syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | kernel BUG at net/ipv4/tcp_output.c:LINE! | 37 | 2424d | 2437d | 3/26 | fixed on 2017/11/07 20:45 | |||
| upstream | kernel BUG at net/ipv4/tcp_output.c:LINE! (2) net | syz | 23 | 2188d | 2293d | 5/26 | fixed on 2018/06/07 13:52 | ||
| android-49 | kernel BUG at net/ipv4/tcp_output.c:LINE! | 5 | 2232d | 2290d | 0/3 | auto-closed as invalid on 2019/02/22 14:50 |
------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_output.c:2591! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 6596 Comm: syz-executor154 Not tainted 4.4.132-g4b08356 #50 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801c8240000 task.stack: ffff8801c1e78000 RIP: 0010:[<ffffffff8328aff5>] [<ffffffff8328aff5>] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP: 0018:ffff8801db207b60 EFLAGS: 00010206 RAX: ffff8801c8240000 RBX: ffff8801c86daf28 RCX: ffff8800b3370244 RDX: 0000000000000100 RSI: ffffffff8328aff5 RDI: ffff8801c86daf2c RBP: ffff8801db207c08 R08: 000000212202db5e R09: 0000000000000006 R10: ffffed0043fffa01 R11: 0000000000000001 R12: 000000004b11c8b4 R13: 000000004b02e3fc R14: ffff8801c86daf00 R15: ffff8800b3370000 FS: 00007f6b1eb02700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffc5facfcc CR3: 00000000b328d000 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 000000212202db5e ffffffffffffffff 000000212224b80d ffff8800b3370000 0000000000000004 ffff8800b3370854 00000000ffffffff ffff8800b3370244 ffff8801db207bc8 ffffffff833a936e ffff8800b3370000 ffffffff833a8f50 Call Trace: <IRQ> [<ffffffff8328b763>] tcp_retransmit_skb+0x23/0x2c0 net/ipv4/tcp_output.c:2664 [<ffffffff8329104d>] tcp_retransmit_timer+0x7bd/0x1ed0 net/ipv4/tcp_timer.c:461 [<ffffffff83292951>] tcp_write_timer_handler+0x1f1/0x6f0 net/ipv4/tcp_timer.c:543 [<ffffffff83292f0a>] tcp_write_timer+0xba/0xd0 net/ipv4/tcp_timer.c:561 [<ffffffff8129085c>] call_timer_fn+0x18c/0x870 kernel/time/timer.c:1185 [<ffffffff81291582>] __run_timers kernel/time/timer.c:1261 [inline] [<ffffffff81291582>] run_timer_softirq+0x642/0xb90 kernel/time/timer.c:1444 [<ffffffff838c376c>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273 [<ffffffff8113f75d>] invoke_softirq kernel/softirq.c:350 [inline] [<ffffffff8113f75d>] irq_exit+0x10d/0x140 kernel/softirq.c:391 [<ffffffff838c2ed1>] exiting_irq arch/x86/include/asm/apic.h:653 [inline] [<ffffffff838c2ed1>] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:926 [<ffffffff838c1e10>] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:741 <EOI> [<ffffffff8101687b>] print_context_stack+0x4b/0xd0 arch/x86/kernel/dumpstack.c:107 [<ffffffff81015dba>] dump_trace+0x17a/0x360 arch/x86/kernel/dumpstack_64.c:243 [<ffffffff810341d6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63 [<ffffffff814f8143>] save_stack+0x43/0xd0 mm/kasan/kasan.c:512 [<ffffffff814f8427>] set_track mm/kasan/kasan.c:524 [inline] [<ffffffff814f8427>] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:616 [<ffffffff814f8c04>] kasan_krealloc+0x64/0x80 