------------[ cut here ]------------
WARNING: CPU: 0 PID: 3138 at net/core/dev.c:3295 skb_checksum_help+0x150/0x1b8 net/core/dev.c:3274
Modules linked in:
CPU: 0 PID: 3138 Comm: syz-executor271 Not tainted 6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_checksum_help+0x150/0x1b8 net/core/dev.c:3295
lr : skb_checksum_help+0x7c/0x1b8 net/core/dev.c:3292
sp : ffff800082c434d0
x29: ffff800082c434d0 x28: 0000000000000002 x27: 000000000000000f
x26: 000000000000002f x25: 0000000000000000 x24: ffff800081575198
x23: 0000000000000000 x22: 0000000000000000 x21: 000000000000061f
x20: 00000000000006a8 x19: fdff000005bdb600 x18: 0000000000000002
x17: 6102d567a17630c3 x16: 7663c0e39fda1095 x15: ffff8000813cd40c
x14: ffff8000813cd38c x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : f4ff0000047446c8 x7 : 0000000000000000 x6 : 00000000ffffffff
x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000688 x0 : 00000000000006aa
Call trace:
 skb_checksum_help+0x150/0x1b8 net/core/dev.c:3274
 ip_do_fragment+0x2e4/0x578 net/ipv4/ip_output.c:776
 ip_fragment.constprop.0+0x48/0xe8 net/ipv4/ip_output.c:583
 ip_finish_output_gso net/ipv4/ip_output.c:281 [inline]
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 __ip_finish_output+0x160/0x1a4 net/ipv4/ip_output.c:290
 ip_finish_output+0x34/0xec net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip_output+0xf8/0x1ac net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:458 [inline]
 ip_local_out+0x48/0x5c net/ipv4/ip_output.c:127
 iptunnel_xmit+0x138/0x288 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x73c/0xa68 net/ipv4/ip_tunnel.c:831
 __gre_xmit+0x188/0x230 net/ipv4/ip_gre.c:469
 ipgre_xmit+0x1d8/0x288 net/ipv4/ip_gre.c:661
 __netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 netdev_start_xmit include/linux/netdevice.h:4924 [inline]
 xmit_one net/core/dev.c:3537 [inline]
 dev_hard_start_xmit+0x94/0x148 net/core/dev.c:3553
 __dev_queue_xmit+0xaa0/0xd40 net/core/dev.c:4203
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 packet_xmit+0xd8/0x14c net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3081 [inline]
 packet_sendmsg+0xeec/0x13d0 net/packet/af_packet.c:3113
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg+0x54/0x60 net/socket.c:748
 ____sys_sendmsg+0x270/0x2ac net/socket.c:2494
 ___sys_sendmsg+0x80/0xdc net/socket.c:2548
 __sys_sendmsg+0x68/0xc4 net/socket.c:2577
 __do_sys_sendmsg net/socket.c:2586 [inline]
 __se_sys_sendmsg net/socket.c:2584 [inline]
 __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2584
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
 el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
 el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
---[ end trace 0000000000000000 ]---
skb len=1672 headroom=72 headlen=1672 tailroom=2032
mac=(72,0) net=(72,20) trans=92
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0x890667 ip_summed=3 complete_sw=0 valid=0 level=0)
hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0
dev name=veth1_to_team feat=0x000061164fdd19e9
skb linear:   00000000: 45 02 06 88 90 dd 00 00 0f 2f 7e f2 ac 14 14 20
skb linear:   00000010: ef 06 e6 3a 00 00 08 00 bd 0f 06 70 10 82 0c 52
skb linear:   00000020: 0f 06 2b 6e fd fe 4b 88 94 30 5a f7 9f 6b 4c 11
skb linear:   00000030: 95 10 da 9f e3 c0 63 76 c3 30 76 a1 67 d5 02 61
skb linear:   00000040: a6 7a d2 9b 30 8c de 52 1a a0 c3 85 c7 3f ed 0c
skb linear:   00000050: 3a c7 ec 19 86 6e 16 bd bd 00 00 00 d6 91 00 00
skb linear:   00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3138 at net/core/dev.c:3288 skb_headroom include/linux/skbuff.h:2706 [inline]
WARNING: CPU: 0 PID: 3138 at net/core/dev.c:3288 skb_checksum_start_offset include/linux/skbuff.h:2964 [inline]
WARNING: CPU: 0 PID: 3138 at net/core/dev.c:3288 skb_checksum_help+0x118/0x1b8 net/core/dev.c:3286
