RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 00000000200001c0 R09: 0000000000000010 R10: 0000000020048045 R11: 0000000000000246 R12: 0000000000000009 R13: 00000000004d4950 R14: 00000000004c8f55 R15: 0000000000000007 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:2650! invalid opcode: 0000 [#1] SMP PTI CPU: 1 PID: 12247 Comm: syz-executor6 Not tainted 4.19.0-rc1+ #40 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_copy_and_csum_bits+0x10a9/0x10c0 net/core/skbuff.c:2650 Code: fb ff ff 8b bd 60 ff ff ff 48 89 cb e8 30 a1 f8 fa 48 89 d9 e9 72 fb ff ff 8b 7d c8 e8 20 a1 f8 fa 45 85 e4 0f 84 6a ff ff ff <0f> 0b 0f 1f 44 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff88021fd0ead8 EFLAGS: 00010206 RAX: ffffffff86c8b519 RBX: 0000000000000000 RCX: ffff88012d8a8000 RDX: 0000000000000300 RSI: 0000000000000000 RDI: 000000000000003c RBP: ffff88021fd0ebe8 R08: ffffffff7fffffff R09: ffff88019e077000 R10: 0000000000000000 R11: ffffffff877cc250 R12: 00000000000001e8 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f32a667b700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020d4effc CR3: 000000010c6a0000 CR4: 00000000001406e0 Call Trace: icmp_glue_bits+0x167/0x360 net/ipv4/icmp.c:357 __ip_append_data+0x36f8/0x4280 net/ipv4/ip_output.c:1029 ip_append_data+0x2fb/0x440 net/ipv4/ip_output.c:1196 icmp_push_reply+0x23f/0x810 net/ipv4/icmp.c:375 icmp_send+0x2470/0x2e50 net/ipv4/icmp.c:736 ip_fragment+0x38e/0x3f0 net/ipv4/ip_output.c:555 ip_finish_output+0xfbb/0xfd0 net/ipv4/ip_output.c:315 NF_HOOK_COND include/linux/netfilter.h:276 [inline] ip_output+0x50f/0x5d0 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:444 [inline] ip_local_out net/ipv4/ip_output.c:124 [inline] __ip_queue_xmit+0x1bde/0x2180 net/ipv4/ip_output.c:505 ip_queue_xmit+0xcc/0xf0 include/net/ip.h:197 __tcp_transmit_skb+0x4101/0x5810 net/ipv4/tcp_output.c:1159 tcp_transmit_skb net/ipv4/tcp_output.c:1175 [inline] __tcp_retransmit_skb+0x13ec/0x3c60 net/ipv4/tcp_output.c:2894 tcp_retransmit_skb+0xa4/0x440 net/ipv4/tcp_output.c:2913 tcp_retransmit_timer+0x22b9/0x4500 net/ipv4/tcp_timer.c:512 tcp_write_timer_handler+0x674/0xea0 net/ipv4/tcp_timer.c:598 tcp_write_timer+0x11e/0x270 net/ipv4/tcp_timer.c:618 call_timer_fn+0x270/0x5b0 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0xd94/0x11a0 kernel/time/timer.c:1682 run_timer_softirq+0x2e/0x50 kernel/time/timer.c:1695 __do_softirq+0x562/0x948 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x20a/0x240 kernel/softirq.c:414 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:536 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:869 RIP: 0010:native_restore_fl arch/x86/include/asm/irqflags.h:39 [inline] RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:80 [inline] RIP: 0010:dump_stack+0x175/0x190 lib/dump_stack.c:118 Code: 48 c7 c7 c0 db ff 89 e8 19 17 ce f8 c7 00 00 00 00 00 c7 04 25 c0 db ff 89 ff ff ff ff 4d 85 f6 75 17 4c 89 6d c0 ff 75 c0 9d <48> 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 44 89 e7 e8 24 20 ce RSP: 0018:ffff88010c0bea88 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff8802007fdbc0 RBX: ffff88012d8a8900 RCX: ffff8802003fdbc0 RDX: ffff8802003fdbc0 RSI: aaaaaaaaaaaab000 RDI: