Warning: Permanently added '10.128.1.193' (ED25519) to the list of known hosts.
2024/06/28 01:36:14 ignoring optional flag "sandboxArg"="0"
2024/06/28 01:36:14 parsed 1 programs
[  154.361699][ T5108] cgroup: Unknown subsys name 'net'
[  154.498520][ T5108] cgroup: Unknown subsys name 'rlimit'
[  156.222306][ T5108] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  157.410683][ T5131] chnl_net:caif_netlink_parms(): no params data found
[  157.495220][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.503607][ T5131] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.511444][ T5131] bridge_slave_0: entered allmulticast mode
[  157.518812][ T5131] bridge_slave_0: entered promiscuous mode
[  157.529369][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.536712][ T5131] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.544192][ T5131] bridge_slave_1: entered allmulticast mode
[  157.551585][ T5131] bridge_slave_1: entered promiscuous mode
[  157.590711][ T5131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.603610][ T5131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.637896][ T5131] team0: Port device team_slave_0 added
[  157.646663][ T5131] team0: Port device team_slave_1 added
[  157.677824][ T5131] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.684974][ T5131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.711517][ T5131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.725985][ T5131] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.733073][ T5131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.759054][ T5131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.806137][ T5131] hsr_slave_0: entered promiscuous mode
[  157.812850][ T5131] hsr_slave_1: entered promiscuous mode
[  157.967442][ T5131] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  157.979958][ T5131] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  157.991494][ T5131] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.002486][ T5131] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.035738][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.043223][ T5131] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.051462][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.058736][ T5131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.131685][ T5131] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.154929][  T784] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.164979][  T784] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.185195][ T5131] 8021q: adding VLAN 0 to HW filter on device team0
[  158.199854][  T784] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.207204][  T784] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.222216][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.229476][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.406847][ T5131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.454530][ T5131] veth0_vlan: entered promiscuous mode
[  158.469689][ T5131] veth1_vlan: entered promiscuous mode
[  158.504427][ T5131] veth0_macvtap: entered promiscuous mode
[  158.521446][ T5131] veth1_macvtap: entered promiscuous mode
[  158.542122][ T5131] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.558052][ T5131] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.572527][ T5131] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.581477][ T5131] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.591108][ T5131] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.600664][ T5131] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.727161][ T5131] syz-executor (5131) used greatest stack depth: 18680 bytes left
[  158.748870][ T1004] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.832422][ T1004] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.911901][ T1004] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.998274][ T1004] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.087956][ T3671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.100834][ T3671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.135675][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.144382][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.909058][ T5173] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  159.917948][ T5173] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  159.925710][ T5173] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  159.935122][ T5173] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  159.943624][ T5173] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  159.951728][ T5173] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/06/28 01:36:21 executed programs: 0
[  160.904623][ T5173] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  160.913645][ T5173] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  160.921849][ T5173] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  160.930461][ T5173] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  160.938379][ T5173] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  160.945793][ T5173] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  161.113422][ T5195] chnl_net:caif_netlink_parms(): no params data found
