Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. syzkaller login: [ 31.950690][ T5975] chnl_net:caif_netlink_parms(): no params data found [ 31.978610][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.980297][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.981966][ T5975] bridge_slave_0: entered allmulticast mode [ 31.983649][ T5975] bridge_slave_0: entered promiscuous mode [ 31.986958][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.988480][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.990065][ T5975] bridge_slave_1: entered allmulticast mode [ 31.991822][ T5975] bridge_slave_1: entered promiscuous mode [ 32.003854][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.007333][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.018534][ T5975] team0: Port device team_slave_0 added [ 32.021684][ T5975] team0: Port device team_slave_1 added [ 32.031154][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.032654][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.037985][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.041832][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.043275][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.048632][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.101894][ T5975] hsr_slave_0: entered promiscuous mode [ 32.160568][ T5975] hsr_slave_1: entered promiscuous mode [ 32.265835][ T5975] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 32.302100][ T5975] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 32.361935][ T5975] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 32.411679][ T5975] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 32.476769][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.478342][ T5975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.480251][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.481902][ T5975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.510446][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.515725][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.519019][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.524655][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.526989][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 32.532470][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.542365][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.544326][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.546044][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.547858][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.550047][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.551639][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.560551][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.563562][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 32.571178][ T5975] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.573305][ T5975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.581768][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.583892][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.586387][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.588457][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 32.594554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 32.596334][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 32.601645][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.612762][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.622344][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.625444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.627380][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.632002][ T5975] veth0_vlan: entered promiscuous mode [ 32.638004][ T5975] veth1_vlan: entered promiscuous mode [ 32.648583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 32.651540][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 32.653625][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.657210][ T5975] veth0_macvtap: entered promiscuous mode [ 32.661490][ T5975] veth1_macvtap: entered promiscuous mode [ 32.669302][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.671016][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.673817][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 32.678409][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.680479][ T5984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.685896][ T5975] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.687831][ T5975] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.689751][ T5975] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.692810][ T5975] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 32.731041][ T5975] ================================================================== [ 32.732663][ T5975] BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 [ 32.734161][ T5975] Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975 [ 32.736067][ T5975] [ 32.736499][ T5975] CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0 [ 32.738541][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 32.740632][ T5975] Call trace: [ 32.741367][ T5975] dump_backtrace+0x1b8/0x1e4 [ 32.742385][ T5975] show_stack+0x2c/0x44 [ 32.743353][ T5975] dump_stack_lvl+0xd0/0x124 [ 32.744407][ T5975] print_report+0x174/0x514 [ 32.745419][ T5975] kasan_report+0xd4/0x130 [ 32.746349][ T5975] kasan_check_range+0x264/0x2a4 [ 32.747363][ T5975] __kasan_check_read+0x20/0x30 [ 32.748338][ T5975] do_csum+0x44/0x254 [ 32.749297][ T5975] csum_partial+0x30/0x58 [ 32.750216][ T5975] __udp_gso_segment+0xaf4/0x1bc4 [ 32.751325][ T5975] udp6_ufo_fragment+0x540/0xca0 [ 32.752400][ T5975] ipv6_gso_segment+0x5cc/0x1760 [ 32.753453][ T5975] skb_mac_gso_segment+0x2b4/0x5b0 [ 32.754480][ T5975] __skb_gso_segment+0x250/0x3d0 [ 32.755536][ T5975] validate_xmit_skb+0x364/0xdbc [ 32.756633][ T5975] validate_xmit_skb_list+0x94/0x130 [ 32.757761][ T5975] sch_direct_xmit+0xe8/0x548 [ 32.758752][ T5975] __dev_queue_xmit+0x147c/0x3318 [ 32.759795][ T5975] packet_xmit+0x6c/0x318 [ 32.760811][ T5975] packet_sendmsg+0x376c/0x4c98 [ 32.761926][ T5975] __sys_sendto+0x3b4/0x538 [ 32.762840][ T5975] __arm64_sys_sendto+0xd8/0xf8 [ 32.763900][ T5975] invoke_syscall+0x98/0x2c0 [ 32.764879][ T5975] el0_svc_common+0x138/0x244 [ 32.765871][ T5975] do_el0_svc+0x64/0x198 [ 32.766692][ T5975] el0_svc+0x4c/0x160 [ 32.767642][ T5975] el0t_64_sync_handler+0x84/0xfc [ 32.768674][ T5975] el0t_64_sync+0x190/0x194 [ 32.769621][ T5975] [ 32.770090][ T5975] Allocated by task 5975: [ 32.770989][ T5975] kasan_set_track+0x4c/0x7c [ 32.771966][ T5975] kasan_save_alloc_info+0x24/0x30 [ 32.773023][ T5975] __kasan_kmalloc+0xac/0xc4 [ 32.773959][ T5975] __kmalloc_node_track_caller+0xd0/0x1c0 [ 32.775147][ T5975] kmalloc_reserve+0x120/0x240 [ 32.776187][ T5975] __alloc_skb+0x1c8/0x3d8 [ 32.777076][ T5975] skb_segment+0xa80/0x32f0 [ 32.778189][ T5975] __udp_gso_segment+0x5d0/0x1bc4 [ 32.779260][ T5975] udp6_ufo_fragment+0x540/0xca0 [ 32.780331][ T5975] ipv6_gso_segment+0x5cc/0x1760 [ 32.781395][ T5975] skb_mac_gso_segment+0x2b4/0x5b0 [ 32.782419][ T5975] __skb_gso_segment+0x250/0x3d0 [ 32.783553][ T5975] validate_xmit_skb+0x364/0xdbc [ 32.784607][ T5975] validate_xmit_skb_list+0x94/0x130 [ 32.785786][ T5975] sch_direct_xmit+0xe8/0x548 [ 32.786825][ T5975] __dev_queue_xmit+0x147c/0x3318 [ 32.787922][ T5975] packet_xmit+0x6c/0x318 [ 32.788815][ T5975] packet_sendmsg+0x376c/0x4c98 [ 32.789805][ T5975] __sys_sendto+0x3b4/0x538 [ 32.790764][ T5975] __arm64_sys_sendto+0xd8/0xf8 [ 32.791716][ T5975] invoke_syscall+0x98/0x2c0 [ 32.792690][ T5975] el0_svc_common+0x138/0x244 [ 32.793600][ T5975] do_el0_svc+0x64/0x198 [ 32.794454][ T5975] el0_svc+0x4c/0x160 [ 32.795266][ T5975] el0t_64_sync_handler+0x84/0xfc [ 32.796350][ T5975] el0t_64_sync+0x190/0x194 [ 32.797250][ T5975] [ 32.797724][ T5975] The buggy address belongs to the object at ffff0000d7ac0000 [ 32.797724][ T5975] which belongs to the cache kmalloc-8k of size 8192 [ 32.800691][ T5975] The buggy address is located 368 bytes inside of [ 32.800691][ T5975] allocated 8192-byte region [ffff0000d7ac0000, ffff0000d7ac2000) [ 32.803742][ T5975] [ 32.804238][ T5975] The buggy address belongs to the physical page: [ 32.805470][ T5975] page:000000002bfc4c52 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117ac0 [ 32.807593][ T5975] head:000000002bfc4c52 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.809669][ T5975] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 32.811372][ T5975] page_type: 0xffffffff() [ 32.812305][ T5975] raw: 05ffc00000010200 ffff0000c0002c00 fffffc00035e7e00 0000000000000002 [ 32.814056][ T5975] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 32.815853][ T5975] page dumped because: kasan: bad access detected [ 32.817214][ T5975] [ 32.817711][ T5975] Memory state around the buggy address: [ 32.818924][ T5975] ffff0000d7ac1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.820646][ T5975] ffff0000d7ac1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.822342][ T5975] >ffff0000d7ac2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.824123][ T5975] ^ [ 32.825005][ T5975] ffff0000d7ac2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.826680][ T5975] ffff0000d7ac2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.828454][ T5975] ================================================================== [ 32.830290][ T5975] Disabling lock debugging due to kernel taint [ 32.831552][ T5975] ================================================================================ [ 32.833567][ T5975] UBSAN: shift-out-of-bounds in arch/arm64/lib/csum.c:116:15 [ 32.835097][ T5975] shift exponent 3008 is too large for 64-bit type 'u64' (aka 'unsigned long long') [ 32.837024][ T5975] CPU: 0 PID: 5975 Comm: syz-executor412 Tainted: G B 6.4.0-rc4-syzkaller-g908f31f2a05b #0 [ 32.839403][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 32.841570][ T5975] Call trace: [ 32.842263][ T5975] dump_backtrace+0x1b8/0x1e4 [ 32.843339][ T5975] show_stack+0x2c/0x44 [ 32.844160][ T5975] dump_stack_lvl+0xd0/0x124 [ 32.845257][ T5975] dump_stack+0x1c/0x28 [ 32.846271][ T5975] __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c [ 32.847604][ T5975] do_csum+0x238/0x254 [ 32.848544][ T5975] csum_partial+0x30/0x58 [ 32.849530][ T5975] __udp_gso_segment+0xaf4/0x1bc4 [ 32.850637][ T5975] udp6_ufo_fragment+0x540/0xca0 [ 32.851757][ T5975] ipv6_gso_segment+0x5cc/0x1760 [ 32.852822][ T5975] skb_mac_gso_segment+0x2b4/0x5b0 [ 32.853892][ T5975] __skb_gso_segment+0x250/0x3d0 [ 32.854987][ T5975] validate_xmit_skb+0x364/0xdbc [ 32.856017][ T5975] validate_xmit_skb_list+0x94/0x130 [ 32.857208][ T5975] sch_direct_xmit+0xe8/0x548 [ 32.858191][ T5975] __dev_queue_xmit+0x147c/0x3318 [ 32.859202][ T5975] packet_xmit+0x6c/0x318 [ 32.860202][ T5975] packet_sendmsg+0x376c/0x4c98 [ 32.861190][ T5975] __sys_sendto+0x3b4/0x538 [ 32.862236][ T5975] __arm64_sys_sendto+0xd8/0xf8 [ 32.863233][ T5975] invoke_syscall+0x98/0x2c0 [ 32.864200][ T5975] el0_svc_common+0x138/0x244 [ 32.865107][ T5975] do_el0_svc+0x64/0x198 [ 32.866018][ T5975] el0_svc+0x4c/0x160 [ 32.866849][ T5975] el0t_64_sync_handler+0x84/0xfc [ 32.867953][ T5975] el0t_64_sync+0x190/0x194 [ 32.868976][ T5975] ================================================================================ [ 32.870939][ T5975] ================================================================================ [ 32.872731][ T5975] UBSAN: shift-out-of-bounds in arch/arm64/lib/csum.c:116:25 [ 32.874231][ T5975] shift exponent 3008 is too large for 64-bit type 'u64' (aka 'unsigned long long') [ 32.876123][ T5975] CPU: 0 PID: 5975 Comm: syz-executor412 Tainted: G B 6.4.0-rc4-syzkaller-g908f31f2a05b #0 [ 32.878430][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 32.880503][ T5975] Call trace: [ 32.881153][ T5975] dump_backtrace+0x1b8/0x1e4 [ 32.882109][ T5975] show_stack+0x2c/0x44 [ 32.882996][ T5975] dump_stack_lvl+0xd0/0x124 [ 32.883937][ T5975] dump_stack+0x1c/0x28 [ 32.884889][ T5975] __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c [ 32.886284][ T5975] do_csum+0x250/0x254 [ 32.887259][ T5975] csum_partial+0x30/0x58 [ 32.888178][ T5975] __udp_gso_segment+0xaf4/0x1bc4 [ 32.889280][ T5975] udp6_ufo_fragment+0x540/0xca0 [ 32.890383][ T5975] ipv6_gso_segment+0x5cc/0x1760 [ 32.891480][ T5975] skb_mac_gso_segment+0x2b4/0x5b0 [ 32.892484][ T5975] __skb_gso_segment+0x250/0x3d0 [ 32.893538][ T5975] validate_xmit_skb+0x364/0xdbc [ 32.894588][ T5975] validate_xmit_skb_list+0x94/0x130 [ 32.895637][ T5975] sch_direct_xmit+0xe8/0x548 [ 32.896608][ T5975] __dev_queue_xmit+0x147c/0x3318 [ 32.897627][ T5975] packet_xmit+0x6c/0x318 [ 32.898473][ T5975] packet_sendmsg+0x376c/0x4c98 [ 32.899448][ T5975] __sys_sendto+0x3b4/0x538 [ 32.900397][ T5975] __arm64_sys_sendto+0xd8/0xf8 [ 32.901443][ T5975] invoke_syscall+0x98/0x2c0 [ 32.902413][ T5975] el0_svc_common+0x138/0x244 [ 32.903412][ T5975] do_el0_svc+0x64/0x198 [ 32.904346][ T5975] el0_svc+0x4c/0x160 [ 32.905151][ T5975] el0t_64_sync_handler+0x84/0xfc [ 32.906252][ T5975] el0t_64_sync+0x190/0x194 [ 32.907180][ T5975] ================================================================================ [ 32.909209][ T5975] skb len=9070 headroom=178 headlen=9070 tailroom=6816 [ 32.909209][ T5975] mac=(178,14) net=(192,176) trans=368 [ 32.909209][ T5975] shinfo(txflags=0 nr_frags=0 gso(size=7321 type=131074 segs=0)) [ 32.909209][ T5975] csum(0x0 ip_summed=0 complete_sw=0 valid=0 level=0) [ 32.909209][ T5975] hash(0x0 sw=0 l4=0) proto=0x86dd pkttype=0 iif=0 [ 32.915976][ T5975] dev name=erspan0 feat=0x0000000000006869 [ 32.917163][ T5975] sk family=17 type=3 proto=0 [ 32.918206][ T5975] skb linear: 00000000: 0c 2c ff f5 7b 01 6d 27 63 bd 56 37 86 dd 39 8d [ 32.919996][ T5975] skb linear: 00000010: 53 75 03 e5 2b 02 59 1f 11 1e e6 16 d5 c0 18 43 [ 32.921837][ T5975] skb linear: 00000020: 74 a7 ff e4 ec 55 e0 65 47 86 a7 01 00 93 5b a5 [ 32.923634][ T5975] skb linear: 00000030: 14 d4 08 08 ef a0 11 10 16 01 84 2f d0 8d 49 a4 [ 32.925409][ T5975] skb linear: 00000040: 7e ff 71 bc 41 31 fe 4c 1f 99 bf 00 a9 00 00 00 [ 32.927211][ T5975] skb linear: 00000050: 08 d1 84 3e 77 0a fd 6e 9e f5 83 7d bd 00 00 00 [ 32.928984][ T5975] skb linear: 00000060: 00 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.930784][ T5975] skb linear: 00000070: 00 00 00 00 00 00 11 00 00 00 05 00 00 00 01 00 [ 32.932528][ T5975] skb linear: 00000080: 00 06 89 7b 42 8e 75 eb 00 00 00 00 00 00 00 00 [ 32.934272][ T5975] skb