Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts.
2024/06/21 17:42:24 ignoring optional flag "sandboxArg"="0"
2024/06/21 17:42:24 parsed 1 programs
[  165.743565][ T5104] cgroup: Unknown subsys name 'net'
[  166.000661][ T5104] cgroup: Unknown subsys name 'rlimit'
[  167.111754][ T5130] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  167.430965][ T5139] chnl_net:caif_netlink_parms(): no params data found
[  167.519454][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.527247][ T5139] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.534570][ T5139] bridge_slave_0: entered allmulticast mode
[  167.541700][ T5139] bridge_slave_0: entered promiscuous mode
[  167.551297][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.558575][ T5139] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.565685][ T5139] bridge_slave_1: entered allmulticast mode
[  167.572971][ T5139] bridge_slave_1: entered promiscuous mode
[  167.601597][ T5139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  167.613150][ T5139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  167.640564][ T5139] team0: Port device team_slave_0 added
[  167.649449][ T5139] team0: Port device team_slave_1 added
[  167.671772][ T5139] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.678876][ T5139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.704898][ T5139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.718003][ T5139] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.724951][ T5139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.750979][ T5139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.786752][ T5139] hsr_slave_0: entered promiscuous mode
[  167.793348][ T5139] hsr_slave_1: entered promiscuous mode
[  167.904825][ T5139] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  167.915144][ T5139] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  167.924584][ T5139] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  167.934620][ T5139] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  167.960614][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.967905][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.975850][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.983019][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.040743][ T5139] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.056237][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.065241][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.080968][ T5139] 8021q: adding VLAN 0 to HW filter on device team0
[  168.101327][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.108499][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.116741][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.123887][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.256559][ T5139] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.297265][ T5139] veth0_vlan: entered promiscuous mode
[  168.310971][ T5139] veth1_vlan: entered promiscuous mode
[  168.337764][ T5139] veth0_macvtap: entered promiscuous mode
[  168.348161][ T5139] veth1_macvtap: entered promiscuous mode
[  168.366948][ T5139] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.382848][ T5139] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.394054][ T5139] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.403836][ T5139] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.413078][ T5139] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.422131][ T5139] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.523990][ T5139] syz-executor.0 (5139) used greatest stack depth: 17712 bytes left
[  168.561064][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.583372][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  168.591904][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  168.600905][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  168.609656][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  168.617214][ T5156] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  168.625086][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  168.641073][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.710764][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.814085][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.926557][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.938720][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.964788][  T172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.972912][  T172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/06/21 17:42:29 executed programs: 0
[  170.398150][ T4488] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  170.406455][ T4488] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  170.417893][ T4488] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  170.438891][ T4488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  170.446617][ T4488] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  170.456087][ T4488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  170.614672][ T5203] chnl_net:caif_netlink_parms(): no params data found
