bisecting cause commit starting from 35fc07aee8f6d55aeacdbfdccc425e684737f741 building syzkaller on 442206d76b974cca2d83ec763d4cf5ee829eb7d6 testing commit 35fc07aee8f6d55aeacdbfdccc425e684737f741 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in sctp_sched_prio_sched testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in sctp_sched_prio_sched testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in corrupted run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in corrupted run #3: crashed: general protection fault in sctp_sched_prio_sched run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: OK # git bisect start v5.0 v4.20 Bisecting: 7011 revisions left to test after this (roughly 13 steps) [af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0 all runs: OK # git bisect good af7ddd8a627c62a835524b3f5b471edbbbcce025 Bisecting: 3532 revisions left to test after this (roughly 12 steps) [c9bef4a651769927445900564781a9c99fdf6258] Merge tag 'pinctrl-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit c9bef4a651769927445900564781a9c99fdf6258 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c9bef4a651769927445900564781a9c99fdf6258 Bisecting: 1768 revisions left to test after this (roughly 11 steps) [4d5f6e0201bc568c0758ed3f77a06648ec9fd482] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 4d5f6e0201bc568c0758ed3f77a06648ec9fd482 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4d5f6e0201bc568c0758ed3f77a06648ec9fd482 Bisecting: 879 revisions left to test after this (roughly 10 steps) [680905431b9de8c7224b15b76b1826a1481cfeaf] Merge tag 'char-misc-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 680905431b9de8c7224b15b76b1826a1481cfeaf with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in sctp_sched_prio_sched run #3: crashed: general protection fault in sctp_sched_prio_sched run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 680905431b9de8c7224b15b76b1826a1481cfeaf Bisecting: 435 revisions left to test after this (roughly 9 steps) [037222ad3f43a45c3a601dabf893efc9264ff5a0] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 037222ad3f43a45c3a601dabf893efc9264ff5a0 with gcc (GCC) 8.1.0 all runs: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect # git bisect skip 037222ad3f43a45c3a601dabf893efc9264ff5a0 Bisecting: 435 revisions left to test after this (roughly 9 steps) [1fde6f21d90f8ba5da3cb9c54ca991ed72696c43] proc: fix /proc/net/* after setns(2) testing commit 1fde6f21d90f8ba5da3cb9c54ca991ed72696c43 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in sctp_sched_prio_sched run #3: crashed: general protection fault in corrupted run #4: crashed: general protection fault in sctp_sched_prio_sched run #5: crashed: general protection fault in sctp_sched_prio_sched run #6: crashed: general protection fault in sctp_sched_prio_sched run #7: OK run #8: OK run #9: OK # git bisect bad 1fde6f21d90f8ba5da3cb9c54ca991ed72696c43 Bisecting: 327 revisions left to test after this (roughly 8 steps) [96f18cb89ffa4bc6dafa447c9493449809fbb318] Merge tag 'staging-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 96f18cb89ffa4bc6dafa447c9493449809fbb318 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 96f18cb89ffa4bc6dafa447c9493449809fbb318 Bisecting: 163 revisions left to test after this (roughly 7 steps) [63346650c1a94a92be61a57416ac88c0a47c4327] netrom: switch to sock timer API testing commit 63346650c1a94a92be61a57416ac88c0a47c4327 with gcc (GCC) 8.1.0 all runs: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect # git bisect skip 63346650c1a94a92be61a57416ac88c0a47c4327 Bisecting: 163 revisions left to test after this (roughly 7 steps) [94a980c39c8e3f8abaff5d3b5bbcd4ccf1c02c4f] kvm: selftests: Fix region overlap check in kvm_util testing commit 94a980c39c8e3f8abaff5d3b5bbcd4ccf1c02c4f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 94a980c39c8e3f8abaff5d3b5bbcd4ccf1c02c4f Bisecting: 156 revisions left to test after this (roughly 7 steps) [9881051828375a872964f91bf985b8a35e4fbaef] Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9881051828375a872964f91bf985b8a35e4fbaef with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in sctp_sched_prio_sched run #3: crashed: general protection fault in sctp_sched_prio_sched run #4: crashed: general protection fault in sctp_sched_prio_sched run #5: crashed: general protection fault in sctp_sched_prio_sched run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 9881051828375a872964f91bf985b8a35e4fbaef Bisecting: 87 revisions left to test after this (roughly 6 steps) [7c2614bf7a1fc0da0743129e5b60af82f34cde55] Merge