------------[ cut here ]------------
kernel BUG at net/l2tp/l2tp_core.c:1572!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7084 Comm: syz-executor.3 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:l2tp_session_free net/l2tp/l2tp_core.c:1572 [inline]
RIP: 0010:l2tp_session_free+0x218/0x250 net/l2tp/l2tp_core.c:1565
Code: 89 ef e8 bb 0a 5a fc e9 4b ff ff ff e8 d1 30 35 fa 4c 89 e7 e8 29 83 e1 fe e9 39 ff ff ff e8 bf 30 35 fa 0f 0b e8 b8 30 35 fa <0f> 0b 4c 89 e7 e8 ee f8 73 fa e9 48 fe ff ff 48 89 df e8 e1 f8 73
RSP: 0018:ffffc90000da8d28 EFLAGS: 00010206
RAX: ffff888068504440 RBX: ffff8880991e9800 RCX: ffffffff873e5fed
RDX: 0000000000000100 RSI: ffffffff873e6138 RDI: 0000000000000005
RBP: ffff8880886bf800 R08: ffff888068504440 R09: ffffed10110d7f1a
R10: ffff8880886bf8cb R11: ffffed10110d7f19 R12: 0000000000000000
R13: ffff88806db8a4a8 R14: ffffc90000da8e98 R15: ffff888068504440
FS:  0000000001d12940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000078c000 CR3: 0000000068507000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 l2tp_session_dec_refcount net/l2tp/l2tp_core.h:257 [inline]
 pppol2tp_session_destruct+0x12e/0x180 net/l2tp/l2tp_ppp.c:424
 __sk_destruct+0x4b/0x7c0 net/core/sock.c:1785
 sk_destruct+0xc6/0x100 net/core/sock.c:1829
 __sk_free+0xef/0x3d0 net/core/sock.c:1840
 sk_free+0x78/0xa0 net/core/sock.c:1851
 sock_put include/net/sock.h:1780 [inline]
 pppol2tp_put_sk+0x9b/0xd0 net/l2tp/l2tp_ppp.c:408
 rcu_do_batch kernel/rcu/tree.c:2396 [inline]
 rcu_core+0x59f/0x1370 kernel/rcu/tree.c:2623
 __do_softirq+0x26c/0x9f7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x192/0x1d0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:546 [inline]
 smp_apic_timer_interrupt+0x19e/0x600 arch/x86/kernel/apic/apic.c:1107
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline]
RIP: 0010:lock_acquire+0x267/0x8f0 kernel/locking/lockdep.c:4962
Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 c6 05 00 00 48 83 3d 55 e0 3a 08 00 0f 84 65 04 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 08 48 c7
RSP: 0018:ffffc90002e87b18 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1329638 RBX: ffff888068504440 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000282
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff1863b37
R10: ffffffff8c31d9b7 R11: fffffbfff1863b36 R12: 0000000000000002
R13: ffffffff898090d8 R14: 0000000000000000 R15: 0000000000000000
 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
 _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223
 do_wait+0x3b9/0xa00 kernel/exit.c:1447
 kernel_wait4+0x14c/0x260 kernel/exit.c:1622
 __do_sys_wait4+0x147/0x160 kernel/exit.c:1634
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4168fa
Code: 0f 83 6a 18 00 00 c3 66 0f 1f 84 00 00 00 00 00 8b 05 9e 30 89 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d4 ff ff ff f7
RSP: 002b:00007ffe46696e68 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 0000000000090b14 RCX: 00000000004168fa
RDX: 0000000040000001 RSI: 00007ffe46696ea0 RDI: ffffffffffffffff
RBP: 0000000000000430 R08: 0000000000000001 R09: 0000000001d12940
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 00007ffe46696ea0 R14: 0000000000090a05 R15: 00007ffe46696eb0
Modules linked in:
---[ end trace cd19e7ac22a1928d ]---
RIP: 0010:l2tp_session_free net/l2tp/l2tp_core.c:1572 [inline]
RIP: 0010:l2tp_session_free+0x218/0x250 net/l2tp/l2tp_core.c:1565
Code: 89 ef e8 bb 0a 5a fc e9 4b ff ff ff e8 d1 30 35 fa 4c 89 e7 e8 29 83 e1 fe e9 39 ff ff ff e8 bf 30 35 fa 0f 0b e8 b8 30 35 fa <0f> 0b 4c 89 e7 e8 ee f8 73 fa e9 48 fe ff ff 48 89 df e8 e1 f8 73
RSP: 0018:ffffc90000da8d28 EFLAGS: 00010206
RAX: ffff888068504440 RBX: ffff8880991e9800 RCX: ffffffff873e5fed
RDX: 0000000000000100 RSI: ffffffff873e6138 RDI: 0000000000000005
RBP: ffff8880886bf800 R08: ffff888068504440 R09: ffffed10110d7f1a
R10: ffff8880886bf8cb R11: ffffed10110d7f19 R12: 0000000000000000
R13: ffff88806db8a4a8 R14: ffffc90000da8e98 R15: ffff888068504440
FS:  0000000001d12940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000078c000 CR3: 0000000068507000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400