Unfortunately commit net: validate untrusted gso packets without csum offload d5be7f632bad0f489879eed0ff4b99bd7fe0b74c needs follow-up net: avoid false positives in untrusted gso validation http://patchwork.ozlabs.org/patch/1044429/ It rejects illegal packets injected from userspace, including at least one that can crash the kernel. But I'm afraid it has false positives. I would suggest holding back on the backport to stable branches until both patches can go in together. If the second patch is not accepted, the alternative will be to revert this filter-based approach completely and fix the narrow kernel crash (but I'm afraid that syzkaller will just find others..) Apologies for the mess, Willem
