syzbot


WARNING in tcp_enter_loss (2)

Status: fixed on 2020/02/18 10:28
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+c5a3099b94cbdd9cd6da@syzkaller.appspotmail.com
Fix commit: 16ae6aa17052 tcp: ignore Fast Open on repair mode
First crash: 2212d, last: 2158d
Cause bisection: introduced by (bisect log) :
commit a0370b3f3f2cfb8b424b04c0545414abaa53f5ee
Author: Yuchung Cheng <ycheng@google.com>
Date: Fri Jan 13 06:11:36 2017 +0000

  tcp: enable RACK loss detection to trigger recovery

Crash: WARNING in corrupted (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) [merge commit]:
commit e523a2562a4457d9aae9b657125d193218631681
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri May 4 04:57:03 2018 +0000

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

  
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in tcp_enter_loss net 1 2307d 2301d 0/26 closed as invalid on 2018/02/13 19:39
linux-4.19 WARNING in tcp_enter_loss C error 1 811d 811d 0/1 upstream: reported C repro on 2022/01/07 14:26
android-49 WARNING in tcp_enter_loss C 4 2163d 1811d 0/3 public: reported C repro on 2019/04/14 00:00
upstream WARNING in tcp_enter_loss (3) net C inconclusive 7 515d 812d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
WARNING: CPU: 0 PID: 4456 at net/ipv4/tcp_input.c:1955 tcp_enter_loss+0xe4f/0x1110 net/ipv4/tcp_input.c:1955
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 4456 Comm: syz-executor694 Not tainted 4.17.0-rc2+ #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 panic+0x22f/0x4de kernel/panic.c:184
 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:tcp_enter_loss+0xe4f/0x1110 net/ipv4/tcp_input.c:1955
RSP: 0018:ffff8801b66c7560 EFLAGS: 00010293
RAX: ffff8801b66686c0 RBX: 0000000000000001 RCX: ffffffff864ac155
RDX: 0000000000000000 RSI: ffffffff864ac5bf RDI: 0000000000000004
RBP: ffff8801b66c75e0 R08: ffff8801b66686c0 R09: 0000000000000000
R10: ffffed0043fff001 R11: ffff88021fff8017 R12: 0000000000000003
R13: 0000000000000002 R14: ffff8801c8c6dd30 R15: ffff8801d02e5500
WARNING: CPU: 1 PID: 4450 at net/ipv4/tcp_input.c:1955 tcp_enter_loss+0xe4f/0x1110 net/ipv4/tcp_input.c:1955
 tcp_retransmit_timer+0xc34/0x3060 net/ipv4/tcp_timer.c:486
Modules linked in:
CPU: 1 PID: 4450 Comm: syz-executor694 Not tainted 4.17.0-rc2+ #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tcp_enter_loss+0xe4f/0x1110 net/ipv4/tcp_input.c:1955
RSP: 0018:ffff8801b60b7560 EFLAGS: 00010293
RAX: ffff8801b662e500 RBX: 0000000000000001 RCX: ffffffff864ac155
RDX: 0000000000000000 RSI: ffffffff864ac5bf RDI: 0000000000000004
RBP: ffff8801b60b75e0 R08: ffff8801b662e500 R09: 0000000000000000
R10: ffffed0043fff009 R11: ffff88021fff8057 R12: 0000000000000003
R13: 0000000000000002 R14: ffff8801cc3cf870 R15: ffff8801cd4f0a80
FS:  00000000015e1880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000021000000 CR3: 00000001b631c000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tcp_write_timer_handler+0x339/0x960 net/ipv4/tcp_timer.c:573
 tcp_retransmit_timer+0xc34/0x3060 net/ipv4/tcp_timer.c:486
 tcp_release_cb+0x25e/0x2d0 net/ipv4/tcp_output.c:871
 release_sock+0x107/0x2b0 net/core/sock.c:2856
 do_tcp_setsockopt.isra.38+0x48e/0x2600 net/ipv4/tcp.c:2880
 tcp_write_timer_handler+0x339/0x960 net/ipv4/tcp_timer.c:573
 tcp_setsockopt+0xc1/0xe0 net/ipv4/tcp.c:2892
 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3039
 tcp_release_cb+0x25e/0x2d0 net/ipv4/tcp_output.c:871
 __sys_setsockopt+0x1bd/0x390 net/socket.c:1903
 release_sock+0x107/0x2b0 net/core/sock.c:2856
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 do_tcp_setsockopt.isra.38+0x48e/0x2600 net/ipv4/tcp.c:2880
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441bc9
RSP: 002b:00007ffe202bc838 EFLAGS: 00000207
 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441bc9
RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 000000002000023b R09: 0000000000000010
 tcp_setsockopt+0xc1/0xe0 net/ipv4/tcp.c:2892
R10: 0000000020000040 R11: 0000000000000207 R12: 0000000000402810
 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3039
R13: 00000000004028a0 R14: 0000000000000000 R15: 0000000000000000
 __sys_setsockopt+0x1bd/0x390 net/socket.c:1903
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441bc9
RSP: 002b:00007ffe202bc838 EFLAGS: 00000207 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441bc9
RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 000000002000023b R09: 0000000000000010
R10: 0000000020000040 R11: 0000000000000207 R12: 0000000000402810
R13: 00000000004028a0 R14: 0000000000000000 R15: 0000000000000000
Code: 89 a7 38 08 00 00 e9 07 fc ff ff 49 8d 87 78 09 00 00 48 89 45 88 49 8d 87 68 07 00 00 48 89 45 d0 e9 c5 f2 ff ff e8 91 6a 2e fb <0f> 0b e9 98 fb ff ff e8 55 cb 6a fb e9 de f6 ff ff 48 8b 7d d0 
irq event stamp: 76541
hardirqs last  enabled at (76539): [<ffffffff878009d5>] restore_regs_and_return_to_kernel+0x0/0x2b
hardirqs last disabled at (76541): [<ffffffff87801166>] error_entry+0x76/0xd0 arch/x86/entry/entry_64.S:1262
softirqs last  enabled at (76528): [<ffffffff87a00778>] __do_softirq+0x778/0xaf5 kernel/softirq.c:311
softirqs last disabled at (76540): [<ffffffff85d60074>] spin_lock_bh include/linux/spinlock.h:315 [inline]
softirqs last disabled at (76540): [<ffffffff85d60074>] release_sock+0x74/0x2b0 net/core/sock.c:2848
---[ end trace a7562162d42a707b ]---
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/27 12:15 upstream 0644f186fc9d 73417389 .config console log report syz C ci-upstream-kasan-gce-root
2018/05/01 03:04 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report syz C ci-upstream-kmsan-gce
2018/05/01 18:25 upstream fff75eb2a08c d5b114b4 .config console log report syz ci-upstream-kasan-gce-386
2018/03/08 13:06 net-next-old a366e300ae9f acd0caa5 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.