syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx

Status: upstream: reported C repro on 2022/07/10 15:34
Reported-by: syzbot+5b3ccb6d408508dbb4af@syzkaller.appspotmail.com
First crash: 648d, last: 583d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx dccp C unreliable 182 8d17h 965d 0/26 closed as dup on 2021/08/30 08:50
linux-6.1 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx origin:upstream C 21 17d 389d 0/3 upstream: reported C repro on 2023/03/26 07:03
linux-4.14 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx syz error 3 537d 645d 0/1 upstream: reported syz repro on 2022/07/13 03:43
linux-5.15 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx origin:upstream C error 56 24d 389d 0/3 upstream: reported C repro on 2023/03/26 07:00

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:422/tfrc_rx_hist_sample_rtt()
CPU: 0 PID: 8311 Comm: syz-executor960 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 tfrc_rx_hist_sample_rtt.cold+0x57/0x5c net/dccp/ccids/lib/packet_history.c:422
 ccid3_hc_rx_packet_recv+0x5be/0xe90 net/dccp/ccids/ccid3.c:767
 ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline]
 dccp_deliver_input_to_ccids+0xe1/0x260 net/dccp/input.c:180
 dccp_rcv_established net/dccp/input.c:378 [inline]
 dccp_rcv_established+0x107/0x160 net/dccp/input.c:368
 dccp_v4_do_rcv+0x136/0x1a0 net/dccp/ipv4.c:656
 sk_backlog_rcv include/net/sock.h:952 [inline]
 __release_sock+0x134/0x3a0 net/core/sock.c:2362
 release_sock+0x54/0x1b0 net/core/sock.c:2901
 dccp_sendmsg+0x639/0xc90 net/dccp/proto.c:818
 inet_sendmsg+0x132/0x5a0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f992a0cd419
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f992a07b308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f992a1564e8 RCX: 00007f992a0cd419
RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000007
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f992a1564e0

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/07/28 22:38 linux-4.19.y 3f8a27f9e27b fb95c74d .config console log report syz C ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/08/19 15:03 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report syz ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/07/10 16:09 linux-4.19.y 3f8a27f9e27b b5765a15 .config console log report syz ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/09/13 10:57 linux-4.19.y 3f8a27f9e27b a08652b0 .config console log report info ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/09/12 03:06 linux-4.19.y 3f8a27f9e27b 356d8217 .config console log report info ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/07/28 21:51 linux-4.19.y 3f8a27f9e27b fb95c74d .config console log report info ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
2022/07/10 15:34 linux-4.19.y 3f8a27f9e27b b5765a15 .config console log report info ci2-linux-4-19 BUG: please report to dccp@vger.kernel.org => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
* Struck through repros no longer work on HEAD.