syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in tcp_cwnd_reduction (2)

Status: auto-obsoleted due to no activity on 2023/04/10 16:10
Reported-by: syzbot+6fa783f4027127790ec8@syzkaller.appspotmail.com
First crash: 500d, last: 500d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in tcp_cwnd_reduction net 42 643d 1187d 0/26 auto-obsoleted due to no activity on 2022/10/19 12:52
linux-4.19 WARNING in tcp_cwnd_reduction 1 924d 924d 0/1 auto-closed as invalid on 2022/02/11 09:00
upstream WARNING in tcp_cwnd_reduction (2) net 1 198d 198d 0/26 auto-obsoleted due to no activity on 2024/01/15 20:02

Sample crash report:
WARNING: CPU: 0 PID: 9 at net/ipv4/tcp_input.c:2474 tcp_cwnd_reduction+0x30e/0x370 net/ipv4/tcp_input.c:2474
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 panic+0x26a/0x50e kernel/panic.c:186
 __warn.cold+0x20/0x5a kernel/panic.c:541
 report_bug+0x262/0x2b0 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:tcp_cwnd_reduction+0x30e/0x370 net/ipv4/tcp_input.c:2474
Code: 29 eb e9 6f ff ff ff e8 90 38 88 fa 8b 44 24 14 44 29 e8 39 e8 0f 4d e8 83 c5 01 39 dd 0f 4e dd e9 51 ff ff ff e8 72 38 88 fa <0f> 0b eb a1 e8 c9 14 be fa e9 47 fd ff ff e8 bf 14 be fa e9 ea fe
RSP: 0018:ffff8880b5a5f3d0 EFLAGS: 00010206
RAX: ffff8880b5a4c240 RBX: ffffffff8b287200 RCX: ffffffff86da4a64
RDX: 0000000000000100 RSI: ffffffff86da4cfe RDI: 0000000000000005
RBP: 0000000000000006 R08: ffff8880b5a5f5d0 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000005526 R14: ffff8880b315e280 R15: ffff8880b315e280
 tcp_cong_control net/ipv4/tcp_input.c:3326 [inline]
 tcp_ack+0x3e8a/0x51d0 net/ipv4/tcp_input.c:3719
 tcp_rcv_established+0x66b/0x1ef0 net/ipv4/tcp_input.c:5670
 tcp_v6_do_rcv+0xe1e/0x1370 net/ipv6/tcp_ipv6.c:1348
 tcp_v6_rcv+0x26b8/0x3990 net/ipv6/tcp_ipv6.c:1577
 ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
 dst_input include/net/dst.h:461 [inline]
 ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
 process_backlog+0x241/0x700 net/core/dev.c:5849
 napi_poll net/core/dev.c:6280 [inline]
 net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 run_ksoftirqd+0x57/0x110 kernel/softirq.c:653
 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:164
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Kernel Offset: disabled

================================
WARNING: inconsistent lock state
4.19.211-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-R} usage.
ksoftirqd/0/9 [HC0[0]:SC1[1]:HE0:SE0] takes:
00000000702bdba8 ((fb_notifier_list).rwsem){+++?}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline]
00000000702bdba8 ((fb_notifier_list).rwsem){+++?}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline]
00000000702bdba8 ((fb_notifier_list).rwsem){+++?}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline]
00000000702bdba8 ((fb_notifier_list).rwsem){+++?}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325
{SOFTIRQ-ON-W} state was registered at:
  down_write+0x34/0x90 kernel/locking/rwsem.c:70
  blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226
  fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432
  fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932
  do_one_initcall+0xf1/0x740 init/main.c:884
  do_initcall_level init/main.c:952 [inline]
  do_initcalls init/main.c:960 [inline]
  do_basic_setup init/main.c:978 [inline]
  kernel_init_freeable+0x9c5/0xab7 init/main.c:1145
  kernel_init+0xd/0x1ba init/main.c:1062
  ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
irq event stamp: 10512835
hardirqs last  enabled at (10512834): [<ffffffff881950e9>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (10512834): [<ffffffff881950e9>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:184
hardirqs last disabled at (10512835): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (10512236): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (10512241): [<ffffffff81392417>] run_ksoftirqd+0x57/0x110 kernel/softirq.c:653

