syzbot

 sign-in | mailing list | source | docs
🐞 Open [982] ≑ Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] ⬇ Missing Backports [83] πŸ“ˆ Kernel Health πŸ“ˆ Bug Lifetimes πŸ“ˆ Fuzzing πŸ“ˆ Crashes πŸ’¬ Send us feedback

BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:LINE/ccid3_hc_rx_send_feedback()

Status: fixed on 2018/07/09 18:05
Subsystems: dccp
[Documentation on labels]
Fix commit: 74174fe5634f net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
First crash: 2133d, last: 2133d

Sample crash report:
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:628/ccid3_hc_rx_send_feedback()
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.18.0-rc1+ #112
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 ccid3_hc_rx_send_feedback net/dccp/ccids/ccid3.c:628 [inline]
 ccid3_hc_rx_packet_recv.cold.16+0x38/0x71 net/dccp/ccids/ccid3.c:793
 ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline]
 dccp_deliver_input_to_ccids+0xf0/0x280 net/dccp/input.c:180
 dccp_rcv_established+0x87/0xb0 net/dccp/input.c:378
 dccp_v4_do_rcv+0x153/0x180 net/dccp/ipv4.c:654
 sk_backlog_rcv include/net/sock.h:914 [inline]
 __sk_receive_skb+0x3ba/0xd80 net/core/sock.c:517
 dccp_v4_rcv+0x10f9/0x1f58 net/dccp/ipv4.c:875
 ip_local_deliver_finish+0x2eb/0xda0 net/ipv4/ip_input.c:215
 NF_HOOK include/linux/netfilter.h:287 [inline]
 ip_local_deliver+0x1e9/0x750 net/ipv4/ip_input.c:256
 dst_input include/net/dst.h:450 [inline]
 ip_rcv_finish+0x823/0x2220 net/ipv4/ip_input.c:396
 NF_HOOK include/linux/netfilter.h:287 [inline]
 ip_rcv+0xa18/0x1284 net/ipv4/ip_input.c:492
 __netif_receive_skb_core+0x2488/0x3680 net/core/dev.c:4628
 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:4693
 process_backlog+0x219/0x760 net/core/dev.c:5373
 napi_poll net/core/dev.c:5771 [inline]
 net_rx_action+0x7da/0x1980 net/core/dev.c:5837
 __do_softirq+0x2e8/0xb17 kernel/softirq.c:284
 run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
 smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
 kthread+0x345/0x410 kernel/kthread.c:240
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
dccp_close: ABORT with 22 bytes unread
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): Directory bread(block 2563) failed
FAT-fs (loop0): Directory bread(block 2564) failed
FAT-fs (loop0): Directory bread(block 2565) failed
FAT-fs (loop0): Directory bread(block 2566) failed
FAT-fs (loop0): Directory bread(block 2567) failed
FAT-fs (loop0): Directory bread(block 2568) failed
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): Directory bread(block 2569) failed
FAT-fs (loop0): Directory bread(block 2570) failed
FAT-fs (loop0): Directory bread(block 2571) failed
FAT-fs (loop0): Directory bread(block 2572) failed
IPVS: ftp: loaded support on port[0] = 21
EXT4-fs (loop4): Unrecognized mount option "jour„qpath=./" or missing value
hfs: can't find a HFS filesystem on dev loop0
hfs: can't find a HFS filesystem on dev loop0
FAT-fs (loop6): invalid media value (0x00)
FAT-fs (loop6): Can't find a valid FAT filesystem
FAT-fs (loop6): invalid media value (0x00)
FAT-fs (loop6): Can't find a valid FAT filesystem
rpcbind: RPC call returned error 22
netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 3 has an invalid length.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 3 has an invalid length.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
XFS (loop6): unknown mount option [φ”χnign].
kvm: pic: single mode not supported
kvm: pic: level sensitive irq not supported
kvm: pic: single mode not supported
XFS (loop3): Invalid superblock magic number
netlink: 'syz-executor4': attribute type 1 has an invalid length.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
IPVS: ftp: loaded support on port[0] = 21
IPVS: You probably need to specify IP address on multicast interface.
IPVS: Error connecting to the multicast addr
IPVS: sync thread started: state = MASTER, mcast_ifn = lo, syncid = 0, id = 0
IPVS: ftp: loaded support on port[0] = 21
syz-executor4 (19624): /proc/19624/oom_adj is deprecated, please use /proc/19624/oom_score_adj instead.
kernel msg: ebtables bug: please report to author: Entries_size never zero
FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 1041)
FAT-fs (loop3): Filesystem has been set read-only
FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 1041)
Subscription rejected, illegal request

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/22 09:52 upstream 27db64f65f1b 095ef806 .config console log report ci-upstream-kasan-gce-root
* Struck through repros no longer work on HEAD.