syzbot

 sign-in | mailing list | source | docs
🐞 Open [1588]
Subsystems
🐞 Fixed [6318]
🐞 Invalid [16085]
Missing Backports [191]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li() (3)

Status: auto-obsoleted due to no activity on 2025/06/20 18:12
Subsystems: dccp
[Documentation on labels]
Reported-by: syzbot+2ad8ef335371014d4dc7@syzkaller.appspotmail.com
First crash: 1007d, last: 157d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: failed (error log, bisect log)
  
Discussions (15)
Title Replies (including bot) Last reply
[syzbot] Monthly dccp report (Jan 2025) 0 (1) 2025/01/16 10:11
[syzbot] Monthly dccp report (Sep 2024) 0 (1) 2024/09/15 14:39
[syzbot] Monthly dccp report (Aug 2024) 0 (1) 2024/08/15 10:40
[syzbot] Monthly dccp report (Jul 2024) 0 (1) 2024/07/15 11:52
[syzbot] Monthly dccp report (May 2024) 0 (1) 2024/05/14 20:49
[syzbot] Monthly dccp report (Mar 2024) 0 (1) 2024/03/06 09:53
[syzbot] Monthly dccp report (Jan 2024) 0 (1) 2024/01/16 07:56
[syzbot] Monthly dccp report (Dec 2023) 0 (1) 2023/12/08 13:16
[syzbot] Monthly dccp report (Nov 2023) 0 (1) 2023/11/07 04:52
[syzbot] Monthly dccp report (Sep 2023) 0 (1) 2023/09/29 09:08
[syzbot] Monthly dccp report (Aug 2023) 0 (1) 2023/08/29 07:13
[syzbot] Monthly dccp report (Jul 2023) 0 (1) 2023/07/22 14:10
[syzbot] Monthly dccp report (May 2023) 0 (1) 2023/05/13 09:53
[syzbot] Monthly dccp report 0 (1) 2023/04/12 08:35
[syzbot] BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li() (3) 0 (1) 2022/09/22 23:07
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li() 1 1525d 1525d 0/1 auto-closed as invalid on 2021/08/17 18:35
upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li() (2) dccp 2 1159d 1192d 0/29 auto-closed as invalid on 2022/07/19 17:37
upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li() dccp 1 1407d 1403d 0/29 auto-closed as invalid on 2021/11/13 12:08
Last patch testing requests (10)
Created Duration User Patch Repo Result
2025/06/20 17:39 31m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2025/06/05 02:37 19m retest repro upstream OK log
2025/05/14 02:48 49m retest repro upstream OK log
2025/04/11 16:30 18m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2025/03/27 01:40 41m retest repro upstream report log
2025/03/04 11:14 24m retest repro upstream report log
2025/01/31 11:05 19m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2025/01/16 01:12 11m retest repro upstream report log
2024/12/24 10:19 16m retest repro upstream report log
2024/11/09 15:55 23m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
Fix bisection attempts (11)
Created Duration User Patch Repo Result
2024/10/15 08:26 0m bisect fix upstream error job log
2024/09/15 05:49 2h34m bisect fix upstream OK (0) job log log
2024/08/14 22:45 1h36m bisect fix upstream OK (0) job log log
2024/07/14 18:12 2h03m bisect fix upstream OK (0) job log log
2024/03/05 14:02 2h51m bisect fix upstream OK (0) job log log
2023/10/29 12:56 1h47m bisect fix upstream OK (0) job log log
2023/04/30 19:27 24m bisect fix upstream OK (0) job log log
2023/03/31 08:02 56m bisect fix upstream OK (0) job log log
2023/02/28 13:37 24m bisect fix upstream OK (0) job log log
2023/01/28 17:28 24m bisect fix upstream OK (0) job log log
2022/11/23 05:07 25m bisect fix upstream OK (0) job log log

Sample crash report:
net_ratelimit: 5 callbacks suppressed
ccid3_first_li: No RTT estimate available, using fallback RTT
ccid3_first_li: X_recv==0
BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:691/ccid3_first_li()
CPU: 1 PID: 12461 Comm: syz-executor.1 Not tainted 6.7.0-syzkaller-04629-g3e7aeb78ab01 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 ccid3_first_li+0x34a/0x410 net/dccp/ccids/ccid3.c:691
 tfrc_lh_interval_add+0x598/0x7c0 net/dccp/ccids/lib/loss_interval.c:157
 tfrc_rx_handle_loss+0x759/0x1870 net/dccp/ccids/lib/packet_history.c:328
 ccid3_hc_rx_packet_recv+0x347/0xe60 net/dccp/ccids/ccid3.c:744
 ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
 dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
 dccp_rcv_established+0x1b7/0x310 net/dccp/input.c:374
 dccp_v4_do_rcv+0xff/0x1f0 net/dccp/ipv4.c:675
 sk_backlog_rcv include/net/sock.h:1092 [inline]
 __sk_receive_skb+0x41e/0x9d0 net/core/sock.c:567
 ip_protocol_deliver_rcu+0x208/0x3f0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x2b6/0x500 net/ipv4/ip_input.c:233
 NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
 NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5534 [inline]
 __netif_receive_skb+0x1ca/0x530 net/core/dev.c:5648
 process_backlog+0x385/0x760 net/core/dev.c:5976
 __napi_poll+0xc7/0x480 net/core/dev.c:6576
 napi_poll net/core/dev.c:6645 [inline]
 net_rx_action+0x78b/0x1010 net/core/dev.c:6778
 __do_softirq+0x2b8/0x939 kernel/softirq.c:553
 do_softirq+0x11b/0x1e0 kernel/softirq.c:454
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1b7/0x1f0 kernel/softirq.c:381
 dccp_sendmsg+0x4de/0xb70 net/dccp/proto.c:803
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x592/0x890 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
 __do_sys_sendmmsg net/socket.c:2753 [inline]
 __se_sys_sendmmsg net/socket.c:2750 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f60a4c7cd29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f60a5a120c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f60a4dabf80 RCX: 00007f60a4c7cd29
RDX: 0000000000000002 RSI: 0000000020005180 RDI: 0000000000000004
RBP: 00007f60a4cc947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f60a4dabf80 R15: 00007ffc16a36b88
 </TASK>
vkms_vblank_simulate: vblank timer overrun
vkms_vblank_simulate: vblank timer overrun

Crashes (17):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/12 01:05 upstream 3e7aeb78ab01 00f3cc59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/12/08 09:09 upstream 9ace34a8e446 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2022/11/23 05:07 upstream eb7081409f94 9da37ae8 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/09/25 18:17 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2024/01/11 07:22 upstream acc657692aed 00f3cc59 .config console log report syz C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/12/30 19:00 upstream f016f7547aee fb427a07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/08/23 22:23 upstream a5e505a99ca7 4d7ae7ab .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/08/23 16:37 upstream 89bf6209cad6 4d7ae7ab .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/07/24 07:27 upstream 6eaae1980760 68162649 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/07/18 18:08 upstream 74f1456c4a5f 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/06/06 08:02 upstream f8dba31b0a82 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2022/09/18 23:05 upstream 38eddeedbbea dd9a85ff .config console log report info ci-upstream-kasan-gce-root BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/05/20 19:12 upstream d635f6cc934b 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/07/08 16:19 net-next 6843306689af 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2022/09/20 17:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5aa266bb455b 7c41a9ba .config console log report syz C ci-upstream-gce-arm64 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2023/07/16 02:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
2022/09/20 14:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5aa266bb455b 7c41a9ba .config console log report info ci-upstream-gce-arm64 BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:LINE/ccid3_first_li()
* Struck through repros no longer work on HEAD.