[  170.670299][ T5203] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.677581][ T5203] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.684700][ T5203] bridge_slave_0: entered allmulticast mode
[  170.693663][ T5203] bridge_slave_0: entered promiscuous mode
[  170.701424][ T5203] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.708798][ T5203] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.716021][ T5203] bridge_slave_1: entered allmulticast mode
[  170.723099][ T5203] bridge_slave_1: entered promiscuous mode
[  170.746097][ T5203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.758448][ T5203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.791510][ T5203] team0: Port device team_slave_0 added
[  170.800017][ T5203] team0: Port device team_slave_1 added
[  170.821275][ T5203] batman_adv: batadv0: Adding interface: batadv_slave_0
[  170.829367][ T5203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.855371][ T5203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  170.868716][ T5203] batman_adv: batadv0: Adding interface: batadv_slave_1
[  170.875760][ T5203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.902256][ T5203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  170.936899][ T5203] hsr_slave_0: entered promiscuous mode
[  170.943358][ T5203] hsr_slave_1: entered promiscuous mode
[  170.950114][ T5203] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  170.958323][ T5203] Cannot create hsr debugfs directory
[  172.528594][ T4488] Bluetooth: hci0: command tx timeout
[  173.329112][   T35] bridge_slave_1: left allmulticast mode
[  173.334952][   T35] bridge_slave_1: left promiscuous mode
[  173.342584][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.355650][   T35] bridge_slave_0: left allmulticast mode
[  173.365069][   T35] bridge_slave_0: left promiscuous mode
[  173.371654][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.681523][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.694198][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.707575][   T35] bond0 (unregistering): Released all slaves
[  173.824926][   T35] hsr_slave_0: left promiscuous mode
[  173.834440][   T35] hsr_slave_1: left promiscuous mode
[  173.845081][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.855130][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.865023][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.875040][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.897564][   T35] veth1_macvtap: left promiscuous mode
[  173.903581][   T35] veth0_macvtap: left promiscuous mode
[  173.913270][   T35] veth1_vlan: left promiscuous mode
[  173.918880][   T35] veth0_vlan: left promiscuous mode
[  174.253287][   T35] team0 (unregistering): Port device team_slave_1 removed
[  174.278809][   T35] team0 (unregistering): Port device team_slave_0 removed
[  174.610313][ T4488] Bluetooth: hci0: command tx timeout
[  174.705454][ T5203] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  174.719423][ T5203] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  174.731755][ T5203] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  174.743608][ T5203] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  174.890305][ T5203] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.933067][ T5203] 8021q: adding VLAN 0 to HW filter on device team0
[  175.205521][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.212757][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.243405][ T5176] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.250629][ T5176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.582190][ T5203] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.641429][ T5203] veth0_vlan: entered promiscuous mode
[  175.661111][ T5203] veth1_vlan: entered promiscuous mode
[  175.744093][ T5203] veth0_macvtap: entered promiscuous mode
[  175.772611][ T5203] veth1_macvtap: entered promiscuous mode
[  175.833777][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.848859][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.866795][ T5203] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.878113][ T5203] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.886841][ T5203] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.896827][ T5203] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.048325][  T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.056168][  T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.098472][ T2791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.106335][ T2791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/06/21 17:42:35 executed programs: 1
[  176.202414][ T2791] ==================================================================
[  176.210615][ T2791] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0
[  176.218650][ T2791] Write of size 8 at addr ffff88807a425808 by task kworker/u8:8/2791
[  176.226720][ T2791] 
[  176.229065][ T2791] CPU: 1 PID: 2791 Comm: kworker/u8:8 Not tainted 6.10.0-rc4-syzkaller-00836-gb0d3969d2b4d #0
[  176.239314][ T2791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  176.249377][ T2791] Workqueue: l2tp l2tp_tunnel_del_work
