------------[ cut here ]------------
WARNING: CPU: 0 PID: 9293 at net/mptcp/protocol.c:703 __mptcp_move_skbs_from_subflow+0x224c/0x2334 net/mptcp/protocol.c:703
Modules linked in:
CPU: 0 PID: 9293 Comm: syz-executor.1 Not tainted 6.1.71-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mptcp_move_skbs_from_subflow+0x224c/0x2334 net/mptcp/protocol.c:703
lr : __mptcp_move_skbs_from_subflow+0x224c/0x2334 net/mptcp/protocol.c:703
sp : ffff800021546b80
x29: ffff800021546d00 x28: 0000000000000000 x27: ffff00012224a0b8
x26: ffff0000d420e04c x25: ffff0000d03ecd78 x24: 0000000000000000
x23: dfff800000000000 x22: ffff0000d6f9c85c x21: ffff000122249a10
x20: 00000000000081e5 x19: 0000000000007c80 x18: ffff0000cdf4b810
x17: ffff80019ebf0000 x16: ffff8000084fa820 x15: 0000000000000002
x14: 1ffff00002b040b0 x13: dfff800000000000 x12: 0000000000040000
x11: 0000000000007786 x10: ffff80002637e000 x9 : ffff800012040ca0
x8 : 0000000000007787 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001203f870
x2 : 0000000000000001 x1 : 00000000000081e5 x0 : 0000000000007c80
Call trace:
 __mptcp_move_skbs_from_subflow+0x224c/0x2334 net/mptcp/protocol.c:703
 move_skbs_to_msk net/mptcp/protocol.c:816 [inline]
 mptcp_data_ready+0x278/0x670 net/mptcp/protocol.c:861
 subflow_data_ready+0x178/0x234 net/mptcp/subflow.c:1350
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5028
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5102
 tcp_rcv_established+0xa84/0x1fe0 net/ipv4/tcp_input.c:6028
 tcp_v4_do_rcv+0x390/0xb08 net/ipv4/tcp_ipv4.c:1677
 sk_backlog_rcv include/net/sock.h:1117 [inline]
 __release_sock+0x1a8/0x408 net/core/sock.c:2926
 release_sock+0x68/0x1cc net/core/sock.c:3490
 __mptcp_push_pending+0x664/0xb54
 mptcp_sendmsg+0xc0c/0x13bc net/mptcp/protocol.c:1875
 inet6_sendmsg+0xb4/0xd8 net/ipv6/af_inet6.c:667
 sock_sendmsg_nosec net/socket.c:716 [inline]
 __sock_sendmsg net/socket.c:728 [inline]
 ____sys_sendmsg+0x558/0x844 net/socket.c:2499
 ___sys_sendmsg net/socket.c:2553 [inline]
 __sys_sendmmsg+0x318/0x7d8 net/socket.c:2639
 __do_sys_sendmmsg net/socket.c:2668 [inline]
 __se_sys_sendmmsg net/socket.c:2665 [inline]
 __arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2665
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 989
hardirqs last  enabled at (987): [<ffff80000897410c>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (989): [<ffff800012141304>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (978): [<ffff800012061910>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last  enabled at (978): [<ffff800012061910>] ack_update_msk net/mptcp/options.c:1054 [inline]
softirqs last  enabled at (978): [<ffff800012061910>] mptcp_incoming_options+0x658/0x1af4 net/mptcp/options.c:1177
softirqs last disabled at (988): [<ffff80001203191c>] spin_lock_bh include/linux/spinlock.h:355 [inline]
softirqs last disabled at (988): [<ffff80001203191c>] mptcp_data_ready+0x258/0x670 net/mptcp/protocol.c:860
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9293 at net/mptcp/protocol.c:706 __mptcp_move_skbs_from_subflow+0x19a4/0x2334 net/mptcp/protocol.c:706
Modules linked in:
CPU: 1 PID: 9293 Comm: syz-executor.1 Tainted: G        W          6.1.71-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mptcp_move_skbs_from_subflow+0x19a4/0x2334 net/mptcp/protocol.c:706