[  161.187266][ T5195] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.194635][ T5195] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.202356][ T5195] bridge_slave_0: entered allmulticast mode
[  161.210684][ T5195] bridge_slave_0: entered promiscuous mode
[  161.219150][ T5195] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.226299][ T5195] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.234107][ T5195] bridge_slave_1: entered allmulticast mode
[  161.242238][ T5195] bridge_slave_1: entered promiscuous mode
[  161.275554][ T5195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.289388][ T5195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.324930][ T5195] team0: Port device team_slave_0 added
[  161.333754][ T5195] team0: Port device team_slave_1 added
[  161.364434][ T5195] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.371714][ T5195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.398232][ T5195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.410832][ T5195] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.417807][ T5195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.444850][ T5195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.502903][ T5195] hsr_slave_0: entered promiscuous mode
[  161.510546][ T5195] hsr_slave_1: entered promiscuous mode
[  161.517110][ T5195] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.527499][ T5195] Cannot create hsr debugfs directory
[  162.989950][ T4487] Bluetooth: hci0: command tx timeout
[  163.797036][ T1004] bridge_slave_1: left allmulticast mode
[  163.807703][ T1004] bridge_slave_1: left promiscuous mode
[  163.817667][ T1004] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.840321][ T1004] bridge_slave_0: left allmulticast mode
[  163.846130][ T1004] bridge_slave_0: left promiscuous mode
[  163.852300][ T1004] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.107155][ T1004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.120442][ T1004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.130967][ T1004] bond0 (unregistering): Released all slaves
[  164.293418][ T1004] hsr_slave_0: left promiscuous mode
[  164.299929][ T1004] hsr_slave_1: left promiscuous mode
[  164.306922][ T1004] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  164.316250][ T1004] batman_adv: batadv0: Removing interface: batadv_slave_0
[  164.326100][ T1004] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  164.338520][ T1004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  164.366577][ T1004] veth1_macvtap: left promiscuous mode
[  164.372768][ T1004] veth0_macvtap: left promiscuous mode
[  164.383133][ T1004] veth1_vlan: left promiscuous mode
[  164.389905][ T1004] veth0_vlan: left promiscuous mode
[  164.827480][ T1004] team0 (unregistering): Port device team_slave_1 removed
[  164.864099][ T1004] team0 (unregistering): Port device team_slave_0 removed
[  165.068530][ T4487] Bluetooth: hci0: command tx timeout
[  165.493014][ T5195] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  165.506336][ T5195] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  165.527619][ T5195] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  165.543367][ T5195] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  165.777830][ T5195] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.399156][ T5195] 8021q: adding VLAN 0 to HW filter on device team0
[  166.424809][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.432481][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.455771][  T784] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.463908][  T784] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.730637][ T5195] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.780617][ T5195] veth0_vlan: entered promiscuous mode
[  166.794907][ T5195] veth1_vlan: entered promiscuous mode
[  166.827225][ T5195] veth0_macvtap: entered promiscuous mode
[  166.843014][ T5195] veth1_macvtap: entered promiscuous mode
[  166.865163][ T5195] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.881117][ T5195] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.896747][ T5195] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.905721][ T5195] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.916130][ T5195] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.925579][ T5195] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.995166][ T3671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.004698][ T3671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.033850][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2024/06/28 01:36:27 executed programs: 2
[  167.043034][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.148528][ T4487] Bluetooth: hci0: command tx timeout
[  167.201701][ T3671] ==================================================================
[  167.209875][ T3671] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x128/0x9e0
