Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts.
2025/10/04 00:59:54 parsed 1 programs
[   85.962509][ T4752] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.576505][ T4805] veth0_vlan: entered promiscuous mode
2025/10/04 01:00:04 executed programs: 0
[   94.591373][   T12] veth0_vlan: left promiscuous mode
[  100.469154][ T4952] veth0_vlan: entered promiscuous mode
2025/10/04 01:00:11 executed programs: 2
[  103.930242][ T5174] ==================================================================
[  103.930252][ T5174] BUG: KASAN: slab-use-after-free in gro_cells_receive+0x2ef/0x440
[  103.930274][ T5174] Write of size 8 at addr ffff88804a97e780 by task syz.2.58/5174
[  103.930281][ T5174] 
[  103.930297][ T5174] CPU: 0 UID: 0 PID: 5174 Comm: syz.2.58 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  103.930305][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  103.930313][ T5174] Call Trace:
[  103.930320][ T5174]  <TASK>
[  103.930324][ T5174]  dump_stack_lvl+0xf4/0x170
[  103.930335][ T5174]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.930342][ T5174]  ? rcu_is_watching+0x1f/0xa0
[  103.930349][ T5174]  ? __virt_addr_valid+0x176/0x2b0
[  103.930356][ T5174]  ? lock_release+0x42/0x2f0
[  103.930363][ T5174]  ? lock_acquire+0x69/0x210
[  103.930369][ T5174]  ? __virt_addr_valid+0x176/0x2b0
[  103.930375][ T5174]  ? __virt_addr_valid+0x262/0x2b0
[  103.930381][ T5174]  print_report+0xca/0x240
[  103.930388][ T5174]  ? gro_cells_receive+0x2ef/0x440
[  103.930394][ T5174]  kasan_report+0x118/0x150
[  103.930402][ T5174]  ? gro_cells_receive+0x2ef/0x440
[  103.930409][ T5174]  ? gro_cells_receive+0x4a/0x440
[  103.930415][ T5174]  gro_cells_receive+0x2ef/0x440
[  103.930422][ T5174]  ip6_tnl_rcv+0x4e/0xa0
[  103.930431][ T5174]  gre_rcv+0xa96/0xfe0
[  103.930438][ T5174]  ? is_module_text_address+0x1d/0x150
[  103.930446][ T5174]  ? __pfx_gre_rcv+0x10/0x10
[  103.930452][ T5174]  ? fib6_rule_lookup+0x3fd/0x580
[  103.930459][ T5174]  ? __pfx_raw6_local_deliver+0x10/0x10
[  103.930469][ T5174]  ip6_protocol_deliver_rcu+0x9c2/0x10e0
[  103.930480][ T5174]  ip6_input_finish+0x159/0x340
[  103.930486][ T5174]  ? ip6_input+0x82/0x230
[  103.930491][ T5174]  ip6_input+0xf2/0x230
[  103.930496][ T5174]  ? __pfx_ip6_input+0x10/0x10
[  103.930502][ T5174]  ? __pfx_ip6_input_finish+0x10/0x10
[  103.930508][ T5174]  ip6_sublist_rcv_finish+0x167/0x220
[  103.930514][ T5174]  ip6_sublist_rcv+0x827/0x960
[  103.930520][ T5174]  ? __pfx_ip6_sublist_rcv+0x10/0x10
[  103.930525][ T5174]  ? ip6_rcv_core+0xa88/0xfd0
[  103.930531][ T5174]  ipv6_list_rcv+0x378/0x3c0
[  103.930537][ T5174]  ? __pfx_ipv6_list_rcv+0x10/0x10
[  103.930540][ T5174]  ? kasan_save_track+0x4f/0x80
[  103.930543][ T5174]  ? kasan_save_track+0x3e/0x80
[  103.930546][ T5174]  ? __kasan_slab_alloc+0x6c/0x80
[  103.930549][ T5174]  ? kmem_cache_alloc_bulk_noprof+0x2f4/0x580
[  103.930554][ T5174]  __netif_receive_skb_list_core+0x5ca/0x7b0
[  103.930561][ T5174]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  103.930565][ T5174]  netif_receive_skb_list_internal+0x832/0xab0
[  103.930570][ T5174]  ? netif_receive_skb_list_internal+0x4a0/0xab0
[  103.930574][ T5174]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  103.930577][ T5174]  ? __build_skb_around+0x1ec/0x340
[  103.930583][ T5174]  ? build_skb_around+0x82/0x1c0
[  103.930587][ T5174]  ? __xdp_build_skb_from_frame+0x279/0x6f0
