skbuff: skb_under_panic: text:ffffffff89d92da7 len:1283373156 put:1283373100 head:ffff888057c13740 data:ffff88800b427fd4 tail:0xf8 end:0x180 dev:team0
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:212!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:212
Code: c7 20 c1 6c 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 7e 98 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000007598 EFLAGS: 00010282
RAX: 0000000000000096 RBX: dffffc0000000000 RCX: 1afd1681100f1600
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc900000072a7 R09: 1ffff92000000e54
R10: dffffc0000000000 R11: fffff52000000e55 R12: ffff888027f87b50
R13: ffff888057c13740 R14: ffff88800b427fd4 R15: 00000000000000f8
FS:  0000000000000000(0000) GS:ffff888126138000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe5d370b78 CR3: 000000007cd78000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 skb_under_panic net/core/skbuff.c:222 [inline]
 skb_push+0xc3/0xe0 net/core/skbuff.c:2602
 ipgre_header+0x67/0x290 net/ipv4/ip_gre.c:895
 dev_hard_header include/linux/netdevice.h:3419 [inline]
 neigh_connected_output+0x286/0x460 net/core/neighbour.c:1619
 neigh_output include/net/neighbour.h:547 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037
 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
 handle_softirqs+0x286/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 common_interrupt+0xbb/0xe0 arch/x86/kernel/irq.c:318
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:finish_task_switch+0x26b/0x950 kernel/sched/core.c:5193
Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 3f 3d b8 09 e8 9a b9 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 58 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc90000147a18 EFLAGS: 00000286
RAX: 1afd1681100f1600 RBX: 0000000000000000 RCX: 1afd1681100f1600
RDX: 0000000000000000 RSI: ffffffff8d70ed5a RDI: ffffffff8bbf08e0
RBP: ffffc90000147a70 R08: ffffffff8f7cf477 R09: 1ffffffff1ef9e8e
R10: dffffc0000000000 R11: fffffbfff1ef9e8f R12: ffff88801caabc80
R13: dffffc0000000000 R14: ffff888029245ac0 R15: ffff8880b883abd8
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0x17a0/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 smpboot_thread_fn+0x5bd/0xa60 kernel/smpboot.c:156
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:212
Code: c7 20 c1 6c 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 7e 98 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000007598 EFLAGS: 00010282
RAX: 0000000000000096 RBX: dffffc0000000000 RCX: 1afd1681100f1600
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc900000072a7 R09: 1ffff92000000e54
R10: dffffc0000000000 R11: fffff52000000e55 R12: ffff888027f87b50
R13: ffff888057c13740 R14: ffff88800b427fd4 R15: 00000000000000f8
FS:  0000000000000000(0000) GS:ffff888126138000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe5d370b78 CR3: 000000000dd38000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	0f 84 3c 01 00 00    	je     0x142
   6:	48 85 db             	test   %rbx,%rbx
   9:	0f 85 63 01 00 00    	jne    0x172
   f:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  14:	4c 8b 75 d0          	mov    -0x30(%rbp),%r14
  18:	4c 89 e7             	mov    %r12,%rdi
  1b:	e8 3f 3d b8 09       	call   0x9b83d5f
  20:	e8 9a b9 36 00       	call   0x36b9bf
  25:	fb                   	sti
  26:	4c 8b 65 c0          	mov    -0x40(%rbp),%r12
* 2a:	49 8d bc 24 58 16 00 	lea    0x1658(%r12),%rdi <-- trapping instruction
  31:	00
  32:	48 89 f8             	mov    %rdi,%rax
  35:	48 c1 e8 03          	shr    $0x3,%rax
  39:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
  3e:	84 c0                	test   %al,%al