Modules linked in:
CPU: 0 PID: 3138 Comm: syz-executor271 Tainted: G        W          6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_checksum_help+0x118/0x1b8 net/core/dev.c:3288
lr : ip_do_fragment+0x2e4/0x578 net/ipv4/ip_output.c:776
sp : ffff800082c434d0
x29: ffff800082c434d0 x28: 0000000000000002 x27: 000000000000000f
x26: 000000000000002f x25: 0000000000000000 x24: ffff800081575198
x23: 0000000000000000 x22: 0000000000000000 x21: 000000000000061f
x20: f6ff000005bdb300 x19: f6ff000005bdb300 x18: 00000000fffffffb
x17: 3020303020303020 x16: 3030203030203030 x15: ffff8000813cd40c
x14: ffff8000813cd38c x13: 892f000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 892f000000000000 x9 : 892f000000000000
x8 : ffff8000800107b8 x7 : 0000000000008000 x6 : 0000000000000001
x5 : f0ff00000541af40 x4 : f5ff000006681000 x3 : 0000000000000519
x2 : 0000000000000586 x1 : 0000000000000667 x0 : 0000000000000048
Call trace:
 skb_headroom include/linux/skbuff.h:2706 [inline]
 skb_checksum_start_offset include/linux/skbuff.h:2964 [inline]
 skb_checksum_help+0x118/0x1b8 net/core/dev.c:3286
 ip_do_fragment+0x2e4/0x578 net/ipv4/ip_output.c:776
 ip_fragment.constprop.0+0x48/0xe8 net/ipv4/ip_output.c:583
 ip_finish_output_gso net/ipv4/ip_output.c:281 [inline]
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 __ip_finish_output+0x160/0x1a4 net/ipv4/ip_output.c:290
 ip_finish_output+0x34/0xec net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip_output+0xf8/0x1ac net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:458 [inline]
 ip_local_out+0x48/0x5c net/ipv4/ip_output.c:127
 iptunnel_xmit+0x138/0x288 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x73c/0xa68 net/ipv4/ip_tunnel.c:831
 __gre_xmit+0x188/0x230 net/ipv4/ip_gre.c:469
 ipgre_xmit+0x1d8/0x288 net/ipv4/ip_gre.c:661
 __netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 netdev_start_xmit include/linux/netdevice.h:4924 [inline]
 xmit_one net/core/dev.c:3537 [inline]
 dev_hard_start_xmit+0x94/0x148 net/core/dev.c:3553
 __dev_queue_xmit+0xaa0/0xd40 net/core/dev.c:4203
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 packet_xmit+0xd8/0x14c net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3081 [inline]
 packet_sendmsg+0xeec/0x13d0 net/packet/af_packet.c:3113
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg+0x54/0x60 net/socket.c:748
 ____sys_sendmsg+0x270/0x2ac net/socket.c:2494
 ___sys_sendmsg+0x80/0xdc net/socket.c:2548
 __sys_sendmsg+0x68/0xc4 net/socket.c:2577
 __do_sys_sendmsg net/socket.c:2586 [inline]
 __se_sys_sendmsg net/socket.c:2584 [inline]
 __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2584
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
 el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
 el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
---[ end trace 0000000000000000 ]---
skb len=1414 headroom=72 headlen=1305 tailroom=0
mac=(72,0) net=(72,20) trans=92
shinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0))
csum(0x890667 ip_summed=3 complete_sw=0 valid=0 level=0)
hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0
dev name=veth1_to_team feat=0x000061164fdd19e9
sk family=17 type=3 proto=0
skb linear:   00000000: 45 02 05 86 90 e4 00 00 0f 2f 7f ed ac 14 14 20
skb linear:   00000010: ef 06 e6 3a 00 00 08 00 bd 0f 05 6e 10 89 0c 52
skb linear:   00000020: 0f 06 2c 69 fd fe 4b 88 94 30 5a f7 9f 6b 4c 11
skb linear:   00000030: 95 10 da 9f e3 c0 63 76 c3 30 76 a1 67 d5 02 61
skb linear:   00000040: a6 7a d2 9b 30 8c de 52 1a a0 c3 85 c7 3f ed 0c
skb linear:   00000050: 3a c8 16 89 86 6e 16 bd bd 00 00 00 d5 8f 00 00
skb linear:   00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skb linear:   000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00