Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   70.333434][ T2819] ==================================================================
[   70.341544][ T2819] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0
[   70.349553][ T2819] Write of size 8 at addr ffff888020eaf008 by task kworker/u8:9/2819
[   70.357603][ T2819] 
[   70.359918][ T2819] CPU: 0 PID: 2819 Comm: kworker/u8:9 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[   70.370139][ T2819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
executing program
executing program
executing program
executing program
[   70.380185][ T2819] Workqueue: l2tp l2tp_tunnel_del_work
[   70.385660][ T2819] Call Trace:
[   70.388956][ T2819]  <TASK>
[   70.391896][ T2819]  dump_stack_lvl+0x241/0x360
[   70.396562][ T2819]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.401759][ T2819]  ? __pfx__printk+0x10/0x10
[   70.406360][ T2819]  ? _printk+0xd5/0x120
[   70.410518][ T2819]  ? __virt_addr_valid+0x183/0x520
[   70.415638][ T2819]  ? __virt_addr_valid+0x183/0x520
[   70.420834][ T2819]  print_report+0x169/0x550
[   70.425349][ T2819]  ? __virt_addr_valid+0x183/0x520
[   70.430445][ T2819]  ? __virt_addr_valid+0x183/0x520
[   70.435544][ T2819]  ? __virt_addr_valid+0x44e/0x520
[   70.440643][ T2819]  ? __phys_addr+0xba/0x170
[   70.445134][ T2819]  ? l2tp_session_delete+0x28/0x9e0
[   70.450316][ T2819]  kasan_report+0x143/0x180
[   70.454809][ T2819]  ? l2tp_session_delete+0x28/0x9e0
[   70.459993][ T2819]  kasan_check_range+0x282/0x290
[   70.464921][ T2819]  l2tp_session_delete+0x28/0x9e0
[   70.469930][ T2819]  ? l2tp_tunnel_del_work+0x1d3/0x330
[   70.475285][ T2819]  l2tp_tunnel_del_work+0x1cb/0x330
[   70.480471][ T2819]  ? process_scheduled_works+0x945/0x1830
[   70.486175][ T2819]  process_scheduled_works+0xa2c/0x1830
[   70.491713][ T2819]  ? __pfx_process_scheduled_works+0x10/0x10
[   70.497682][ T2819]  ? assign_work+0x364/0x3d0
[   70.502257][ T2819]  worker_thread+0x86d/0xd50
[   70.506836][ T2819]  ? __kthread_parkme+0x169/0x1d0
[   70.511847][ T2819]  ? __pfx_worker_thread+0x10/0x10
[   70.516942][ T2819]  kthread+0x2f0/0x390
[   70.520994][ T2819]  ? __pfx_worker_thread+0x10/0x10
[   70.526086][ T2819]  ? __pfx_kthread+0x10/0x10
[   70.530662][ T2819]  ret_from_fork+0x4b/0x80
[   70.535067][ T2819]  ? __pfx_kthread+0x10/0x10
[   70.539643][ T2819]  ret_from_fork_asm+0x1a/0x30
[   70.544400][ T2819]  </TASK>
[   70.547400][ T2819] 
[   70.549704][ T2819] Allocated by task 5089:
[   70.554012][ T2819]  kasan_save_track+0x3f/0x80
[   70.558674][ T2819]  __kasan_kmalloc+0x98/0xb0
[   70.563247][ T2819]  __kmalloc_noprof+0x1f9/0x400
[   70.568083][ T2819]  l2tp_session_create+0x3b/0xc20
[   70.573088][ T2819]  pppol2tp_connect+0xca3/0x17a0
[   70.578006][ T2819]  __sys_connect+0x2df/0x310
[   70.582580][ T2819]  __x64_sys_connect+0x7a/0x90
[   70.587329][ T2819]  do_syscall_64+0xf3/0x230
[   70.591815][ T2819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.597693][ T2819] 
[   70.600000][ T2819] Freed by task 0:
[   70.603699][ T2819]  kasan_save_track+0x3f/0x80
[   70.608359][ T2819]  kasan_save_free_info+0x40/0x50
[   70.613369][ T2819]  poison_slab_object+0xe0/0x150
[   70.618290][ T2819]  __kasan_slab_free+0x37/0x60
