[v5.15] BUG: please report to [email protected] => prev = NUM, last = NUM at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx
3 views
Skip to first unread message
syzbot
Mar 26, 2023, 10:00:52 AM3/26/23
Hello,
syzbot found the following issue on:
HEAD commit: 115472395b0a Linux 5.15.104
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10ed97b1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f5592cc4916e1c2f
dashboard link: https://syzkaller.appspot.com/bug?extid=aff8c850929b2aae6777
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6c2c0744c7e0/disk-11547239.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ea4c5ecca4f/vmlinux-11547239.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a231dbcf423/bzImage-11547239.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 20174 Comm: syz-executor.2 Not tainted 5.15.104-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x370/0x460 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x636/0xd50 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1b3/0x310 net/dccp/input.c:374
dccp_v4_do_rcv+0xcd/0x190 net/dccp/ipv4.c:669
sk_backlog_rcv include/net/sock.h:1057 [inline]
__sk_receive_skb+0x416/0x9c0 net/core/sock.c:528
ip_protocol_deliver_rcu+0x381/0x730 net/ipv4/ip_input.c:204
ip_local_deliver_finish+0x1db/0x320 net/ipv4/ip_input.c:231
NF_HOOK+0x364/0x410 include/linux/netfilter.h:307
NF_HOOK+0x364/0x410 include/linux/netfilter.h:307
__netif_receive_skb_one_core net/core/dev.c:5458 [inline]
__netif_receive_skb+0x1c6/0x530 net/core/dev.c:5572
process_backlog+0x363/0x7f0 net/core/dev.c:6449
__napi_poll+0xc7/0x440 net/core/dev.c:7008
napi_poll net/core/dev.c:7075 [inline]
net_rx_action+0x617/0xda0 net/core/dev.c:7162
__do_softirq+0x3b3/0x93a kernel/softirq.c:558
do_softirq+0x162/0x240 kernel/softirq.c:459
</IRQ>
<TASK>
__local_bh_enable_ip+0x1b1/0x1f0 kernel/softirq.c:383
rcu_read_unlock_bh include/linux/rcupdate.h:766 [inline]
ip_finish_output2+0xece/0x1270 net/ipv4/ip_output.c:229
dst_output include/net/dst.h:449 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0x1296/0x1ce0 net/ipv4/ip_output.c:532
dccp_transmit_skb+0xc29/0x1030 net/dccp/output.c:138
dccp_xmit_packet+0x2ef/0x530 net/dccp/output.c:281
dccp_write_xmit+0x131/0x220 net/dccp/output.c:366
dccp_sendmsg+0x69c/0xa30 net/dccp/proto.c:794
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2412
___sys_sendmsg+0x252/0x2e0 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2502
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fd54c6760f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd54abe8168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fd54c795f80 RCX: 00007fd54c6760f9
RDX: 000000000c004004 RSI: 0000000020004340 RDI: 0000000000000008
RBP: 00007fd54c6d1b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdfbfac41f R14: 00007fd54abe8300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 115472395b0a Linux 5.15.104
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10ed97b1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f5592cc4916e1c2f
dashboard link: https://syzkaller.appspot.com/bug?extid=aff8c850929b2aae6777
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6c2c0744c7e0/disk-11547239.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ea4c5ecca4f/vmlinux-11547239.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a231dbcf423/bzImage-11547239.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 20174 Comm: syz-executor.2 Not tainted 5.15.104-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x370/0x460 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x636/0xd50 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1b3/0x310 net/dccp/input.c:374
dccp_v4_do_rcv+0xcd/0x190 net/dccp/ipv4.c:669
sk_backlog_rcv include/net/sock.h:1057 [inline]
__sk_receive_skb+0x416/0x9c0 net/core/sock.c:528
ip_protocol_deliver_rcu+0x381/0x730 net/ipv4/ip_input.c:204
ip_local_deliver_finish+0x1db/0x320 net/ipv4/ip_input.c:231
NF_HOOK+0x364/0x410 include/linux/netfilter.h:307
NF_HOOK+0x364/0x410 include/linux/netfilter.h:307
__netif_receive_skb_one_core net/core/dev.c:5458 [inline]
__netif_receive_skb+0x1c6/0x530 net/core/dev.c:5572
process_backlog+0x363/0x7f0 net/core/dev.c:6449
__napi_poll+0xc7/0x440 net/core/dev.c:7008
napi_poll net/core/dev.c:7075 [inline]
net_rx_action+0x617/0xda0 net/core/dev.c:7162
__do_softirq+0x3b3/0x93a kernel/softirq.c:558
do_softirq+0x162/0x240 kernel/softirq.c:459
</IRQ>
<TASK>
__local_bh_enable_ip+0x1b1/0x1f0 kernel/softirq.c:383
rcu_read_unlock_bh include/linux/rcupdate.h:766 [inline]
ip_finish_output2+0xece/0x1270 net/ipv4/ip_output.c:229
dst_output include/net/dst.h:449 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0x1296/0x1ce0 net/ipv4/ip_output.c:532
dccp_transmit_skb+0xc29/0x1030 net/dccp/output.c:138
dccp_xmit_packet+0x2ef/0x530 net/dccp/output.c:281
dccp_write_xmit+0x131/0x220 net/dccp/output.c:366
dccp_sendmsg+0x69c/0xa30 net/dccp/proto.c:794
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2412
