[ 18.147200][ T5505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.150718][ T5505] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.208613][ T11] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.213966][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts. syzkaller login: [ 40.262995][ T5920] chnl_net:caif_netlink_parms(): no params data found [ 40.297151][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.299055][ T5920] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.301587][ T5920] device bridge_slave_0 entered promiscuous mode [ 40.305472][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.307480][ T5920] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.310006][ T5920] device bridge_slave_1 entered promiscuous mode [ 40.325707][ T5920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.329776][ T5920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.343528][ T5920] team0: Port device team_slave_0 added [ 40.346991][ T5920] team0: Port device team_slave_1 added [ 40.359830][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.361573][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.368068][ T5920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.372535][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.374314][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.381229][ T5920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.438244][ T5920] device hsr_slave_0 entered promiscuous mode [ 40.496314][ T5920] device hsr_slave_1 entered promiscuous mode [ 40.626134][ T5920] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.648811][ T5920] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.688474][ T5920] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.727928][ T5920] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.791732][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.793735][ T5920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.795941][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.797898][ T5920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.835309][ T5920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.844661][ T5927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.850470][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.853492][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.856538][ T5927] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.863188][ T5920] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.869595][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.871934][ T1610] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.873736][ T1610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.886800][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.889577][ T1610] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.891424][ T1610] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.894159][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.898126][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.905375][ T5927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.911902][ T5927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.918052][ T5927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.923039][ T5920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.938015][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.939968][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.944219][ T5920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.956324][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.971020][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.973877][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.976342][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.980492][ T5920] device veth0_vlan entered promiscuous mode [ 40.986993][ T5920] device veth1_vlan entered promiscuous mode [ 41.000762][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.003132][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.005646][ T1610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.010180][ T5920] device veth0_macvtap entered promiscuous mode [ 41.014494][ T5920] device veth1_macvtap entered promiscuous mode [ 41.027925][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.030305][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.033295][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.039678][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.043488][ T5920] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.045716][ T5920] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.048792][ T5920] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.051007][ T5920] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.054259][ T5931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 41.124423][ T5920] ================================================================== [ 41.126542][ T5920] BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 [ 41.128298][ T5920] Read of size 4294966032 at addr ffff0000de4eb4f0 by task syz-executor172/5920 [ 41.130573][ T5920] [ 41.131140][ T5920] CPU: 1 PID: 5920 Comm: syz-executor172 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 [ 41.133666][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 41.136165][ T5920] Call trace: [ 41.136987][ T5920] dump_backtrace+0x1c8/0x1f4 [ 41.138139][ T5920] show_stack+0x2c/0x3c [ 41.139234][ T5920] dump_stack_lvl+0xd0/0x124 [ 41.140331][ T5920] print_report+0x174/0x4c0 [ 41.141528][ T5920] kasan_report+0xd4/0x130 [ 41.142586][ T5920] kasan_check_range+0x264/0x2a4 [ 41.143829][ T5920] __kasan_check_read+0x2c/0x3c [ 41.145057][ T5920] do_csum+0x44/0x254 [ 41.146054][ T5920] csum_partial+0x30/0x58 [ 41.147177][ T5920] __udp_gso_segment+0xaf4/0x1bcc [ 41.148458][ T5920] udp6_ufo_fragment+0x514/0xc34 [ 41.149715][ T5920] ipv6_gso_segment+0x588/0x170c [ 41.150907][ T5920] skb_mac_gso_segment+0x294/0x56c [ 41.152225][ T5920] __skb_gso_segment+0x254/0x3d8 [ 41.153487][ T5920] validate_xmit_skb+0x364/0xd38 [ 41.154754][ T5920] validate_xmit_skb_list+0x94/0x130 [ 41.156114][ T5920] sch_direct_xmit+0xe8/0x548 [ 41.157260][ T5920] __dev_queue_xmit+0x14f4/0x3488 [ 41.158492][ T5920] dev_queue_xmit+0x24/0x34 [ 41.159673][ T5920] packet_sendmsg+0x3694/0x4ce4 [ 41.160852][ T5920] __sys_sendto+0x3b4/0x504 [ 41.162004][ T5920] __arm64_sys_sendto+0xd8/0xf8 [ 41.163157][ T5920] invoke_syscall+0x98/0x2c0 [ 41.164339][ T5920] el0_svc_common+0x138/0x258 [ 41.165527][ T5920] do_el0_svc+0x64/0x198 [ 41.166587][ T5920] el0_svc+0x58/0x168 [ 41.167567][ T5920] el0t_64_sync_handler+0x84/0xf0 [ 41.168811][ T5920] el0t_64_sync+0x190/0x194 [ 41.169925][ T5920] [ 41.170499][ T5920] Allocated by task 5920: [ 41.171522][ T5920] kasan_set_track+0x4c/0x80 [ 41.172679][ T5920] kasan_save_alloc_info+0x24/0x30 [ 41.173955][ T5920] __kasan_kmalloc+0xac/0xc4 [ 41.175190][ T5920] __kmalloc_node_track_caller+0xd0/0x1c0 [ 41.176588][ T5920] __alloc_skb+0x180/0x324 [ 41.177614][ T5920] skb_segment+0xb04/0x33a0 [ 41.178781][ T5920] __udp_gso_segment+0x5d0/0x1bcc [ 41.180064][ T5920] udp6_ufo_fragment+0x514/0xc34 [ 41.181292][ T5920] ipv6_gso_segment+0x588/0x170c [ 41.182574][ T5920] skb_mac_gso_segment+0x294/0x56c [ 41.183880][ T5920] __skb_gso_segment+0x254/0x3d8 [ 41.185128][ T5920] validate_xmit_skb+0x364/0xd38 [ 41.186272][ T5920] validate_xmit_skb_list+0x94/0x130 [ 41.187513][ T5920] sch_direct_xmit+0xe8/0x548 [ 41.188659][ T5920] __dev_queue_xmit+0x14f4/0x3488 [ 41.189904][ T5920] dev_queue_xmit+0x24/0x34 [ 41.191059][ T5920] packet_sendmsg+0x3694/0x4ce4 [ 41.192286][ T5920] __sys_sendto+0x3b4/0x504 [ 41.193402][ T5920] __arm64_sys_sendto+0xd8/0xf8 [ 41.194608][ T5920] invoke_syscall+0x98/0x2c0 [ 41.195751][ T5920] el0_svc_common+0x138/0x258 [ 41.196912][ T5920] do_el0_svc+0x64/0x198 [ 41.197978][ T5920] el0_svc+0x58/0x168 [ 41.199000][ T5920] el0t_64_sync_handler+0x84/0xf0 [ 41.200254][ T5920] el0t_64_sync+0x190/0x194 [ 41.201373][ T5920] [ 41.201959][ T5920] The buggy address belongs to the object at ffff0000de4eb000 [ 41.201959][ T5920] which belongs to the cache kmalloc-2k of size 2048 [ 41.205519][ T5920] The buggy address is located 1264 bytes inside of [ 41.205519][ T5920] 2048-byte region [ffff0000de4eb000, ffff0000de4eb800) [ 41.209087][ T5920] [ 41.209651][ T5920] The buggy address belongs to the physical page: [ 41.211271][ T5920] page:0000000084f6a6dc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e4e8 [ 41.213947][ T5920] head:0000000084f6a6dc order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 [ 41.216628][ T5920] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 41.218640][ T5920] raw: 05ffc00000010200 ffff0000c0002900 dead000000000122 0000000000000000 [ 41.220823][ T5920] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 41.223025][ T5920] page dumped because: kasan: bad access detected [ 41.224660][ T5920] [ 41.225235][ T5920] Memory state around the buggy address: [ 41.226713][ T5920] ffff0000de4eb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.228784][ T5920] ffff0000de4eb780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.230772][ T5920] >ffff0000de4eb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.232790][ T5920] ^ [ 41.233784][ T5920] ffff0000de4eb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.235818][ T5920] ffff0000de4eb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.237861][ T5920] ================================================================== [ 41.239985][ T5920] Disabling lock debugging due to kernel taint [ 41.241504][ T5920] ================================================================================ [ 41.243787][ T5920] UBSAN: shift-out-of-bounds in arch/arm64/lib/csum.c:116:15 [ 41.245623][ T5920] shift exponent 10176 is too large for 64-bit type 'u64' (aka 'unsigned long long') [ 41.248133][ T5920] CPU: 1 PID: 5920 Comm: syz-executor172 Tainted: G B 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 [ 41.250944][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 41.253450][ T5920] Call trace: [ 41.254212][ T5920] dump_backtrace+0x1c8/0x1f4 [ 41.255445][ T5920] show_stack+0x2c/0x3c [ 41.256536][ T5920] dump_stack_lvl+0xd0/0x124 [ 41.257681][ T5920] dump_stack+0x1c/0x28 [ 41.258756][ T5920] __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c [ 41.260458][ T5920] do_csum+0x238/0x254 [ 41.261466][ T5920] csum_partial+0x30/0x58 [ 41.262539][ T5920] __udp_gso_segment+0xaf4/0x1bcc [ 41.263837][ T5920] udp6_ufo_fragment+0x514/0xc34 [ 41.265065][ T5920] ipv6_gso_segment+0x588/0x170c [ 41.266307][ T5920] skb_mac_gso_segment+0x294/0x56c [ 41.267651][ T5920] __skb_gso_segment+0x254/0x3d8 [ 41.268941][ T5920] validate_xmit_skb+0x364/0xd38 [ 41.270230][ T5920] validate_xmit_skb_list+0x94/0x130 [ 41.271556][ T5920] sch_direct_xmit+0xe8/0x548 [ 41.272783][ T5920] __dev_queue_xmit+0x14f4/0x3488 [ 41.274099][ T5920] dev_queue_xmit+0x24/0x34 [ 41.275266][ T5920] packet_sendmsg+0x3694/0x4ce4 [ 41.276470][ T5920] __sys_sendto+0x3b4/0x504 [ 41.277664][ T5920] __arm64_sys_sendto+0xd8/0xf8 [ 41.278866][ T5920] invoke_syscall+0x98/0x2c0 [ 41.280060][ T5920] el0_svc_common+0x138/0x258 [ 41.281235][ T5920] do_el0_svc+0x64/0x198 [ 41.282370][ T5920] el0_svc+0x58/0x168 [ 41.283470][ T5920] el0t_64_sync_handler+0x84/0xf0 [ 41.284714][ T5920] el0t_64_sync+0x190/0x194 [ 41.285952][ T5920] ================================================================================ [ 41.288339][ T5920] ================================================================================ [ 41.290720][ T5920] UBSAN: shift-out-of-bounds in arch/arm64/lib/csum.c:116:25 [ 41.292566][ T5920] shift exponent 10176 is too large for 64-bit type 'u64' (aka 'unsigned long long') [ 41.294974][ T5920] CPU: 1 PID: 5920 Comm: syz-executor172 Tainted: G B 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 [ 41.297935][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 41.300422][ T5920] Call trace: [ 41.301223][ T5920] dump_backtrace+0x1c8/0x1f4 [ 41.302473][ T5920] show_stack+0x2c/0x3c [ 41.303577][ T5920] dump_stack_lvl+0xd0/0x124 [ 41.304799][ T5920] dump_stack+0x1c/0x28 [ 41.305861][ T5920] __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c [ 41.307454][ T5920] do_csum+0x250/0x254 [ 41.308509][ T5920] csum_partial+0x30/0x58 [ 41.309649][ T5920] __udp_gso_segment+0xaf4/0x1bcc [ 41.310915][ T5920] udp6_ufo_fragment+0x514/0xc34 [ 41.312137][ T5920] ipv6_gso_segment+0x588/0x170c [ 41.313371][ T5920] skb_mac_gso_segment+0x294/0x56c [ 41.314656][ T5920] __skb_gso_segment+0x254/0x3d8 [ 41.315927][ T5920] validate_xmit_skb+0x364/0xd38 [ 41.317210][ T5920] validate_xmit_skb_list+0x94/0x130 [ 41.318530][ T5920] sch_direct_xmit+0xe8/0x548 [ 41.319719][ T5920] __dev_queue_xmit+0x14f4/0x3488 [ 41.321015][ T5920] dev_queue_xmit+0x24/0x34 [ 41.322167][ T5920] packet_sendmsg+0x3694/0x4ce4 [ 41.323427][ T5920] __sys_sendto+0x3b4/0x504 [ 41.324599][ T5920] __arm64_sys_sendto+0xd8/0xf8 [ 41.325873][ T5920] invoke_syscall+0x98/0x2c0 [ 41.327126][ T5920] el0_svc_common+0x138/0x258 [ 41.328377][ T5920] do_el0_svc+0x64/0x198 [ 41.329530][ T5920] el0_svc+0x58/0x168 [ 41.330554][ T5920] el0t_64_sync_handler+0x84/0xf0 [ 41.331841][ T5920] el0t_64_sync+0x190/0x194 [ 41.333013][ T5920] ================================================================================ [ 41.335939][ T5920] skb len=9070 headroom=178 headlen=1094 tailroom=0 [ 41.335939][ T5920] mac=(178,14) net=(192,1072) trans=1264 [ 41.335939][ T5920] shinfo(txflags=0 nr_frags=3 gso(size=5 type=131074 segs=0)) [ 41.335939][ T5920] csum(0x0 ip_summed=0 complete_sw=0 valid=0 level=0) [ 41.335939][ T5920] hash(0x0 sw=0 l4=0) proto=0x86dd pkttype=0 iif=0 [ 41.344361][ T5920] dev name=erspan0 feat=0x0000000000006869 [ 41.345830][ T5920] sk family=17 type=3 proto=0 [ 41.347091][ T5920] skb linear: 00000000: 0c 2c ff f5 7b 01 6d 27 63 bd 56 37 86 dd 39 8d [ 41.349234][ T5920] skb linear: 00000010: 53 75 03 e5 2b 02 59 1f 11 1e e6 16 d5 c0 18 43 [ 41.351390][ T5920] skb linear: 00000020: 74 a7 ff e4 ec 55 e0 65 47 86 a7 01 00 93 5b a5 [ 41.353452][ T5920] skb linear: 00000030: 14 d4 08 08 ef a0 11 80 16 01 84 2f d0 8d 49 a4 [ 41.355581][ T5920] skb linear: 00000040: 7e ff 71 bc 41 31 fe 4c 1f 99 bf 00 a9 00 00 00 [ 41.357829][ T5920] skb linear: 00000050: 08 d1 84 3e 77 0a fd 6e 9e f5 83 7d bd 00 00 00 [ 41.359941][ T5920] skb linear: 00000060: 00 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.362077][ T5920] skb linear: 00000070: 00 00 00 00 00 00 11 00 00 00 05 00 00 00 01 00 [ 41.364152][ T5920] skb linear: 00000080: 00 06 89 7b 42 8e 75 eb 00 00 00 00 00 00 00 00 [ 41.366323][ T5920] skb linear: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.368419][ T5920] skb linear: 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.370518][ T5920] skb linear: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.372705][ T5920] skb linear: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.374778][ T5920] skb linear: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.376885][ T5920] skb linear: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.379091][ T5920] skb linear: 000000f0: 00 00 00 00 00 00 65 72 73 70 61 6e 30 00 00 00 [ 41.381272][ T5920] skb linear: 00000100: 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 [ 41.383414][ T5920] skb linear: 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.385576][ T5920] skb linear: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.387771][ T5920] ------------[ cut here ]------------ [ 41.389141][ T5920] erspan0: caps=(0x0000000000006869, 0x0000000000000000) [ 41.391354][ T5920] WARNING: CPU: 1 PID: 5920 at net/core/dev.c:3226 skb_warn_bad_offload+0x160/0x194 [ 41.393687][ T5920] Modules linked in: [ 41.394695][ T5920] CPU: 1 PID: 5920 Comm: syz-executor172 Tainted: G B 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 [ 41.397650][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 41.400311][ T5920] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.402338][ T5920] pc : skb_warn_bad_offload+0x160/0x194 [ 41.403821][ T5920] lr : skb_warn_bad_offload+0x160/0x194 [ 41.405215][ T5920] sp : ffff80001e1f72b0 [ 41.406283][ T5920] x29: ffff80001e1f72b0 x28: 1fffe0001ae45d0a x27: dfff800000000000 [ 41.408379][ T5920] x26: 0000000000000020 x25: 1fffe0001ae45d00 x24: ffff80001445c580 [ 41.410450][ T5920] x23: dfff800000000000 x22: ffff0000d722e798 x21: ffff0000cfb12000 [ 41.412530][ T5920] x20: ffff0000cfb12000 x19: ffff0000cfb120e8 x18: 0000000000000000 [ 41.414599][ T5920] x17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000 [ 41.416658][ T5920] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 [ 41.418749][ T5920] x11: ff80800008353a30 x10: 0000000000000000 x9 : 835143c81c145000 [ 41.420819][ T5920] x8 : 835143c81c145000 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.422843][ T5920] x5 : ffff80001e1f6bb8 x4 : ffff800015c74760 x3 : ffff800008596744 [ 41.424936][ T5920] x2 : 0000000000000001 x1 : 0000000000000201 x0 : 0000000000000036 [ 41.427045][ T5920] Call trace: [ 41.427893][ T5920] skb_warn_bad_offload+0x160/0x194 [ 41.429231][ T5920] __skb_gso_segment+0x2fc/0x3d8 [ 41.430491][ T5920] validate_xmit_skb+0x364/0xd38 [ 41.431797][ T5920] validate_xmit_skb_list+0x94/0x130 [ 41.433119][ T5920] sch_direct_xmit+0xe8/0x548 [ 41.434322][ T5920] __dev_queue_xmit+0x14f4/0x3488 [ 41.435633][ T5920] dev_queue_xmit+0x24/0x34 [ 41.436837][ T5920] packet_sendmsg+0x3694/0x4ce4 [ 41.438102][ T5920] __sys_sendto+0x3b4/0x504 [ 41.439277][ T5920] __arm64_sys_sendto+0xd8/0xf8 [ 41.440564][ T5920] invoke_syscall+0x98/0x2c0 [ 41.441811][ T5920] el0_svc_common+0x138/0x258 [ 41.443058][ T5920] do_el0_svc+0x64/0x198 [ 41.444169][ T5920] el0_svc+0x58/0x168 [ 41.445256][ T5920] el0t_64_sync_handler+0x84/0xf0 [ 41.446552][ T5920] el0t_64_sync+0x190/0x194 [ 41.447658][ T5920] irq event stamp: 137718 [ 41.448766][ T5920] hardirqs last enabled at (137718): [] exit_to_kernel_mode+0xe8/0x118 [ 41.451365][ T5920] hardirqs last disabled at (137717): [] el1_interrupt+0x24/0x68 [ 41.453695][ T5920] softirqs last enabled at (135628): [] release_sock+0x178/0x1cc [ 41.456101][ T5920] softirqs last disabled at (135658): [] local_bh_disable+0x10/0x34 [ 41.458501][ T5920] ---[ end trace 0000000000000000 ]---