tag '5.0-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit 7c2614bf7a1fc0da0743129e5b60af82f34cde55 with gcc (GCC) 8.1.0 all runs: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect # git bisect skip 7c2614bf7a1fc0da0743129e5b60af82f34cde55 Bisecting: 87 revisions left to test after this (roughly 6 steps) [b8812920b5a2cad3c88cdb61ebcec6cea17d4845] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit b8812920b5a2cad3c88cdb61ebcec6cea17d4845 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor158470032" "root@10.128.0.47:./syz-executor158470032"]: exit status 1 ssh: connect to host 10.128.0.47 port 22: Connection timed out lost connection run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b8812920b5a2cad3c88cdb61ebcec6cea17d4845 Bisecting: 15 revisions left to test after this (roughly 4 steps) [2e6dc4d95110becfe0ff4c3d4749c33ea166e9e7] sctp: improve the events for sctp stream reset testing commit 2e6dc4d95110becfe0ff4c3d4749c33ea166e9e7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2e6dc4d95110becfe0ff4c3d4749c33ea166e9e7 Bisecting: 9 revisions left to test after this (roughly 3 steps) [21507dc46adc691098724775287a8855fb4c8fa3] Merge branch 'mlx4_core-fixes' testing commit 21507dc46adc691098724775287a8855fb4c8fa3 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in sctp_sched_prio_sched run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 21507dc46adc691098724775287a8855fb4c8fa3 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ecf938fe7d0088077ee1280419a2b3c5429b47c8] sctp: set flow sport from saddr only when it's 0 testing commit ecf938fe7d0088077ee1280419a2b3c5429b47c8 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in sctp_sched_prio_sched run #1: crashed: general protection fault in sctp_sched_prio_sched run #2: crashed: general protection fault in sctp_sched_prio_sched run #3: crashed: general protection fault in sctp_sched_prio_sched run #4: crashed: general protection fault in sctp_sched_prio_sched run #5: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor852017425" "root@10.128.15.207:./syz-executor852017425"] Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad ecf938fe7d0088077ee1280419a2b3c5429b47c8 Bisecting: 0 revisions left to test after this (roughly 1 step) [4ff40b86262b73553ee47cc3784ce8ba0f220bd8] sctp: set chunk transport correctly when it's a new asoc testing commit 4ff40b86262b73553ee47cc3784ce8ba0f220bd8 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in corrupted run #1: crashed: general protection fault in corrupted run #2: crashed: general protection fault in corrupted run #3: crashed: general protection fault in sctp_sched_prio_sched run #4: crashed: general protection fault in sctp_sched_prio_sched run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4ff40b86262b73553ee47cc3784ce8ba0f220bd8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8220c870cb0f4eaa4e335c9645dbd9a1c461c1dd] sctp: improve the events for sctp stream adding testing commit 8220c870cb0f4eaa4e335c9645dbd9a1c461c1dd with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8220c870cb0f4eaa4e335c9645dbd9a1c461c1dd 4ff40b86262b73553ee47cc3784ce8ba0f220bd8 is the first bad commit commit 4ff40b86262b73553ee47cc3784ce8ba0f220bd8 Author: Xin Long Date: Tue Jan 22 02:42:09 2019 +0800 sctp: set chunk transport correctly when it's a new asoc In the paths: sctp_sf_do_unexpected_init() -> sctp_make_init_ack() sctp_sf_do_dupcook_a/b()() -> sctp_sf_do_5_1D_ce() The new chunk 'retval' transport is set from the incoming chunk 'chunk' transport. However, 'retval' transport belong to the new asoc, which is a different one from 'chunk' transport's asoc. It will cause that the 'retval' chunk gets set with a wrong transport. Later when sending it and because of Commit b9fd683982c9 ("sctp: add sctp_packet_singleton"), sctp_packet_singleton() will set some fields, like vtag to 'retval' chunk from that wrong transport's asoc. This patch is to fix it by setting 'retval' transport correctly which belongs to the right asoc in sctp_make_init_ack() and sctp_sf_do_5_1D_ce(). Fixes: b9fd683982c9 ("sctp: add sctp_packet_singleton") Reported-by: Ying Xu Signed-off-by: Xin Long Signed-off-by: David S. Miller :040000 040000 a9075e7f6e58a676403f635f6edfde88aad3852f 2253645d96ca2dce7ff4bea333513d4a0e30700f M net revisions tested: 21, total time: 6h0m49.194287192s (build: 1h55m30.563426581s, test: 3h59m27.0134683s) first bad commit: 4ff40b86262b73553ee47cc3784ce8ba0f220bd8 sctp: set chunk transport correctly when it's a new asoc cc: ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "linux-sctp@vger.kernel.org" "lucien.xin@gmail.com" "marcelo.leitner@gmail.com" "netdev@vger.kernel.org" "nhorman@tuxdriver.com" "vyasevich@gmail.com"] crash: general protection fault in sctp_sched_prio_sched RAX: ffffffffffffffda RBX: 00007f376cfc3c90 RCX: 00000000004592c9 RDX: 000000000001a000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 kasan: GPF could be caused by NULL-ptr deref or user memory access R10: 0000000000000000 R11: 0000000000000246 R12: 00007f376cfc46d4 general protection fault: 0000 [#1] PREEMPT SMP KASAN R13: 00000000004c9150 R14: 00000000004e00d0 R15: 0000000000000004 CPU: 1 PID: 13138 Comm: syz-executor.1 Not tainted 5.0.0-rc3+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:sctp_sched_prio_sched+0x86/0x6a0 net/sctp/stream_sched_prio.c:147 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 50 49 8d 4d 20 48 89 ca 48 c1 ea 03 <80> 3c 02 00 0f 85 a1 04 00 00 4d 8b 7d 20 4d 85 ff 0f 84 eb 00 00 RSP: 0018:ffff88808b52f498 EFLAGS: 00010202 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 RAX: dffffc0000000000 RBX: ffff88808df34d00 RCX: 0000000000000020 RDX: 0000000000000004 RSI: ffff88808df34d00 RDI: ffff88808df34d50 RBP: ffff88808b52f4d0 R08: ffff888093424d58 R09: ffff88808ab58018 R10: ffff88808df34d38 R11: ffff88808df34d30 R12: ffff88808df34d40 R13: 0000000000000000 R14: ffff8880914d4b20 R15: ffff8880914d4b60 FS: 00007faae41ce700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f608708a000 CR3: 000000009686a000 CR4: 00000000001406e0 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sctp_sched_prio_enqueue+0xfe/0x170 net/sctp/stream_sched_prio.c:258 CPU: 0 PID: 13157 Comm: syz-executor.2 Not tainted 5.0.0-rc3+ #1 sctp_cmd_send_msg net/sctp/sm_sideeffect.c:1111 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1784 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1220 [inline] sctp_do_sm+0x2bf5/0x4c90 net/sctp/sm_sideeffect.c:1191 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0x5/0x13 lib/fault-inject.c:149 __should_failslab+0xba/0xf0 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1603 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3288 [inline] kmem_cache_alloc_node+0x270/0x730 mm/slab.c:3631 sctp_primitive_SEND+0x7c/0xc0 net/sctp/primitive.c:178 sctp_sendmsg_to_asoc+0x89f/0x1500 net/sctp/socket.c:1955 __alloc_skb+0xa7/0x570 net/core/skbuff.c:196 alloc_skb include/linux/skbuff.h:1011 [inline] _sctp_make_chunk+0x3f/0x260 net/sctp/sm_make_chunk.c:1407 sctp_make_data net/sctp/sm_make_chunk.c:1439 [inline] sctp_make_datafrag_empty+0x159/0x260 net/sctp/sm_make_chunk.c:753 sctp_datamsg_from_user+0x4d7/0xf30 net/sctp/chunk.c:279 sctp_sendmsg_to_asoc+0x48f/0x1500 net/sctp/socket.c:1941 sctp_sendmsg+0xb80/0x1710 net/sctp/socket.c:2113 inet_sendmsg+0x108/0x440 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 sctp_sendmsg+0xb80/0x1710 net/sctp/socket.c:2113 sock_write_iter+0x1e9/0x3d0 net/socket.c:900 call_write_iter include/linux/fs.h:1862 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x4a3/0x970 fs/read_write.c:487 inet_sendmsg+0x108/0x440 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 vfs_write+0x150/0x4e0 fs/read_write.c:549 sock_write_iter+0x1e9/0x3d0 net/socket.c:900 ksys_write+0xcd/0x1b0 fs/read_write.c:598 call_write_iter include/linux/fs.h:1862 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x4a3/0x970 fs/read_write.c:487 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:607 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe vfs_write+0x150/0x4e0 fs/read_write.c:549 RIP: 0033:0x4592c9 ksys_write+0xcd/0x1b0 fs/read_write.c:598 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007faae41cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9 RDX: 0000000000010094 RSI: 0000000020000040 RDI: 0000000000000003 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:607 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007faae41ce6d4 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 R13: 00000000004c9150 R14: 00000000004e00d0 R15: 00000000ffffffff entry_SYSCALL_64_after_hwframe+0x49/0xbe Modules linked in: RIP: 0033:0x4592c9 kobject: 'loop0' (000000008c4a88bc): kobject_uevent_env Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9b59660c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f9b59660c90 RCX: 00000000004592c9 RDX: 000000000001a000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b596616d4 R13: 00000000004c9150 R14: 00000000004e00d0 R15: 0000000000000004 CPU: 0 PID: 13123 Comm: syz-executor.4 Tainted: G D 5.0.0-rc3+ #1 kobject: 'loop0' (000000008c4a88bc): fill_kobj_path: path = '/devices/virtual/block/loop0' Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0x5/0x13 lib/fault-inject.c:149 kobject: 'loop2' (00000000f3840132): kobject_uevent_env __should_failslab+0xba/0xf0 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1603 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3288 [inline] kmem_cache_alloc_node+0x270/0x730 mm/slab.c:3631 __alloc_skb+0xa7/0x570 net/core/skbuff.c:196 alloc_skb include/linux/skbuff.h:1011 [inline] _sctp_make_chunk+0x3f/0x260 net/sctp/sm_make_chunk.c:1407 kobject: 'loop2' (00000000f3840132): fill_kobj_path: path = '/devices/virtual/block/loop2' sctp_make_data net/sctp/sm_make_chunk.c:1439 [inline] sctp_make_datafrag_empty+0x159/0x260 net/sctp/sm_make_chunk.c:753 ---[ end trace e5eb669c404e8400 ]--- sctp_datamsg_from_user+0x4d7/0xf30 net/sctp/chunk.c:279 sctp_sendmsg_to_asoc+0x48f/0x1500 net/sctp/socket.c:1941 sctp_sendmsg+0xb80/0x1710 net/sctp/socket.c:2113 RIP: 0010:sctp_sched_prio_sched+0x86/0x6a0 net/sctp/stream_sched_prio.c:147 inet_sendmsg+0x108/0x440 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 sock_write_iter+0x1e9/0x3d0 net/socket.c:900 call_write_iter include/linux/fs.h:1862 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x4a3/0x970 fs/read_write.c:487 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 50 49 8d 4d 20 48 89 ca 48 c1 ea 03 <80> 3c 02 00 0f 85 a1 04 00 00 4d 8b 7d 20 4d 85 ff 0f 84 eb 00 00 vfs_write+0x150/0x4e0 fs/read_write.c:549 ksys_write+0xcd/0x1b0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:607 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4592c9 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fec74b17c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fec74b17c90 RCX: 00000000004592c9 RDX: 000000000001a000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec74b186d4 R13: 00000000004c9150 R14: 00000000004e00d0 R15: 0000000000000004 CPU: 0 PID: 13155 Comm: syz-executor.0 Tainted: G D 5.0.0-rc3+ #1 kobject: 'loop5' (000000009113c797): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'loop5' (000000009113c797): fill_kobj_path: path = '/devices/virtual/block/loop5' Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0x5/0x13 lib/fault-inject.c:149 RSP: 0018:ffff88808b52f498 EFLAGS: 00010202 __should_failslab+0xba/0xf0 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1603 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3288 [inline] kmem_cache_alloc_node+0x270/0x730 mm/slab.c:3631 __alloc_skb+0xa7/0x570 net/core/skbuff.c:196 alloc_skb include/linux/skbuff.h:1011 [inline] _sctp_make_chunk+0x3f/0x260 net/sctp/sm_make_chunk.c:1407 sctp_make_data net/sctp/sm_make_chunk.c:1439 [inline] sctp_make_datafrag_empty+0x159/0x260 net/sctp/sm_make_chunk.c:753 sctp_datamsg_from_user+0x4d7/0xf30 net/sctp/chunk.c:279 RAX: dffffc0000000000 RBX: ffff88808df34d00 RCX: 0000000000000020 sctp_sendmsg_to_asoc+0x48f/0x1500 net/sctp/socket.c:1941 RDX: 0000000000000004 RSI: ffff88808df34d00 RDI: ffff88808df34d50 sctp_sendmsg+0xb80/0x1710 net/sctp/socket.c:2113 inet_sendmsg+0x108/0x440 net/ipv4/af_inet.c:798 RBP: ffff88808b52f4d0 R08: ffff888093424d58 R09: ffff88808ab58018 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 sock_write_iter+0x1e9/0x3d0 net/socket.c:900 call_write_iter include/linux/fs.h:1862 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x4a3/0x970 fs/read_write.c:487 R10: ffff88808df34d38 R11: ffff88808df34d30 R12: ffff88808df34d40 R13: 0000000000000000 R14: ffff8880914d4b20 R15: ffff8880914d4b60 vfs_write+0x150/0x4e0 fs/read_write.c:549 ksys_write+0xcd/0x1b0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:607 FS: 00007faae41ce700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4592c9 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f8bbded6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RAX: ffffffffffffffda RBX: 00007f8bbded6c90 RCX: 00000000004592c9 RDX: 000000000001a000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8bbded76d4 R13: 00000000004c9150 R14: 00000000004e00d0 R15: 0000000000000004 kobject: 'loop0' (000000008c4a88bc): kobject_uevent_env CR2: 00007f6086a40518 CR3: 000000009686a000 CR4: 00000000001406e0 kobject: 'loop0' (000000008c4a88bc): fill_kobj_path: path = '/devices/virtual/block/loop0' DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kobject: 'loop4' (00000000aa314042): kobject_uevent_env DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kobject: 'loop4' (00000000aa314042): fill_kobj_path: path = '/devices/virtual/block/loop4' FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop3' (000000002716c46d): kobject_uevent_env