___sys_sendmsg+0x252/0x2e0 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2502
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fd54c6760f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd54abe8168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fd54c795f80 RCX: 00007fd54c6760f9
RDX: 000000000c004004 RSI: 0000000020004340 RDI: 0000000000000008
RBP: 00007fd54c6d1b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdfbfac41f R14: 00007fd54abe8300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 26, 2023, 10:03:38 AM3/26/23
Hello,
syzbot found the following issue on:
HEAD commit: e3a87a10f259 Linux 6.1.21
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13fb6bcec80000
kernel config: https://syzkaller.appspot.com/x/.config?x=390800ef8aeebc47
dashboard link: https://syzkaller.appspot.com/bug?extid=6b3815bf8825a0399316
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/f8524664c631/vmlinux-e3a87a10.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad699b30c2c4/Image-e3a87a10.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
tfrc_rx_hist_sample_rtt+0x34c/0x444 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x554/0xc98 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1ac/0x2d8 net/dccp/input.c:374
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_v4_do_rcv+0xe8/0x1d4 net/dccp/ipv4.c:674
sk_backlog_rcv include/net/sock.h:1109 [inline]
__sk_receive_skb+0x3f8/0x900 net/core/sock.c:565
dccp_v4_rcv+0xf2c/0x1564 net/dccp/ipv4.c:897
ip_protocol_deliver_rcu+0x340/0x764 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x23c/0x46c net/ipv4/ip_input.c:233
NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:454 [inline]
ip_rcv_finish+0x224/0x250 net/ipv4/ip_input.c:449
NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
ip_rcv+0x78/0x98 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core net/core/dev.c:5491 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5605
process_backlog+0x410/0x784 net/core/dev.c:5933
__napi_poll+0xb4/0x3f0 net/core/dev.c:6500
napi_poll net/core/dev.c:6567 [inline]
net_rx_action+0x5cc/0xd3c net/core/dev.c:6678
__do_softirq+0x30c/0xea0 kernel/softirq.c:571
____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889
do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
do_softirq+0x120/0x20c kernel/softirq.c:472
__local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:396
local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:33
rcu_read_unlock_bh include/linux/rcupdate.h:817 [inline]
ip_finish_output2+0xd40/0x11b4 net/ipv4/ip_output.c:229
__ip_finish_output+0x1b0/0x458
ip_finish_output+0x40/0x268 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip_output+0x330/0x49c net/ipv4/ip_output.c:430
dst_output include/net/dst.h:444 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0xe8c/0x1a00 net/ipv4/ip_output.c:532
ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
dccp_transmit_skb+0xbd4/0x11dc net/dccp/output.c:138
dccp_xmit_packet+0x234/0x448 net/dccp/output.c:281
dccp_write_xmit+0x128/0x208 net/dccp/output.c:366
dccp_sendmsg+0x570/0xa8c net/dccp/proto.c:782
inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:828
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
syzbot
Mar 26, 2023, 10:41:46 AM3/26/23
syzbot has found a reproducer for the following issue on:
HEAD commit: 115472395b0a Linux 5.15.104
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13aa8789c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=e597b110d58e7b4
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17ce3b89c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10fd4f75c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/76798ca1c9b6/disk-11547239.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b608633c8f5/vmlinux-11547239.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8836fafb618b/Image-11547239.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 0 PID: 4055 Comm: syz-executor137 Not tainted 5.15.104-syzkaller #0
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
tfrc_rx_hist_sample_rtt+0x31c/0x3f0 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x4e4/0xaf8 net/dccp/ccids/ccid3.c:760
dccp_v4_do_rcv+0xa8/0x188 net/dccp/ipv4.c:669
sk_backlog_rcv include/net/sock.h:1057 [inline]
__sk_receive_skb+0x3f0/0x960 net/core/sock.c:528
dccp_v4_rcv+0xec4/0x1458 net/dccp/ipv4.c:892
ip_protocol_deliver_rcu+0x36c/0x770 net/ipv4/ip_input.c:204
ip_local_deliver_finish+0x1b8/0x30c net/ipv4/ip_input.c:231
NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:307
ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:252
dst_input include/net/dst.h:459 [inline]
ip_rcv_finish+0x22c/0x264 net/ipv4/ip_input.c:447
NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:307
ip_rcv+0x78/0x98 net/ipv4/ip_input.c:566
__netif_receive_skb_one_core net/core/dev.c:5458 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5572
process_backlog+0x3ec/0x7e0 net/core/dev.c:6449
__napi_poll+0xb4/0x624 net/core/dev.c:7008
napi_poll net/core/dev.c:7075 [inline]
net_rx_action+0x500/0xc10 net/core/dev.c:7162
__do_softirq+0x344/0xe20 kernel/softirq.c:558
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
do_softirq+0x120/0x20c kernel/softirq.c:459
