bisecting cause commit starting from 195303136f192d37b89e20a8d1d2670d0d825266 building syzkaller on 9942de5fb06cec2ff4bee69835f336d1bfd839b8 testing commit 195303136f192d37b89e20a8d1d2670d0d825266 with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: corrupted stack end in wb_workfn testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in wb_workfn run #3: crashed: kernel panic: System is deadlocked on memory run #4: crashed: kernel panic: corrupted stack end in wb_workfn run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: crashed: kernel panic: corrupted stack end in corrupted run #9: crashed: kernel panic: corrupted stack end in wb_workfn testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in wb_workfn run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: System is deadlocked on memory run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: crashed: kernel panic: corrupted stack end in wb_workfn run #9: crashed: kernel panic: corrupted stack end in wb_workfn testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: Out of memory and no killable processes... run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: OK run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: crashed: kernel panic: Out of memory and no killable processes... run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in worker_thread run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: corrupted stack end in wb_workfn run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: crashed: kernel panic: Out of memory and no killable processes... run #9: crashed: kernel panic: corrupted stack end in wb_workfn testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: crashed: kernel panic: Out of memory and no killable processes... run #6: OK run #7: crashed: kernel panic: Out of memory and no killable processes... run #8: OK run #9: OK testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.16 v4.15 Bisecting: 7566 revisions left to test after this (roughly 13 steps) [c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: kernel panic: Out of memory and no killable processes... run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: Out of memory and no killable processes... run #4: OK run #5: OK run #6: crashed: WARNING: ODEBUG bug in netdev_freemem run #7: crashed: no output from test machine run #8: OK run #9: OK # git bisect bad c14376de3a1befa70d9811ca2872d47367b48767 Bisecting: 3620 revisions left to test after this (roughly 12 steps) [a103950e0dd2058df5e8a8d4a915707bdcf205f0] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit a103950e0dd2058df5e8a8d4a915707bdcf205f0 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: kernel panic: Out of memory and no killable processes... run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: Out of memory and no killable processes... run #4: OK run #5: crashed: kernel panic: Out of memory and no killable processes... run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: crashed: kernel panic: Out of memory and no killable processes... run #8: crashed: kernel panic: Out of memory and no killable processes... run #9: OK # git bisect bad a103950e0dd2058df5e8a8d4a915707bdcf205f0 Bisecting: 1793 revisions left to test after this (roughly 11 steps) [d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c] Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c with gcc (GCC) 8.1.0 all runs: OK # git bisect good d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c Bisecting: 813 revisions left to test after this (roughly 10 steps) [28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: kernel panic: Out of memory and no killable processes... run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: Out of memory and no killable processes... run #4: crashed: kernel panic: Out of memory and no killable processes... run #5: crashed: kernel panic: Out of memory and no killable processes... run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: OK run #8: crashed: kernel panic: Out of memory and no killable processes... run #9: crashed: kernel panic: Out of memory and no killable processes... # git bisect bad 28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3 Bisecting: 489 revisions left to test after this (roughly 9 steps) [19e7b5f99474107e8d0b4b3e4652fa19ddb87efc] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 19e7b5f99474107e8d0b4b3e4652fa19ddb87efc with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: kernel panic: Out of memory and no killable processes... run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: Out