[  167.218025][ T3671] Read of size 8 at addr ffff88806d6be010 by task kworker/u8:7/3671
[  167.226065][ T3671] 
[  167.228431][ T3671] CPU: 1 PID: 3671 Comm: kworker/u8:7 Not tainted 6.10.0-rc4-syzkaller-00948-gcce346d44139 #0
[  167.238820][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  167.248906][ T3671] Workqueue: l2tp l2tp_tunnel_del_work
[  167.254447][ T3671] Call Trace:
[  167.257759][ T3671]  <TASK>
[  167.260741][ T3671]  dump_stack_lvl+0x241/0x360
[  167.265468][ T3671]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.270715][ T3671]  ? __pfx__printk+0x10/0x10
[  167.275441][ T3671]  ? _printk+0xd5/0x120
[  167.279644][ T3671]  ? __virt_addr_valid+0x183/0x520
[  167.284804][ T3671]  ? __virt_addr_valid+0x183/0x520
[  167.290334][ T3671]  print_report+0x169/0x550
[  167.294977][ T3671]  ? __virt_addr_valid+0x183/0x520
[  167.300181][ T3671]  ? __virt_addr_valid+0x183/0x520
[  167.305521][ T3671]  ? __virt_addr_valid+0x44e/0x520
[  167.310803][ T3671]  ? __phys_addr+0xba/0x170
[  167.315369][ T3671]  ? l2tp_session_delete+0x128/0x9e0
[  167.320862][ T3671]  kasan_report+0x143/0x180
[  167.325511][ T3671]  ? l2tp_session_delete+0x128/0x9e0
[  167.330894][ T3671]  l2tp_session_delete+0x128/0x9e0
[  167.336171][ T3671]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  167.341944][ T3671]  l2tp_tunnel_del_work+0x1cb/0x330
[  167.347230][ T3671]  ? process_scheduled_works+0x945/0x1830
[  167.353001][ T3671]  process_scheduled_works+0xa2c/0x1830
[  167.358698][ T3671]  ? __pfx_process_scheduled_works+0x10/0x10
[  167.364841][ T3671]  ? assign_work+0x364/0x3d0
[  167.369767][ T3671]  worker_thread+0x86d/0xd70
[  167.374693][ T3671]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  167.380810][ T3671]  ? __kthread_parkme+0x169/0x1d0
[  167.386014][ T3671]  ? __pfx_worker_thread+0x10/0x10
[  167.391448][ T3671]  kthread+0x2f0/0x390
[  167.396550][ T3671]  ? __pfx_worker_thread+0x10/0x10
[  167.401727][ T3671]  ? __pfx_kthread+0x10/0x10
[  167.406367][ T3671]  ret_from_fork+0x4b/0x80
[  167.410846][ T3671]  ? __pfx_kthread+0x10/0x10
[  167.415490][ T3671]  ret_from_fork_asm+0x1a/0x30
[  167.420321][ T3671]  </TASK>
[  167.423388][ T3671] 
[  167.425747][ T3671] Allocated by task 5255:
[  167.430109][ T3671]  kasan_save_track+0x3f/0x80
[  167.435001][ T3671]  __kasan_kmalloc+0x98/0xb0
[  167.439807][ T3671]  __kmalloc_noprof+0x1f9/0x400
[  167.444808][ T3671]  l2tp_session_create+0x3b/0xc20
[  167.450171][ T3671]  pppol2tp_connect+0xca3/0x17a0
[  167.455352][ T3671]  __sys_connect+0x2df/0x310
[  167.460005][ T3671]  __x64_sys_connect+0x7a/0x90
[  167.464820][ T3671]  do_syscall_64+0xf3/0x230
[  167.469376][ T3671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.475589][ T3671] 
[  167.477953][ T3671] Freed by task 25:
[  167.481882][ T3671]  kasan_save_track+0x3f/0x80
[  167.486601][ T3671]  kasan_save_free_info+0x40/0x50
[  167.491729][ T3671]  poison_slab_object+0xe0/0x150
[  167.496709][ T3671]  __kasan_slab_free+0x37/0x60
[  167.501513][ T3671]  kfree+0x149/0x360
[  167.505466][ T3671]  __sk_destruct+0x58/0x5f0
[  167.510034][ T3671]  rcu_core+0xafd/0x1830
[  167.514312][ T3671]  handle_softirqs+0x2c4/0x970
[  167.519114][ T3671]  run_ksoftirqd+0xca/0x130
[  167.523885][ T3671]  smpboot_thread_fn+0x544/0xa30
[  167.528862][ T3671]  kthread+0x2f0/0x390
[  167.532968][ T3671]  ret_from_fork+0x4b/0x80
[  167.537419][ T3671]  ret_from_fork_asm+0x1a/0x30
[  167.542227][ T3671] 
[  167.544577][ T3671] Last potentially related work creation:
[  167.550695][ T3671]  kasan_save_stack+0x3f/0x60
[  167.555415][ T3671]  __kasan_record_aux_stack+0xac/0xc0
[  167.560830][ T3671]  call_rcu+0x167/0xa70
[  167.565025][ T3671]  pppol2tp_release+0x24b/0x350
[  167.570002][ T3671]  sock_close+0xbc/0x240
[  167.574286][ T3671]  __fput+0x406/0x8b0
[  167.578561][ T3671]  task_work_run+0x24f/0x310
[  167.583307][ T3671]  syscall_exit_to_user_mode+0x168/0x370
[  167.589005][ T3671]  do_syscall_64+0x100/0x230
[  167.593675][ T3671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.599713][ T3671] 
[  167.602084][ T3671] The buggy address belongs to the object at ffff88806d6be000
[  167.602084][ T3671]  which belongs to the cache kmalloc-1k of size 1024
[  167.616225][ T3671] The buggy address is located 16 bytes inside of
[  167.616225][ T3671]  freed 1024-byte region [ffff88806d6be000, ffff88806d6be400)
[  167.630059][ T3671] 
[  167.632407][ T3671] The buggy address belongs to the physical page:
[  167.638858][ T3671] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6d6b8
[  167.647660][ T3671] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  167.656278][ T3671] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  167.664396][ T3671] page_type: 0xffffefff(slab)
[  167.669110][ T3671] raw: 00fff00000000040 ffff888015041dc0 dead000000000122 0000000000000000
[  167.677901][ T3671] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  167.686836][ T3671] head: 00fff00000000040 ffff888015041dc0 dead000000000122 0000000000000000