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock((fb_notifier_list).rwsem);
  <Interrupt>
    lock((fb_notifier_list).rwsem);

 *** DEADLOCK ***

3 locks held by ksoftirqd/0/9:
 #0: 00000000677ea4f7 (rcu_read_lock){....}, at: __write_once_size include/linux/compiler.h:290 [inline]
 #0: 00000000677ea4f7 (rcu_read_lock){....}, at: __skb_unlink include/linux/skbuff.h:1920 [inline]
 #0: 00000000677ea4f7 (rcu_read_lock){....}, at: __skb_dequeue include/linux/skbuff.h:1936 [inline]
 #0: 00000000677ea4f7 (rcu_read_lock){....}, at: process_backlog+0x1d0/0x700 net/core/dev.c:5847
 #1: 00000000677ea4f7 (rcu_read_lock){....}, at: ip6_input_finish+0x0/0x17a0 include/linux/skbuff.h:898
 #2: 00000000157a3872 (slock-AF_INET6/1){+.-.}, at: tcp_v6_rcv+0x246b/0x3990 net/ipv6/tcp_ipv6.c:1573

stack backtrace:
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2545
 valid_state kernel/locking/lockdep.c:2558 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2752 [inline]
 mark_lock+0xc70/0x1160 kernel/locking/lockdep.c:3132
 mark_irqflags kernel/locking/lockdep.c:3002 [inline]
 __lock_acquire+0x10ed/0x3ff0 kernel/locking/lockdep.c:3373
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 __blocking_notifier_call_chain kernel/notifier.c:316 [inline]
 __blocking_notifier_call_chain kernel/notifier.c:304 [inline]
 blocking_notifier_call_chain kernel/notifier.c:328 [inline]
 blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325
 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074
 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221
 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294
 panic+0x313/0x50e kernel/panic.c:239
 __warn.cold+0x20/0x5a kernel/panic.c:541
 report_bug+0x262/0x2b0 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:tcp_cwnd_reduction+0x30e/0x370 net/ipv4/tcp_input.c:2474
Code: 29 eb e9 6f ff ff ff e8 90 38 88 fa 8b 44 24 14 44 29 e8 39 e8 0f 4d e8 83 c5 01 39 dd 0f 4e dd e9 51 ff ff ff e8 72 38 88 fa <0f> 0b eb a1 e8 c9 14 be fa e9 47 fd ff ff e8 bf 14 be fa e9 ea fe
RSP: 0018:ffff8880b5a5f3d0 EFLAGS: 00010206
RAX: ffff8880b5a4c240 RBX: ffffffff8b287200 RCX: ffffffff86da4a64
RDX: 0000000000000100 RSI: ffffffff86da4cfe RDI: 0000000000000005
RBP: 0000000000000006 R08: ffff8880b5a5f5d0 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000005526 R14: ffff8880b315e280 R15: ffff8880b315e280
 tcp_cong_control net/ipv4/tcp_input.c:3326 [inline]
 tcp_ack+0x3e8a/0x51d0 net/ipv4/tcp_input.c:3719
 tcp_rcv_established+0x66b/0x1ef0 net/ipv4/tcp_input.c:5670
 tcp_v6_do_rcv+0xe1e/0x1370 net/ipv6/tcp_ipv6.c:1348
 tcp_v6_rcv+0x26b8/0x3990 net/ipv6/tcp_ipv6.c:1577
 ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
 dst_input include/net/dst.h:461 [inline]
 ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
 process_backlog+0x241/0x700 net/core/dev.c:5849
 napi_poll net/core/dev.c:6280 [inline]
 net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 run_ksoftirqd+0x57/0x110 kernel/softirq.c:653
 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:164
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/11 16:09 linux-4.19.y 3f8a27f9e27b 67be1ae7 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 WARNING in tcp_cwnd_reduction
* Struck through repros no longer work on HEAD.