of memory and no killable processes... run #4: crashed: kernel panic: Out of memory and no killable processes... run #5: crashed: kernel panic: Out of memory and no killable processes... run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: OK run #8: crashed: kernel panic: Out of memory and no killable processes... run #9: OK # git bisect bad 19e7b5f99474107e8d0b4b3e4652fa19ddb87efc Bisecting: 227 revisions left to test after this (roughly 8 steps) [168fe32a072a4b8dc81a3aebf0e5e588d38e2955] Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 168fe32a072a4b8dc81a3aebf0e5e588d38e2955 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 168fe32a072a4b8dc81a3aebf0e5e588d38e2955 Bisecting: 135 revisions left to test after this (roughly 7 steps) [efd52b5d363e3e3b6224ad39949219c0df117c91] Merge tag 'nfs-for-4.16-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs testing commit efd52b5d363e3e3b6224ad39949219c0df117c91 with gcc (GCC) 8.1.0 all runs: OK # git bisect good efd52b5d363e3e3b6224ad39949219c0df117c91 Bisecting: 67 revisions left to test after this (roughly 6 steps) [2882d34310a9b87428d723ba9bb040d7ef0b5ba8] f2fs: use GFP_F2FS_ZERO for cleanup testing commit 2882d34310a9b87428d723ba9bb040d7ef0b5ba8 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 2882d34310a9b87428d723ba9bb040d7ef0b5ba8 Bisecting: 67 revisions left to test after this (roughly 6 steps) [578c647879f74c333d20762375fd970907f2e97c] f2fs: implement cgroup writeback support testing commit 578c647879f74c333d20762375fd970907f2e97c with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 578c647879f74c333d20762375fd970907f2e97c Bisecting: 67 revisions left to test after this (roughly 6 steps) [588bff95c94efc05f9e1a0b19015c9408ed7c0ef] GFS2: Reduce code redundancy writing log headers testing commit 588bff95c94efc05f9e1a0b19015c9408ed7c0ef with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 588bff95c94efc05f9e1a0b19015c9408ed7c0ef Bisecting: 67 revisions left to test after this (roughly 6 steps) [7dff55d27e07c571b6c532b714c22d7ce9fba1e0] f2fs: check node page again in write end io testing commit 7dff55d27e07c571b6c532b714c22d7ce9fba1e0 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 7dff55d27e07c571b6c532b714c22d7ce9fba1e0 Bisecting: 67 revisions left to test after this (roughly 6 steps) [736c0a74856d762b09a997d28e3ff6d8bdcf942c] f2fs: remove an excess variable testing commit 736c0a74856d762b09a997d28e3ff6d8bdcf942c with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 736c0a74856d762b09a997d28e3ff6d8bdcf942c Bisecting: 67 revisions left to test after this (roughly 6 steps) [1ad71a27124caf0b68ddd3c92be01aa2b2a72b2a] f2fs: add an ioctl to disable GC for specific file testing commit 1ad71a27124caf0b68ddd3c92be01aa2b2a72b2a with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 1ad71a27124caf0b68ddd3c92be01aa2b2a72b2a Bisecting: 67 revisions left to test after this (roughly 6 steps) [14544d7690f674ce2b7aa9dc6531c244cc861d19] vme_user: don't use __copy_..._user() testing commit 14544d7690f674ce2b7aa9dc6531c244cc861d19 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 14544d7690f674ce2b7aa9dc6531c244cc861d19 Bisecting: 67 revisions left to test after this (roughly 6 steps) [a2e2e76b23038b187e5656c467ec76eeb29b8275] f2fs: fix to drop all inmem pages correctly testing commit a2e2e76b23038b187e5656c467ec76eeb29b8275 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip a2e2e76b23038b187e5656c467ec76eeb29b8275 Bisecting: 67 revisions left to test after this (roughly 6 steps) [2e168c82dc32e02c0d4774cbae4f07d98ff51649] f2fs: switch to fscrypt_file_open() testing commit 2e168c82dc32e02c0d4774cbae4f07d98ff51649 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 2e168c82dc32e02c0d4774cbae4f07d98ff51649 Bisecting: 67 revisions left to test after this (roughly 6 steps) [d7997e63684c98d93defac0c99f589778bc71869] f2fs: clean up error path of fill_super testing commit d7997e63684c98d93defac0c99f589778bc71869 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip d7997e63684c98d93defac0c99f589778bc71869 Bisecting: 67 revisions left to test after this (roughly 6 steps) [2e45b07fda2560eaafe80eab7a2ad9da763f22a1] f2fs: switch to fscrypt_prepare_rename() testing commit 2e45b07fda2560eaafe80eab7a2ad9da763f22a1 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 2e45b07fda2560eaafe80eab7a2ad9da763f22a1 Bisecting: 67 revisions left to test after this (roughly 6 steps) [c9cc8d01fb04117928830449388512a5047569c9] devpts: fix error handling in devpts_mntget() testing commit