[  103.930593][ T5174]  netif_receive_skb_list+0x42/0x240
[  103.930597][ T5174]  bpf_test_run_xdp_live+0x14e7/0x1840
[  103.930602][ T5174]  ? bpf_test_run_xdp_live+0x33b/0x1840
[  103.930606][ T5174]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  103.930609][ T5174]  ? kasan_save_track+0x4f/0x80
[  103.930612][ T5174]  ? kasan_save_track+0x3e/0x80
[  103.930614][ T5174]  ? __kasan_kmalloc+0x93/0xb0
[  103.930622][ T5174]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  103.930626][ T5174]  ? _copy_from_user+0x61/0x90
[  103.930633][ T5174]  ? bpf_test_init+0xa2/0xf0
[  103.930638][ T5174]  bpf_prog_test_run_xdp+0x57f/0xd50
[  103.930642][ T5174]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  103.930645][ T5174]  ? __fget_files+0x2e/0x2a0
[  103.930651][ T5174]  ? __fget_files+0x246/0x2a0
[  103.930655][ T5174]  ? __fget_files+0x2e/0x2a0
[  103.930659][ T5174]  bpf_prog_test_run+0x1ca/0x2c0
[  103.930665][ T5174]  __sys_bpf+0x49c/0x6c0
[  103.930669][ T5174]  ? __pfx___sys_bpf+0x10/0x10
[  103.930675][ T5174]  __x64_sys_bpf+0x77/0x90
[  103.930679][ T5174]  do_syscall_64+0x8f/0x250
[  103.930683][ T5174]  ? fpregs_assert_state_consistent+0x48/0x60
[  103.930689][ T5174]  ? clear_bhb_loop+0x60/0xb0
[  103.930695][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.930699][ T5174] RIP: 0033:0x7f9208e2eec9
[  103.930704][ T5174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.930708][ T5174] RSP: 002b:00007f9208c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  103.930718][ T5174] RAX: ffffffffffffffda RBX: 00007f9209085fa0 RCX: 00007f9208e2eec9
[  103.930722][ T5174] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  103.930725][ T5174] RBP: 00007f9208eb1f91 R08: 0000000000000000 R09: 0000000000000000
[  103.930727][ T5174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.930729][ T5174] R13: 00007f9209086038 R14: 00007f9209085fa0 R15: 00007ffedc1feb18
[  103.930733][ T5174]  </TASK>
[  103.930735][ T5174] 
[  103.930736][ T5174] Allocated by task 5174:
[  103.930739][ T5174]  kasan_save_track+0x3e/0x80
[  103.930743][ T5174]  __kasan_slab_alloc+0x6c/0x80
[  103.930745][ T5174]  kmem_cache_alloc_bulk_noprof+0x2f4/0x580
[  103.930749][ T5174]  bpf_test_run_xdp_live+0x1392/0x1840
[  103.930752][ T5174]  bpf_prog_test_run_xdp+0x57f/0xd50
[  103.930755][ T5174]  bpf_prog_test_run+0x1ca/0x2c0
[  103.930758][ T5174]  __sys_bpf+0x49c/0x6c0
[  103.930761][ T5174]  __x64_sys_bpf+0x77/0x90
[  103.930764][ T5174]  do_syscall_64+0x8f/0x250
[  103.930767][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.930770][ T5174] 
[  103.930771][ T5174] Freed by task 21:
[  103.930773][ T5174]  kasan_save_track+0x3e/0x80
[  103.930775][ T5174]  kasan_save_free_info+0x46/0x50
[  103.930779][ T5174]  __kasan_slab_free+0x5b/0x80
[  103.930782][ T5174]  kmem_cache_free+0x171/0x500
[  103.930785][ T5174]  __netif_receive_skb_core+0x2d95/0x3100
[  103.930789][ T5174]  __netif_receive_skb_list_core+0x271/0x7b0
[  103.930792][ T5174]  netif_receive_skb_list_internal+0x832/0xab0
[  103.930795][ T5174]  napi_complete_done+0x220/0x610
[  103.930798][ T5174]  gro_cell_poll+0x181/0x1a0
[  103.930801][ T5174]  __napi_poll+0x95/0x3e0
[  103.930803][ T5174]  net_rx_action+0x633/0xc30
[  103.930806][ T5174]  handle_softirqs+0x19c/0x4e0
[  103.930811][ T5174]  __local_bh_enable_ip+0x15b/0x300
[  103.930813][ T5174]  rcu_cpu_kthread+0xf7d/0x1800
[  103.930819][ T5174]  smpboot_thread_fn+0x3f4/0x7d0
