syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in tcp_sacktag_write_queue

Status: auto-closed as invalid on 2019/02/22 15:39
First crash: 2246d, last: 2223d

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3 Comm: ksoftirqd/0 Not tainted 4.9.88-gbb52bba #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d9abb000 task.stack: ffff8801d9af0000
RIP: 0010:[<ffffffff83248219>]  [<ffffffff83248219>] tcp_sacktag_skip net/ipv4/tcp_input.c:1613 [inline]
RIP: 0010:[<ffffffff83248219>]  [<ffffffff83248219>] tcp_sacktag_write_queue+0x13a9/0x2c60 net/ipv4/tcp_input.c:1815
RSP: 0018:ffff8801d9af7000  EFLAGS: 00010207
RAX: ffff8801d9abb000 RBX: ffff8801d9af7358 RCX: ffffffff8324820d
RDX: 0000000000000005 RSI: ffff8801d9af735c RDI: 000000000000002c
RBP: ffff8801d9af7168 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: dffffc0000000000 R15: 0000000000000253
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006fc4b4 CR3: 00000001ca41e000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000246 ffff8801d9abb000 ffffffff844de4a0 ffff8801cc332428
 0000000000000003 1ffff1003b35ee18 ffff8801d9af7378 ffff8801d9af70e0
 ffff8801cc3328b0 ffff8801cc332950 ffffed0039866485 ffff8801d9af735c
Call Trace:
 [<ffffffff832560f3>] tcp_ack+0x2023/0x5390 net/ipv4/tcp_input.c:3677
 [<ffffffff8326112b>] tcp_rcv_established+0x53b/0x2070 net/ipv4/tcp_input.c:5551
 [<ffffffff83293f45>] tcp_v4_do_rcv+0x2d5/0x940 net/ipv4/tcp_ipv4.c:1414
 [<ffffffff83299c54>] tcp_v4_rcv+0x20d4/0x29e0 net/ipv4/tcp_ipv4.c:1730
 [<ffffffff831f1585>] ip_local_deliver_finish+0x285/0xa80 net/ipv4/ip_input.c:216
 [<ffffffff831f25ca>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline]
 [<ffffffff831f25ca>] NF_HOOK include/linux/netfilter.h:255 [inline]
 [<ffffffff831f25ca>] ip_local_deliver+0x30a/0x4d0 net/ipv4/ip_input.c:257
 [<ffffffff831f011b>] dst_input include/net/dst.h:513 [inline]
 [<ffffffff831f011b>] ip_rcv_finish+0x71b/0x1900 net/ipv4/ip_input.c:396
 [<ffffffff831f3352>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline]
 [<ffffffff831f3352>] NF_HOOK include/linux/netfilter.h:255 [inline]
 [<ffffffff831f3352>] ip_rcv+0xbc2/0x1620 net/ipv4/ip_input.c:487
 [<ffffffff82f3f6b3>] __netif_receive_skb_core+0xa33/0x29e0 net/core/dev.c:4259
 [<ffffffff82f416bb>] __netif_receive_skb+0x5b/0x1c0 net/core/dev.c:4297
 [<ffffffff82f419f4>] process_backlog+0x1d4/0x690 net/core/dev.c:4918
 [<ffffffff82f47b06>] napi_poll net/core/dev.c:5219 [inline]
 [<ffffffff82f47b06>] net_rx_action+0x396/0xe00 net/core/dev.c:5284
 [<ffffffff838be556>] __do_softirq+0x206/0x951 kernel/softirq.c:284
 [<ffffffff81146fae>] run_ksoftirqd+0x2e/0x60 kernel/softirq.c:676
 [<ffffffff811a62a1>] smpboot_thread_fn+0x5c1/0x8f0 kernel/smpboot.c:163
 [<ffffffff8119ae6d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838b7c1c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Code: 4b e8 2c 37 12 fe 48 8b 85 50 ff ff ff 4c 39 a0 e8 03 00 00 0f 84 85 00 00 00 e8 13 37 12 fe 49 8d 7c 24 2c 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 32 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 
RIP  [<ffffffff83248219>] tcp_sacktag_skip net/ipv4/tcp_input.c:1613 [inline]
RIP  [<ffffffff83248219>] tcp_sacktag_write_queue+0x13a9/0x2c60 net/ipv4/tcp_input.c:1815
 RSP <ffff8801d9af7000>
---[ end trace 3dedb6220798530d ]---

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/18 17:35 https://android.googlesource.com/kernel/common android-4.9 bb52bba67e35 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/15 02:36 https://android.googlesource.com/kernel/common android-4.9 52447008883e 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/12 05:57 https://android.googlesource.com/kernel/common android-4.9 a2904940bde8 36d1c454 .config console log report ci-android-49-kasan-gce
2018/03/10 17:37 https://android.googlesource.com/kernel/common android-4.9 00db063b0f88 36d1c454 .config console log report ci-android-49-kasan-gce
2018/02/26 11:01 https://android.googlesource.com/kernel/common android-4.9 a9d027374a35 9fe8aa42 .config console log report ci-android-49-kasan-gce
2018/02/23 08:26 https://android.googlesource.com/kernel/common android-4.9 da9fb78452e8 8d8e2494 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.