skbuff: skb->data_len is zero but nr_frags=1 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 6376 at net/core/skbuff.c:1124 skb_release_data+0x96e/0xb60 net/core/skbuff.c:1124 Modules linked in: CPU: 0 UID: 0 PID: 6376 Comm: syz-executor Not tainted 6.13.0-rc3-syzkaller-00017-gf44d154d6e3d-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:skb_release_data+0x96e/0xb60 net/core/skbuff.c:1124 Code: ee 4c 89 e2 e9 45 f7 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 84 fe ff ff 4c 89 ff e8 1d 2d 79 f8 e9 77 fe ff ff e8 f3 c4 12 f8 90 <0f> 0b 90 e9 25 fb ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 4a fd ff ff RSP: 0000:ffffc90003e3ecb8 EFLAGS: 00010246 RAX: ffffffff898caefd RBX: 0000000000000000 RCX: ffff888079143c00 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff898cae32 R09: 1ffff920007c7d34 R10: dffffc0000000000 R11: fffff520007c7d35 R12: ffff8880322b9c42 R13: 1ffff11006863c5e R14: ffff88803431e2f4 R15: ffff88803431e2fe FS: 00005555914f2500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd08db77bac CR3: 0000000062c34000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_release_all net/core/skbuff.c:1198 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1212 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline] tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032 tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805 tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785 process_backlog+0x662/0x15b0 net/core/dev.c:6117 __napi_poll+0xcb/0x490 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7074 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f2a5505d0bf Code: 10 27 00 00 e8 d2 8b 12 00 ba 01 00 00 40 48 89 ee bf ff ff ff ff e8 80 ee 11 00 39 c3 0f 84 0d 04 00 00 48 8b 05 e1 85 e4 00 <4c> 89 f6 bf 01 00 00 00 4c 8b 25 da 85 e4 00 48 8d 14 40 48 b8 cd RSP: 002b:00007f2a5549fdc0 EFLAGS: 00000202 RAX: 0000000000001388 RBX: 0000000000000008 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00007f2a5549fdec RDI: 00005555914f2808 RBP: 00007f2a5549fdec R08: 0000000000000000 R09: 7fffffffffffffff R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 R13: 000000000001dc35 R14: 00007f2a5549fe40 R15: 0000000000000bb8