bisecting fixing commit since c10b57a567e4333b9fdf60b5ec36de9859263ca2
building syzkaller on 3f3c557402456696073f79aafa65b4d7fa2b8794
testing commit c10b57a567e4333b9fdf60b5ec36de9859263ca2 with gcc (GCC) 8.1.0
kernel signature: d3596b1214b079ee6fa1495be51428c0e7472848e8617ed42aff025fcaab0e38
run #0: crashed: WARNING in ip_rt_bug
run #1: crashed: WARNING in corrupted
run #2: crashed: WARNING in ip_rt_bug
run #3: crashed: WARNING in ip_rt_bug
run #4: crashed: WARNING in corrupted
run #5: crashed: WARNING in ip_rt_bug
run #6: crashed: WARNING in ip_rt_bug
run #7: crashed: WARNING in ip_rt_bug
run #8: crashed: WARNING in ip_rt_bug
run #9: crashed: WARNING in ip_rt_bug
testing current HEAD ab9dfda232481dcfaf549ce774004d116fc80c13
testing commit ab9dfda232481dcfaf549ce774004d116fc80c13 with gcc (GCC) 8.1.0
kernel signature: cf23ec1756d3c8c00ba003f6bc09cbd3b86e3a1ef7016bdacc0e8497fd9ae97f
all runs: crashed: WARNING in ip_rt_bug
revisions tested: 2, total time: 27m11.180514604s (build: 19m56.154957907s, test: 6m9.487013359s)
the crash still happens on HEAD
commit msg: Linux 4.14.180
crash: WARNING in ip_rt_bug
syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET)
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
------------[ cut here ]------------
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
WARNING: CPU: 0 PID: 7749 at net/ipv4/route.c:1242 ip_rt_bug+0xc/0x20 net/ipv4/route.c:1241
Kernel panic - not syncing: panic_on_warn set ...

device veth0_macvtap entered promiscuous mode
CPU: 0 PID: 7749 Comm: syz-executor.2 Not tainted 4.14.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xf7/0x13b lib/dump_stack.c:58
 panic+0x1b0/0x358 kernel/panic.c:183
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
 __warn.cold.8+0x25/0x2c kernel/panic.c:547
 report_bug+0x1a4/0x1f3 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
device veth1_macvtap entered promiscuous mode
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
RIP: 0010:ip_rt_bug+0xc/0x20 net/ipv4/route.c:1242
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
RSP: 0018:ffff8880893df0f8 EFLAGS: 00010202
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RAX: 0000000000000001 RBX: ffff888094ba4e80 RCX: 0000000000000000
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
RDX: 1ffffffff0fe2cc9 RSI: ffffffff87f83d20 RDI: 0000000000000286
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RBP: ffff8880893df0f8 R08: ffff8880a55a8ab8 R09: 0000000000000000
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888093e08080
R13: ffff88809cc88c40 R14: ffff888094ba4ed8 R15: ffff8880893df394
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x78/0x130 net/ipv4/ip_output.c:124
 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1422
 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1442
 icmp_push_reply+0x356/0x5e0 net/ipv4/icmp.c:395
 __icmp_send+0x9f4/0x18f0 net/ipv4/icmp.c:743
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
 icmp_send include/net/icmp.h:47 [inline]
 ip_options_compile+0x9f/0xb0 net/ipv4/ip_options.c:485
 ip_rcv_options net/ipv4/ip_input.c:283 [inline]
 ip_rcv_finish+0x5e7/0x1950 net/ipv4/ip_input.c:364
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ip_rcv+0xb43/0x133d net/ipv4/ip_input.c:493
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 __netif_receive_skb_core+0x1d54/0x3260 net/core/dev.c:4478
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:4516
 netif_receive_skb_internal+0xcc/0x4d0 net/core/dev.c:4589
 netif_receive_skb+0x37/0x230 net/core/dev.c:4613
 tun_rx_batched.isra.48+0x4b8/0x990 drivers/net/tun.c:1221
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
 tun_get_user+0xacf/0x3890 drivers/net/tun.c:1581
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
 tun_chr_write_iter+0xcb/0x18b drivers/net/tun.c:1608
 call_write_iter include/linux/fs.h:1778 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x413/0x840 fs/read_write.c:482
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
 vfs_write+0x150/0x4f0 fs/read_write.c:544
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0x100/0x250 fs/read_write.c:582
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
device veth0_vlan entered promiscuous mode
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c889
RSP: 002b:00007f9d79c81c78 EFLAGS: 00000246
device veth1_vlan entered promiscuous mode
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f9d79c826d4 RCX: 000000000045c889
RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000d0f R14: 00000000004cf3e1 R15: 000000000076bf0c
Kernel Offset: disabled
Rebooting in 86400 seconds..