bisecting fixing commit since 4520f06b03ae667e442da1ab9351fd28cd7ac598 building syzkaller on ef26b61025bac4c6bb1a0ef7eccc45f43f84c841 testing commit 4520f06b03ae667e442da1ab9351fd28cd7ac598 with gcc (GCC) 8.1.0 kernel signature: 836c3e9e59c0715e0913819ff608c46633827bdbde35411f76c179cd7125a76e all runs: crashed: kernel BUG at net/core/dev.c:LINE! testing current HEAD 4f68020fef1c6cf1b680ffb6481ac41379283ea3 testing commit 4f68020fef1c6cf1b680ffb6481ac41379283ea3 with gcc (GCC) 8.1.0 kernel signature: 55921e39ceae23c57cb463c48a5f2e8451e04a13f21bb11691b63b142449dcba all runs: crashed: kernel BUG at net/core/dev.c:LINE! revisions tested: 2, total time: 24m7.23837809s (build: 17m24.142151026s, test: 6m13.448332234s) the crash still happens on HEAD commit msg: Linux 4.14.182 crash: kernel BUG at net/core/dev.c:LINE! IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready ------------[ cut here ]------------ kernel BUG at net/core/dev.c:2648! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 7939 Comm: syz-executor.3 Not tainted 4.14.182-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809f8b24c0 task.stack: ffff8880a02d8000 RIP: 0010:skb_checksum_help+0x566/0x880 net/core/dev.c:2648 RSP: 0018:ffff8880a02df230 EFLAGS: 00010287 RAX: 0000000000000120 RBX: ffff8880878dd5c0 RCX: 000000000000001c RDX: 000000000000001c RSI: 0000000000000000 RDI: ffff8880878dd658 RBP: ffff8880a02df288 R08: ffff88809f8b2db8 R09: ffff8880878dd640 ------------[ cut here ]------------ R10: ffff8880878dd68c R11: ffff8880878dd698 R12: 0000000000000040 kernel BUG at net/core/dev.c:2648! R13: ffff8880878dd650 R14: 00000000000000e0 R15: ffff8880878dd644 FS: 00007f67c82ff700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000071fe78 CR3: 00000000a0a31000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: checksum_tg+0x48/0x57 net/netfilter/xt_CHECKSUM.c:29 ipt_do_table+0xa7e/0x1660 net/ipv4/netfilter/ip_tables.c:353 iptable_mangle_hook+0x93/0x5d0 net/ipv4/netfilter/iptable_mangle.c:90 nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline] nf_hook_slow+0xa1/0x180 net/netfilter/core.c:467 nf_hook include/linux/netfilter.h:205 [inline] NF_HOOK include/linux/netfilter.h:248 [inline] ip_rcv+0xd40/0x133d net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1d54/0x3260 net/core/dev.c:4478 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:4516 netif_receive_skb_internal+0xcc/0x4d0 net/core/dev.c:4589 netif_receive_skb+0x37/0x230 net/core/dev.c:4613 tun_rx_batched.isra.48+0x4b8/0x990 drivers/net/tun.c:1221 tun_get_user+0xa97/0x3830 drivers/net/tun.c:1581 tun_chr_write_iter+0xcb/0x18b drivers/net/tun.c:1608 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x413/0x840 fs/read_write.c:482 vfs_write+0x150/0x4f0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0x100/0x250 fs/read_write.c:582 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45c879 RSP: 002b:00007f67c82fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f67c82ff6d4 RCX: 000000000045c879 RDX: 000000000000fdef RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000d0d R14: 00000000004cf399 R15: 000000000076bf0c Code: ea 03 80 3c 02 00 0f 84 5f fe ff ff 4c 89 df e8 91 67 66 fc e9 52 fe ff ff 48 89 df e8 f4 b4 ff ff b8 ea ff ff ff e9 c4 fe ff ff <0f> 0b 0f 0b 48 ba 00 00 00 00 00 fc ff df 4c 89 de 48 c1 ee 03 RIP: skb_checksum_help+0x566/0x880 net/core/dev.c:2648 RSP: ffff8880a02df230 invalid opcode: 0000 [#2] PREEMPT SMP KASAN ---[ end trace 4f3615a3bb019ad6 ]--- Modules linked in: CPU: 1 PID: 7951 Comm: syz-executor.2 Tainted: G D 4.14.182-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880a02900c0 task.stack: ffff888084b30000 RIP: 0010:skb_checksum_help+0x566/0x880 net/core/dev.c:2648 RSP: 0018:ffff888084b37230 EFLAGS: 00010287