x87/0xd0 [ 32.624277][ T421] syscall_exit_to_user_mode+0x1a/0x30 [ 32.635684][ T421] do_syscall_64+0x58/0xa0 [ 32.640188][ T421] ? clear_bhb_loop+0x50/0xa0 [ 32.641085][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.646920][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.663368][ T421] ? clear_bhb_loop+0x50/0xa0 [ 32.668691][ T425] CR2: 00007f4af173b060 CR3: 000000011d6fc000 CR4: 00000000003506b0 [ 32.678253][ T415] R13: dffffc0000000000 R14: 0000000013f9b140 R15: ffff888120ba9000 [ 32.678472][ T442] ------------[ cut here ]------------ [ 32.687287][ T415] FS: 000055557cdb6500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.697789][ T421] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 32.704361][ T415] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.708670][ T425] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.721358][ T415] CR2: 0000000000000000 CR3: 0000000122eb1000 CR4: 00000000003506a0 [ 32.724751][ T421] RIP: 0033:0x7ff78e0e0e59 [ 32.732955][ T415] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.740429][ T421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 32.751465][ T415] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.767619][ T425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.785477][ T442] WARNING: CPU: 0 PID: 442 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 32.792342][ T375] device veth1_macvtap entered promiscuous mode [ 32.796691][ T442] Modules linked in: [ 32.803368][ T425] Call Trace: [ 32.810814][ T442] [ 32.811949][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 32.813167][ T442] CPU: 0 PID: 442 Comm: syz.1.41 Tainted: G B syzkaller #0 [ 32.823032][ T415] Call Trace: [ 32.829678][ T425] [ 32.834281][ T415] [ 32.836377][ T425] pppol2tp_release+0x150/0x2b0 [ 32.843620][ T421] RSP: 002b:00007fff070ca6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 32.850603][ T415] pppol2tp_release+0x150/0x2b0 [ 32.854219][ T425] sock_close+0xb8/0x200 [ 32.857080][ T415] sock_close+0xb8/0x200 [ 32.861473][ T442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 32.861492][ T442] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 32.869820][ T415] ? sock_mmap+0xa0/0xa0 [ 32.876084][ T421] RAX: 0000000000000000 RBX: 00007fff070ca7c0 RCX: 00007ff78e0e0e59 [ 32.886194][ T415] __fput+0x22b/0x900 [ 32.886971][ T425] ? sock_mmap+0xa0/0xa0 [ 32.906482][ T442] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 32.908907][ T415] ____fput+0x15/0x20 [ 32.927352][ T421] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 32.938167][ T415] task_work_run+0x127/0x190 [ 32.941479][ T425] __fput+0x22b/0x900 [ 32.948753][ T421] RBP: 0000000000007d50 R08: 0000000000000001 R09: 0000000000000000 [ 32.948902][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 32.957164][ T425] ____fput+0x15/0x20 [ 32.966756][ T415] exit_to_user_mode_loop+0xd0/0xe0 [ 32.970518][ T421] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007fff070ca800 [ 32.979715][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.986186][ T442] RSP: 0018:ffffc90000c87d10 EFLAGS: 00010293 [ 32.986214][ T442] RAX: ffffffff845dbbf7 RBX: ffff888116393000 RCX: ffff8881160093c0 [ 32.986230][ T442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d [ 32.986244][ T442] RBP: ffffc90000c87d30 R08: ffff888116393083 R09: 1ffff11022c72610 [ 32.996228][ T415] exit_to_user_mode_prepare+0x87/0xd0 [ 33.001103][ T425] task_work_run+0x127/0x190 [ 33.010554][ T415] syscall_exit_to_user_mode+0x1a/0x30 [ 33.018352][ T421] R13: 00007ff78e368fac R14: 0000000000007d85 R15: 00007ff78e368fa0 [ 33.046720][ T415] do_syscall_64+0x58/0xa0 [ 33.048871][ T425] exit_to_user_mode_loop+0xd0/0xe0 [ 33.058607][ T415] ? clear_bhb_loop+0x50/0xa0 [ 33.058798][ T442] R10: dffffc0000000000 R11: ffffed1022c72611 R12: dffffc0000000000 [ 33.058818][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.059802][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.063951][ T425] exit_to_user_mode_prepare+0x87/0xd0 [ 33.080058][ T442] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888113e49800 [ 33.093110][ T415] ? clear_bhb_loop+0x50/0xa0 [ 33.094214][ T421] [ 33.109889][ T425] syscall_exit_to_user_mode+0x1a/0x30 [ 33.116562][ T442] FS: 000055556c514500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 33.118501][ T415] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 33.126330][ T425] do_syscall_64+0x58/0xa0 [ 33.140437][ T442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.149357][ T421] ---[ end trace 7d0405eddeb01675 ]--- [ 33.155167][ T442] CR2: 000011a2e7437000 CR3: 000000011d80a000 CR4: 00000000003506b0 [ 33.163592][ T415] RIP: 0033:0x7fc20caa3e59 [ 33.168069][ T415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 33.184992][ T425] ? clear_bhb_loop+0x50/0xa0 [ 33.190685][ T442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.199758][ T415] RSP: 002b:00007ffeb5cd5ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.201550][ T442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.219863][ T442] Call Trace: [ 33.223374][ T442] [ 33.226347][ T442] pppol2tp_release+0x150/0x2b0 [ 33.231869][ T442] sock_close+0xb8/0x200 [ 33.236497][ T442] ? sock_mmap+0xa0/0xa0 [ 33.240944][ T442] __fput+0x22b/0x900 [ 33.245258][ T442] ____fput+0x15/0x20 [ 33.250457][ T415] RAX: 0000000000000000 RBX: 00007ffeb5cd5dd0 RCX: 00007fc20caa3e59 [ 33.258665][ T425] ? clear_bhb_loop+0x50/0xa0 [ 33.268782][ T425] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 33.275061][ T442] task_work_run+0x127/0x190 [ 33.279721][ T442] exit_to_user_mode_loop+0xd0/0xe0 [ 33.286596][ T425] RIP: 0033:0x7f06b47dee59 [ 33.291626][ T415] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 33.292296][ T442] exit_to_user_mode_prepare+0x87/0xd0 [ 33.301682][ T425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 33.306845][ T442] syscall_exit_to_user_mode+0x1a/0x30 [ 33.332910][ T415] RBP: 0000000000007d2d R08: 0000000000000001 R09: 0000000000000000 [ 33.341257][ T425] RSP: 002b:00007fffbebde3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.349970][ T425] RAX: 0000000000000000 RBX: 00007fffbebde4a0 RCX: 00007f06b47dee59 [ 33.358581][ T415] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffeb5cd5e10 [ 33.367401][ T425] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 33.369092][ T442] do_syscall_64+0x58/0xa0 [ 33.380816][ T415] R13: 00007fc20cd2bfac R14: 0000000000007d8c R15: 00007fc20cd2bfa0 [ 33.388947][ T415] [ 33.394575][ T449] ------------[ cut here ]------------ [ 33.400194][ T449] WARNING: CPU: 0 PID: 449 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 33.403503][ T442] ? clear_bhb_loop+0x50/0xa0 [ 33.411293][ T425] RBP: 0000000000007d61 R08: 0000000000000001 R09: 0000000000000000 [ 33.418023][ T442] ? clear_bhb_loop+0x50/0xa0 [ 33.418818][ T415] ---[ end trace 7d0405eddeb01676 ]--- [ 33.438039][ T425] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007fffbebde4e0 [ 33.447270][ T449] Modules linked in: [ 33.450542][ T442] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 33.452291][ T425] R13: 00007f06b4a66fac R14: 0000000000007def R15: 00007f06b4a66fa0 [ 33.464707][ T442] RIP: 0033:0x7f4af0980e59 [ 33.466065][ T449] CPU: 0 PID: 449 Comm: syz.5.43 Tainted: G B W syzkaller #0 [ 33.470721][ T442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 33.479532][ T425] [ 33.502482][ T449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 33.513818][ T449] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 33.520396][ T449] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 33.541406][ T425] ---[ end trace 7d0405eddeb01677 ]--- [ 33.550940][ T455] ------------[ cut here ]------------ [ 33.557882][ T455] WARNING: CPU: 1 PID: 455 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 33.573953][ T442] RSP: 002b:00007ffc77cbd878 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.582934][ T455] Modules linked in: [ 33.587240][ T455] CPU: 1 PID: 455 Comm: syz.2.47 Tainted: G B W syzkaller #0 [ 33.597739][ T460] ------------[ cut here ]------------ [ 33.598370][ T442] RAX: 0000000000000000 RBX: 00007ffc77cbd960 RCX: 00007f4af0980e59 [ 33.606552][ T449] RSP: 0018:ffffc90000ca7d10 EFLAGS: 00010293 [ 33.611916][ T460] WARNING: CPU: 0 PID: 460 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 33.613066][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 33.618555][ T449] [ 33.630034][ T442] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 33.643283][ T460] Modules