skbuff: skb_over_panic: text:ffffffff843292a3 len:76 put:20 head:ffff8881533dcc00 data:ffff8881533dcc40 tail:0x8c end:0x80 dev:syztnl0
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 18903 Comm: syz-executor.4 Not tainted 5.10.149-syzkaller-01350-g0118fb827bc7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 00 2d 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 06 d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000007b08 EFLAGS: 00010282
RAX: 0000000000000086 RBX: ffff888117b00000 RCX: 8c5a444b6b283f00
RDX: 0000000000000502 RSI: 0000000000000502 RDI: 0000000000000000
RBP: ffffc90000007b50 R08: ffffffff8153d2f8 R09: ffffed103ee0a5e8
R10: ffffed103ee0a5e8 R11: 1ffff1103ee0a5e7 R12: ffff8881533dcc40
R13: 000000000000008c R14: 0000000000000080 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200cf000 CR3: 000000014d9e7000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 skb_over_panic net/core/skbuff.c:115 [inline]
 skb_put+0x153/0x210 net/core/skbuff.c:1877
 add_grhead net/ipv6/mcast.c:1711 [inline]
 add_grec+0xf73/0x13d0 net/ipv6/mcast.c:1838
 mld_send_cr net/ipv6/mcast.c:1964 [inline]
 mld_ifc_timer_expire+0x781/0xc50 net/ipv6/mcast.c:2471
 call_timer_fn+0x35/0x270 kernel/time/timer.c:1420
 expire_timers+0x21b/0x3a0 kernel/time/timer.c:1465
 __run_timers+0x598/0x6f0 kernel/time/timer.c:1759
 run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1772
 __do_softirq+0x27e/0x596 kernel/softirq.c:305
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:402 [inline]
 __irq_exit_rcu+0x128/0x150 kernel/softirq.c:432
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:444
 sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1095
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:in_irqentry_text lib/stackdepot.c:347 [inline]
RIP: 0010:filter_irq_stacks+0x37/0x70 lib/stackdepot.c:359
Code: 31 c0 49 c7 c0 40 01 a0 84 49 c7 c1 70 0d a0 84 49 c7 c2 00 00 c0 84 49 c7 c3 96 05 c0 84 0f 1f 44 00 00 48 8b 0c c7 4c 39 c1 <41> 0f 93 c6 4c 39 c9 0f 92 c3 4c 39 d1 0f 93 c2 4c 39 d9 0f 92 c1
RSP: 0018:ffffc9000651f1c0 EFLAGS: 00000287
RAX: 0000000000000004 RBX: ffffc9000651f101 RCX: ffffffff81a6a13c
RDX: 0000000000000000 RSI: 0000000000000015 RDI: ffffc9000651f1e0
RBP: ffffc9000651f1d0 R08: ffffffff84a00140 R09: ffffffff84a00d70
R10: ffffffff84c00000 R11: ffffffff84c00596 R12: 0000000000000000
R13: ffffffff81a670f3 R14: 0000000000000800 R15: ffff88810a21ba88
 kasan_save_stack mm/kasan/common.c:39 [inline]
 kasan_set_track+0x56/0x80 mm/kasan/common.c:46
 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:357
 ____kasan_slab_free+0x121/0x160 mm/kasan/common.c:360
 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:368
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:1604 [inline]
 slab_free_freelist_hook+0xcc/0x1a0 mm/slub.c:1630
 slab_free mm/slub.c:3212 [inline]
 kfree+0xc3/0x290 mm/slub.c:4200
 kvfree+0x35/0x40 mm/util.c:647
 f2fs_destroy_node_manager+0xc83/0xf00 fs/f2fs/node.c:3307
 f2fs_put_super+0x6c9/0xbf0 fs/f2fs/super.c:1494
 generic_shutdown_super+0x13f/0x2c0 fs/super.c:464
 kill_block_super+0x80/0xe0 fs/super.c:1446
 kill_f2fs_super+0x2f3/0x3c0 fs/f2fs/super.c:4368
 deactivate_locked_super+0xb0/0x100 fs/super.c:335
 deactivate_super+0xa5/0xd0 fs/super.c:366
 cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1125
 task_work_run+0x147/0x1b0 kernel/task_work.c:154
 exit_task_work include/linux/task_work.h:30 [inline]
 do_exit+0x63c/0x2340 kernel/exit.c:813
 __do_sys_exit kernel/exit.c:879 [inline]
 __se_sys_exit kernel/exit.c:877 [inline]
 __x64_sys_exit+0x40/0x40 kernel/exit.c:877
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f862e542639
Code: Unable to access opcode bytes at RIP 0x7f862e54260f.
RSP: 002b:00007f862d2b6118 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007f862e662f80 RCX: 00007f862e542639
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f862e59dae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff52ef3e8f R14: 00007f862d2b6300 R15: 0000000000022000
Modules linked in:
---[ end trace 644299c129fce041 ]---
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 00 2d 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 06 d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000007b08 EFLAGS: 00010282
RAX: 0000000000000086 RBX: ffff888117b00000 RCX: 8c5a444b6b283f00
RDX: 0000000000000502 RSI: 0000000000000502 RDI: 0000000000000000
RBP: ffffc90000007b50 R08: ffffffff8153d2f8 R09: ffffed103ee0a5e8
R10: ffffed103ee0a5e8 R11: 1ffff1103ee0a5e7 R12: ffff8881533dcc40
R13: 000000000000008c R14: 0000000000000080 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200cf000 CR3: 000000014d9e7000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	31 c0                	xor    %eax,%eax
   2:	49 c7 c0 40 01 a0 84 	mov    $0xffffffff84a00140,%r8
   9:	49 c7 c1 70 0d a0 84 	mov    $0xffffffff84a00d70,%r9
  10:	49 c7 c2 00 00 c0 84 	mov    $0xffffffff84c00000,%r10
  17:	49 c7 c3 96 05 c0 84 	mov    $0xffffffff84c00596,%r11
  1e:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  23:	48 8b 0c c7          	mov    (%rdi,%rax,8),%rcx
  27:	4c 39 c1             	cmp    %r8,%rcx
* 2a:	41 0f 93 c6          	setae  %r14b <-- trapping instruction
  2e:	4c 39 c9             	cmp    %r9,%rcx
  31:	0f 92 c3             	setb   %bl
  34:	4c 39 d1             	cmp    %r10,%rcx
  37:	0f 93 c2             	setae  %dl
  3a:	4c 39 d9             	cmp    %r11,%rcx
  3d:	0f 92 c1             	setb   %cl