skbuff: skb_over_panic: text:ffffffff82dab104 len:184 put:172 head:ffff8881232e1800 data:ffff8881232e1800 tail:0xb8 end:0x80 dev: ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:113! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 393 Comm: kworker/1:3 Not tainted 5.15.41-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Workqueue: mld mld_ifc_work RIP: 0010:skb_panic net/core/skbuff.c:113 [inline] RIP: 0010:skb_over_panic+0x14c/0x150 net/core/skbuff.c:118 Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00 RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001 RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0 R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800 FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_put+0x10c/0x200 net/core/skbuff.c:2023 skb_put_zero include/linux/skbuff.h:2328 [inline] cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1131 [inline] cdc_ncm_fill_tx_frame+0xff4/0x4460 drivers/net/usb/cdc_ncm.c:1308 cdc_ncm_tx_fixup+0x83/0xd0 usbnet_start_xmit+0x105/0x1a70 drivers/net/usb/usbnet.c:1370 __netdev_start_xmit include/linux/netdevice.h:4996 [inline] netdev_start_xmit include/linux/netdevice.h:5010 [inline] xmit_one net/core/dev.c:3591 [inline] dev_hard_start_xmit+0x21b/0x530 net/core/dev.c:3607 sch_direct_xmit+0x228/0x890 net/sched/sch_generic.c:342 __dev_xmit_skb net/core/dev.c:3818 [inline] __dev_queue_xmit+0x132b/0x2790 net/core/dev.c:4186 dev_queue_xmit+0xb/0x10 net/core/dev.c:4254 neigh_resolve_output+0x5ec/0x6c0 net/core/neighbour.c:1497 neigh_output include/net/neighbour.h:524 [inline] ip6_finish_output2+0xdb4/0x16b0 net/ipv6/ip6_output.c:126 __ip6_finish_output+0x541/0x740 net/ipv6/ip6_output.c:191 ip6_finish_output+0x27/0x180 net/ipv6/ip6_output.c:201 NF_HOOK_COND include/linux/netfilter.h:299 [inline] ip6_output+0x1aa/0x410 net/ipv6/ip6_output.c:224 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:310 [inline] mld_sendpack+0x61b/0xb20 net/ipv6/mcast.c:1818 mld_send_cr net/ipv6/mcast.c:2119 [inline] mld_ifc_work+0x73f/0xa70 net/ipv6/mcast.c:2651 process_one_work+0x635/0xa70 kernel/workqueue.c:2313 worker_thread+0x8b8/0xf40 kernel/workqueue.c:2460 kthread+0x3a1/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Modules linked in: ---[ end trace 997dbd768bd9f9c8 ]--- RIP: 0010:skb_panic net/core/skbuff.c:113 [inline] RIP: 0010:skb_over_panic+0x14c/0x150 net/core/skbuff.c:118 Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00 RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001 RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0 R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800 FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400