lr : __mptcp_move_skbs_from_subflow+0x19a4/0x2334 net/mptcp/protocol.c:706
sp : ffff800021546b80
x29: ffff800021546d00 x28: 0000000000000000 x27: ffff00012224a0b8
x26: ffff0000d420e04c x25: 1fffe0001a07d95e x24: 0000000000000000
x23: dfff800000000000 x22: 1fffe0001a07d963 x21: 00000000ffff7e1b
x20: ffff0000d03ecaf0 x19: 1fffe0001adf3839 x18: ffff8000215468e4
x17: ffff80001581d000 x16: ffff8000084fa820 x15: 0000000000000002
x14: 1ffff00002b040b0 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002637e000 x9 : ffff8000120403f8
x8 : 0000000000040000 x7 : ffff80001203191c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000831ce70
x2 : ffff800021546d80 x1 : 00000000ffff7e1b x0 : 0000000000002b9b
Call trace:
 __mptcp_move_skbs_from_subflow+0x19a4/0x2334 net/mptcp/protocol.c:706
 move_skbs_to_msk net/mptcp/protocol.c:816 [inline]
 mptcp_data_ready+0x278/0x670 net/mptcp/protocol.c:861
 subflow_data_ready+0x178/0x234 net/mptcp/subflow.c:1350
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5028
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5102
 tcp_rcv_established+0xa84/0x1fe0 net/ipv4/tcp_input.c:6028
 tcp_v4_do_rcv+0x390/0xb08 net/ipv4/tcp_ipv4.c:1677
 sk_backlog_rcv include/net/sock.h:1117 [inline]
 __release_sock+0x1a8/0x408 net/core/sock.c:2926
 release_sock+0x68/0x1cc net/core/sock.c:3490
 __mptcp_push_pending+0x664/0xb54
 mptcp_sendmsg+0xc0c/0x13bc net/mptcp/protocol.c:1875
 inet6_sendmsg+0xb4/0xd8 net/ipv6/af_inet6.c:667
 sock_sendmsg_nosec net/socket.c:716 [inline]
 __sock_sendmsg net/socket.c:728 [inline]
 ____sys_sendmsg+0x558/0x844 net/socket.c:2499
 ___sys_sendmsg net/socket.c:2553 [inline]
 __sys_sendmmsg+0x318/0x7d8 net/socket.c:2639
 __do_sys_sendmmsg net/socket.c:2668 [inline]
 __se_sys_sendmmsg net/socket.c:2665 [inline]
 __arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2665
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1371
hardirqs last  enabled at (1369): [<ffff8000081c7770>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
hardirqs last disabled at (1371): [<ffff800012141304>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (1368): [<ffff800012061910>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last  enabled at (1368): [<ffff800012061910>] ack_update_msk net/mptcp/options.c:1054 [inline]
softirqs last  enabled at (1368): [<ffff800012061910>] mptcp_incoming_options+0x658/0x1af4 net/mptcp/options.c:1177
softirqs last disabled at (1370): [<ffff80001203191c>] spin_lock_bh include/linux/spinlock.h:355 [inline]
softirqs last disabled at (1370): [<ffff80001203191c>] mptcp_data_ready+0x258/0x670 net/mptcp/protocol.c:860
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9293 at net/mptcp/subflow.c:846 skb_is_fully_mapped net/mptcp/subflow.c:846 [inline]
WARNING: CPU: 1 PID: 9293 at net/mptcp/subflow.c:846 get_mapping_status net/mptcp/subflow.c:1055 [inline]
WARNING: CPU: 1 PID: 9293 at net/mptcp/subflow.c:846 subflow_check_data_avail net/mptcp/subflow.c:1184 [inline]
WARNING: CPU: 1 PID: 9293 at net/mptcp/subflow.c:846 mptcp_subflow_data_available+0x1968/0x3468 net/mptcp/subflow.c:1287
Modules linked in:
CPU: 1 PID: 9293 Comm: syz-executor.1 Tainted: G        W          6.1.71-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_is_fully_mapped net/mptcp/subflow.c:846 [inline]
