| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-44 | kernel BUG at net/ipv4/tcp_input.c:LINE! | 1 | 2196d | 2048d | 0/2 | auto-closed as invalid on 2019/05/16 00:02 |
syzbot |
sign-in | mailing list | source | docs |
------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_input.c:4839! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 2219 Comm: syz-executor442 Not tainted 4.4.174+ #17 task: ffff8801d3cd2f80 task.stack: ffff8801d3788000 RIP: 0010:[<ffffffff824121bd>] [<ffffffff824121bd>] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP: 0018:ffff8801db6073c8 EFLAGS: 00010206 RAX: ffff8801d3cd2f80 RBX: 0000000000000450 RCX: 000000000a40b7bb RDX: 0000000000000100 RSI: ffffffff824121bd RDI: 0000000000000450 RBP: ffff8801db607518 R08: 1ffff10016ea6ecd R09: ffffed0016ea6ed3 R10: ffffed0016ea6ed2 R11: ffff8800b7537697 R12: ffff8801d2c0d78c R13: ffff8801d2c0d760 R14: dffffc0000000000 R15: ffff8800b7537640 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f77cdb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001cef42000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8800b8722a40 ffffed00170e4548 ffff8800b753766c ffff8801db607460 ffff8801d3725680 ffff880000000900 0000000000000000 ffff8800b8722900 1ffff1003b6c0e86 0000000000000000 fffffc1800000450 ffff8800b8722a30 Call Trace: <IRQ> [<ffffffff82412c5a>] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline] [<ffffffff82412c5a>] tcp_try_rmem_schedule+0x6ba/0x1280 net/ipv4/tcp_input.c:4386 [<ffffffff82415462>] tcp_data_queue_ofo net/ipv4/tcp_input.c:4410 [inline] [<ffffffff82415462>] tcp_data_queue+0x11f2/0x3a90 net/ipv4/tcp_input.c:4713 [<ffffffff82422a99>] tcp_rcv_established+0x599/0x2070 net/ipv4/tcp_input.c:5538 [<ffffffff8244a483>] tcp_v4_do_rcv+0x553/0x7a0 net/ipv4/tcp_ipv4.c:1397 [<ffffffff8244f06d>] sk_backlog_rcv include/net/sock.h:875 [inline] [<ffffffff8244f06d>] tcp_prequeue net/ipv4/tcp_ipv4.c:1519 [inline] [<ffffffff8244f06d>] tcp_prequeue+0x4dd/0xdc0 net/ipv4/tcp_ipv4.c:1489 [<ffffffff82455693>] tcp_v4_rcv+0x29a3/0x36b0 net/ipv4/tcp_ipv4.c:1679 [<ffffffff823b59c0>] ip_local_deliver_finish+0x3c0/0xa70 net/ipv4/ip_input.c:216 [<ffffffff823b797f>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [<ffffffff823b797f>] NF_HOOK include/linux/netfilter.h:249 [inline] [<ffffffff823b797f>] ip_local_deliver+0x1af/0x390 net/ipv4/ip_input.c:257 [<ffffffff823b67d8>] dst_input include/net/dst.h:504 [inline] [<ffffffff823b67d8>] ip_rcv_finish+0x768/0x1220 net/ipv4/ip_input.c:365 [<ffffffff823b845a>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [<ffffffff823b845a>] NF_HOOK include/linux/netfilter.h:249 [inline] [<ffffffff823b845a>] ip_rcv+0x8fa/0xe70 net/ipv4/ip_input.c:456 [<ffffffff82230640>] __netif_receive_skb_core+0x1300/0x2950 net/core/dev.c:4041 [<ffffffff82238bd8>] __netif_receive_skb+0x58/0x1c0 net/core/dev.c:4076 [<ffffffff8223fec0>] process_backlog+0x200/0x630 net/core/dev.c:4673 [<ffffffff8223f2f7>] napi_poll net/core/dev.c:4911 [inline] [<ffffffff8223f2f7>] net_rx_action+0x367/0xd30 net/core/dev.c:4976 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [<ffffffff82719cdc>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:956 <EOI> [<ffffffff810e1744>] do_softirq.part.0+0x54/0x60 kernel/softirq.c:317 [<ffffffff810e181c>] do_softirq kernel/softirq.c:309 [inline] [<ffffffff810e181c>] __local_bh_enable_ip+0xcc/0xe0 kernel/softirq.c:170 [<ffffffff82717fc1>] __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:178 [inline] [<ffffffff82717fc1>] _raw_spin_unlock_bh+0x31/0x40 kernel/locking/spinlock.c:207 [<ffffffff821e6078>] spin_unlock_bh include/linux/spinlock.h:352 [inline] [<ffffffff821e6078>] release_sock+0x3a8/0x500 net/core/sock.c:2488 [<ffffffff821e6308>] sk_wait_data+0x138/0x3b0 net/core/sock.c:2065 [<ffffffff823f3cc6>] tcp_recvmsg+0xfb6/0x2d10 net/ipv4/tcp.c:1777 [<ffffffff824a86ae>] inet_recvmsg+0x23e/0x4d0 net/ipv4/af_inet.c:786 [<ffffffff821d8d9f>] sock_recvmsg_nosec net/socket.c:740 [inline] [<ffffffff821d8d9f>] sock_recvmsg net/socket.c:748 [inline] [<ffffffff821d8d9f>] sock_recvmsg+0x8f/0xc0 net/socket.c:743 [<ffffffff821da5e7>] ___sys_recvmsg+0x257/0x530 net/socket.c:2129 [<ffffffff821dd5b5>] __sys_recvmsg+0xc5/0x160 net/socket.c:2175 [<ffffffff822ace5a>] C_SYSC_recvmsg net/compat.c:737 [inline] [<ffffffff822ace5a>] compat_SyS_recvmsg+0x2a/0x40 net/compat.c:735 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a Code: 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 03 02 00 00 44 3b 73 28 79 a5 e8 3e 74 ef fe 4c 8d 7b 10 eb a3 e8 33 74 ef fe <0f> 0b e8 2c 74 ef fe 48 8b 8d e0 fe ff ff 4c 89 ee 48 8b 95 08 RIP [<ffffffff824121bd>] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP <ffff8801db6073c8> ---[ end trace d4789cf5fd5835d7 ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/10/25 07:30 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d01bb02a | .config | console log | report | syz | C | ci-android-44-kasan-gce-386 | |||
| 2019/10/25 06:46 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d01bb02a | .config | console log | report | ci-android-44-kasan-gce-386 |