skbuff: skb_under_panic: text:ffffffff8a2735c8 len:112 put:40 head:ffff888079f53400 data:ffff888079f533e8 tail:0x58 end:0x180 dev:team0
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:213!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 15972 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213
Code: c7 20 90 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 6e 67 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a084a0 EFLAGS: 00010286
RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 373a18e16e086e00
RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc90000a081a7 R09: 1ffff92000141034
R10: dffffc0000000000 R11: fffff52000141035 R12: ffff8880780a88d0
R13: ffff888079f53400 R14: ffff888079f533e8 R15: 0000000000000058
FS:  0000000000000000(0000) GS:ffff888125f3a000(0063) knlGS:0000000058213440
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f7407250 CR3: 000000007696c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 skb_under_panic net/core/skbuff.c:223 [inline]
 skb_push+0xc3/0xe0 net/core/skbuff.c:2641
 ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371
 dev_hard_header include/linux/netdevice.h:3436 [inline]
 neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618
 neigh_output include/net/neighbour.h:556 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
 addrconf_rs_timer+0x369/0x6a0 net/ipv6/addrconf.c:4037
 call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
 handle_softirqs+0x27d/0x850 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:debug_lockdep_rcu_enabled+0x2a/0x40 kernel/rcu/update.c:321
Code: f3 0f 1e fa 31 c0 83 3d 77 f0 26 04 00 74 1e 83 3d 8a 1f 27 04 00 74 15 65 48 8b 0c 25 08 60 7e 92 31 c0 83 b9 2c 0b 00 00 00 <0f> 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
RSP: 0018:ffffc9000ecfe9f0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff9099b901 RCX: ffff8880303cbd00
RDX: ffffc9000ecfeb01 RSI: dffffc0000000000 RDI: ffffc9000ecfead0
RBP: dffffc0000000000 R08: ffffc9000ecffd50 R09: 0000000000000000
R10: ffffc9000ecfeb18 R11: fffff52001d9fd65 R12: ffffc9000ecffd60
R13: ffffc9000ecf8000 R14: ffffc9000ecfeac8 R15: ffffffff81743f85
 rcu_read_unlock include/linux/rcupdate.h:895 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0x195c/0x2390 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 save_stack+0xf5/0x1f0 mm/page_owner.c:165
 __set_page_owner+0x8d/0x4c0 mm/page_owner.c:341
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x234/0x290 mm/page_alloc.c:1846
 prep_new_page mm/page_alloc.c:1854 [inline]
 get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3915
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5210
 __alloc_pages_noprof mm/page_alloc.c:5244 [inline]
 alloc_pages_bulk_noprof+0x560/0x710 mm/page_alloc.c:5164
 alloc_pages_bulk_mempolicy_noprof+0x341/0x1650 mm/mempolicy.c:2794
 vm_area_alloc_pages mm/vmalloc.c:3693 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0xa38/0x16a0 mm/vmalloc.c:4051
 __vmalloc_node_noprof mm/vmalloc.c:4111 [inline]
 vmalloc_noprof+0xb2/0xf0 mm/vmalloc.c:4146
 xt_compat_init_offsets+0xd3/0x1c0 net/netfilter/x_tables.c:733
 ebt_compat_init_offsets net/bridge/netfilter/ebtables.c:1832 [inline]
 compat_table_info+0xc5/0x800 net/bridge/netfilter/ebtables.c:1843
 compat_do_ebt_get_ctl net/bridge/netfilter/ebtables.c:2397 [inline]
 do_ebt_get_ctl+0x8bb/0x1c50 net/bridge/netfilter/ebtables.c:2460
 nf_getsockopt+0x26e/0x290 net/netfilter/nf_sockopt.c:116
 ip_getsockopt+0x1c4/0x220 net/ipv4/ip_sockglue.c:1777
 do_sock_getsockopt+0x2b4/0x3d0 net/socket.c:2383
 __sys_getsockopt+0x128/0x1d0 net/socket.c:2412
 __do_compat_sys_socketcall net/compat.c:494 [inline]
 __se_compat_sys_socketcall net/compat.c:423 [inline]
 __ia32_compat_sys_socketcall+0x821/0x9d0 net/compat.c:423
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0x1f7/0x570 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/syscall_32.c:332
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f77539
Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f755f670 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00000000f755f6a8
RDX: 00000000f755f72c RSI: 00000000f755f730 RDI: 00000000f7406ff4
RBP: 00000000f755f730 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213
Code: c7 20 90 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 6e 67 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a084a0 EFLAGS: 00010286
RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 373a18e16e086e00
RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc90000a081a7 R09: 1ffff92000141034
R10: dffffc0000000000 R11: fffff52000141035 R12: ffff8880780a88d0
R13: ffff888079f53400 R14: ffff888079f533e8 R15: 0000000000000058
FS:  0000000000000000(0000) GS:ffff888125f3a000(0063) knlGS:0000000058213440
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f7407250 CR3: 000000007696c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	f3 0f 1e fa          	endbr64
   4:	31 c0                	xor    %eax,%eax
   6:	83 3d 77 f0 26 04 00 	cmpl   $0x0,0x426f077(%rip)        # 0x426f084
   d:	74 1e                	je     0x2d
   f:	83 3d 8a 1f 27 04 00 	cmpl   $0x0,0x4271f8a(%rip)        # 0x4271fa0
  16:	74 15                	je     0x2d
  18:	65 48 8b 0c 25 08 60 	mov    %gs:0xffffffff927e6008,%rcx
  1f:	7e 92
  21:	31 c0                	xor    %eax,%eax
  23:	83 b9 2c 0b 00 00 00 	cmpl   $0x0,0xb2c(%rcx)
* 2a:	0f 94 c0             	sete   %al <-- trapping instruction
  2d:	c3                   	ret
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	cc                   	int3
  32:	cc                   	int3
  33:	cc                   	int3
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	cc                   	int3
  38:	cc                   	int3
  39:	cc                   	int3
  3a:	cc                   	int3
  3b:	cc                   	int3
  3c:	cc                   	int3
  3d:	cc                   	int3
  3e:	cc                   	int3
  3f:	cc                   	int3