syzbot

 sign-in | mailing list | source | docs
🐞 Open [760]
🐞 Fixed [47]
🐞 Invalid [426]
Missing Backports [59]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

WARNING in __mptcp_move_skbs_from_subflow (2)

Status: upstream: reported on 2024/07/29 14:54
Reported-by: syzbot+81e100c8db9c0ea5a016@syzkaller.appspotmail.com
First crash: 49d, last: 49d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING in __mptcp_move_skbs_from_subflow 1 251d 251d 0/3 auto-obsoleted due to no activity on 2024/04/18 16:30
linux-5.15 WARNING in __mptcp_move_skbs_from_subflow 1 241d 241d 0/3 auto-obsoleted due to no activity on 2024/04/28 15:28
linux-6.1 WARNING in __mptcp_move_skbs_from_subflow (2) 1 34d 34d 0/3 upstream: reported on 2024/08/13 06:19
upstream WARNING in __mptcp_move_skbs_from_subflow mptcp 19 3d04h 63d 0/28 upstream: reported on 2024/07/15 14:28

Sample crash report:
TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5431 at net/mptcp/protocol.c:627 __mptcp_move_skbs_from_subflow+0x2b88/0x2c78 net/mptcp/protocol.c:627
Modules linked in:
CPU: 1 PID: 5431 Comm: syz.2.384 Not tainted 5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mptcp_move_skbs_from_subflow+0x2b88/0x2c78 net/mptcp/protocol.c:627
lr : __mptcp_move_skbs_from_subflow+0x2b88/0x2c78 net/mptcp/protocol.c:627
sp : ffff80001dc45ca0
x29: ffff80001dc45e20 x28: 0000000000020000 x27: ffff0000c7fdb850
x26: 00000000000081e5 x25: dfff800000000000 x24: 0000000000000000
x23: 0000000000000000 x22: ffff0000c7fdb208 x21: ffff0000d08ee84c
x20: ffff0000e2d9a0e8 x19: 0000000000007d00 x18: 0000000000000102
x17: 0000000000000000 x16: ffff8000084c36cc x15: 0000000000000004
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000303 x10: 0000000000000000 x9 : ffff0000c237b680
x8 : ffff800011a5e2fc x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800011a5c668
x2 : 0000000000000001 x1 : 00000000000081e5 x0 : 0000000000007d00
Call trace:
 __mptcp_move_skbs_from_subflow+0x2b88/0x2c78 net/mptcp/protocol.c:627
 move_skbs_to_msk net/mptcp/protocol.c:739 [inline]
 mptcp_data_ready+0x278/0x658 net/mptcp/protocol.c:784
 subflow_data_ready+0x198/0x280 net/mptcp/subflow.c:1318
 tcp_data_ready+0x22c/0x454 net/ipv4/tcp_input.c:5044
 tcp_data_queue+0x1c14/0x5288 net/ipv4/tcp_input.c:5114
 tcp_rcv_established+0xa58/0x1f40 net/ipv4/tcp_input.c:6013
 tcp_v4_do_rcv+0x340/0xc70 net/ipv4/tcp_ipv4.c:1733
 tcp_v4_rcv+0x1fd8/0x2770 net/ipv4/tcp_ipv4.c:2145
 ip_protocol_deliver_rcu+0x36c/0x770 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0x1b8/0x30c net/ipv4/ip_input.c:231
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:453 [inline]
 ip_rcv_finish+0x22c/0x264 net/ipv4/ip_input.c:447
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:566
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5599
 process_backlog+0x3ec/0x7e0 net/core/dev.c:6476
 __napi_poll+0xb4/0x624 net/core/dev.c:7035
 napi_poll net/core/dev.c:7102 [inline]
 net_rx_action+0x500/0xc10 net/core/dev.c:7192
 handle_softirqs+0x384/0xdbc kernel/softirq.c:558
 __do_softirq kernel/softirq.c:592 [inline]
 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
 do_softirq+0xfc/0x1b0 kernel/softirq.c:459
 __local_bh_enable_ip+0x298/0x470 kernel/softirq.c:383
 local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:32
 rcu_read_unlock_bh include/linux/rcupdate.h:809 [inline]
 ip_finish_output2+0xe78/0x131c net/ipv4/ip_output.c:229
 __ip_finish_output+0x1b0/0x458
 ip_finish_output+0x40/0x218 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip_output+0x330/0x49c net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:443 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0xe70/0x1930 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
 __tcp_transmit_skb+0x1944/0x31e8 net/ipv4/tcp_output.c:1402
 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
 tcp_mtu_probe net/ipv4/tcp_output.c:2454 [inline]
