------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_input.c:4839! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 11097 Comm: syz-executor.2 Not tainted 4.4.174+ #17 task: ffff8800b27a2f80 task.stack: ffff880084c50000 RIP: 0010:[] [] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP: 0018:ffff8801db6073c0 EFLAGS: 00010206 RAX: ffff8800b27a2f80 RBX: 0000000000000d14 RCX: 00000000b22b6c6a RDX: 0000000000000100 RSI: ffffffff824121bd RDI: 0000000000000d14 RBP: ffff8801db607510 R08: 1ffff10017729e55 R09: ffffed0017729e5b R10: ffffed0017729e5a R11: ffff8800bb94f2d7 R12: ffff8800b4621cac R13: ffff8800b4621c80 R14: dffffc0000000000 R15: ffff8800bb94f280 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f5586b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000002f929000 CR3: 00000000ba3d8000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8800b317aa40 ffffed001662f548 ffff8800bb94f2ac ffff8801db607458 ffff8801db607568 ffff880000001100 0000000000000000 ffff8800b317a900 1ffff1003b6c0e85 0000000000000000 fffff35400000d14 ffff8800b317aa30 Call Trace: [] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline] [] tcp_try_rmem_schedule+0x6ba/0x1280 net/ipv4/tcp_input.c:4386 [] tcp_data_queue+0x62d/0x3a90 net/ipv4/tcp_input.c:4647 [] tcp_rcv_state_process+0x99a/0x42b0 net/ipv4/tcp_input.c:6123 [] tcp_v4_do_rcv+0x1a5/0x7a0 net/ipv4/tcp_ipv4.c:1421 [] tcp_v4_rcv+0x29bc/0x36b0 net/ipv4/tcp_ipv4.c:1680 [] ip_local_deliver_finish+0x3c0/0xa70 net/ipv4/ip_input.c:216 [] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [] NF_HOOK include/linux/netfilter.h:249 [inline] [] ip_local_deliver+0x1af/0x390 net/ipv4/ip_input.c:257 [] dst_input include/net/dst.h:504 [inline] [] ip_rcv_finish+0x768/0x1220 net/ipv4/ip_input.c:365 [] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [] NF_HOOK include/linux/netfilter.h:249 [inline] [] ip_rcv+0x8fa/0xe70 net/ipv4/ip_input.c:456 [] deliver_skb net/core/dev.c:1842 [inline] [] deliver_ptype_list_skb net/core/dev.c:1857 [inline] [] __netif_receive_skb_core+0x114a/0x2950 net/core/dev.c:4029 [] __netif_receive_skb+0x58/0x1c0 net/core/dev.c:4076 [] process_backlog+0x200/0x630 net/core/dev.c:4673 [] napi_poll net/core/dev.c:4911 [inline] [] net_rx_action+0x367/0xd30 net/core/dev.c:4976 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:956 [] do_softirq.part.0+0x54/0x60 kernel/softirq.c:317 [] do_softirq kernel/softirq.c:309 [inline] [] __local_bh_enable_ip+0xcc/0xe0 kernel/softirq.c:170 [] __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:178 [inline] [] _raw_spin_unlock_bh+0x31/0x40 kernel/locking/spinlock.c:207 [] spin_unlock_bh include/linux/spinlock.h:352 [inline] [] release_sock+0x3a8/0x500 net/core/sock.c:2488 [] tcp_recvmsg+0xc95/0x2d10 net/ipv4/tcp.c:1902 [] inet_recvmsg+0x23e/0x4d0 net/ipv4/af_inet.c:786 [] sock_recvmsg_nosec net/socket.c:740 [inline] [] sock_recvmsg net/socket.c:748 [inline] [] sock_recvmsg+0x8f/0xc0 net/socket.c:743 [] ___sys_recvmsg+0x257/0x530 net/socket.c:2129 [] __sys_recvmsg+0xc5/0x160 net/socket.c:2175 [] C_SYSC_recvmsg net/compat.c:737 [inline] [] compat_SyS_recvmsg+0x2a/0x40 net/compat.c:735 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Code: 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 03 02 00 00 44 3b 73 28 79 a5 e8 3e 74 ef fe 4c 8d 7b 10 eb a3 e8 33 74 ef fe <0f> 0b e8 2c 74 ef fe 48 8b 8d e0 fe ff ff 4c 89 ee 48 8b 95 08 RIP [] tcp_collapse+0x9bd/0xda0 net/ipv4/tcp_input.c:4839 RSP ---[ end trace d71723c00d66a430 ]---