[   70.623035][ T2819]  kfree+0x149/0x360
[   70.626915][ T2819]  __sk_destruct+0x58/0x5f0
[   70.631402][ T2819]  rcu_core+0xafd/0x1830
[   70.635628][ T2819]  handle_softirqs+0x2c4/0x970
[   70.640372][ T2819]  __irq_exit_rcu+0xf4/0x1c0
[   70.644944][ T2819]  irq_exit_rcu+0x9/0x30
[   70.649167][ T2819]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   70.654783][ T2819]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   70.660743][ T2819] 
[   70.663047][ T2819] Last potentially related work creation:
[   70.668826][ T2819]  kasan_save_stack+0x3f/0x60
[   70.673485][ T2819]  __kasan_record_aux_stack+0xac/0xc0
[   70.678840][ T2819]  call_rcu+0x167/0xa70
[   70.682978][ T2819]  pppol2tp_release+0x24b/0x350
[   70.687816][ T2819]  sock_close+0xbc/0x240
[   70.692040][ T2819]  __fput+0x24a/0x8a0
[   70.696006][ T2819]  task_work_run+0x24f/0x310
[   70.700579][ T2819]  do_exit+0xa27/0x27e0
[   70.704720][ T2819]  do_group_exit+0x207/0x2c0
[   70.709294][ T2819]  __x64_sys_exit_group+0x3f/0x40
[   70.714299][ T2819]  do_syscall_64+0xf3/0x230
[   70.718782][ T2819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.724656][ T2819] 
[   70.726964][ T2819] The buggy address belongs to the object at ffff888020eaf000
[   70.726964][ T2819]  which belongs to the cache kmalloc-1k of size 1024
[   70.741001][ T2819] The buggy address is located 8 bytes inside of
[   70.741001][ T2819]  freed 1024-byte region [ffff888020eaf000, ffff888020eaf400)
[   70.754690][ T2819] 
[   70.756995][ T2819] The buggy address belongs to the physical page:
[   70.763392][ T2819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20ea8
[   70.772135][ T2819] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   70.780612][ T2819] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   70.788138][ T2819] page_type: 0xffffefff(slab)
[   70.792799][ T2819] raw: 00fff00000000040 ffff888015041dc0 ffffea000064a600 dead000000000002
[   70.801360][ T2819] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   70.809923][ T2819] head: 00fff00000000040 ffff888015041dc0 ffffea000064a600 dead000000000002
[   70.818572][ T2819] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   70.827221][ T2819] head: 00fff00000000003 ffffea000083aa01 ffffffffffffffff 0000000000000000
[   70.835870][ T2819] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   70.844545][ T2819] page dumped because: kasan: bad access detected
[   70.850944][ T2819] page_owner tracks the page as allocated
[   70.856634][ T2819] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7134349227, free_ts 0
[   70.876234][ T2819]  post_alloc_hook+0x1f3/0x230
[   70.880983][ T2819]  get_page_from_freelist+0x2e4c/0x2f10
[   70.886515][ T2819]  __alloc_pages_noprof+0x256/0x6c0
[   70.891698][ T2819]  alloc_slab_page+0x5f/0x120
[   70.896359][ T2819]  allocate_slab+0x5a/0x2f0
[   70.900844][ T2819]  ___slab_alloc+0xcd1/0x14b0
[   70.905500][ T2819]  __slab_alloc+0x58/0xa0
[   70.909833][ T2819]  __kmalloc_noprof+0x257/0x400
[   70.914669][ T2819]  alloc_workqueue+0x1b0/0x2060
[   70.919506][ T2819]  nbd_dev_add+0x5b2/0xc80
[   70.923914][ T2819]  nbd_init+0x210/0x2c0
[   70.928052][ T2819]  do_one_initcall+0x248/0x880