[  176.254889][ T2791] Call Trace:
[  176.258176][ T2791]  <TASK>
[  176.261113][ T2791]  dump_stack_lvl+0x241/0x360
[  176.265809][ T2791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  176.271025][ T2791]  ? __pfx__printk+0x10/0x10
[  176.275635][ T2791]  ? _printk+0xd5/0x120
[  176.279867][ T2791]  ? __virt_addr_valid+0x183/0x520
[  176.284999][ T2791]  ? __virt_addr_valid+0x183/0x520
[  176.290116][ T2791]  print_report+0x169/0x550
[  176.294619][ T2791]  ? __virt_addr_valid+0x183/0x520
[  176.299802][ T2791]  ? __virt_addr_valid+0x183/0x520
[  176.304912][ T2791]  ? __virt_addr_valid+0x44e/0x520
[  176.310020][ T2791]  ? __phys_addr+0xba/0x170
[  176.314515][ T2791]  ? l2tp_session_delete+0x28/0x9e0
[  176.319705][ T2791]  kasan_report+0x143/0x180
[  176.324200][ T2791]  ? l2tp_session_delete+0x28/0x9e0
[  176.329400][ T2791]  kasan_check_range+0x282/0x290
[  176.334325][ T2791]  l2tp_session_delete+0x28/0x9e0
[  176.339339][ T2791]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  176.344702][ T2791]  l2tp_tunnel_del_work+0x1cb/0x330
[  176.349897][ T2791]  ? process_scheduled_works+0x945/0x1830
[  176.355621][ T2791]  process_scheduled_works+0xa2c/0x1830
[  176.361171][ T2791]  ? __pfx_process_scheduled_works+0x10/0x10
[  176.367139][ T2791]  ? assign_work+0x364/0x3d0
[  176.371718][ T2791]  worker_thread+0x86d/0xd70
[  176.376300][ T2791]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  176.382216][ T2791]  ? __kthread_parkme+0x169/0x1d0
[  176.387238][ T2791]  ? __pfx_worker_thread+0x10/0x10
[  176.392360][ T2791]  kthread+0x2f0/0x390
[  176.396420][ T2791]  ? __pfx_worker_thread+0x10/0x10
[  176.401559][ T2791]  ? __pfx_kthread+0x10/0x10
[  176.406140][ T2791]  ret_from_fork+0x4b/0x80
[  176.410661][ T2791]  ? __pfx_kthread+0x10/0x10
[  176.415270][ T2791]  ret_from_fork_asm+0x1a/0x30
[  176.420060][ T2791]  </TASK>
[  176.423072][ T2791] 
[  176.425382][ T2791] Allocated by task 5285:
[  176.429692][ T2791]  kasan_save_track+0x3f/0x80
[  176.434463][ T2791]  __kasan_kmalloc+0x98/0xb0
[  176.439044][ T2791]  __kmalloc_noprof+0x1f9/0x400
[  176.443896][ T2791]  l2tp_session_create+0x3b/0xc20
[  176.448927][ T2791]  pppol2tp_connect+0xca3/0x17a0
[  176.453860][ T2791]  __sys_connect+0x2df/0x310
[  176.458454][ T2791]  __x64_sys_connect+0x7a/0x90
[  176.463300][ T2791]  do_syscall_64+0xf3/0x230
[  176.467799][ T2791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.473699][ T2791] 
[  176.476029][ T2791] Freed by task 5203:
[  176.480005][ T2791]  kasan_save_track+0x3f/0x80
[  176.484685][ T2791]  kasan_save_free_info+0x40/0x50
[  176.489704][ T2791]  poison_slab_object+0xe0/0x150
[  176.494637][ T2791]  __kasan_slab_free+0x37/0x60
[  176.499479][ T2791]  kfree+0x149/0x360
[  176.503366][ T2791]  __sk_destruct+0x58/0x5f0
[  176.507861][ T2791]  rcu_core+0xafd/0x1830
[  176.512094][ T2791]  handle_softirqs+0x2c4/0x970
[  176.516841][ T2791]  __irq_exit_rcu+0xf4/0x1c0
[  176.521415][ T2791]  irq_exit_rcu+0x9/0x30
[  176.525641][ T2791]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  176.531261][ T2791]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  176.537264][ T2791] 
[  176.539576][ T2791] Last potentially related work creation:
[  176.545269][ T2791]  kasan_save_stack+0x3f/0x60
[  176.549942][ T2791]  __kasan_record_aux_stack+0xac/0xc0
[  176.555307][ T2791]  call_rcu+0x167/0xa70
[  176.559453][ T2791]  pppol2tp_release+0x24b/0x350
[  176.564467][ T2791]  sock_close+0xbc/0x240
[  176.568700][ T2791]  __fput+0x406/0x8b0
[  176.572666][ T2791]  task_work_run+0x24f/0x310
[  176.577246][ T2791]  syscall_exit_to_user_mode+0x168/0x370
[  176.582866][ T2791]  do_syscall_64+0x100/0x230
[  176.587444][ T2791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.593338][ T2791] 
[  176.595646][ T2791] The buggy address belongs to the object at ffff88807a425800
[  176.595646][ T2791]  which belongs to the cache kmalloc-1k of size 1024
[  176.609772][ T2791] The buggy address is located 8 bytes inside of
[  176.609772][ T2791]  freed 1024-byte region [ffff88807a425800, ffff88807a425c00)
[  176.623468][ T2791] 
[  176.625779][ T2791] The buggy address belongs to the physical page:
[  176.632176][ T2791] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a420
[  176.640931][ T2791] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  176.649415][ T2791] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  176.656953][ T2791] page_type: 0xffffefff(slab)
[  176.661618][ T2791] raw: 00fff00000000040 ffff888015041dc0 dead000000000122 0000000000000000
[  176.670186][ T2791] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  176.678752][ T2791] head: 00fff00000000040 ffff888015041dc0 dead000000000122 0000000000000000
[  176.687405][ T2791] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  176.696057][ T2791] head: 00fff00000000003 ffffea0001e90801 ffffffffffffffff 0000000000000000
[  176.704712][ T2791] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  176.713366][ T2791] page dumped because: kasan: bad access detected
