skbuff: skb_over_panic: text:0000000010c1e234 len:40 put:40 head:0000000024a85e38 data:0000000095f9f409 tail:0x128 end:0xc0 dev:ip6erspan0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:104! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 11840 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:skb_panic+0x172/0x174 net/core/skbuff.c:104 Code: 4c 24 10 8b 8b 80 00 00 00 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 60 4f 4c 89 ff 74 24 10 ff 74 24 20 e8 f1 18 e2 ff <0f> 0b e8 7f e7 50 f9 4c 8b 64 24 18 e8 c5 aa 86 f9 48 c7 c1 c0 58 RSP: 0018:ffff8880ba107940 EFLAGS: 00010282 RAX: 000000000000008a RBX: ffff88809e6ffcc0 RCX: 0000000000000000 RDX: 0000000000000100 RSI: ffffffff814dff01 RDI: ffffed1017420f1a RBP: ffffffff894c5900 R08: 000000000000008a R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff870ddb3f R13: 0000000000000028 R14: ffff888092b6ae80 R15: 00000000000000c0 FS: 0000555556646400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd03faee6be CR3: 000000004162c000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_over_panic net/core/skbuff.c:109 [inline] skb_put.cold+0x24/0x24 net/core/skbuff.c:1711 ip6_mc_hdr.constprop.0+0x11f/0x5a0 net/ipv6/mcast.c:1578 mld_newpack+0x3d0/0x760 net/ipv6/mcast.c:1626 add_grhead+0x265/0x330 net/ipv6/mcast.c:1712 add_grec+0xe3c/0x10b0 net/ipv6/mcast.c:1843 mld_send_cr net/ipv6/mcast.c:1969 [inline] mld_ifc_timer_expire+0x5a2/0xdf0 net/ipv6/mcast.c:2476 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:compound_head include/linux/page-flags.h:144 [inline] RIP: 0010:get_page include/linux/mm.h:931 [inline] RIP: 0010:copy_one_pte mm/memory.c:1052 [inline] RIP: 0010:copy_pte_range mm/memory.c:1114 [inline] RIP: 0010:copy_pmd_range mm/memory.c:1165 [inline] RIP: 0010:copy_pud_range mm/memory.c:1199 [inline] RIP: 0010:copy_p4d_range mm/memory.c:1221 [inline] RIP: 0010:copy_page_range+0x101c/0x2ff0 mm/memory.c:1283 Code: 85 c0 49 89 c6 0f 84 69 06 00 00 e8 de 12 d6 ff 4d 8d 7e 08 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 a1 19 00 00 49 8b 46 08 <31> ff 4c 89 f5 49 89 c4 48 89 84 24 e8 00 00 00 41 83 e4 01 4c 89 ieee802154 phy0 wpan0: encryption failed: -22 RSP: 0018:ffff888091657a28 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dead000000000100 RBX: 0000000000000010 RCX: ffffffff818b840c RDX: 0000000000000000 RSI: ffffffff818c7292 RDI: 0000000000000006 RBP: 80000000a0f92007 R08: 0000000000000001 R09: 000000000023ffff R10: 0000000000000006 R11: 00000000d2cc1d79 R12: 8000000000000007 R13: dffffc0000000000 R14: ffffea000283e480 R15: ffffea000283e488 ieee802154 phy1 wpan1: encryption failed: -22 dup_mmap kernel/fork.c:549 [inline] dup_mm kernel/fork.c:1285 [inline] copy_mm kernel/fork.c:1341 [inline] copy_process.part.0+0x5b22/0x8260 kernel/fork.c:1913 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd03eea2e0b Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 RSP: 002b:00007ffdf92f72e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd03eea2e0b RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555556646400 R10: 00005555566466d0 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdf92f73c0 Modules linked in: ---[ end trace 55f51a3515faab32 ]--- RIP: 0010:skb_panic+0x172/0x174 net/core/skbuff.c:104 Code: 4c 24 10 8b 8b 80 00 00 00 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 60 4f 4c 89 ff 74 24 10 ff 74 24 20 e8 f1 18 e2 ff <0f> 0b e8 7f e7 50 f9 4c 8b 64 24 18 e8 c5 aa 86 f9 48 c7 c1 c0 58 RSP: 0018:ffff8880ba107940 EFLAGS: 00010282 RAX: 000000000000008a RBX: ffff88809e6ffcc0 RCX: 0000000000000000 RDX: 0000000000000100 RSI: ffffffff814dff01 RDI: ffffed1017420f1a RBP: ffffffff894c5900 R08: 000000000000008a R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff870ddb3f R13: 0000000000000028 R14: ffff888092b6ae80 R15: 00000000000000c0 FS: 0000555556646400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd03faee6be CR3: 000000004162c000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 85 c0 test %eax,%eax 2: 49 89 c6 mov %rax,%r14 5: 0f 84 69 06 00 00 je 0x674 b: e8 de 12 d6 ff callq 0xffd612ee 10: 4d 8d 7e 08 lea 0x8(%r14),%r15 14: 4c 89 f8 mov %r15,%rax 17: 48 c1 e8 03 shr $0x3,%rax 1b: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 20: 0f 85 a1 19 00 00 jne 0x19c7 26: 49 8b 46 08 mov 0x8(%r14),%rax * 2a: 31 ff xor %edi,%edi <-- trapping instruction 2c: 4c 89 f5 mov %r14,%rbp 2f: 49 89 c4 mov %rax,%r12 32: 48 89 84 24 e8 00 00 mov %rax,0xe8(%rsp) 39: 00 3a: 41 83 e4 01 and $0x1,%r12d 3e: 4c rex.WR 3f: 89 .byte 0x89