__local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:383
local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:32
rcu_read_unlock_bh include/linux/rcupdate.h:766 [inline]
ip_finish_output2+0xe8c/0x1330 net/ipv4/ip_output.c:229
__ip_finish_output+0x1b0/0x458
ip_finish_output+0x40/0x218 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_output+0x330/0x49c net/ipv4/ip_output.c:430
ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
dccp_transmit_skb+0xa98/0xe74 net/dccp/output.c:138
inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:823
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
HEAD commit: 115472395b0a Linux 5.15.104
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=e597b110d58e7b4
dashboard link: https://syzkaller.appspot.com/bug?extid=aff8c850929b2aae6777
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17ce3b89c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10fd4f75c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/76798ca1c9b6/disk-11547239.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b608633c8f5/vmlinux-11547239.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8836fafb618b/Image-11547239.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x31c/0x3f0 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x4e4/0xaf8 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1ac/0x2d8 net/dccp/input.c:374
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_v4_do_rcv+0xa8/0x188 net/dccp/ipv4.c:669
sk_backlog_rcv include/net/sock.h:1057 [inline]
__sk_receive_skb+0x3f0/0x960 net/core/sock.c:528
dccp_v4_rcv+0xec4/0x1458 net/dccp/ipv4.c:892
ip_protocol_deliver_rcu+0x36c/0x770 net/ipv4/ip_input.c:204
ip_local_deliver_finish+0x1b8/0x30c net/ipv4/ip_input.c:231
NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:307
ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:252
dst_input include/net/dst.h:459 [inline]
ip_rcv_finish+0x22c/0x264 net/ipv4/ip_input.c:447
NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:307
ip_rcv+0x78/0x98 net/ipv4/ip_input.c:566
__netif_receive_skb_one_core net/core/dev.c:5458 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5572
process_backlog+0x3ec/0x7e0 net/core/dev.c:6449
__napi_poll+0xb4/0x624 net/core/dev.c:7008
napi_poll net/core/dev.c:7075 [inline]
net_rx_action+0x500/0xc10 net/core/dev.c:7162
__do_softirq+0x344/0xe20 kernel/softirq.c:558
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
do_softirq+0x120/0x20c kernel/softirq.c:459
__local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:383
local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:32
rcu_read_unlock_bh include/linux/rcupdate.h:766 [inline]
ip_finish_output2+0xe8c/0x1330 net/ipv4/ip_output.c:229
__ip_finish_output+0x1b0/0x458
ip_finish_output+0x40/0x218 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_output+0x330/0x49c net/ipv4/ip_output.c:430
dst_output include/net/dst.h:449 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0xe70/0x1930 net/ipv4/ip_output.c:532
ip_local_out net/ipv4/ip_output.c:126 [inline]
ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
dccp_transmit_skb+0xa98/0xe74 net/dccp/output.c:138
dccp_xmit_packet+0x234/0x448 net/dccp/output.c:281
dccp_write_xmit+0x128/0x208 net/dccp/output.c:366
dccp_sendmsg+0x544/0x9ec net/dccp/proto.c:794
dccp_write_xmit+0x128/0x208 net/dccp/output.c:366
inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:823
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x584/0x870 net/socket.c:2412
sock_sendmsg net/socket.c:724 [inline]
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg net/socket.c:2502 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
syzbot
Mar 26, 2023, 10:44:49 AM3/26/23
syzbot has found a reproducer for the following issue on:
HEAD commit: e3a87a10f259 Linux 6.1.21
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1261e31ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13bc76dec80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9f5022ccd560/disk-e3a87a10.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f8524664c631/vmlinux-e3a87a10.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad699b30c2c4/Image-e3a87a10.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 0 PID: 4368 Comm: syz-executor384 Not tainted 6.1.21-syzkaller #0
HEAD commit: e3a87a10f259 Linux 6.1.21
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=390800ef8aeebc47
dashboard link: https://syzkaller.appspot.com/bug?extid=6b3815bf8825a0399316
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17aa8789c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=6b3815bf8825a0399316
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13bc76dec80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9f5022ccd560/disk-e3a87a10.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f8524664c631/vmlinux-e3a87a10.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad699b30c2c4/Image-e3a87a10.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
BUG: please report to [email protected] => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 0 PID: 4386 Comm: syz-executor384 Not tainted 6.1.21-syzkaller #0
Reply all
Reply to author
Forward
0 new messages