From: Eric Dumazet
Date: Wed, 10 Oct 2018 06:59:35 -0700
> syzbot managed to crash in skb_checksum_help() [1] :
>
> BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
>
> Root cause is the following check in skb_partial_csum_set()
>
> if (unlikely(start > skb_headlen(skb)) ||
>
syzbot managed to crash in skb_checksum_help() [1] :
BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
Root cause is the following check in skb_partial_csum_set()
if (unlikely(start > skb_headlen(skb)) ||
unlikely((int)start + off > skb_headlen(skb) - 2))