[  176.719770][ T2791] page_owner tracks the page as allocated
[  176.725550][ T2791] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5203, tgid 5203 (syz-executor), ts 176126449699, free_ts 176103664865
[  176.748453][ T2791]  post_alloc_hook+0x1f3/0x230
[  176.753211][ T2791]  get_page_from_freelist+0x2e43/0x2f00
[  176.758739][ T2791]  __alloc_pages_noprof+0x256/0x6c0
[  176.763923][ T2791]  alloc_slab_page+0x5f/0x120
[  176.768585][ T2791]  allocate_slab+0x5a/0x2f0
[  176.773072][ T2791]  ___slab_alloc+0xcd1/0x14b0
[  176.777734][ T2791]  __slab_alloc+0x58/0xa0
[  176.782045][ T2791]  __kmalloc_noprof+0x257/0x400
[  176.786877][ T2791]  ipt_alloc_initial_table+0x70/0x5b0
[  176.792246][ T2791]  iptable_raw_table_init+0x3d/0x90
[  176.797433][ T2791]  xt_find_table_lock+0x2d4/0x3b0
[  176.802444][ T2791]  xt_request_find_table_lock+0x26/0x100
[  176.808063][ T2791]  do_ipt_get_ctl+0x89e/0x1810
[  176.812812][ T2791]  nf_getsockopt+0x299/0x2c0
[  176.817393][ T2791]  ip_getsockopt+0x222/0x2e0
[  176.821975][ T2791]  tcp_getsockopt+0x163/0x1c0
[  176.826638][ T2791] page last free pid 35 tgid 35 stack trace:
[  176.832594][ T2791]  free_unref_page+0xd22/0xea0
[  176.837349][ T2791]  __slab_free+0x31b/0x3d0
[  176.841752][ T2791]  qlist_free_all+0x9e/0x140
[  176.846330][ T2791]  kasan_quarantine_reduce+0x14f/0x170
[  176.851771][ T2791]  __kasan_slab_alloc+0x23/0x80
[  176.856605][ T2791]  kmalloc_trace_noprof+0x132/0x2c0
[  176.861788][ T2791]  ref_tracker_alloc+0x14b/0x490
[  176.866725][ T2791]  netlink_release+0x1614/0x1b10
[  176.871734][ T2791]  sock_release+0x82/0x150
[  176.876142][ T2791]  xfrm_user_net_exit+0x5f/0xa0
[  176.880985][ T2791]  cleanup_net+0x89d/0xcc0
[  176.885387][ T2791]  process_scheduled_works+0xa2c/0x1830
[  176.890925][ T2791]  worker_thread+0x86d/0xd70
[  176.895499][ T2791]  kthread+0x2f0/0x390
[  176.899554][ T2791]  ret_from_fork+0x4b/0x80
[  176.903958][ T2791]  ret_from_fork_asm+0x1a/0x30
[  176.908716][ T2791] 
[  176.911024][ T2791] Memory state around the buggy address:
[  176.916634][ T2791]  ffff88807a425700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  176.924764][ T2791]  ffff88807a425780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  176.932809][ T2791] >ffff88807a425800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  176.940848][ T2791]                       ^
[  176.945152][ T2791]  ffff88807a425880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  176.953194][ T2791]  ffff88807a425900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  176.961234][ T2791] ==================================================================
[  176.988178][ T4488] Bluetooth: hci0: command tx timeout
[  176.995873][ T2791] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  177.003099][ T2791] CPU: 1 PID: 2791 Comm: kworker/u8:8 Not tainted 6.10.0-rc4-syzkaller-00836-gb0d3969d2b4d #0
[  177.013327][ T2791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  177.023371][ T2791] Workqueue: l2tp l2tp_tunnel_del_work
[  177.028851][ T2791] Call Trace:
[  177.032119][ T2791]  <TASK>
[  177.035037][ T2791]  dump_stack_lvl+0x241/0x360
[  177.039708][ T2791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.044895][ T2791]  ? __pfx__printk+0x10/0x10
[  177.049473][ T2791]  ? preempt_schedule+0xe1/0xf0
[  177.054318][ T2791]  ? vscnprintf+0x5d/0x90
[  177.058639][ T2791]  panic+0x349/0x860
[  177.062521][ T2791]  ? check_panic_on_warn+0x21/0xb0
[  177.067625][ T2791]  ? __pfx_panic+0x10/0x10
[  177.072030][ T2791]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  177.077999][ T2791]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  177.084313][ T2791]  ? print_report+0x502/0x550
[  177.088978][ T2791]  check_panic_on_warn+0x86/0xb0
[  177.093906][ T2791]  ? l2tp_session_delete+0x28/0x9e0
[  177.099094][ T2791]  end_report+0x77/0x160
[  177.103326][ T2791]  kasan_report+0x154/0x180
[  177.107816][ T2791]  ? l2tp_session_delete+0x28/0x9e0
[  177.113006][ T2791]  kasan_check_range+0x282/0x290
[  177.117933][ T2791]  l2tp_session_delete+0x28/0x9e0
[  177.122946][ T2791]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  177.128398][ T2791]  l2tp_tunnel_del_work+0x1cb/0x330
[  177.133586][ T2791]  ? process_scheduled_works+0x945/0x1830
[  177.139291][ T2791]  process_scheduled_works+0xa2c/0x1830
[  177.144829][ T2791]  ? __pfx_process_scheduled_works+0x10/0x10
[  177.150817][ T2791]  ? assign_work+0x364/0x3d0
[  177.155482][ T2791]  worker_thread+0x86d/0xd70
[  177.160063][ T2791]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  177.165946][ T2791]  ? __kthread_parkme+0x169/0x1d0
[  177.170956][ T2791]  ? __pfx_worker_thread+0x10/0x10
[  177.176052][ T2791]  kthread+0x2f0/0x390
[  177.180107][ T2791]  ? __pfx_worker_thread+0x10/0x10
[  177.185202][ T2791]  ? __pfx_kthread+0x10/0x10
[  177.189782][ T2791]  ret_from_fork+0x4b/0x80
[  177.194186][ T2791]  ? __pfx_kthread+0x10/0x10
[  177.198763][ T2791]  ret_from_fork_asm+0x1a/0x30
[  177.203520][ T2791]  </TASK>
[  177.206627][ T2791] Kernel Offset: disabled
[  177.210936][ T2791] Rebooting in 86400 seconds..