c9cc8d01fb04117928830449388512a5047569c9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c9cc8d01fb04117928830449388512a5047569c9 Bisecting: 30 revisions left to test after this (roughly 5 steps) [957a7acd46e64c52d2a1d59cd7273ed49455afb6] gfs2: Remove inode from ordered write list in gfs2_write_inode() testing commit 957a7acd46e64c52d2a1d59cd7273ed49455afb6 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 957a7acd46e64c52d2a1d59cd7273ed49455afb6 Bisecting: 30 revisions left to test after this (roughly 5 steps) [e8b43fe0c1e035a135be7ca3791d465fcb1b501e] gfs2: Clean up {lookup,fillup}_metapath testing commit e8b43fe0c1e035a135be7ca3791d465fcb1b501e with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip e8b43fe0c1e035a135be7ca3791d465fcb1b501e Bisecting: 30 revisions left to test after this (roughly 5 steps) [c1696fb85d33194cf65c7ebfc82a75696299c3a3] GFS2: Introduce new gfs2_log_header_v2 testing commit c1696fb85d33194cf65c7ebfc82a75696299c3a3 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip c1696fb85d33194cf65c7ebfc82a75696299c3a3 Bisecting: 30 revisions left to test after this (roughly 5 steps) [fc1c428eb46af8183be771d2c78b3902acbeffe3] usx2y: don't bother with access_ok() in ->dsp_load() testing commit fc1c428eb46af8183be771d2c78b3902acbeffe3 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip fc1c428eb46af8183be771d2c78b3902acbeffe3 Bisecting: 30 revisions left to test after this (roughly 5 steps) [5bdd0c6f89fba430e18d636493398389dadc3b17] jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path testing commit 5bdd0c6f89fba430e18d636493398389dadc3b17 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 5bdd0c6f89fba430e18d636493398389dadc3b17 Bisecting: 30 revisions left to test after this (roughly 5 steps) [cb7f0903efacb7d25b844b9d321b43f228c7a37a] gfs2: Improve non-recursive delete algorithm testing commit cb7f0903efacb7d25b844b9d321b43f228c7a37a with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip cb7f0903efacb7d25b844b9d321b43f228c7a37a Bisecting: 30 revisions left to test after this (roughly 5 steps) [47669fb6b5951d0e09fc99719653e0ac92b50b99] alpha: osf_sys.c: fix put_tv32 regression testing commit 47669fb6b5951d0e09fc99719653e0ac92b50b99 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 47669fb6b5951d0e09fc99719653e0ac92b50b99 Bisecting: 30 revisions left to test after this (roughly 5 steps) [1f23bc7869fffec40b8bd9333a74a18d1de54d98] gfs2: Trim the ordered write list in gfs2_ordered_write() testing commit 1f23bc7869fffec40b8bd9333a74a18d1de54d98 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 1f23bc7869fffec40b8bd9333a74a18d1de54d98 Bisecting: 30 revisions left to test after this (roughly 5 steps) [ce4c253573ad184603e0fa77876ba155b0cde46d] alpha: osf_sys.c: use timespec64 where appropriate testing commit ce4c253573ad184603e0fa77876ba155b0cde46d with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip ce4c253573ad184603e0fa77876ba155b0cde46d Bisecting: 30 revisions left to test after this (roughly 5 steps) [3d46d7108dd3ff8b1d477bc2b7b061b12690e83c] usx2y: don't bother with memdup_user() for 16-byte structure testing commit 3d46d7108dd3ff8b1d477bc2b7b061b12690e83c with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 3d46d7108dd3ff8b1d477bc2b7b061b12690e83c Bisecting: 30 revisions left to test after this (roughly 5 steps) [4519eaad724e868a5fd1f82123eefebcaed775ad] GFS2: Fix minor comment typo testing commit 4519eaad724e868a5fd1f82123eefebcaed775ad with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 4519eaad724e868a5fd1f82123eefebcaed775ad Bisecting: 30 revisions left to test after this (roughly 5 steps) [18e2ea5cd00c35f4a3e7ba3ef261c38643ef2af3] uvc_v4l2: clean copyin/copyout up testing commit 18e2ea5cd00c35f4a3e7ba3ef261c38643ef2af3 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 18e2ea5cd00c35f4a3e7ba3ef261c38643ef2af3 Bisecting: 30 revisions left to test after this (roughly 5 steps) [2eb5909dee9bcce9c0befdef48c00f1132d9de2e] GFS2: Don't try to end a non-existent transaction in unlink testing commit 2eb5909dee9bcce9c0befdef48c00f1132d9de2e with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 2eb5909dee9bcce9c0befdef48c00f1132d9de2e Bisecting: 30 revisions left to test after this (roughly 5 steps) [10d2cf94c23d48ef1b141084216e7580011e4790] gfs2: Turn trunc_dealloc into punch_hole testing commit 10d2cf94c23d48ef1b141084216e7580011e4790 with gcc (GCC) 8.1.0 net/wireless/shipped-certs.c:774:14: error: redefinition of ‘shipped_regdb_certs_len’ # git bisect skip 10d2cf94c23d48ef1b141084216e7580011e4790 Bisecting: 30 revisions left to test after this (roughly 5 steps) [26064ea409b4d4acb05903a36f3fe2fdccb3d8aa] Merge tag 'gfs2-4.16.