pc : get_mapping_status net/mptcp/subflow.c:1055 [inline]
pc : subflow_check_data_avail net/mptcp/subflow.c:1184 [inline]
pc : mptcp_subflow_data_available+0x1968/0x3468 net/mptcp/subflow.c:1287
lr : skb_is_fully_mapped net/mptcp/subflow.c:846 [inline]
lr : get_mapping_status net/mptcp/subflow.c:1055 [inline]
lr : subflow_check_data_avail net/mptcp/subflow.c:1184 [inline]
lr : mptcp_subflow_data_available+0x1968/0x3468 net/mptcp/subflow.c:1287
sp : ffff800021546c60
x29: ffff800021546dc0 x28: ffff0000c96b8d70 x27: dfff800000000000
x26: ffff0000d420e000 x25: 0000000000000000 x24: 000000000000ade5
x23: 00000000ffff5280 x22: 00000000002401e8 x21: ffff0000d6f9c1b8
x20: dfff800000000000 x19: 00000000e072693d x18: ffff0000d6fc26d0
x17: ffff80019ec10000 x16: ffff8000084fa820 x15: 0000000000000002
x14: 00000000ffff8000 x13: 0000000000000003 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002637e000 x9 : ffff80001204f114
x8 : 0000000000040000 x7 : 0000000000000000 x6 : 0200000000000002
x5 : ffff0000d307a130 x4 : 0000000000000000 x3 : ffff80001205a4c4
x2 : 0000000000000000 x1 : 00000000ffff5280 x0 : 0000000000000065
Call trace:
 skb_is_fully_mapped net/mptcp/subflow.c:846 [inline]
 get_mapping_status net/mptcp/subflow.c:1055 [inline]
 subflow_check_data_avail net/mptcp/subflow.c:1184 [inline]
 mptcp_subflow_data_available+0x1968/0x3468 net/mptcp/subflow.c:1287
 subflow_data_ready+0x164/0x234 net/mptcp/subflow.c:1349
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5028
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5102
 tcp_rcv_established+0xa84/0x1fe0 net/ipv4/tcp_input.c:6028
 tcp_v4_do_rcv+0x390/0xb08 net/ipv4/tcp_ipv4.c:1677
 sk_backlog_rcv include/net/sock.h:1117 [inline]
 __release_sock+0x1a8/0x408 net/core/sock.c:2926
 release_sock+0x68/0x1cc net/core/sock.c:3490
 __mptcp_push_pending+0x664/0xb54
 mptcp_sendmsg+0xc0c/0x13bc net/mptcp/protocol.c:1875
 inet6_sendmsg+0xb4/0xd8 net/ipv6/af_inet6.c:667
 sock_sendmsg_nosec net/socket.c:716 [inline]
 __sock_sendmsg net/socket.c:728 [inline]
 ____sys_sendmsg+0x558/0x844 net/socket.c:2499
 ___sys_sendmsg net/socket.c:2553 [inline]
 __sys_sendmmsg+0x318/0x7d8 net/socket.c:2639
 __do_sys_sendmmsg net/socket.c:2668 [inline]
 __se_sys_sendmmsg net/socket.c:2665 [inline]
 __arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2665
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2266
hardirqs last  enabled at (2265): [<ffff8000081c7770>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
hardirqs last disabled at (2266): [<ffff800012141304>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2264): [<ffff800012061910>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last  enabled at (2264): [<ffff800012061910>] ack_update_msk net/mptcp/options.c:1054 [inline]
softirqs last  enabled at (2264): [<ffff800012061910>] mptcp_incoming_options+0x658/0x1af4 net/mptcp/options.c:1177
softirqs last disabled at (2262): [<ffff800012061714>] spin_lock_bh include/linux/spinlock.h:355 [inline]
softirqs last disabled at (2262): [<ffff800012061714>] ack_update_msk net/mptcp/options.c:1028 [inline]
softirqs last disabled at (2262): [<ffff800012061714>] mptcp_incoming_options+0x45c/0x1af4 net/mptcp/options.c:1177
---[ end trace 0000000000000000 ]---