linked in: [ 33.652287][ T455] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 33.652674][ T460] [ 33.656429][ T455] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 33.663139][ T449] RAX: ffffffff845dbbf7 RBX: ffff88811621f000 RCX: ffff8881167d62c0 [ 33.666425][ T455] RSP: 0018:ffffc90000cd7d10 EFLAGS: 00010293 [ 33.686247][ T460] CPU: 0 PID: 460 Comm: syz.0.49 Tainted: G B W syzkaller #0 [ 33.697425][ T442] RBP: 0000000000007f82 R08: 0000000000000001 R09: 0000000000000000 [ 33.715343][ T460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 33.727018][ T455] [ 33.733293][ T449] RDX: 0000000000000000 RSI: 0000000013bc3000 RDI: 000000000c04eb7d [ 33.740719][ T455] RAX: ffffffff845dbbf7 RBX: ffff8881172ff000 RCX: ffff888117132780 [ 33.743401][ T460] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 2026/07/04 00:19:35 executed programs: 43 [ 33.753599][ T442] R10: 0000001b33120000 R11: 0000000000000246 R12: 00007ffc77cbd9a0 [ 33.761314][ T30] audit: type=1400 audit(1783124375.352:114): avc: denied { write } for pid=293 comm="syz-execprog" path="pipe:[15054]" dev="pipefs" ino=15054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 33.788902][ T455] RDX: 0000000000000000 RSI: 0000000022ca5a00 RDI: 000000000c04eb7d [ 33.793059][ T449] RBP: ffffc90000ca7d30 R08: ffff88811621f083 R09: 1ffff11022c43e10 [ 33.798480][ T442] R13: 00007f4af0c08fac R14: 0000000000007fc3 R15: 00007f4af0c08fa0 [ 33.805911][ T460] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 33.815803][ T455] RBP: ffffc90000cd7d30 R08: ffff8881172ff083 R09: 1ffff11022e5fe10 [ 33.841133][ T449] R10: dffffc0000000000 R11: ffffed1022c43e11 R12: dffffc0000000000 [ 33.850117][ T449] R13: dffffc0000000000 R14: 0000000013bc3000 R15: ffff8881209bc800 [ 33.858313][ T449] FS: 0000555594cb2500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 33.861001][ T442] [ 33.869300][ T460] RSP: 0018:ffffc90000c77d10 EFLAGS: 00010293 [ 33.880671][ T449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.888087][ T45] device bridge_slave_1 left promiscuous mode [ 33.894899][ T449] CR2: 000011a2e76ed000 CR3: 0000000122caa000 CR4: 00000000003506b0 [ 33.898219][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.911538][ T442] ---[ end trace 7d0405eddeb01678 ]--- [ 33.918373][ T465] ------------[ cut here ]------------ [ 33.924127][ T449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.933196][ T460] RAX: ffffffff845dbbf7 RBX: ffff88811748c000 RCX: ffff88811734bb40 [ 33.944543][ T455] R10: dffffc0000000000 R11: ffffed1022e5fe11 R12: dffffc0000000000 [ 33.951093][ T465] WARNING: CPU: 0 PID: 465 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 33.966479][ T460] RDX: 0000000000000000 RSI: 000000001d727140 RDI: 000000000c04eb7d [ 33.970948][ T455] R13: dffffc0000000000 R14: 0000000022ca5a00 R15: ffff88811481b000 [ 33.982521][ T449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.986114][ T45] device bridge_slave_0 left promiscuous mode [ 33.992602][ T460] RBP: ffffc90000c77d30 R08: ffff88811748c083 R09: 1ffff11022e91810 [ 34.001867][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.009378][ T449] Call Trace: [ 34.013275][ T455] FS: 000055557cdb6500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 34.015381][ T449] [ 34.025976][ T455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.029591][ T465] Modules linked in: [ 34.037253][ T455] CR2: 00007f4af173b060 CR3: 0000000122c9d000 CR4: 00000000003506a0 [ 34.038422][ T449] pppol2tp_release+0x150/0x2b0 [ 34.050793][ T45] device veth1_macvtap left promiscuous mode [ 34.051569][ T460] R10: dffffc0000000000 R11: ffffed1022e91811 R12: dffffc0000000000 [ 34.058016][ T45] device veth0_vlan left promiscuous mode [ 34.066310][ T465] CPU: 0 PID: 465 Comm: syz.6.51 Tainted: G B W syzkaller #0 [ 34.077208][ T455] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.082264][ T449] sock_close+0xb8/0x200 [ 34.096271][ T455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.107729][ T460] R13: dffffc0000000000 R14: 000000001d727140 R15: ffff888120989400 [ 34.115982][ T455] Call Trace: [ 34.119309][ T455] [ 34.124841][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 34.135014][ T455] pppol2tp_release+0x150/0x2b0 [ 34.135221][ T455] sock_close+0xb8/0x200 [ 34.135242][ T455] ? sock_mmap+0xa0/0xa0 [ 34.135261][ T455] __fput+0x22b/0x900 [ 34.135284][ T455] ____fput+0x15/0x20 [ 34.135302][ T455] task_work_run+0x127/0x190 [ 34.135322][ T455] exit_to_user_mode_loop+0xd0/0xe0 [ 34.135343][ T455] exit_to_user_mode_prepare+0x87/0xd0 [ 34.135363][ T455] syscall_exit_to_user_mode+0x1a/0x30 [ 34.135383][ T455] do_syscall_64+0x58/0xa0 [ 34.135405][ T455] ? clear_bhb_loop+0x50/0xa0 [ 34.135424][ T455] ? clear_bhb_loop+0x50/0xa0 [ 34.135442][ T455] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 34.135462][ T455] RIP: 0033:0x7fc20caa3e59 [ 34.135479][ T455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 34.142564][ T460] FS: 0000555593b7a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 34.189157][ T455] RSP: 002b:00007ffeb5cd5ce8 EFLAGS: 00000246 [ 34.190169][ T449] ? sock_mmap+0xa0/0xa0 [ 34.213796][ T455] ORIG_RAX: 00000000000001b4 [ 34.225438][ T465] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 34.256193][ T449] __fput+0x22b/0x900 [ 34.260303][ T449] ____fput+0x15/0x20 [ 34.264408][ T460] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.271141][ T449] task_work_run+0x127/0x190 [ 34.276000][ T460] CR2: 0000000000000000 CR3: 0000000122ebd000 CR4: 00000000003506b0 [ 34.284234][ T449] exit_to_user_mode_loop+0xd0/0xe0 [ 34.289494][ T449] exit_to_user_mode_prepare+0x87/0xd0 [ 34.299176][ T460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.308456][ T465] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 34.329131][ T449] syscall_exit_to_user_mode+0x1a/0x30 [ 34.335480][ T455] RAX: 0000000000000000 RBX: 00007ffeb5cd5dd0 RCX: 00007fc20caa3e59 [ 34.343626][ T460] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.352385][ T455] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 34.361376][ T449] do_syscall_64+0x58/0xa0 [ 34.366068][ T449] ? clear_bhb_loop+0x50/0xa0 [ 34.371327][ T460] Call Trace: [ 34.371982][ T479] ------------[ cut here ]------------ [ 34.374804][ T460] [ 34.374816][ T460] pppol2tp_release+0x150/0x2b0 [ 34.387185][ T479] WARNING: CPU: 1 PID: 479 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 34.388393][ T455] RBP: 00000000000082f9 R08: 0000000000000001 R09: 0000000000000000 [ 34.399713][ T479] Modules linked in: [ 34.406633][ T449] ? clear_bhb_loop+0x50/0xa0 [ 34.417020][ T465] RSP: 0018:ffffc900013a7d10 EFLAGS: 00010293 [ 34.421462][ T479] [ 34.423596][ T449] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 34.426624][ T479] CPU: 1 PID: 479 Comm: syz.1.58 Tainted: G B W syzkaller #0 [ 34.431696][ T460] sock_close+0xb8/0x200 [ 34.444791][ T465] RAX: ffffffff845dbbf7 RBX: ffff8881175a6000 RCX: ffff8881171313c0 [ 34.453765][ T449] RIP: 0033:0x7ff78e0e0e59 [ 34.458258][ T449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 34.478208][ T455] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffeb5cd5e10 [ 34.486308][ T460] ? sock_mmap+0xa0/0xa0 [ 34.488583][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 34.490730][ T465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d [ 34.508963][ T460] __fput+0x22b/0x900 [ 34.513121][ T455] R13: 00007fc20cd2bfac R14: 000000000000832c R15: 00007fc20cd2bfa0 [ 34.519778][ T479] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 34.521458][ T460] ____fput+0x15/0x20 [ 34.532310][ T449] RSP: 002b:00007fff070ca6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 34.538926][ T479] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 34.540850][ T455] [ 34.540860][ T455] ---[ end trace 7d0405eddeb01679 ]--- [ 34.541817][ T465] RBP: ffffc900013a7d30 R08: ffff8881175a6083 R09: 1ffff11022eb4c10 [ 34.577608][ T449] RAX: 0000000000000000 RBX: 00007fff070ca7c0 RCX: 00007ff78e0e0e59 [ 34.586547][ T460] task_work_run+0x127/0x190 [ 34.591659][ T449] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 34.599778][ T449] RBP: 000000000000824e R08: 0000000000000001 R09: 0000000000000000 [ 34.611681][ T460] exit_to_user_mode_loop+0xd0/0xe0 [ 34.617179][ T460] exit_to_user_mode_prepare+0x87/0xd0 [ 34.623189][ T460] syscall_exit_to_user_mode+0x1a/0x30 [ 34.629050][ T449] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007fff070ca800 [ 34.638103][ T460] do_syscall_64+0x58/0xa0 [ 34.645042][ T479] RSP: 0018:ffffc90000e2fd10 EFLAGS: 00010293 [ 34.648829][ T460] ? clear_bhb_loop+0x50/0xa0 [ 34.660330][ T449] R13: 00007ff78e368fac R14: 0000000000008282 R15: 00007ff78e368fa0 [ 34.668690][ T449] [ 34.672441][ T465] R10: dffffc0000000000 R11: ffffed1022eb4c11 R12: dffffc0000000000 [ 34.675377][ T479] RAX: ffffffff845dbbf7 RBX: ffff888117ce0000 RCX: ffff888117af93c0 [ 34.695074][ T485] ------------[ cut here ]------------ [ 34.700527][ T460] ? clear_bhb_loop+0x50/0xa0 [ 34.708412][ T449] ---[ end trace 7d0405eddeb0167a ]--- [ 34.710468][ T485] WARNING: CPU: 1 PID: 485 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 34.714534][ T465] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881149ef800 [ 34.730671][ T479] RDX: 0000000000000000 RSI: 000000001d9123e0 RDI: 000000000c04eb7d [ 34.737417][ T460] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 34.748179][ T460] RIP: 0033:0x7f06b47dee59 [ 34.749950][ T479] RBP: ffffc90000e2fd30 R08: ffff888117ce0083 R09: 1ffff11022f9c010 [ 34.762455][ T485] Modules linked in: [ 34.766862][ T485] CPU: 0 PID: 485 Comm: syz.2.61 Tainted: G B W syzkaller #0 [ 34.777536][ T479] R10: dffffc0000000000 R11: ffffed1022f9c011 R12: dffffc0000000000 [ 34.778752][ T487] ------------[ cut here ]------------ [ 34.787945][ T479] R13: dffffc0000000000 R14: 000000001d9123e0 R15: ffff888114983000 [ 34.791760][ T465] FS: 0000555581043500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 34.804075][ T479] FS: 000055556c514500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 34.810722][ T460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 34.827209][ T479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.839487][ T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 34.846644][ T487] WARNING: CPU: 1 PID: 487 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 34.859516][ T465] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.868550][ T479] CR2: 000011a2e7448000 CR3: 00000001227f3000 CR4: 00000000003506a0 [ 34.876491][ T485] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 34.888245][ T485] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 34.898399][ T487] Modules linked in: [ 34.910354][ T460] RSP: 002b:00007fffbebde3b8 EFLAGS: 00000246 [ 34.911657][ T479] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.914671][ T465] CR2: 0000000000000000 CR3: 0000000113ce5000 CR4: 00000000003506b0 [ 34.921886][ T487] [ 34.929164][ T460] ORIG_RAX: 00000000000001b4 [ 34.938139][ T479] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.939898][ T465] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.945684][ T479] Call Trace: [ 34.953267][ T460] RAX: 0000000000000000 RBX: 00007fffbebde4a0 RCX: 00007f06b47dee59 [ 34.968363][ T487] CPU: 1 PID: 487 Comm: syz.5.62 Tainted: G B W syzkaller #0 [ 34.972488][ T485] RSP: 0018:ffffc90000ec7d10 EFLAGS: 00010293 [ 34.980876][ T465] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.982506][ T479] [ 34.987589][ T465] Call Trace: [ 34.996511][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 34.999031][ T485] [ 35.003366][ T487] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 35.014638][ T460] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 35.017393][ T479] pppol2tp_release+0x150/0x2b0 [ 35.023234][ T465] [ 35.023248][ T465] pppol2tp_release+0x150/0x2b0 [ 35.039083][ T487] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 35.041426][ T460] RBP: 0000000000008328 R08: 0000000000000001 R09: 0000000000000000 [ 35.065972][ T487] RSP: 0018:ffffc90000d5fd10 EFLAGS: 00010293 [ 35.065998][ T487] RAX: ffffffff845dbbf7 RBX: ffff888117b36000 RCX: ffff88811816cf00 [ 35.066014][ T487] RDX: 0000000000000000 RSI: 0000000022cac9c0 RDI: 000000000c04eb7d [ 35.066027][ T487] RBP: ffffc90000d5fd30 R08: ffff888117b36083 R09: 1ffff11022f66c10 [ 35.074200][ T485] RAX: ffffffff845dbbf7 RBX: ffff888118129000 RCX: ffff888118212780 [ 35.088489][ T479] sock_close+0xb8/0x200 [ 35.097425][ T465] sock_close+0xb8/0x200 [ 35.106235][ T487] R10: dffffc0000000000 R11: ffffed1022f66c11 R12: dffffc0000000000 [ 35.114161][ T485] RDX: 0000000000000000 RSI: 000000001d9126a0 RDI: 000000000c04eb7d [ 35.119782][ T487] R13: dffffc0000000000 R14: 0000000022cac9c0 R15: ffff888113e25800 [ 35.122297][ T465] ? sock_mmap+0xa0/0xa0 [ 35.122325][ T465] __fput+0x22b/0x900 [ 35.122348][ T465] ____fput+0x15/0x20 [ 35.131735][ T479] ? sock_mmap+0xa0/0xa0 [ 35.139846][ T460] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007fffbebde4e0 [ 35.148356][ T487] FS: 0000555594cb2500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 35.152165][ T485] RBP: ffffc90000ec7d30 R08: ffff888118129083 R09: 1ffff11023025210 [ 35.156964][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.160543][ T460] R13: 00007f06b4a66fac R14: 000000000000835b R15: 00007f06b4a66fa0 [ 35.165370][ T487] CR2: 000011a2e7448000 CR3: 00000001174b5000 CR4: 00000000003506a0 [ 35.172850][ T465] task_work_run+0x127/0x190 [ 35.184126][ T479] __fput+0x22b/0x900 [ 35.191155][ T485] R10: dffffc0000000000 R11: ffffed1023025211 R12: dffffc0000000000 [ 35.206185][ T479] ____fput+0x15/0x20 [ 35.213389][ T460] [ 35.218494][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.221884][ T465] exit_to_user_mode_loop+0xd0/0xe0 [ 35.231302][ T479] task_work_run+0x127/0x190 [ 35.234741][ T460] ---[ end trace 7d0405eddeb0167b ]--- [ 35.238074][ T479] exit_to_user_mode_loop+0xd0/0xe0 [ 35.247453][ T465] exit_to_user_mode_prepare+0x87/0xd0 [ 35.253609][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.258177][ T485] R13: dffffc0000000000 R14: 000000001d9126a0 R15: ffff88811e94ec00 [ 35.263219][ T487] Call Trace: [ 35.278968][ T465] syscall_exit_to_user_mode+0x1a/0x30 [ 35.300840][ T479] exit_to_user_mode_prepare+0x87/0xd0 [ 35.306537][ T479] syscall_exit_to_user_mode+0x1a/0x30 [ 35.310796][ T485] FS: 000055557cdb6500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 35.322493][ T479] do_syscall_64+0x58/0xa0 [ 35.327269][ T487] [ 35.331845][ T487] pppol2tp_release+0x150/0x2b0 [ 35.336943][ T487] sock_close+0xb8/0x200 [ 35.342214][ T479] ? clear_bhb_loop+0x50/0xa0 [ 35.349140][ T485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.360369][ T479] ? clear_bhb_loop+0x50/0xa0 [ 35.365243][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.366996][ T465] do_syscall_64+0x58/0xa0 [ 35.374153][ T487] ? sock_mmap+0xa0/0xa0 [ 35.377162][ T485] CR2: 00007f06b5599060 CR3: 000000011d93e000 CR4: 00000000003506b0 [ 35.381998][ T487] __fput+0x22b/0x900 [ 35.394818][ T465] ? clear_bhb_loop+0x50/0xa0 [ 35.398815][ T479] RIP: 0033:0x7f4af0980e59 [ 35.410614][ T465] ? clear_bhb_loop+0x50/0xa0 [ 35.415604][ T485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.425718][ T465] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.427942][ T479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.446235][ T465] RIP: 0033:0x7f9ca041be59 [ 35.454818][ T487] ____fput+0x15/0x20 [ 35.458897][ T485] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.462010][ T487] task_work_run+0x127/0x190 [ 35.479651][ T465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.499858][ T487] exit_to_user_mode_loop+0xd0/0xe0 [ 35.499893][ T487] exit_to_user_mode_prepare+0x87/0xd0 [ 35.499912][ T487] syscall_exit_to_user_mode+0x1a/0x30 [ 35.499931][ T487] do_syscall_64+0x58/0xa0 [ 35.499953][ T487] ? clear_bhb_loop+0x50/0xa0 [ 35.499971][ T487] ? clear_bhb_loop+0x50/0xa0 [ 35.499989][ T487] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.517141][ T485] Call Trace: [ 35.521489][ T479] RSP: 002b:00007ffc77cbd878 EFLAGS: 00000246 [ 35.527911][ T485] [ 35.535160][ T479] ORIG_RAX: 00000000000001b4 [ 35.549653][ T485] pppol2tp_release+0x150/0x2b0 [ 35.553092][ T487] RIP: 0033:0x7ff78e0e0e59 [ 35.566851][ T485] sock_close+0xb8/0x200 [ 35.567436][ T479] RAX: 0000000000000000 RBX: 00007ffc77cbd960 RCX: 00007f4af0980e59 [ 35.573024][ T465] RSP: 002b:00007ffce45907f8 EFLAGS: 00000246 [ 35.580650][ T485] ? sock_mmap+0xa0/0xa0 [ 35.581557][ T487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.590100][ T465] ORIG_RAX: 00000000000001b4 [ 35.613133][ T479] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 35.620515][ T485] __fput+0x22b/0x900 [ 35.630101][ T485] ____fput+0x15/0x20 [ 35.644084][ T465] RAX: 0000000000000000 RBX: 00007ffce45908e0 RCX: 00007f9ca041be59 [ 35.645804][ T487] RSP: 002b:00007fff070ca6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 35.659854][ T485] task_work_run+0x127/0x190 [ 35.666011][ T479] RBP: 0000000000008619 R08: 0000000000000001 R09: 0000000000000000 [ 35.668540][ T485] exit_to_user_mode_loop+0xd0/0xe0 [ 35.679517][ T487] RAX: 0000000000000000 RBX: 00007fff070ca7c0 RCX: 00007ff78e0e0e59 [ 35.679540][ T487] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 35.679553][ T487] RBP: 00000000000087b5 R08: 0000000000000001 R09: 0000000000000000 [ 35.679565][ T487] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007fff070ca800 [ 35.679580][ T487] R13: 00007ff78e368fac R14: 00000000000087f6 R15: 00007ff78e368fa0 [ 35.679598][ T487] [ 35.679605][ T487] ---[ end trace 7d0405eddeb0167c ]--- [ 35.680093][ T479] R10: 0000001b33120000 R11: 0000000000000246 R12: 00007ffc77cbd9a0 [ 35.697271][ T485] exit_to_user_mode_prepare+0x87/0xd0 [ 35.719774][ T465] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 35.720761][ T485] syscall_exit_to_user_mode+0x1a/0x30 [ 35.723804][ T465] RBP: 000000000000845e R08: 0000000000000001 R09: 0000000000000000 [ 35.729315][ T485] do_syscall_64+0x58/0xa0 [ 35.729345][ T485] ? clear_bhb_loop+0x50/0xa0 [ 35.744450][ T465] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007ffce4590920 [ 35.763118][ T479] R13: 00007f4af0c08fac R14: 000000000000865b R15: 00007f4af0c08fa0 [ 35.780613][ T465] R13: 00007f9ca06a3fac R14: 0000000000008494 R15: 00007f9ca06a3fa0 [ 35.804963][ T485] ? clear_bhb_loop+0x50/0xa0 [ 35.815695][ T485] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.820469][ T465] [ 35.824966][ T465] ---[ end trace 7d0405eddeb0167d ]--- [ 35.825637][ T503] ------------[ cut here ]------------ [ 35.845602][ T479] [ 35.848416][ T485] RIP: 0033:0x7fc20caa3e59 [ 35.856049][ T485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.856059][ T507] ------------[ cut here ]------------ [ 35.856069][ T507] WARNING: CPU: 0 PID: 507 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 35.877155][ T503] WARNING: CPU: 1 PID: 503 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 35.881849][ T479] ---[ end trace 7d0405eddeb0167e ]--- [ 35.893795][ T503] Modules linked in: [ 35.908074][ T507] Modules linked in: [ 35.912828][ T485] RSP: 002b:00007ffeb5cd5ce8 EFLAGS: 00000246 [ 35.914189][ T507] [ 35.917608][ T485] ORIG_RAX: 00000000000001b4 [ 35.930850][ T485] RAX: 0000000000000000 RBX: 00007ffeb5cd5dd0 RCX: 00007fc20caa3e59 [ 35.940434][ T503] [ 35.942866][ T485] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 35.945344][ T507] CPU: 0 PID: 507 Comm: syz.0.72 Tainted: G B W syzkaller #0 [ 35.960319][ T503] CPU: 1 PID: 503 Comm: syz.5.70 Tainted: G B W syzkaller #0 [ 35.966287][ T507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 35.969477][ T485] RBP: 0000000000008771 R08: 0000000000000001 R09: 0000000000000000 [ 35.988905][ T503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 36.000848][ T507] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 36.010800][ T512] ------------[ cut here ]------------ [ 36.015830][ T507] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 36.016395][ T512] WARNING: CPU: 1 PID: 512 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 36.039176][ T507] RSP: 0018:ffffc90000f2fd10 EFLAGS: 00010293 [ 36.049340][ T503] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 36.059298][ T485] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffeb5cd5e10 [ 36.068169][ T507] RAX: ffffffff845dbbf7 RBX: ffff8881189cc000 RCX: ffff8881189e62c0 [ 36.070463][ T503] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 36.096311][ T485] R13: 00007fc20cd2bfac R14: 00000000000087a4 R15: 00007fc20cd2bfa0 [ 36.104660][ T485] [ 36.108085][ T485] ---[ end trace 7d0405eddeb0167f ]--- [ 36.110560][ T507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d [ 36.117930][ T503] RSP: 0018:ffffc90000d5fd10 EFLAGS: 00010293 [ 36.123827][ T507] RBP: ffffc90000f2fd30 R08: ffff8881189cc083 R09: 1ffff11023139810 [ 36.135267][ T503] [ 36.141711][ T512] Modules linked in: [ 36.153589][ T512] CPU: 1 PID: 512 Comm: syz.1.75 Tainted: G B W syzkaller #0 [ 36.162357][ T507] R10: dffffc0000000000 R11: ffffed1023139811 R12: dffffc0000000000 [ 36.171850][ T503] RAX: ffffffff845dbbf7 RBX: ffff888119030000 RCX: ffff888118ac2780 [ 36.182403][ T507] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881168d3000 [ 36.190061][ T512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 36.203085][ T503] RDX: 0000000000000000 RSI: 00000000227416a0 RDI: 000000000c04eb7d [ 36.212073][ T507] FS: 0000555593b7a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.216770][ T512] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 36.222370][ T507] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.231683][ T503] RBP: ffffc90000d5fd30 R08: ffff888119030083 R09: 1ffff11023206010 [ 36.235502][ T507] CR2: 0000001b34063fff CR3: 0000000122ea5000 CR4: 00000000003506b0 [ 36.244581][ T528] ------------[ cut here ]------------ [ 36.251721][ T507] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.256752][ T512] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 36.264896][ T507] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.284839][ T503] R10: dffffc0000000000 R11: ffffed1023206011 R12: dffffc0000000000 [ 36.295668][ T528] WARNING: CPU: 0 PID: 528 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 36.314584][ T503] R13: dffffc0000000000 R14: 00000000227416a0 R15: ffff888118031c00 [ 36.321181][ T507] Call Trace: [ 36.326291][ T507] [ 36.329256][ T507] pppol2tp_release+0x150/0x2b0 [ 36.334437][ T507] sock_close+0xb8/0x200 [ 36.338739][ T507] ? sock_mmap+0xa0/0xa0 [ 36.343306][ T528] Modules linked in: [ 36.348257][ T503] FS: 0000555594cb2500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 36.357485][ T507] __fput+0x22b/0x900 [ 36.361067][ T512] RSP: 0018:ffffc90000ff7d10 EFLAGS: 00010293 [ 36.364342][ T528] CPU: 0 PID: 528 Comm: syz.6.82 Tainted: G B W syzkaller #0 [ 36.367968][ T503] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.380422][ T507] ____fput+0x15/0x20 [ 36.384459][ T512] RAX: ffffffff845dbbf7 RBX: ffff888116a55000 RCX: ffff8881193aa780 [ 36.389118][ T507] task_work_run+0x127/0x190 [ 36.400446][ T507] exit_to_user_mode_loop+0xd0/0xe0 [ 36.405729][ T507] exit_to_user_mode_prepare+0x87/0xd0 [ 36.413665][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 36.416654][ T503] CR2: 00007fc20d85e060 CR3: 000000012272b000 CR4: 00000000003506a0 [ 36.424707][ T507] syscall_exit_to_user_mode+0x1a/0x30 [ 36.432381][ T512] RDX: 0000000000000000 RSI: 0000000022741900 RDI: 000000000c04eb7d [ 36.438469][ T528] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 36.447490][ T512] RBP: ffffc90000ff7d30 R08: ffff888116a55083 R09: 1ffff11022d4aa10 [ 36.453944][ T507] do_syscall_64+0x58/0xa0 [ 36.465244][ T503] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.466400][ T528] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 36.473924][ T503] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.493965][ T507] ? clear_bhb_loop+0x50/0xa0 [ 36.502743][ T512] R10: dffffc0000000000 R11: ffffed1022d4aa11 R12: dffffc0000000000 [ 36.507037][ T507] ? clear_bhb_loop+0x50/0xa0 [ 36.515817][ T512] R13: dffffc0000000000 R14: 0000000022741900 R15: ffff8881175c5400 [ 36.528468][ T507] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 36.534723][ T528] RSP: 0018:ffffc90000c57d10 EFLAGS: 00010293 [ 36.541090][ T507] RIP: 0033:0x7f06b47dee59 [ 36.543641][ T503] Call Trace: [ 36.545803][ T528] RAX: ffffffff845dbbf7 RBX: ffff888119595000 RCX: ffff8881195a3b40 [ 36.548895][ T503] [ 36.548904][ T503] pppol2tp_release+0x150/0x2b0 [ 36.559412][ T507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 36.561330][ T512] FS: 000055556c514500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 36.565323][ T507] RSP: 002b:00007fffbebde3b8 EFLAGS: 00000246 [ 36.585396][ T503] sock_close+0xb8/0x200 [ 36.607382][ T528] RDX: 0000000000000000 RSI: 0000000018a80400 RDI: 000000000c04eb7d [ 36.615756][ T528] RBP: ffffc90000c57d30 R08: ffff888119595083 R09: 1ffff110232b2a10 [ 36.624149][ T528] R10: dffffc0000000000 R11: ffffed10232b2a11 R12: dffffc0000000000 [ 36.624512][ T512] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.633479][ T528] R13: dffffc0000000000 R14: 0000000018a80400 R15: ffff888117585800 [ 36.640077][ T503] ? sock_mmap+0xa0/0xa0 [ 36.648975][ T507] ORIG_RAX: 00000000000001b4 [ 36.652475][ T512] CR2: 00007fc20cd2ddac CR3: 000000010cad6000 CR4: 00000000003506a0 [ 36.658625][ T507] RAX: 0000000000000000 