mm/kasan/kasan.c:654 [<ffffffff814f1dfa>] ksize+0x8a/0xf0 mm/slub.c:3727 [<ffffffff81479b37>] __do_krealloc mm/slab_common.c:1193 [inline] [<ffffffff81479b37>] __krealloc+0x27/0xb0 mm/slab_common.c:1222 [<ffffffff830f7f63>] __nf_ct_ext_add_length+0x223/0xb50 net/netfilter/nf_conntrack_extend.c:104 [<ffffffff8312d9c6>] nf_ct_nat_ext_add+0xf6/0x130 net/netfilter/nf_nat_core.c:373 [<ffffffff8337e062>] nf_nat_ipv4_fn+0x122/0x690 net/ipv4/netfilter/nf_nat_l3proto_ipv4.c:284 [<ffffffff8337f502>] nf_nat_ipv4_local_fn+0x122/0x470 net/ipv4/netfilter/nf_nat_l3proto_ipv4.c:422 [<ffffffff833951ec>] iptable_nat_ipv4_local_fn+0x2c/0x40 net/ipv4/netfilter/iptable_nat.c:64 [<ffffffff830c0e32>] nf_iterate+0x182/0x210 net/netfilter/core.c:274 [<ffffffff830c1076>] nf_hook_slow+0x1b6/0x340 net/netfilter/core.c:306 [<ffffffff832182e4>] nf_hook_thresh include/linux/netfilter.h:187 [inline] [<ffffffff832182e4>] nf_hook include/linux/netfilter.h:197 [inline] [<ffffffff832182e4>] __ip_local_out+0x2b4/0x440 net/ipv4/ip_output.c:108 [<ffffffff83218499>] ip_local_out+0x29/0x180 net/ipv4/ip_output.c:117 [<ffffffff8321980e>] ip_queue_xmit+0x88e/0x1ab0 net/ipv4/ip_output.c:461 [<ffffffff8327f3b2>] tcp_transmit_skb+0x1642/0x2bf0 net/ipv4/tcp_output.c:1029 [<ffffffff83287e09>] tcp_connect+0x1d59/0x2c60 net/ipv4/tcp_output.c:3276 [<ffffffff832998a1>] tcp_v4_connect+0xf31/0x1890 net/ipv4/tcp_ipv4.c:246 [<ffffffff832f7aa9>] __inet_stream_connect+0x2a9/0xc30 net/ipv4/af_inet.c:615 [<ffffffff832f8485>] inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:676 [<ffffffff82f1d788>] SYSC_connect+0x1b8/0x300 net/socket.c:1557 [<ffffffff82f200c4>] SyS_connect+0x24/0x30 net/socket.c:1538 [<ffffffff838c02a5>] entry_SYSCALL_64_fastpath+0x22/0x9e Code: e0 26 fe e9 aa ed ff ff e8 89 e0 26 fe e9 4f f5 ff ff e8 7f e0 26 fe e9 6b f5 ff ff e8 95 e0 26 fe e9 d3 ef ff ff e8 fb 61 0c fe <0f> 0b 4c 89 f7 e8 81 e0 26 fe e9 d9 ec ff ff e8 f7 e0 26 fe e9 RIP [<ffffffff8328aff5>] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP <ffff8801db207b60> ---[ end trace f8ddff88097077a9 ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018/05/26 07:21 | https://android.googlesource.com/kernel/common android-4.4 | 4b08356a76b8 | f48c20b8 | .config | console log | report | syz | C | ci-android-44-kasan-gce | |||
| 2018/05/26 05:43 | https://android.googlesource.com/kernel/common android-4.4 | 4b08356a76b8 | f48c20b8 | .config | console log | report | syz | C | ci-android-44-kasan-gce | |||
| 2018/05/26 07:20 | https://android.googlesource.com/kernel/common android-4.4 | 4b08356a76b8 | f48c20b8 | .config | console log | report | syz | ci-android-44-kasan-gce-386 | ||||
| 2018/04/24 06:04 | https://android.googlesource.com/kernel/common android-4.4 | bd23e3af1765 | e7e85d36 | .config | console log | report | syz | ci-android-44-kasan-gce-386 | ||||
| 2018/03/21 17:07 | https://android.googlesource.com/kernel/common android-4.4 | d63fdf61a4dc | f63eeee9 | .config | console log | report | ci-android-44-kasan-gce-386 |