[   70.932803][ T2819]  do_initcall_level+0x157/0x210
[   70.937729][ T2819]  do_initcalls+0x3f/0x80
[   70.942043][ T2819]  kernel_init_freeable+0x435/0x5d0
[   70.947228][ T2819]  kernel_init+0x1d/0x2b0
[   70.951541][ T2819] page_owner free stack trace missing
[   70.956886][ T2819] 
[   70.959190][ T2819] Memory state around the buggy address:
[   70.964799][ T2819]  ffff888020eaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.972839][ T2819]  ffff888020eaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
executing program
[   70.980879][ T2819] >ffff888020eaf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.988917][ T2819]                       ^
[   70.993224][ T2819]  ffff888020eaf080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.001262][ T2819]  ffff888020eaf100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.009299][ T2819] ==================================================================
[   71.022396][ T2819] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.029627][ T2819] CPU: 1 PID: 2819 Comm: kworker/u8:9 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[   71.039864][ T2819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   71.049899][ T2819] Workqueue: l2tp l2tp_tunnel_del_work
[   71.055340][ T2819] Call Trace:
[   71.058600][ T2819]  <TASK>
[   71.061506][ T2819]  dump_stack_lvl+0x241/0x360
[   71.066168][ T2819]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.071343][ T2819]  ? __pfx__printk+0x10/0x10
[   71.075917][ T2819]  ? preempt_schedule+0xe1/0xf0
[   71.080745][ T2819]  ? vscnprintf+0x5d/0x90
[   71.085053][ T2819]  panic+0x349/0x860
[   71.088928][ T2819]  ? check_panic_on_warn+0x21/0xb0
[   71.094019][ T2819]  ? __pfx_panic+0x10/0x10
[   71.098428][ T2819]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.104386][ T2819]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.110688][ T2819]  ? print_report+0x502/0x550
[   71.115346][ T2819]  check_panic_on_warn+0x86/0xb0
[   71.120264][ T2819]  ? l2tp_session_delete+0x28/0x9e0
[   71.125444][ T2819]  end_report+0x77/0x160
[   71.129677][ T2819]  kasan_report+0x154/0x180
[   71.134166][ T2819]  ? l2tp_session_delete+0x28/0x9e0
[   71.139350][ T2819]  kasan_check_range+0x282/0x290
[   71.144274][ T2819]  l2tp_session_delete+0x28/0x9e0
[   71.149281][ T2819]  ? l2tp_tunnel_del_work+0x1d3/0x330
[   71.154636][ T2819]  l2tp_tunnel_del_work+0x1cb/0x330
[   71.159822][ T2819]  ? process_scheduled_works+0x945/0x1830
[   71.165525][ T2819]  process_scheduled_works+0xa2c/0x1830
[   71.171065][ T2819]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.177030][ T2819]  ? assign_work+0x364/0x3d0
[   71.181604][ T2819]  worker_thread+0x86d/0xd50
[   71.186184][ T2819]  ? __kthread_parkme+0x169/0x1d0
[   71.191192][ T2819]  ? __pfx_worker_thread+0x10/0x10
[   71.196287][ T2819]  kthread+0x2f0/0x390
[   71.200341][ T2819]  ? __pfx_worker_thread+0x10/0x10
[   71.205436][ T2819]  ? __pfx_kthread+0x10/0x10
[   71.210011][ T2819]  ret_from_fork+0x4b/0x80
[   71.214415][ T2819]  ? __pfx_kthread+0x10/0x10
[   71.218988][ T2819]  ret_from_fork_asm+0x1a/0x30
[   71.223744][ T2819]  </TASK>
[   71.226967][ T2819] Kernel Offset: disabled
[   71.231273][ T2819] Rebooting in 86400 seconds..