[  167.695637][ T3671] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  167.704447][ T3671] head: 00fff00000000003 ffffea0001b5ae01 ffffffffffffffff 0000000000000000
[  167.713595][ T3671] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  167.722486][ T3671] page dumped because: kasan: bad access detected
[  167.729725][ T3671] page_owner tracks the page as allocated
[  167.735923][ T3671] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5195, tgid 5195 (syz-executor), ts 167068052439, free_ts 167061567274
[  167.760039][ T3671]  post_alloc_hook+0x1f3/0x230
[  167.764839][ T3671]  get_page_from_freelist+0x2e43/0x2f00
[  167.770560][ T3671]  __alloc_pages_noprof+0x256/0x6c0
[  167.775821][ T3671]  alloc_slab_page+0x5f/0x120
[  167.780550][ T3671]  allocate_slab+0x5a/0x2f0
[  167.785103][ T3671]  ___slab_alloc+0xcd1/0x14b0
[  167.790171][ T3671]  __slab_alloc+0x58/0xa0
[  167.794640][ T3671]  __kmalloc_noprof+0x257/0x400
[  167.799543][ T3671]  ipt_alloc_initial_table+0x70/0x5b0
[  167.805099][ T3671]  iptable_security_table_init+0x1c/0x70
[  167.810778][ T3671]  xt_find_table_lock+0x2d4/0x3b0
[  167.815948][ T3671]  xt_request_find_table_lock+0x26/0x100
[  167.821738][ T3671]  do_ipt_get_ctl+0x89e/0x1810
[  167.826649][ T3671]  nf_getsockopt+0x299/0x2c0
[  167.831322][ T3671]  ip_getsockopt+0x222/0x2e0
[  167.836125][ T3671]  tcp_getsockopt+0x163/0x1c0
[  167.840852][ T3671] page last free pid 1004 tgid 1004 stack trace:
[  167.847211][ T3671]  free_unref_page+0xd22/0xea0
[  167.852026][ T3671]  __folio_put+0x3b9/0x620
[  167.856499][ T3671]  free_large_kmalloc+0x105/0x1c0
[  167.861565][ T3671]  kfree+0x1c4/0x360
[  167.865554][ T3671]  rhashtable_free_and_destroy+0x7c6/0x920
[  167.871622][ T3671]  ila_xlat_exit_net+0x55/0x110
[  167.876531][ T3671]  cleanup_net+0x802/0xcc0
[  167.881005][ T3671]  process_scheduled_works+0xa2c/0x1830
[  167.886684][ T3671]  worker_thread+0x86d/0xd70
[  167.891494][ T3671]  kthread+0x2f0/0x390
[  167.895610][ T3671]  ret_from_fork+0x4b/0x80
[  167.900109][ T3671]  ret_from_fork_asm+0x1a/0x30
[  167.904923][ T3671] 
[  167.907272][ T3671] Memory state around the buggy address:
[  167.912939][ T3671]  ffff88806d6bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.921157][ T3671]  ffff88806d6bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.929274][ T3671] >ffff88806d6be000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.937457][ T3671]                          ^
[  167.942098][ T3671]  ffff88806d6be080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.950373][ T3671]  ffff88806d6be100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.958559][ T3671] ==================================================================
[  167.979719][ T3671] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  167.986976][ T3671] CPU: 1 PID: 3671 Comm: kworker/u8:7 Not tainted 6.10.0-rc4-syzkaller-00948-gcce346d44139 #0
[  167.997425][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  168.007535][ T3671] Workqueue: l2tp l2tp_tunnel_del_work
[  168.013058][ T3671] Call Trace:
[  168.016369][ T3671]  <TASK>
[  168.019417][ T3671]  dump_stack_lvl+0x241/0x360
[  168.024144][ T3671]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.029386][ T3671]  ? __pfx__printk+0x10/0x10
[  168.034082][ T3671]  ? preempt_schedule+0xe1/0xf0
[  168.038974][ T3671]  ? vscnprintf+0x5d/0x90
[  168.043355][ T3671]  panic+0x349/0x860
[  168.047296][ T3671]  ? check_panic_on_warn+0x21/0xb0
[  168.052443][ T3671]  ? __pfx_panic+0x10/0x10
[  168.056895][ T3671]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  168.062911][ T3671]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  168.069361][ T3671]  ? print_report+0x502/0x550
[  168.074178][ T3671]  check_panic_on_warn+0x86/0xb0
[  168.079162][ T3671]  ? l2tp_session_delete+0x128/0x9e0
[  168.084499][ T3671]  end_report+0x77/0x160
[  168.088796][ T3671]  kasan_report+0x154/0x180
[  168.093449][ T3671]  ? l2tp_session_delete+0x128/0x9e0
[  168.098801][ T3671]  l2tp_session_delete+0x128/0x9e0
[  168.104215][ T3671]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  168.109613][ T3671]  l2tp_tunnel_del_work+0x1cb/0x330
[  168.116616][ T3671]  ? process_scheduled_works+0x945/0x1830
[  168.122455][ T3671]  process_scheduled_works+0xa2c/0x1830
[  168.128110][ T3671]  ? __pfx_process_scheduled_works+0x10/0x10
[  168.134101][ T3671]  ? assign_work+0x364/0x3d0
[  168.138724][ T3671]  worker_thread+0x86d/0xd70
[  168.143464][ T3671]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  168.149392][ T3671]  ? __kthread_parkme+0x169/0x1d0
[  168.154457][ T3671]  ? __pfx_worker_thread+0x10/0x10
[  168.159675][ T3671]  kthread+0x2f0/0x390
[  168.163963][ T3671]  ? __pfx_worker_thread+0x10/0x10
[  168.169123][ T3671]  ? __pfx_kthread+0x10/0x10
[  168.173859][ T3671]  ret_from_fork+0x4b/0x80
[  168.178335][ T3671]  ? __pfx_kthread+0x10/0x10
[  168.183061][ T3671]  ret_from_fork_asm+0x1a/0x30
[  168.187897][ T3671]  </TASK>
[  168.191065][ T3671] Kernel Offset: disabled
[  168.195417][ T3671] Rebooting in 86400 seconds..