linear: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.936092][ T5975] skb linear: 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.937773][ T5975] skb linear: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.939510][ T5975] skb linear: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.941385][ T5975] skb linear: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.943156][ T5975] skb linear: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.944924][ T5975] skb linear: 000000f0: 00 00 00 00 00 00 65 72 73 70 61 6e 30 00 00 00 [ 32.946704][ T5975] skb linear: 00000100: 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 [ 32.948497][ T5975] skb linear: 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.950296][ T5975] skb linear: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.951987][ T5975] ------------[ cut here ]------------ [ 32.953131][ T5975] erspan0: caps=(0x0000000000006869, 0x0000000000000000) [ 32.954998][ T5975] WARNING: CPU: 0 PID: 5975 at net/core/dev.c:3230 skb_warn_bad_offload+0x160/0x194 [ 32.956955][ T5975] Modules linked in: [ 32.957751][ T5975] CPU: 0 PID: 5975 Comm: syz-executor412 Tainted: G B 6.4.0-rc4-syzkaller-g908f31f2a05b #0 [ 32.960169][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 32.962422][ T5975] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 32.964139][ T5975] pc : skb_warn_bad_offload+0x160/0x194 [ 32.965316][ T5975] lr : skb_warn_bad_offload+0x160/0x194 [ 32.966484][ T5975] sp : ffff800096947280 [ 32.967428][ T5975] x29: ffff800096947280 x28: dfff800000000000 x27: ffff0000d2086000 [ 32.969309][ T5975] x26: 0000000000000020 x25: 1fffe0001ae170d8 x24: ffff80008c6f97c0 [ 32.971036][ T5975] x23: dfff800000000000 x22: ffff0000d70b8658 x21: ffff0000d2086000 [ 32.972767][ T5975] x20: ffff0000d2086000 x19: ffff0000d20860f0 x18: 0000000000000000 [ 32.974464][ T5975] x17: 0000000000000000 x16: ffff80008a4342bc x15: 0000000000000203 [ 32.976215][ T5975] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 [ 32.977913][ T5975] x11: 0000000000000201 x10: 0000000000000000 x9 : e71a9b1dab1be800 [ 32.979820][ T5975] x8 : e71a9b1dab1be800 x7 : 0000000000000001 x6 : 0000000000000001 [ 32.981461][ T5975] x5 : ffff800096946b78 x4 : ffff80008df9ed80 x3 : ffff800080597be8 [ 32.983116][ T5975] x2 : 0000000000000001 x1 : 0000000000000201 x0 : 0000000000000000 [ 32.984876][ T5975] Call trace: [ 32.985569][ T5975] skb_warn_bad_offload+0x160/0x194 [ 32.986581][ T5975] __skb_gso_segment+0x2f8/0x3d0 [ 32.987604][ T5975] validate_xmit_skb+0x364/0xdbc [ 32.988672][ T5975] validate_xmit_skb_list+0x94/0x130 [ 32.989733][ T5975] sch_direct_xmit+0xe8/0x548 [ 32.990763][ T5975] __dev_queue_xmit+0x147c/0x3318 [ 32.991841][ T5975] packet_xmit+0x6c/0x318 [ 32.992766][ T5975] packet_sendmsg+0x376c/0x4c98 [ 32.993795][ T5975] __sys_sendto+0x3b4/0x538 [ 32.994743][ T5975] __arm64_sys_sendto+0xd8/0xf8 [ 32.995714][ T5975] invoke_syscall+0x98/0x2c0 [ 32.996678][ T5975] el0_svc_common+0x138/0x244 [ 32.997657][ T5975] do_el0_svc+0x64/0x198 [ 32.998588][ T5975] el0_svc+0x4c/0x160 [ 32.999452][ T5975] el0t_64_sync_handler+0x84/0xfc [ 33.000427][ T5975] el0t_64_sync+0x190/0x194 [ 33.001415][ T5975] irq event stamp: 128240 [ 33.002356][ T5975] hardirqs last enabled at (128240): [] exit_to_kernel_mode+0xdc/0x10c [ 33.004479][ T5975] hardirqs last disabled at (128239): [] el1_interrupt+0x24/0x68 [ 33.006410][ T5975] softirqs last enabled at (128206): [] release_sock+0x15c/0x1b0 [ 33.008391][ T5975] softirqs last disabled at (128224): [] local_bh_disable+0x10/0x34 [ 33.010361][ T5975] ---[ end trace 0000000000000000 ]---