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 testing commit 26064ea409b4d4acb05903a36f3fe2fdccb3d8aa with gcc (GCC) 8.1.0 all runs: OK # git bisect good 26064ea409b4d4acb05903a36f3fe2fdccb3d8aa Bisecting: 13 revisions left to test after this (roughly 4 steps) [105f2b7096075eacb6d2c83a6e00b652c2951063] eventfd: fold eventfd_ctx_get() into eventfd_ctx_fileget() testing commit 105f2b7096075eacb6d2c83a6e00b652c2951063 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 105f2b7096075eacb6d2c83a6e00b652c2951063 Bisecting: 6 revisions left to test after this (roughly 3 steps) [4bfd054ae11ea061685c4a2a6234fdc8e92fad41] fs: fold __inode_permission() into inode_permission() testing commit 4bfd054ae11ea061685c4a2a6234fdc8e92fad41 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: kernel panic: Out of memory and no killable processes... run #2: crashed: kernel panic: Out of memory and no killable processes... run #3: crashed: kernel panic: Out of memory and no killable processes... run #4: crashed: kernel panic: Out of memory and no killable processes... run #5: crashed: kernel panic: Out of memory and no killable processes... run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: OK run #8: OK run #9: crashed: kernel panic: Out of memory and no killable processes... # git bisect bad 4bfd054ae11ea061685c4a2a6234fdc8e92fad41 Bisecting: 2 revisions left to test after this (roughly 2 steps) [59aeaf3fef9dcf59dc595390dd5b89dfedcb8926] snd_ctl_elem_init_enum_names(): switch to vmemdup_user() testing commit 59aeaf3fef9dcf59dc595390dd5b89dfedcb8926 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 59aeaf3fef9dcf59dc595390dd5b89dfedcb8926 Bisecting: 1 revision left to test after this (roughly 1 step) [c981f254cc82f50f8cb864ce6432097b23195b9c] sctp: use vmemdup_user() rather than badly open-coding memdup_user() testing commit c981f254cc82f50f8cb864ce6432097b23195b9c with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: Out of memory and no killable processes... # git bisect bad c981f254cc82f50f8cb864ce6432097b23195b9c c981f254cc82f50f8cb864ce6432097b23195b9c is the first bad commit commit c981f254cc82f50f8cb864ce6432097b23195b9c Author: Al Viro Date: Sun Jan 7 13:19:09 2018 -0500 sctp: use vmemdup_user() rather than badly open-coding memdup_user() Signed-off-by: Al Viro net/sctp/socket.c | 59 +++++++++++-------------------------------------------- 1 file changed, 11 insertions(+), 48 deletions(-) revisions tested: 45, total time: 5h5m38.599239729s (build: 2h32m17.025993131s, test: 2h25m51.923010493s) first bad commit: c981f254cc82f50f8cb864ce6432097b23195b9c sctp: use vmemdup_user() rather than badly open-coding memdup_user() cc: ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "linux-sctp@vger.kernel.org" "netdev@vger.kernel.org" "nhorman@tuxdriver.com" "viro@zeniv.linux.org.uk" "vyasevich@gmail.com"] crash: kernel panic: Out of memory and no killable processes... kmalloc-96 991KB 1584KB kmalloc-64 1300KB 1668KB kmalloc-32 1216KB 1433KB kmalloc-192 1041KB 1284KB kmem_cache 195KB 202KB Kernel panic - not syncing: Out of memory and no killable processes... CPU: 1 PID: 7283 Comm: syz-executor713 Not tainted 4.15.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:183 out_of_memory.cold.28+0x52/0x61 mm/oom_kill.c:1073 __alloc_pages_may_oom mm/page_alloc.c:3388 [inline] __alloc_pages_slowpath+0x23ba/0x2e60 mm/page_alloc.c:4089 __alloc_pages_nodemask+0xa68/0xdc0 mm/page_alloc.c:4245 alloc_pages_current+0xd6/0x1b0 mm/mempolicy.c:2036 alloc_pages include/linux/gfp.h:492 [inline] __vmalloc_area_node mm/vmalloc.c:1699 [inline] __vmalloc_node_range+0x33d/0x630 mm/vmalloc.c:1759 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x33/0x40 mm/vmalloc.c:1826 kvmalloc_node+0x5c/0x80 mm/util.c:428 kvmalloc include/linux/mm.h:540 [inline] vmemdup_user+0x28/0x80 mm/util.c:186 sctp_setsockopt_bindx+0x4d/0x230 net/sctp/socket.c:1002 sctp_setsockopt+0x1d3b/0x5c00 net/sctp/socket.c:4034 sock_common_setsockopt+0x73/0xf0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1851 [inline] SyS_setsockopt+0x167/0x320 net/socket.c:1830 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x439e79 RSP: 002b:00007f2acacc2db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00000000006c2c28 RCX: 0000000000439e79 RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000003 RBP: 00000000006c2c20 R08: 000000004920a1cf R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 00000000006c2c2c R13: 00007fff77e7328f R14: 00007f2acacc3700 R15: 0000000000000000 Kernel Offset: disabled