------------[ cut here ]------------ offset+2 (1321) > skb_headlen() (136) WARNING: CPU: 0 PID: 13843 at net/core/dev.c:3306 skb_checksum_help+0x404/0x64c net/core/dev.c:3306 Modules linked in: CPU: 0 PID: 13843 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_checksum_help+0x404/0x64c net/core/dev.c:3306 lr : skb_checksum_help+0x404/0x64c net/core/dev.c:3306 sp : ffff80008a406a70 x29: ffff80008a406a70 x28: ffff000015eba574 x27: 1fffe00002bd74ae x26: 0000000000000007 x25: 0000000000004311 x24: 0000000000000527 x23: 1fffe00002bd74ba x22: 0000000000000527 x21: ffff000015eba5d0 x20: 0000000000002989 x19: ffff000015eba500 x18: ffff0000100ac1e0 x17: 0000000000000000 x16: 0000000000000002 x15: 1fffe0000201583b x14: 0000000000000001 x13: 1fffe00002015838 x12: ffff700011480cd3 x11: 1ffff00011480cd2 x10: ffff700011480cd2 x9 : dfff800000000000 x8 : 00008fffeeb7f32e x7 : ffff80008a406697 x6 : 0000000000000001 x5 : ffff80008a406690 x4 : 1fffe000020156f1 x3 : dfff800000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000100ab780 Call trace: skb_checksum_help+0x404/0x64c net/core/dev.c:3306 ip_do_fragment+0x8a4/0x1860 net/ipv4/ip_output.c:775 ip_fragment.constprop.0+0x108/0x2ac net/ipv4/ip_output.c:582 ip_finish_output_gso net/ipv4/ip_output.c:284 [inline] __ip_finish_output net/ipv4/ip_output.c:306 [inline] __ip_finish_output+0x380/0x4e0 net/ipv4/ip_output.c:293 ip_finish_output+0x34/0x278 net/ipv4/ip_output.c:321 NF_HOOK_COND include/linux/netfilter.h:293 [inline] ip_mc_output+0x190/0xa30 net/ipv4/ip_output.c:418 dst_output include/net/dst.h:458 [inline] ip_local_out+0x80/0x130 net/ipv4/ip_output.c:127 iptunnel_xmit+0x4d4/0x940 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1330/0x235c net/ipv4/ip_tunnel.c:831 __gre_xmit+0x4a0/0x8ac net/ipv4/ip_gre.c:469 ipgre_xmit+0x48c/0x78c net/ipv4/ip_gre.c:662 __netdev_start_xmit include/linux/netdevice.h:4889 [inline] netdev_start_xmit include/linux/netdevice.h:4903 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x198/0x6cc net/core/dev.c:3564 __dev_queue_xmit+0x62c/0x2fe0 net/core/dev.c:4344 dev_queue_xmit include/linux/netdevice.h:3082 [inline] packet_xmit+0x204/0x314 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x18ac/0x3ff0 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xc8/0x168 net/socket.c:745 ____sys_sendmsg+0x550/0x6e0 net/socket.c:2558 ___sys_sendmsg+0x11c/0x19c net/socket.c:2612 __sys_sendmsg+0xe0/0x174 net/socket.c:2641 __do_sys_sendmsg net/socket.c:2650 [inline] __se_sys_sendmsg net/socket.c:2648 [inline] __arm64_sys_sendmsg+0x70/0xa0 net/socket.c:2648 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 irq event stamp: 875 hardirqs last enabled at (874): [] __up_console_sem kernel/printk/printk.c:347 [inline] hardirqs last enabled at (874): [] __console_unlock kernel/printk/printk.c:2718 [inline] hardirqs last enabled at (874): [] console_unlock+0x1c0/0x1d8 kernel/printk/printk.c:3037 hardirqs last disabled at (875): [] el1_dbg+0x24/0x9c arch/arm64/kernel/entry-common.c:436 softirqs last enabled at (474): [] softirq_handle_end kernel/softirq.c:399 [inline] softirqs last enabled at (474): [] __do_softirq+0x888/0xe1c kernel/softirq.c:582 softirqs last disabled at (526): [] __dev_queue_xmit+0x1dc/0x2fe0 net/core/dev.c:4263 ---[ end trace 0000000000000000 ]---