syzbot

 sign-in | mailing list | source | docs
🐞 Open [102]
🐞 Fixed [1]
🐞 Invalid [151]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in tcp_collapse

Status: premoderation: reported on 2025/03/31 14:31
Reported-by: syzbot+83d29e67f93a383e51f6@syzkaller.appspotmail.com
First crash: 4d08h, last: 4d08h

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/ipv4/tcp_input.c:5336!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound bpf_map_free_deferred
RIP: 0010:tcp_collapse+0x1242/0x1260 net/ipv4/tcp_input.c:5336
Code: f4 ff ff 48 8b 4c 24 30 80 e1 07 80 c1 03 38 c1 0f 8c 48 f5 ff ff 48 8b 7c 24 30 e8 98 b7 6d fd e9 39 f5 ff ff e8 be 0b 26 fd <0f> 0b e8 b7 0b 26 fd 0f 0b e8 50 f8 cc 00 e8 ab 0b 26 fd 0f 0b 66
RSP: 0018:ffffc900002cf660 EFLAGS: 00010293
RAX: ffffffff844f8bd2 RBX: 0000000042d9c2db RCX: ffff888100260000
RDX: 0000000000000000 RSI: 00000000fffffb20 RDI: 0000000000000000
RBP: ffffc900002cf7b0 R08: ffffffff844f84eb R09: ffffed10213ec01f
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811a2c4940
R13: 1ffff1102345892d R14: ffff88811a2c496c R15: 00000000fffffb20
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7feaa0ff98 CR3: 000000012ce0d000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 tcp_prune_queue net/ipv4/tcp_input.c:5486 [inline]
 tcp_try_rmem_schedule+0xaa9/0x1770 net/ipv4/tcp_input.c:4862
 tcp_data_queue+0x47b/0x6db0 net/ipv4/tcp_input.c:5134
 tcp_rcv_established+0xa09/0x1c60 net/ipv4/tcp_input.c:6097
 tcp_v4_do_rcv+0x430/0xa20 net/ipv4/tcp_ipv4.c:1683
 sk_backlog_rcv include/net/sock.h:1131 [inline]
 __release_sock+0x145/0x410 net/core/sock.c:2945
 release_sock+0x65/0x1b0 net/core/sock.c:3519
 sock_map_free+0x144/0x2b0 net/core/sock_map.c:356
 bpf_map_free_deferred+0xf7/0x1b0 kernel/bpf/syscall.c:637
 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:tcp_collapse+0x1242/0x1260 net/ipv4/tcp_input.c:5336
Code: f4 ff ff 48 8b 4c 24 30 80 e1 07 80 c1 03 38 c1 0f 8c 48 f5 ff ff 48 8b 7c 24 30 e8 98 b7 6d fd e9 39 f5 ff ff e8 be 0b 26 fd <0f> 0b e8 b7 0b 26 fd 0f 0b e8 50 f8 cc 00 e8 ab 0b 26 fd 0f 0b 66
RSP: 0018:ffffc900002cf660 EFLAGS: 00010293
RAX: ffffffff844f8bd2 RBX: 0000000042d9c2db RCX: ffff888100260000
RDX: 0000000000000000 RSI: 00000000fffffb20 RDI: 0000000000000000
RBP: ffffc900002cf7b0 R08: ffffffff844f84eb R09: ffffed10213ec01f
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811a2c4940
R13: 1ffff1102345892d R14: ffff88811a2c496c R15: 00000000fffffb20
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f41f0b9cd58 CR3: 000000012ce0d000 CR4: 00000000003526a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/31 14:30 android14-6.1 c1fd50266bd6 d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in tcp_collapse
* Struck through repros no longer work on HEAD.