 tcp_write_xmit+0x46f8/0x4dc0 net/ipv4/tcp_output.c:2630
 __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2890
 tcp_push+0x420/0x650 net/ipv4/tcp.c:737
 mptcp_push_release net/mptcp/protocol.c:1557 [inline]
 __mptcp_push_pending+0x5ec/0x85c net/mptcp/protocol.c:1625
 mptcp_sendmsg+0x1544/0x1a1c net/mptcp/protocol.c:1828
 inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:836
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 __sys_sendto+0x388/0x4d0 net/socket.c:2058
 __do_sys_sendto net/socket.c:2070 [inline]
 __se_sys_sendto net/socket.c:2066 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2066
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 6195
hardirqs last  enabled at (6194): [<ffff8000088d6480>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (6195): [<ffff800011ab40b4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (6164): [<ffff80001066f870>] local_bh_enable+0x10/0x1d0 include/linux/bottom_half.h:31
softirqs last disabled at (6165): [<ffff8000081b5938>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (6165): [<ffff8000081b5938>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (6165): [<ffff8000081b5938>] do_softirq+0xfc/0x1b0 kernel/softirq.c:459
---[ end trace 4ed0d9532232138f ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20 at net/mptcp/protocol.c:630 __mptcp_move_skbs_from_subflow+0x1ea0/0x2c78 net/mptcp/protocol.c:630
Modules linked in:
CPU: 1 PID: 20 Comm: ksoftirqd/1 Tainted: G        W         5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mptcp_move_skbs_from_subflow+0x1ea0/0x2c78 net/mptcp/protocol.c:630
lr : __mptcp_move_skbs_from_subflow+0x1ea0/0x2c78 net/mptcp/protocol.c:630
sp : ffff800018bd6bc0
x29: ffff800018bd6d40 x28: 1fffe0001b58d022 x27: 00000000ffff7e1b
x26: 0000000000009d3d x25: dfff800000000000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000007d00 x21: 0000000003506aef
x20: ffff0000dac680e8 x19: ffff0000d08ee1c0 x18: 0000000000000101
x17: 0000000000000000 x16: ffff8000084c36cc x15: 0000000000000001
x14: 1ffff0000295806a x13: dfff800000000000 x12: ffff70000317ad98
x11: 0000000000000302 x10: 0000000000000000 x9 : ffff0000c0a80000
x8 : ffff800011a5d614 x7 : ffff800011a50a9c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000083049b8
x2 : ffff800018bd6dc0 x1 : 00000000ffff7e1b x0 : 0000000000001b58
Call trace:
 __mptcp_move_skbs_from_subflow+0x1ea0/0x2c78 net/mptcp/protocol.c:630
 move_skbs_to_msk net/mptcp/protocol.c:739 [inline]
 mptcp_data_ready+0x278/0x658 net/mptcp/protocol.c:784
 subflow_data_ready+0x198/0x280 net/mptcp/subflow.c:1318
 tcp_data_ready+0x22c/0x454 net/ipv4/tcp_input.c:5044
 tcp_data_queue+0x1c14/0x5288 net/ipv4/tcp_input.c:5114
 tcp_rcv_established+0xa58/0x1f40 net/ipv4/tcp_input.c:6013
 tcp_v4_do_rcv+0x340/0xc70 net/ipv4/tcp_ipv4.c:1733
 tcp_v4_rcv+0x1fd8/0x2770 net/ipv4/tcp_ipv4.c:2145
 ip_protocol_deliver_rcu+0x36c/0x770 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0x1b8/0x30c net/ipv4/ip_input.c:231
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:453 [inline]
 ip_rcv_finish+0x22c/0x264 net/ipv4/ip_input.c:447
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:566
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5599
 process_backlog+0x3ec/0x7e0 net/core/dev.c:6476
 __napi_poll+0xb4/0x624 net/core/dev.c:7035
 napi_poll net/core/dev.c:7102 [inline]
 net_rx_action+0x500/0xc10 net/core/dev.c:7192
 handle_softirqs+0x384/0xdbc kernel/softirq.c:558
 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 540325
hardirqs last  enabled at (540324): [<ffff8000081b55fc>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:388
hardirqs last disabled at (540325): [<ffff800011ab40b4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (540210): [<ffff8000081b6574>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (540210): [<ffff8000081b6574>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (540219): [<ffff8000081b90a4>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