RBX: 00007fffbebde4a0 RCX: 00007f06b47dee59 [ 36.665382][ T503] __fput+0x22b/0x900 [ 36.672723][ T528] FS: 0000555581043500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.677741][ T512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.694399][ T507] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 36.704524][ T503] ____fput+0x15/0x20 [ 36.706290][ T528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.708658][ T503] task_work_run+0x127/0x190 [ 36.716132][ T507] RBP: 0000000000008beb R08: 0000000000000001 R09: 0000000000000000 [ 36.720993][ T503] exit_to_user_mode_loop+0xd0/0xe0 [ 36.734313][ T512] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.742676][ T512] Call Trace: [ 36.742829][ T540] ------------[ cut here ]------------ [ 36.746230][ T503] exit_to_user_mode_prepare+0x87/0xd0 [ 36.752942][ T528] CR2: 000011a2e76ff000 CR3: 000000011d9eb000 CR4: 00000000003506b0 [ 36.758028][ T512] [ 36.765240][ T540] WARNING: CPU: 0 PID: 540 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 36.768639][ T503] syscall_exit_to_user_mode+0x1a/0x30 [ 36.778880][ T528] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.784185][ T507] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007fffbebde4e0 [ 36.792376][ T540] Modules linked in: [ 36.800953][ T512] pppol2tp_release+0x150/0x2b0 [ 36.804556][ T528] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.809508][ T512] sock_close+0xb8/0x200 [ 36.817982][ T540] CPU: 0 PID: 540 Comm: syz.2.88 Tainted: G B W syzkaller #0 [ 36.823213][ T503] do_syscall_64+0x58/0xa0 [ 36.831209][ T540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 36.835991][ T503] ? clear_bhb_loop+0x50/0xa0 [ 36.845889][ T528] Call Trace: [ 36.851876][ T512] ? sock_mmap+0xa0/0xa0 [ 36.854291][ T528] [ 36.857950][ T512] __fput+0x22b/0x900 [ 36.857980][ T512] ____fput+0x15/0x20 [ 36.861195][ T528] pppol2tp_release+0x150/0x2b0 [ 36.866123][ T507] R13: 00007f06b4a66fac R14: 0000000000008c2d R15: 00007f06b4a66fa0 [ 36.869092][ T528] sock_close+0xb8/0x200 [ 36.874653][ T512] task_work_run+0x127/0x190 [ 36.882471][ T540] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 36.886969][ T507] [ 36.891105][ T540] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 36.891127][ T540] RSP: 0018:ffffc90001007d10 EFLAGS: 00010293 [ 36.897822][ T507] ---[ end trace 7d0405eddeb01680 ]--- [ 36.900827][ T540] RAX: ffffffff845dbbf7 RBX: ffff888119fe1000 RCX: ffff88811a02cf00 [ 36.923112][ T512] exit_to_user_mode_loop+0xd0/0xe0 [ 36.928483][ T503] ? clear_bhb_loop+0x50/0xa0 [ 36.936097][ T512] exit_to_user_mode_prepare+0x87/0xd0 [ 36.946119][ T528] ? sock_mmap+0xa0/0xa0 [ 36.948243][ T512] syscall_exit_to_user_mode+0x1a/0x30 [ 36.952273][ T528] __fput+0x22b/0x900 [ 36.958715][ T512] do_syscall_64+0x58/0xa0 [ 36.976138][ T503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 36.982815][ T512] ? clear_bhb_loop+0x50/0xa0 [ 36.987585][ T512] ? clear_bhb_loop+0x50/0xa0 [ 36.992945][ T540] RDX: 0000000000000000 RSI: 000000001a032000 RDI: 000000000c04eb7d [ 36.996557][ T528] ____fput+0x15/0x20 [ 37.005642][ T503] RIP: 0033:0x7ff78e0e0e59 [ 37.007807][ T512] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 37.014649][ T528] task_work_run+0x127/0x190 [ 37.018256][ T542] ------------[ cut here ]------------ [ 37.021207][ T503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 37.021229][ T503] RSP: 002b:00007fff070ca6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 37.021254][ T503] RAX: 0000000000000000 RBX: 00007fff070ca7c0 RCX: 00007ff78e0e0e59 [ 37.021268][ T503] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 37.021281][ T503] RBP: 0000000000008bd3 R08: 0000000000000001 R09: 0000000000000000 [ 37.021294][ T503] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007fff070ca800 [ 37.021309][ T503] R13: 00007ff78e368fac R14: 0000000000008c0d R15: 00007ff78e368fa0 [ 37.021327][ T503] [ 37.021334][ T503] ---[ end trace 7d0405eddeb01681 ]--- [ 37.022661][ T528] exit_to_user_mode_loop+0xd0/0xe0 [ 37.060331][ T542] WARNING: CPU: 1 PID: 542 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 37.066585][ T528] exit_to_user_mode_prepare+0x87/0xd0 [ 37.075332][ T512] RIP: 0033:0x7f4af0980e59 [ 37.081241][ T540] RBP: ffffc90001007d30 R08: ffff888119fe1083 R09: 1ffff110233fc210 [ 37.097423][ T512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 37.097456][ T512] RSP: 002b:00007ffc77cbd878 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 37.097480][ T512] RAX: 0000000000000000 RBX: 00007ffc77cbd960 RCX: 00007f4af0980e59 [ 37.097496][ T512] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 37.097509][ T512] RBP: 0000000000008c54 R08: 0000000000000001 R09: 0000000000000000 [ 37.097521][ T512] R10: 0000001b33120000 R11: 0000000000000246 R12: 00007ffc77cbd9a0 [ 37.097536][ T512] R13: 00007f4af0c08fac R14: 0000000000008cc5 R15: 00007f4af0c08fa0 [ 37.097554][ T512] [ 37.097562][ T512] ---[ end trace 7d0405eddeb01682 ]--- [ 37.111134][ T542] Modules linked in: [ 37.126816][ T528] syscall_exit_to_user_mode+0x1a/0x30 [ 37.151176][ T542] [ 37.160863][ T540] R10: dffffc0000000000 R11: ffffed10233fc211 R12: dffffc0000000000 [ 37.174085][ T542] CPU: 1 PID: 542 Comm: syz.0.89 Tainted: G B W syzkaller #0 [ 37.187026][ T540] R13: dffffc0000000000 R14: 000000001a032000 R15: ffff88811650c400 [ 37.224829][ T542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 37.240464][ T528] do_syscall_64+0x58/0xa0 [ 37.270895][ T540] FS: 000055557cdb6500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 37.294807][ T552] ------------[ cut here ]------------ [ 37.306683][ T552] WARNING: CPU: 0 PID: 552 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 37.317668][ T542] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 37.324285][ T540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.327257][ T552] Modules linked in: [ 37.332895][ T528] ? clear_bhb_loop+0x50/0xa0 [ 37.340422][ T542] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 37.342687][ T552] [ 37.368228][ T528] ? clear_bhb_loop+0x50/0xa0 [ 37.373489][ T540] CR2: 0000000000000000 CR3: 0000000122694000 CR4: 00000000003506a0 [ 37.373951][ T528] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 37.383451][ T542] RSP: 0018:ffffc90001417d10 EFLAGS: 00010293 [ 37.388823][ T552] CPU: 0 PID: 552 Comm: syz.1.94 Tainted: G B W syzkaller #0 [ 37.395758][ T540] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.404035][ T528] RIP: 0033:0x7f9ca041be59 [ 37.413166][ T542] RAX: ffffffff845dbbf7 RBX: ffff888119faf000 RCX: ffff88811a02bb40 [ 37.418116][ T552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 37.426991][ T542] RDX: 0000000000000000 RSI: 0000000017206400 RDI: 000000000c04eb7d [ 37.437460][ T528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 37.447446][ T540] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.465965][ T552] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 37.475306][ T542] RBP: ffffc90001417d30 R08: ffff888119faf083 R09: 1ffff110233f5e10 [ 37.488817][ T542] R10: dffffc0000000000 R11: ffffed10233f5e11 R12: dffffc0000000000 [ 37.499240][ T552] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 37.503779][ T542] R13: dffffc0000000000 R14: 0000000017206400 R15: ffff888117206c00 [ 37.528826][ T528] RSP: 002b:00007ffce45907f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 37.538923][ T540] Call Trace: [ 37.540731][ T552] RSP: 0018:ffffc90001207d10 EFLAGS: 00010293 [ 37.544264][ T540] [ 37.552042][ T540] pppol2tp_release+0x150/0x2b0 [ 37.556946][ T540] sock_close+0xb8/0x200 [ 37.560545][ T528] RAX: 0000000000000000 RBX: 00007ffce45908e0 RCX: 00007f9ca041be59 [ 37.572026][ T542] FS: 0000555593b7a500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 37.577638][ T552] RAX: ffffffff845dbbf7 RBX: ffff888113be0000 RCX: ffff888119f593c0 [ 37.582862][ T540] ? sock_mmap+0xa0/0xa0 [ 37.593624][ T528] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 37.593866][ T542] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.609885][ T552] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c04eb7d [ 37.618399][ T528] RBP: 0000000000008d63 R08: 0000000000000001 R09: 0000000000000000 [ 37.620510][ T540] __fput+0x22b/0x900 [ 37.627379][ T552] RBP: ffffc90001207d30 R08: ffff888113be0083 R09: 1ffff1102277c010 [ 37.632431][ T542] CR2: 0000200000000000 CR3: 000000012274d000 CR4: 00000000003506a0 [ 37.639831][ T528] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007ffce4590920 [ 37.648427][ T540] ____fput+0x15/0x20 [ 37.656509][ T552] R10: dffffc0000000000 R11: ffffed102277c011 R12: dffffc0000000000 [ 37.661009][ T540] task_work_run+0x127/0x190 [ 37.668238][ T528] R13: 00007f9ca06a3fac R14: 0000000000008da5 R15: 00007f9ca06a3fa0 [ 37.672516][ T542] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.680613][ T552] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881164e1800 [ 37.688899][ T540] exit_to_user_mode_loop+0xd0/0xe0 [ 37.700918][ T542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.701994][ T540] exit_to_user_mode_prepare+0x87/0xd0 [ 37.710050][ T542] Call Trace: [ 37.715559][ T540] syscall_exit_to_user_mode+0x1a/0x30 [ 37.726727][ T528] [ 37.731011][ T528] ---[ end trace 7d0405eddeb01683 ]--- [ 37.736667][ T552] FS: 000055556c514500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 37.741736][ T540] do_syscall_64+0x58/0xa0 [ 37.746793][ T542] [ 37.750180][ T540] ? clear_bhb_loop+0x50/0xa0 [ 37.754751][ T542] pppol2tp_release+0x150/0x2b0 [ 37.763462][ T540] ? clear_bhb_loop+0x50/0xa0 [ 37.768659][ T552] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.779150][ T540] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 37.785350][ T552] CR2: 00007ff78ee9b060 CR3: 000000011da22000 CR4: 00000000003506b0 [ 37.793741][ T540] RIP: 0033:0x7fc20caa3e59 [ 37.793863][ T542] sock_close+0xb8/0x200 [ 37.799375][ T552] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.812219][ T540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 37.832886][ T542] ? sock_mmap+0xa0/0xa0 [ 37.836546][ T540] RSP: 002b:00007ffeb5cd5ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 37.842684][ T542] __fput+0x22b/0x900 [ 37.852574][ T552] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.860953][ T542] ____fput+0x15/0x20 [ 37.865378][ T552] Call Trace: [ 37.872326][ T542] task_work_run+0x127/0x190 [ 37.881427][ T552] [ 37.885247][ T552] pppol2tp_release+0x150/0x2b0 [ 37.890423][ T542] exit_to_user_mode_loop+0xd0/0xe0 [ 37.896127][ T540] RAX: 0000000000000000 RBX: 00007ffeb5cd5dd0 RCX: 00007fc20caa3e59 [ 37.896569][ T552] sock_close+0xb8/0x200 [ 37.909598][ T542] exit_to_user_mode_prepare+0x87/0xd0 [ 37.915530][ T542] syscall_exit_to_user_mode+0x1a/0x30 [ 37.926380][ T552] ? sock_mmap+0xa0/0xa0 [ 37.930841][ T542] do_syscall_64+0x58/0xa0 [ 37.935511][ T552] __fput+0x22b/0x900 [ 37.939748][ T552] ____fput+0x15/0x20 [ 37.944154][ T540] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 37.945475][ T542] ? clear_bhb_loop+0x50/0xa0 [ 37.961686][ T540] RBP: 0000000000008f4c R08: 0000000000000001 R09: 0000000000000000 [ 37.969959][ T552] task_work_run+0x127/0x190 [ 37.979818][ T552] exit_to_user_mode_loop+0xd0/0xe0 [ 37.984616][ T540] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffeb5cd5e10 [ 37.986471][ T585] ------------[ cut here ]------------ [ 37.994093][ T542] ? clear_bhb_loop+0x50/0xa0 [ 38.001975][ T552] exit_to_user_mode_prepare+0x87/0xd0 [ 38.010309][ T552] syscall_exit_to_user_mode+0x1a/0x30 [ 38.017007][ T540] R13: 00007fc20cd2bfac R14: 0000000000008f7f R15: 00007fc20cd2bfa0 [ 38.025666][ T542] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 38.028148][ T552] do_syscall_64+0x58/0xa0 [ 38.035926][ T540] [ 38.036333][ T585] WARNING: CPU: 0 PID: 585 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 38.039230][ T540] ---[ end trace 7d0405eddeb01684 ]--- [ 38.041014][ T542] RIP: 0033:0x7f06b47dee59 [ 38.050475][ T552] ? clear_bhb_loop+0x50/0xa0 [ 38.056766][ T542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 38.086140][ T552] ? clear_bhb_loop+0x50/0xa0 [ 38.091783][ T585] Modules linked in: [ 38.095740][ T585] CPU: 0 PID: 585 Comm: syz.6.110 Tainted: G B W syzkaller #0 [ 38.107269][ T591] ------------[ cut here ]------------ [ 38.116457][ T542] RSP: 002b:00007fffbebde3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 38.124885][ T552] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 38.131278][ T591] WARNING: CPU: 0 PID: 591 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 38.141405][ T552] RIP: 0033:0x7f4af0980e59 [ 38.145872][ T552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 38.148817][ T542] RAX: 0000000000000000 RBX: 00007fffbebde4a0 RCX: 00007f06b47dee59 [ 38.166959][ T585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 38.184963][ T591] Modules linked in: [ 38.189018][ T591] CPU: 0 PID: 591 Comm: syz.5.114 Tainted: G B W syzkaller #0 [ 38.198164][ T552] RSP: 002b:00007ffc77cbd878 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 38.203409][ T542] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 38.207878][ T591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 38.215943][ T542] RBP: 0000000000009078 R08: 0000000000000001 R09: 0000000000000000 [ 38.227727][ T585] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 38.241312][ T552] RAX: 0000000000000000 RBX: 00007ffc77cbd960 RCX: 00007f4af0980e59 [ 38.250079][ T552] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 38.259984][ T591] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 38.266883][ T585] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 38.272267][ T542] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007fffbebde4e0 [ 38.287405][ T591] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 38.299259][ T542] R13: 00007f06b4a66fac R14: 00000000000090ad R15: 00007f06b4a66fa0 [ 38.315646][ T552] RBP: 0000000000009197 R08: 0000000000000001 R09: 0000000000000000 [ 38.326415][ T542] [ 38.334187][ T552] R10: 0000001b33120000 R11: 0000000000000246 R12: 00007ffc77cbd9a0 [ 38.344371][ T585] RSP: 0018:ffffc90000ff7d10 EFLAGS: 00010293 [ 38.350911][ T591] RSP: 0018:ffffc90001387d10 EFLAGS: 00010293 [ 38.360920][ T542] ---[ end trace 7d0405eddeb01685 ]--- [ 38.360920][ T591] RAX: ffffffff845dbbf7 RBX: ffff88811aaf4000 RCX: ffff88811b2462c0 [ 38.360939][ T591] RDX: 0000000000000000 RSI: 000000001a6ec360 RDI: 000000000c04eb7d [ 38.383931][ T585] RAX: ffffffff845dbbf7 RBX: ffff88811aaf5000 RCX: ffff88811b243b40 [ 38.392168][ T552] R13: 00007f4af0c08fac R14: 00000000000091cc R15: 00007f4af0c08fa0 [ 38.400520][ T585] RDX: 0000000000000000 RSI: 000000001a6ec560 RDI: 000000000c04eb7d [ 38.408837][ T552] [ 38.412577][ T585] RBP: ffffc90000ff7d30 R08: ffff88811aaf5083 R09: 1ffff1102355ea10 [ 38.421491][ T552] ---[ end trace 7d0405eddeb01686 ]--- [ 38.427051][ T591] RBP: ffffc90001387d30 R08: ffff88811aaf4083 R09: 1ffff1102355e810 [ 38.435530][ T585] R10: dffffc0000000000 R11: ffffed102355ea11 R12: dffffc0000000000 [ 38.445403][ T591] R10: dffffc0000000000 R11: ffffed102355e811 R12: dffffc0000000000 [ 38.454944][ T603] ------------[ cut here ]------------ [ 38.464827][ T585] R13: dffffc0000000000 R14: 000000001a6ec560 R15: ffff88811abddc00 [ 38.472997][ T603] WARNING: CPU: 1 PID: 603 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 38.473488][ T591] R13: dffffc0000000000 R14: 000000001a6ec360 R15: ffff88811abde400 [ 38.491816][ T585] FS: 0000555581043500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 38.491861][ T606] ------------[ cut here ]------------ [ 38.501814][ T585] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.511233][ T603] Modules linked in: [ 38.514269][ T591] FS: 0000555594cb2500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 38.517907][ T606] WARNING: CPU: 1 PID: 606 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 38.527691][ T585] CR2: 000055baaa0c04c0 CR3: 000000011af4b000 CR4: 00000000003506b0 [ 38.537391][ T603] CPU: 1 PID: 603 Comm: syz.0.120 Tainted: G B W syzkaller #0 [ 38.546223][ T591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.554233][ T606] Modules linked in: [ 38.560642][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 38.560728][ T585] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.564676][ T585] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.564693][ T585] Call Trace: [ 38.564700][ T585] [ 38.564708][ T585] pppol2tp_release+0x150/0x2b0 [ 38.575752][ T606] [ 38.587377][ T591] CR2: 00007f4af07e1ff8 CR3: 000000011b4c3000 CR4: 00000000003506b0 [ 38.597236][ T603] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 38.610085][ T591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.627359][ T606] CPU: 1 PID: 606 Comm: syz.2.122 Tainted: G B W syzkaller #0 [ 38.629094][ T585] sock_close+0xb8/0x200 [ 38.637289][ T606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 38.641951][ T585] ? sock_mmap+0xa0/0xa0 [ 38.654863][ T603] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 38.656954][ T591] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.676213][ T606] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 38.684749][ T585] __fput+0x22b/0x900 [ 38.692203][ T603] RSP: 0018:ffffc90001137d10 EFLAGS: 00010293 [ 38.695366][ T585] ____fput+0x15/0x20 [ 38.701982][ T606] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 38.709607][ T585] task_work_run+0x127/0x190 [ 38.730579][ T603] RAX: ffffffff845dbbf7 RBX: ffff88811c711000 RCX: ffff88811c340000 [ 38.736118][ T591] Call Trace: [ 38.742365][ T591] [ 38.745557][ T591] pppol2tp_release+0x150/0x2b0 [ 38.746733][ T603] RDX: 0000000000000000 RSI: 000000001b2ec2e0 RDI: 000000000c04eb7d [ 38.758933][ T585] exit_to_user_mode_loop+0xd0/0xe0 [ 38.758956][ T603] RBP: ffffc90001137d30 R08: ffff88811c711083 R09: 1ffff110238e2210 [ 38.765632][ T591] sock_close+0xb8/0x200 [ 38.777345][ T606] RSP: 0018:ffffc900014d7d10 EFLAGS: 00010293 [ 38.783584][ T585] exit_to_user_mode_prepare+0x87/0xd0 [ 38.783614][ T585] syscall_exit_to_user_mode+0x1a/0x30 [ 38.783634][ T585] do_syscall_64+0x58/0xa0 [ 38.795521][ T606] RAX: ffffffff845dbbf7 RBX: ffff88810d7fa000 RCX: ffff88811c730000 [ 38.809852][ T591] ? sock_mmap+0xa0/0xa0 [ 38.814454][ T585] ? clear_bhb_loop+0x50/0xa0 [ 38.818432][ T603] R10: dffffc0000000000 R11: ffffed10238e2211 R12: dffffc0000000000 [ 38.827581][ T591] __fput+0x22b/0x900 [ 38.827667][ T591] ____fput+0x15/0x20 [ 38.827686][ T591] task_work_run+0x127/0x190 [ 38.827707][ T591] exit_to_user_mode_loop+0xd0/0xe0 [ 38.836821][ T606] RDX: 0000000000000000 RSI: 000000001b2ec780 RDI: 000000000c04eb7d [ 38.841813][ T585] ? clear_bhb_loop+0x50/0xa0 [ 38.847156][ T603] R13: dffffc0000000000 R14: 000000001b2ec2e0 R15: ffff88811c520000 2026/07/04 00:19:40 executed programs: 119 [ 38.867293][ T585] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 38.870916][ T606] RBP: ffffc900014d7d30 R08: ffff88810d7fa083 R09: 1ffff11021aff410 [ 38.875368][ T591] exit_to_user_mode_prepare+0x87/0xd0 [ 38.882784][ T606] R10: dffffc0000000000 R11: ffffed1021aff411 R12: dffffc0000000000 [ 38.888844][ T585] RIP: 0033:0x7f9ca041be59 [ 38.896888][ T603] FS: 0000555593b7a500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 38.910105][ T591] syscall_exit_to_user_mode+0x1a/0x30 [ 38.911254][ T603] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.922877][ T606] R13: dffffc0000000000 R14: 000000001b2ec780 R15: ffff88811c521800 [ 38.931219][ T606] FS: 000055557cdb6500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 38.940702][ T585] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 38.948768][ T603] CR2: 000011a2e771d000 CR3: 0000000122eaa000 CR4: 00000000003506a0 [ 38.961436][ T591] do_syscall_64+0x58/0xa0 [ 38.972698][ T606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.973647][ T591] ? clear_bhb_loop+0x50/0xa0 [ 38.986293][ T603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.994925][ T606] CR2: 000011a2e771d000 CR3: 00000001127d8000 CR4: 00000000003506a0 [ 39.001057][ T585] RSP: 002b:00007ffce45907f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 39.004535][ T603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.019347][ T591] ? clear_bhb_loop+0x50/0xa0 [ 39.021907][ T606] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.026351][ T591] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.033916][ T606] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.040355][ T585] RAX: 0000000000000000 RBX: 00007ffce45908e0 RCX: 00007f9ca041be59 [ 39.048645][ T603] Call Trace: [ 39.059502][ T591] RIP: 0033:0x7ff78e0e0e59 [ 39.064793][ T606] Call Trace: [ 39.068152][ T606] [ 39.073529][ T603] [ 39.074989][ T591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 39.076675][ T603] pppol2tp_release+0x150/0x2b0 [ 39.097118][ T585] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 39.103292][ T606] pppol2tp_release+0x150/0x2b0 [ 39.111701][ T585] RBP: 0000000000009446 R08: 0000000000000001 R09: 0000000000000000 [ 39.116794][ T606] sock_close+0xb8/0x200 [ 39.126438][ T591] RSP: 002b:00007fff070ca6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 39.140284][ T603] sock_close+0xb8/0x200 [ 39.145136][ T606] ? sock_mmap+0xa0/0xa0 [ 39.149792][ T603] ? sock_mmap+0xa0/0xa0 [ 39.152472][ T585] R10: 0000001b33520000 R11: 0000000000000246 R12: 00007ffce4590920 [ 39.159947][ T606] __fput+0x22b/0x900 [ 39.163590][ T591] RAX: 0000000000000000 RBX: 00007fff070ca7c0 RCX: 00007ff78e0e0e59 [ 39.166780][ T603] __fput+0x22b/0x900 [ 39.175268][ T585] R13: 00007f9ca06a3fac R14: 0000000000009479 R15: 00007f9ca06a3fa0 [ 39.179746][ T606] ____fput+0x15/0x20 [ 39.187464][ T603] ____fput+0x15/0x20 [ 39.190995][ T606] task_work_run+0x127/0x190 [ 39.199728][ T606] exit_to_user_mode_loop+0xd0/0xe0 [ 39.205109][ T606] exit_to_user_mode_prepare+0x87/0xd0 [ 39.210702][ T606] syscall_exit_to_user_mode+0x1a/0x30 [ 39.216335][ T606] do_syscall_64+0x58/0xa0 [ 39.216628][ T603] task_work_run+0x127/0x190 [ 39.220888][ T606] ? clear_bhb_loop+0x50/0xa0 [ 39.228992][ T591] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 39.234103][ T606] ? clear_bhb_loop+0x50/0xa0 [ 39.240198][ T603] exit_to_user_mode_loop+0xd0/0xe0 [ 39.248448][ T606] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.248775][ T585] [ 39.260577][ T606] RIP: 0033:0x7fc20caa3e59 [ 39.266307][ T603] exit_to_user_mode_prepare+0x87/0xd0 [ 39.269608][ T606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 39.272070][ T585] ---[ end trace 7d0405eddeb01687 ]--- [ 39.294028][ T628] ------------[ cut here ]------------ [ 39.297476][ T603] syscall_exit_to_user_mode+0x1a/0x30 [ 39.304121][ T628] WARNING: CPU: 1 PID: 628 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 39.309091][ T591] RBP: 00000000000094c6 R08: 0000000000000001 R09: 0000000000000000 [ 39.319505][ T606] RSP: 002b:00007ffeb5cd5ce8 EFLAGS: 00000246 [ 39.326907][ T628] Modules linked in: [ 39.326913][ T603] do_syscall_64+0x58/0xa0 [ 39.335227][ T606] ORIG_RAX: 00000000000001b4 [ 39.341207][ T603] ? clear_bhb_loop+0x50/0xa0 [ 39.342731][ T628] [ 39.346459][ T591] R10: 0000001b33920000 R11: 0000000000000246 R12: 00007fff070ca800 [ 39.358998][ T606] RAX: 0000000000000000 RBX: 00007ffeb5cd5dd0 RCX: 00007fc20caa3e59 [ 39.369691][ T628] CPU: 1 PID: 628 Comm: syz.1.132 Tainted: G B W syzkaller #0 [ 39.374949][ T603] ? clear_bhb_loop+0x50/0xa0 [ 39.383353][ T606] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 39.384784][ T603] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.394553][ T628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 39.399285][ T591] R13: 00007ff78e368fac R14: 00000000000094f8 R15: 00007ff78e368fa0 [ 39.412490][ T606] RBP: 0000000000009641 R08: 0000000000000001 R09: 0000000000000000 [ 39.418330][ T603] RIP: 0033:0x7f06b47dee59 [ 39.427212][ T628] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 39.436749][ T603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 39.456824][ T606] R10: 0000001b33420000 R11: 0000000000000246 R12: 00007ffeb5cd5e10 [ 39.457042][ T591] [ 39.468270][ T606] R13: 00007fc20cd2bfac R14: 0000000000009675 R15: 00007fc20cd2bfa0 [ 39.471490][ T591] ---[ end trace 7d0405eddeb01688 ]--- [ 39.482929][ T628] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 39.490494][ T603] RSP: 002b:00007fffbebde3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 39.515283][ T606] [ 39.518466][ T603] RAX: 0000000000000000 RBX: 00007fffbebde4a0 RCX: 00007f06b47dee59 [ 39.522320][ T606] ---[ end trace 7d0405eddeb01689 ]--- [ 39.535680][ T603] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 39.544469][ T603] RBP: 0000000000009621 R08: 0000000000000001 R09: 0000000000000000 [ 39.552907][ T603] R10: 0000001b33020000 R11: 0000000000000246 R12: 00007fffbebde4e0 [ 39.564876][ T632] ------------[ cut here ]------------ [ 39.565786][ T628] RSP: 0018:ffffc900013d7d10 EFLAGS: 00010293 [ 39.577376][ T628] RAX: ffffffff845dbbf7 RBX: ffff88811d2a3000 RCX: ffff88810cb03b40 [ 39.588951][ T632] WARNING: CPU: 0 PID: 632 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 39.603689][ T638] ------------[ cut here ]------------ [ 39.607864][ T603] R13: 00007f06b4a66fac R14: 0000000000009654 R15: 00007f06b4a66fa0 [ 39.609376][ T628] RDX: 0000000000000000 RSI: 000000001c782800 RDI: 000000000c04eb7d [ 39.628833][ T638] WARNING: CPU: 1 PID: 638 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 39.633986][ T603] [ 39.642526][ T628] RBP: ffffc900013d7d30 R08: ffff88811d2a3083 R09: 1ffff11023a54610 [ 39.643142][ T632] Modules linked in: [ 39.650928][ T638] Modules linked in: [ 39.654518][ T632] [ 39.655408][ T638] [ 39.658753][ T632] CPU: 0 PID: 632 Comm: syz.5.135 Tainted: G B W syzkaller #0 [ 39.662071][ T628] R10: dffffc0000000000 R11: ffffed1023a54611 R12: dffffc0000000000 [ 39.664072][ T603] ---[ end trace 7d0405eddeb0168a ]--- [ 39.673118][ T638] CPU: 1 PID: 638 Comm: syz.6.137 Tainted: G B W syzkaller #0 [ 39.680978][ T632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 39.686901][ T628] R13: dffffc0000000000 R14: 000000001c782800 R15: ffff88811c783c00 [ 39.694759][ T632] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 39.706648][ T638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 39.714601][ T632] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 39.730373][ T628] FS: 000055556c514500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 39.759442][ T638] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 39.768182][ T632] RSP: 0018:ffffc9000165fd10 EFLAGS: 00010293 [ 39.775594][ T638] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 39.793080][ T632] RAX: ffffffff845dbbf7 RBX: ffff88811c39b000 RCX: ffff888110ab13c0 [ 39.798632][ T628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.812031][ T628] CR2: 00007fffbebdce70 CR3: 000000011b4c2000 CR4: 00000000003506a0 [ 39.821170][ T628] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.829390][ T638] RSP: 0018:ffffc90001557d10 EFLAGS: 00010293 [ 39.835787][ T628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.844288][ T638] RAX: ffffffff845dbbf7 RBX: ffff88811aabe000 RCX: ffff88811c7ccf00 [ 39.850714][ T632] RDX: 0000000000000000 RSI: 000000001a6ec9e0 RDI: 000000000c04eb7d [ 39.861729][ T628] Call Trace: [ 39.865080][ T628] [ 39.868064][ T628] pppol2tp_release+0x150/0x2b0 [ 39.873238][ T638] RDX: 0000000000000000 RSI: 000000000f4aab80 RDI: 000000000c04eb7d [ 39.883534][ T648] ------------[ cut here ]------------ [ 39.889033][ T648] WARNING: CPU: 1 PID: 648 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 39.899890][ T628] sock_close+0xb8/0x200 [ 39.900450][ T632] RBP: ffffc9000165fd30 R08: ffff88811c39b083 R09: 1ffff11023873610 [ 39.904680][ T628] ? sock_mmap+0xa0/0xa0 [ 39.917468][ T638] RBP: ffffc90001557d30 R08: ffff88811aabe083 R09: 1ffff11023557c10 [ 39.918136][ T632] R10: dffffc0000000000 R11: ffffed1023873611 R12: dffffc0000000000 [ 39.926868][ T638] R10: dffffc0000000000 R11: ffffed1023557c11 R12: dffffc0000000000 [ 39.943432][ T628] __fput+0x22b/0x900 [ 39.947747][ T628] ____fput+0x15/0x20 [ 39.952075][ T648] Modules linked in: [ 39.956136][ T648] CPU: 1 PID: 648 Comm: syz.0.142 Tainted: G B W syzkaller #0 [ 39.965319][ T628] task_work_run+0x127/0x190 [ 39.969973][ T628] exit_to_user_mode_loop+0xd0/0xe0 [ 39.970403][ T632] R13: dffffc0000000000 R14: 000000001a6ec9e0 R15: ffff88811ae20000 [ 39.983719][ T648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 39.994214][ T638] R13: dffffc0000000000 R14: 000000000f4aab80 R15: ffff88811a952400 [ 40.007744][ T654] ------------[ cut here ]------------ [ 40.010378][ T628] exit_to_user_mode_prepare+0x87/0xd0 [ 40.013820][ T632] FS: 0000555594cb2500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 40.019204][ T628] syscall_exit_to_user_mode+0x1a/0x30 [ 40.028729][ T654] WARNING: CPU: 0 PID: 654 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 40.035118][ T638] FS: 0000555581043500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.047729][ T632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.054187][ T648] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 40.064098][ T654] Modules linked in: [ 40.067235][ T648] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 40.070346][ T654] CPU: 0 PID: 654 Comm: syz.2.145 Tainted: G B W syzkaller #0 [ 40.090650][ T628] do_syscall_64+0x58/0xa0 [ 40.099595][ T632] CR2: 0000000000000000 CR3: 000000011c5f1000 CR4: 00000000003506b0 [ 40.104030][ T638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.112042][ T632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.118976][ T638] CR2: 0000000000000000 CR3: 0000000124ba9000 CR4: 00000000003506a0 [ 40.126911][ T654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 40.136007][ T628] ? clear_bhb_loop+0x50/0xa0 [ 40.145897][ T632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.151981][ T648] RSP: 0018:ffffc90000bf7d10 EFLAGS: 00010293 [ 40.158828][ T638] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.166050][ T648] RAX: ffffffff845dbbf7 RBX: ffff88811d013000 RCX: ffff88811b5093c0 [ 40.173339][ T654] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 40.181968][ T628] ? clear_bhb_loop+0x50/0xa0 [ 40.188047][ T638] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.193625][ T628] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 40.200852][ T632] Call Trace: [ 40.207326][ T648] RDX: 0000000000000000 RSI: 000000000f4aa440 RDI: 000000000c04eb7d [ 40.209957][ T632] [ 40.218526][ T648] RBP: ffffc90000bf7d30 R08: ffff88811d013083 R09: 1ffff11023a02610 [ 40.221127][ T654] Code: 5d c3 e8 1c f1 0b fd be 02 00 00 00 eb 0a e8 10 f1 0b fd be 01 00 00 00 4c 89 f7 e8 a3 60 f2 fd e9 0f ff ff ff e8 f9 f0 0b fd <0f> 0b 48 89 df e8 ef 00 00 00 eb bd e8 e8 f0 0b fd 4c 89 f7 be 03 [ 40.230298][ T628] RIP: 0033:0x7f4af0980e59 [ 40.249344][ T638] Call Trace: [ 40.254289][ T648] R10: dffffc0000000000 R11: ffffed1023a02611 R12: dffffc0000000000 [ 40.256962][ T632] pppol2tp_release+0x150/0x2b0 [ 40.265603][ T648] R13: dffffc0000000000 R14: 000000000f4aa440 R15: ffff88811c51a400 [ 40.270073][ T638] [ 40.278761][ T628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 40.281159][ T632] sock_close+0xb8/0x200 [ 40.301587][ T648] FS: 0000555593b7a500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.305086][ T654] RSP: 0018:ffffc90000c27d10 EFLAGS: 00010293 [ 40.314236][ T638] pppol2tp_release+0x150/0x2b0 [ 40.314937][ T628] RSP: 002b:00007ffc77cbd878 EFLAGS: 00000246 [ 40.320507][ T654] [ 40.325910][ T648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.331396][ T638] sock_close+0xb8/0x200 [ 40.334349][ T648] CR2: 0000000000000000 CR3: 0000000122748000 CR4: 00000000003506a0 [ 40.340475][ T638] ? sock_mmap+0xa0/0xa0 [ 40.345440][ T628] ORIG_RAX: 00000000000001b4 [ 40.352818][ T632] ? sock_mmap+0xa0/0xa0 [ 40.357954][ T648] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.361967][ T654] RAX: ffffffff845dbbf7 RBX: ffff88811d47f000 RCX: ffff88811f97e2c0 [ 40.366692][ T648] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.374323][ T632] __fput+0x22b/0x900 [ 40.384081][ T628] RAX: 0000000000000000 RBX: 00007ffc77cbd960 RCX: 00007f4af0980e59 [ 40.390879][ T638] __fput+0x22b/0x900 [ 40.395359][ T628] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 40.402561][ T638] ____fput+0x15/0x20 [ 40.407519][ T648] Call Trace: [ 40.414838][ T654] RDX: 0000000000000000 RSI: 0000000023dcea20 RDI: 000000000c04eb7d [ 40.419665][ T628] RBP: 000000000000994f R08: 0000000000000001 R09: 0000000000000000 [ 40.422053][ T632] ____fput+0x15/0x20 [ 40.430945][ T648] [ 40.438595][ T654] RBP: ffffc90000c27d30 R08: ffff88811d47f083 R09: 1ffff11023a8fe10 [ 40.443278][ T628] R10: 0000001b33120000 R11: 0000000000000246 R12: 00007ffc77cbd9a0 [ 40.445304][ T654] R10: dffffc0000000000 R11: ffffed1023a8fe11 R12: dffffc0000000000 [ 40.454628][ T648] pppol2tp_release+0x150/0x2b0 [ 40.463030][ T638] task_work_run+0x127/0x190 [ 40.463057][ T638] exit_to_user_mode_loop+0xd0/0xe0 [ 40.463078][ T638] exit_to_user_mode_prepare+0x87/0xd0 [ 40.463098][ T638] syscall_exit_to_user_mode+0x1a/0x30 [ 40.463119][ T638] do_syscall_64+0x58/0xa0 [ 40.463142][ T638] ? clear_bhb_loop+0x50/0xa0 [ 40.463161][ T638] ? clear_bhb_loop+0x50/0xa0 [ 40.473418][ T628] R13: 00007f4af0c08fac R14: 0000000000009983 R15: 00007f4af0c08fa0 [ 40.476851][ T632] task_work_run+0x127/0x190 [ 40.482019][ T628] [ 40.486672][ T638] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 40.493107][ T648] sock_close+0xb8/0x200 [ 40.498002][ T632] exit_to_user_mode_loop+0xd0/0xe0 [ 40.503062][ T628] ---[ end trace 7d0405eddeb0168b ]--- [ 40.507102][ T638] RIP: 0033:0x7f9ca041be59 [ 40.515951][ T648] ? sock_mmap+0xa0/0xa0 [ 40.520476][ T654] R13: dffffc0000000000 R14: 0000000023dcea20 R15: ffff88811b632c00 [ 40.520497][ T654] FS: 000055557cdb6500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 40.550482][ T648] __fput+0x22b/0x900