WARNING in skb_try

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	WARNING in skb_try_coalesce	C			106	1814d	2049d	0/3	public: reported C repro on 2019/04/13 00:00
upstream	WARNING in skb_try_coalesce net	C	error		1521	908d	1361d	22/28	fixed on 2023/02/24 13:50

random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) random: sshd: uninitialized urandom read (32 bytes read, 103 bits of entropy available) random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 3667 at net/core/skbuff.c:4183 skb_try_coalesce+0xfa6/0x15f0 net/core/skbuff.c:4183() Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 3667 Comm: syzkaller095651 Not tainted 4.4.120-gd63fdf6 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 86b1d0de4b52ce02 ffff8801db307228 ffffffff81d0408d ffffffff83843b40 ffff8801db307300 ffffffff83ca8de0 0000000000000009 0000000000001057 ffff8801db3072f0 ffffffff8141ab2a 0000000041b58ab3 Call Trace: <IRQ> [<ffffffff81d0408d>] __dump_stack lib/dump_stack.c:15 [inline] <IRQ> [<ffffffff81d0408d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [<ffffffff8141ab2a>] panic+0x1aa/0x388 kernel/panic.c:112 [<ffffffff8112d885>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455 [<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492 [<ffffffff82e1b456>] skb_try_coalesce+0xfa6/0x15f0 net/core/skbuff.c:4183 [<ffffffff8312b34c>] tcp_try_coalesce+0x15c/0x4d0 net/ipv4/tcp_input.c:4273 [<ffffffff831335b7>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [<ffffffff8313a9db>] tcp_data_queue+0xd9b/0x48e0 net/ipv4/tcp_input.c:4595 [<ffffffff8314908a>] tcp_rcv_established+0x7ca/0x2230 net/ipv4/tcp_input.c:5418 [<ffffffff833abd6d>] tcp_v6_do_rcv+0x42d/0x1470 net/ipv6/tcp_ipv6.c:1267 [<ffffffff833ae93d>] tcp_v6_rcv+0x1b8d/0x2800 net/ipv6/tcp_ipv6.c:1473 [<ffffffff83310379>] ip6_input_finish+0x329/0x1540 net/ipv6/ip6_input.c:248 [<ffffffff833134f6>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [<ffffffff833134f6>] NF_HOOK include/linux/netfilter.h:249 [inline] [<ffffffff833134f6>] ip6_input+0x106/0x200 net/ipv6/ip6_input.c:280 [<ffffffff8330fb58>] dst_input include/net/dst.h:504 [inline] [<ffffffff8330fb58>] ip6_rcv_finish+0x138/0x630 net/ipv6/ip6_input.c:62 [<ffffffff833125e5>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [<ffffffff833125e5>] NF_HOOK include/linux/netfilter.h:249 [inline] [<ffffffff833125e5>] ipv6_rcv+0x1055/0x1e60 net/ipv6/ip6_input.c:186 [<ffffffff82e4c109>] __netif_receive_skb_core+0xa59/0x28f0 net/core/dev.c:4012 [<ffffffff82e4dffb>] __netif_receive_skb+0x5b/0x1c0 net/core/dev.c:4047 [<ffffffff82e50033>] process_backlog+0x213/0x690 net/core/dev.c:4640 [<ffffffff82e4f323>] napi_poll net/core/dev.c:4878 [inline] [<ffffffff82e4f323>] net_rx_action+0x373/0xe70 net/core/dev.c:4943 [<ffffffff83776e57>] __do_softirq+0x227/0xa38 kernel/softirq.c:273 [<ffffffff83774bdc>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:925 <EOI> [<ffffffff8113bcc4>] do_softirq.part.17+0x54/0x60 kernel/softirq.c:317 [<ffffffff8113bd8e>] do_softirq kernel/softirq.c:165 [inline] [<ffffffff8113bd8e>] __local_bh_enable_ip+0xbe/0xd0 kernel/softirq.c:170 [<ffffffff83772e80>] __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:178 [inline] [<ffffffff83772e80>] _raw_spin_unlock_bh+0x30/0x40 kernel/locking/spinlock.c:207 [<ffffffff82df8efe>] spin_unlock_bh include/linux/spinlock.h:352 [inline] [<ffffffff82df8efe>] release_sock+0x3be/0x510 net/core/sock.c:2484 [<ffffffff8311f52f>] tcp_sendpage+0xaff/0x1830 net/ipv4/tcp.c:1034 [<ffffffff831d8227>] inet_sendpage+0x2d7/0x500 net/ipv4/af_inet.c:772 [<ffffffff82deacad>] kernel_sendpage+0x8d/0xe0 net/socket.c:3301 [<ffffffff82dead8c>] sock_sendpage+0x8c/0xc0 net/socket.c:780 [<ffffffff815b52c4>] pipe_to_sendpage+0x264/0x320 fs/splice.c:724 [<ffffffff815b7adf>] splice_from_pipe_feed fs/splice.c:776 [inline] [<ffffffff815b7adf>] __splice_from_pipe+0x2ff/0x6f0 fs/splice.c:901 [<ffffffff815bad29>] splice_from_pipe+0xf9/0x160 fs/splice.c:936 [<ffffffff815badd0>] generic_splice_sendpage+0x40/0x50 fs/splice.c:1109 [<ffffffff815b5005>] do_splice_from fs/splice.c:1128 [inline] [<ffffffff815b5005>] direct_splice_actor+0x125/0x180 fs/splice.c:1294 [<ffffffff815b6312>] splice_direct_to_actor+0x2d2/0x830 fs/splice.c:1247 [<ffffffff815b6a17>] do_splice_direct+0x1a7/0x270 fs/splice.c:1337 [<ffffffff81520e5c>] do_sendfile+0x54c/0xd30 fs/read_write.c:1227 [<ffffffff81522eb3>] SYSC_sendfile64 fs/read_write.c:1282 [inline] [<ffffffff81522eb3>] SyS_sendfile64+0xc3/0x150 fs/read_write.c:1274 [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/03/20 18:15	https://android.googlesource.com/kernel/common android-4.4	d63fdf61a4dc	72c33b66	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/03/20 18:15	https://android.googlesource.com/kernel/common android-4.4	d63fdf61a4dc	72c33b66	.config	console log	report	syz		ci-android-44-kasan-gce-386
2019/10/27 22:48	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	25bb509e	.config	console log	report			ci-android-44-kasan-gce
2019/10/27 21:09	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	25bb509e	.config	console log	report			ci-android-44-kasan-gce
2019/10/20 05:17	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	8c88c9c1	.config	console log	report			ci-android-44-kasan-gce
2018/12/19 07:54	https://android.googlesource.com/kernel/common android-4.4	b95a8c048a28	4edaba93	.config	console log	report			ci-android-44-kasan-gce-386

Crashes (6):

Assets (help?)