ffffea00003bfee0 RBP: ffff88010c0bead0 R08: 0000000000000000 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffff854248c0 R12: 000000009ce00152 R13: 0000000000000246 R14: 0000000000000000 R15: 0000000000000000 fail_dump lib/fault-inject.c:51 [inline] should_fail+0xa98/0xaa0 lib/fault-inject.c:149 __should_failslab+0x278/0x2a0 mm/failslab.c:32 should_failslab+0x29/0x70 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slub.c:2645 [inline] slab_alloc mm/slub.c:2727 [inline] kmem_cache_alloc+0x127/0xb20 mm/slub.c:2732 __nf_conntrack_alloc+0x15e/0x640 net/netfilter/nf_conntrack_core.c:1281 init_conntrack+0x590/0x2620 net/netfilter/nf_conntrack_core.c:1361 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1465 [inline] nf_conntrack_in+0x11b1/0x1a50 net/netfilter/nf_conntrack_core.c:1543 ipv4_conntrack_local+0x22e/0x3d0 net/netfilter/nf_conntrack_proto.c:480 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0x15d/0x3e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:242 [inline] __ip_local_out+0x6ca/0x7d0 net/ipv4/ip_output.c:113 ip_local_out net/ipv4/ip_output.c:122 [inline] __ip_queue_xmit+0x1b0b/0x2180 net/ipv4/ip_output.c:505 ip_queue_xmit+0xcc/0xf0 include/net/ip.h:197 __tcp_transmit_skb+0x4101/0x5810 net/ipv4/tcp_output.c:1159 tcp_transmit_skb net/ipv4/tcp_output.c:1175 [inline] tcp_send_syn_data net/ipv4/tcp_output.c:3425 [inline] tcp_connect+0x5105/0x6720 net/ipv4/tcp_output.c:3490 tcp_v4_connect+0x237b/0x24c0 net/ipv4/tcp_ipv4.c:315 __inet_stream_connect+0x2ae/0x1300 net/ipv4/af_inet.c:655 tcp_sendmsg_fastopen net/ipv4/tcp.c:1161 [inline] tcp_sendmsg_locked+0x6361/0x68f0 net/ipv4/tcp.c:1208 tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1443 inet_sendmsg+0x49a/0x740 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] __sys_sendto+0x868/0xa30 net/socket.c:1786 __do_sys_sendto net/socket.c:1798 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:1794 __x64_sys_sendto+0x6e/0x90 net/socket.c:1794 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457099 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f32a667ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f32a667b6d4 RCX: 0000000000457099 RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 00000000200001c0 R09: 0000000000000010 R10: 0000000020048045 R11: 0000000000000246 R12: 0000000000000009 R13: 00000000004d4950 R14: 00000000004c8f55 R15: 0000000000000007 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace e1d8781a1a916057 ]--- RIP: 0010:skb_copy_and_csum_bits+0x10a9/0x10c0 net/core/skbuff.c:2650 Code: fb ff ff 8b bd 60 ff ff ff 48 89 cb e8 30 a1 f8 fa 48 89 d9 e9 72 fb ff ff 8b 7d c8 e8 20 a1 f8 fa 45 85 e4 0f 84 6a ff ff ff <0f> 0b 0f 1f 44 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff88021fd0ead8 EFLAGS: 00010206 RAX: ffffffff86c8b519 RBX: 0000000000000000 RCX: ffff88012d8a8000 RDX: 0000000000000300 RSI: 0000000000000000 RDI: 000000000000003c RBP: ffff88021fd0ebe8 R08: ffffffff7fffffff R09: ffff88019e077000 R10: 0000000000000000 R11: ffffffff877cc250 R12: 00000000000001e8 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f32a667b700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020d4effc CR3: 000000010c6a0000 CR4: 00000000001406e0