[  103.930824][ T5174]  kthread+0x598/0x690
[  103.930827][ T5174]  ret_from_fork+0x139/0x2d0
[  103.930830][ T5174]  ret_from_fork_asm+0x1a/0x30
[  103.930834][ T5174] 
[  103.930835][ T5174] The buggy address belongs to the object at ffff88804a97e780
[  103.930835][ T5174]  which belongs to the cache skbuff_head_cache of size 232
[  103.930839][ T5174] The buggy address is located 0 bytes inside of
[  103.930839][ T5174]  freed 232-byte region [ffff88804a97e780, ffff88804a97e868)
[  103.930842][ T5174] 
[  103.930843][ T5174] The buggy address belongs to the physical page:
[  103.930852][ T5174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a97e
[  103.930859][ T5174] flags: 0x80000000000000(node=0|zone=1)
[  103.930867][ T5174] page_type: f5(slab)
[  103.930871][ T5174] raw: 0080000000000000 ffff888014ea5a00 dead000000000122 0000000000000000
[  103.930875][ T5174] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  103.930876][ T5174] page dumped because: kasan: bad access detected
[  103.930881][ T5174] page_owner tracks the page as allocated
[  103.930883][ T5174] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5174, tgid 5173 (syz.2.58), ts 103929100295, free_ts 103767884261
[  103.930889][ T5174]  post_alloc_hook+0x168/0x1a0
[  103.930894][ T5174]  get_page_from_freelist+0x27da/0x2870
[  103.930897][ T5174]  __alloc_frozen_pages_noprof+0x26b/0x460
[  103.930902][ T5174]  alloc_pages_mpol+0xcb/0x270
[  103.930905][ T5174]  allocate_slab+0x8a/0x320
[  103.930909][ T5174]  ___slab_alloc+0x7e6/0xc10
[  103.930913][ T5174]  kmem_cache_alloc_bulk_noprof+0x141/0x580
[  103.930917][ T5174]  bpf_test_run_xdp_live+0x1392/0x1840
[  103.930920][ T5174]  bpf_prog_test_run_xdp+0x57f/0xd50
[  103.930922][ T5174]  bpf_prog_test_run+0x1ca/0x2c0
[  103.930926][ T5174]  __sys_bpf+0x49c/0x6c0
[  103.930929][ T5174]  __x64_sys_bpf+0x77/0x90
[  103.930932][ T5174]  do_syscall_64+0x8f/0x250
[  103.930934][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.930937][ T5174] page last free pid 5168 tgid 5167 stack trace:
[  103.930939][ T5174]  __free_frozen_pages+0xbf4/0xd80
[  103.930943][ T5174]  __folio_put+0x1eb/0x270
[  103.930947][ T5174]  page_pool_release+0x150/0xcd0
[  103.930952][ T5174]  page_pool_destroy+0x241/0x440
[  103.930955][ T5174]  bpf_test_run_xdp_live+0x1785/0x1840
[  103.930958][ T5174]  bpf_prog_test_run_xdp+0x57f/0xd50
[  103.930960][ T5174]  bpf_prog_test_run+0x1ca/0x2c0
[  103.930963][ T5174]  __sys_bpf+0x49c/0x6c0
[  103.930967][ T5174]  __x64_sys_bpf+0x77/0x90
[  103.930969][ T5174]  do_syscall_64+0x8f/0x250
[  103.930972][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.930975][ T5174] 
[  103.930976][ T5174] Memory state around the buggy address:
[  103.930978][ T5174]  ffff88804a97e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.930980][ T5174]  ffff88804a97e700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  103.930983][ T5174] >ffff88804a97e780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.930984][ T5174]                    ^
[  103.930986][ T5174]  ffff88804a97e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  103.930988][ T5174]  ffff88804a97e880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  103.930990][ T5174] ==================================================================
[  103.930995][ T5174] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.931263][ T5174] Kernel Offset: disabled