---[ end trace 4ed0d95322321390 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20 at net/mptcp/subflow.c:843 skb_is_fully_mapped net/mptcp/subflow.c:843 [inline]
WARNING: CPU: 1 PID: 20 at net/mptcp/subflow.c:843 get_mapping_status net/mptcp/subflow.c:1054 [inline]
WARNING: CPU: 1 PID: 20 at net/mptcp/subflow.c:843 subflow_check_data_avail net/mptcp/subflow.c:1156 [inline]
WARNING: CPU: 1 PID: 20 at net/mptcp/subflow.c:843 mptcp_subflow_data_available+0x1af8/0x34b0 net/mptcp/subflow.c:1254
Modules linked in:
CPU: 1 PID: 20 Comm: ksoftirqd/1 Tainted: G        W         5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_is_fully_mapped net/mptcp/subflow.c:843 [inline]
pc : get_mapping_status net/mptcp/subflow.c:1054 [inline]
pc : subflow_check_data_avail net/mptcp/subflow.c:1156 [inline]
pc : mptcp_subflow_data_available+0x1af8/0x34b0 net/mptcp/subflow.c:1254
lr : skb_is_fully_mapped net/mptcp/subflow.c:843 [inline]
lr : get_mapping_status net/mptcp/subflow.c:1054 [inline]
lr : subflow_check_data_avail net/mptcp/subflow.c:1156 [inline]
lr : mptcp_subflow_data_available+0x1af8/0x34b0 net/mptcp/subflow.c:1254
sp : ffff800018bd6ca0
x29: ffff800018bd6e00 x28: ffff0000c206a454 x27: ffff0000c206a400
x26: ffff0000d08ee1b0 x25: 000000000000ad80 x24: ffff0000e2d9a368
x23: 00000000ffff62c3 x22: 0000000000000000 x21: 1fffe0001840d48a
x20: dfff800000000000 x19: 0000000003506aef x18: 0000000000000101
x17: 0000000000000000 x16: ffff8000084c36cc x15: 0000000000000001
x14: 000000000822dcec x13: 0000000000000043 x12: 0000000000000001
x11: 0000000000000101 x10: 0000000000000000 x9 : ffff0000c0a80000
x8 : ffff800011a6e050 x7 : 0000000000000000 x6 : 0200000000000003
x5 : ffff0000e5f46a30 x4 : 0000000000000000 x3 : ffff800011a79178
x2 : 0000000000000000 x1 : 00000000ffff62c3 x0 : 0000000000001043
Call trace:
 skb_is_fully_mapped net/mptcp/subflow.c:843 [inline]
 get_mapping_status net/mptcp/subflow.c:1054 [inline]
 subflow_check_data_avail net/mptcp/subflow.c:1156 [inline]
 mptcp_subflow_data_available+0x1af8/0x34b0 net/mptcp/subflow.c:1254
 subflow_data_ready+0x184/0x280 net/mptcp/subflow.c:1317
 tcp_data_ready+0x22c/0x454 net/ipv4/tcp_input.c:5044
 tcp_data_queue+0x1c14/0x5288 net/ipv4/tcp_input.c:5114
 tcp_rcv_established+0xa58/0x1f40 net/ipv4/tcp_input.c:6013
 tcp_v4_do_rcv+0x340/0xc70 net/ipv4/tcp_ipv4.c:1733
 tcp_v4_rcv+0x1fd8/0x2770 net/ipv4/tcp_ipv4.c:2145
 ip_protocol_deliver_rcu+0x36c/0x770 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0x1b8/0x30c net/ipv4/ip_input.c:231
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:453 [inline]
 ip_rcv_finish+0x22c/0x264 net/ipv4/ip_input.c:447
 NF_HOOK+0x324/0x3d0 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:566
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5599
 process_backlog+0x3ec/0x7e0 net/core/dev.c:6476
 __napi_poll+0xb4/0x624 net/core/dev.c:7035
 napi_poll net/core/dev.c:7102 [inline]
 net_rx_action+0x500/0xc10 net/core/dev.c:7192
 handle_softirqs+0x384/0xdbc kernel/softirq.c:558
 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 540355
hardirqs last  enabled at (540354): [<ffff8000081b55fc>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:388
hardirqs last disabled at (540355): [<ffff800011ab40b4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (540210): [<ffff8000081b6574>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (540210): [<ffff8000081b6574>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (540219): [<ffff8000081b90a4>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
---[ end trace 4ed0d95322321391 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/29 14:53 linux-5.15.y 7e89efd3ae1c 5187fc86 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 WARNING in __mptcp_move_skbs_from_subflow
* Struck through repros no longer work on HEAD.