------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_input.c:4839! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 2219 Comm: syz-executor442 Not tainted 4.4.174+ #17 task: ffff8801d3cd2f80 task.stack: ffff8801d3788000 RIP: 0010:[] [] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP: 0018:ffff8801db6073c8 EFLAGS: 00010206 RAX: ffff8801d3cd2f80 RBX: 0000000000000450 RCX: 000000000a40b7bb RDX: 0000000000000100 RSI: ffffffff824121bd RDI: 0000000000000450 RBP: ffff8801db607518 R08: 1ffff10016ea6ecd R09: ffffed0016ea6ed3 R10: ffffed0016ea6ed2 R11: ffff8800b7537697 R12: ffff8801d2c0d78c R13: ffff8801d2c0d760 R14: dffffc0000000000 R15: ffff8800b7537640 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f77cdb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001cef42000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8800b8722a40 ffffed00170e4548 ffff8800b753766c ffff8801db607460 ffff8801d3725680 ffff880000000900 0000000000000000 ffff8800b8722900 1ffff1003b6c0e86 0000000000000000 fffffc1800000450 ffff8800b8722a30 Call Trace: [] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline] [] tcp_try_rmem_schedule+0x6ba/0x1280 net/ipv4/tcp_input.c:4386 [] tcp_data_queue_ofo net/ipv4/tcp_input.c:4410 [inline] [] tcp_data_queue+0x11f2/0x3a90 net/ipv4/tcp_input.c:4713 [] tcp_rcv_established+0x599/0x2070 net/ipv4/tcp_input.c:5538 [] tcp_v4_do_rcv+0x553/0x7a0 net/ipv4/tcp_ipv4.c:1397 [] sk_backlog_rcv include/net/sock.h:875 [inline] [] tcp_prequeue net/ipv4/tcp_ipv4.c:1519 [inline] [] tcp_prequeue+0x4dd/0xdc0 net/ipv4/tcp_ipv4.c:1489 [] tcp_v4_rcv+0x29a3/0x36b0 net/ipv4/tcp_ipv4.c:1679 [] ip_local_deliver_finish+0x3c0/0xa70 net/ipv4/ip_input.c:216 [] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [] NF_HOOK include/linux/netfilter.h:249 [inline] [] ip_local_deliver+0x1af/0x390 net/ipv4/ip_input.c:257 [] dst_input include/net/dst.h:504 [inline] [] ip_rcv_finish+0x768/0x1220 net/ipv4/ip_input.c:365 [] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [] NF_HOOK include/linux/netfilter.h:249 [inline] [] ip_rcv+0x8fa/0xe70 net/ipv4/ip_input.c:456 [] __netif_receive_skb_core+0x1300/0x2950 net/core/dev.c:4041 [] __netif_receive_skb+0x58/0x1c0 net/core/dev.c:4076 [] process_backlog+0x200/0x630 net/core/dev.c:4673 [] napi_poll net/core/dev.c:4911 [inline] [] net_rx_action+0x367/0xd30 net/core/dev.c:4976 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:956 [] do_softirq.part.0+0x54/0x60 kernel/softirq.c:317 [] do_softirq kernel/softirq.c:309 [inline] [] __local_bh_enable_ip+0xcc/0xe0 kernel/softirq.c:170 [] __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:178 [inline] [] _raw_spin_unlock_bh+0x31/0x40 kernel/locking/spinlock.c:207 [] spin_unlock_bh include/linux/spinlock.h:352 [inline] [] release_sock+0x3a8/0x500 net/core/sock.c:2488 [] sk_wait_data+0x138/0x3b0 net/core/sock.c:2065 [] tcp_recvmsg+0xfb6/0x2d10 net/ipv4/tcp.c:1777 [] inet_recvmsg+0x23e/0x4d0 net/ipv4/af_inet.c:786 [] sock_recvmsg_nosec net/socket.c:740 [inline] [] sock_recvmsg net/socket.c:748 [inline] [] sock_recvmsg+0x8f/0xc0 net/socket.c:743 [] ___sys_recvmsg+0x257/0x530 net/socket.c:2129 [] __sys_recvmsg+0xc5/0x160 net/socket.c:2175 [] C_SYSC_recvmsg net/compat.c:737 [inline] [] compat_SyS_recvmsg+0x2a/0x40 net/compat.c:735 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Code: 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 03 02 00 00 44 3b 73 28 79 a5 e8 3e 74 ef fe 4c 8d 7b 10 eb a3 e8 33 74 ef fe <0f> 0b e8 2c 74 ef fe 48 8b 8d e0 fe ff ff 4c 89 ee 48 8b 95 08 RIP [] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP ---[ end trace d4789cf5fd5835d7 ]---