multipath-tcp / mptcp_net-next

Development version of the Upstream MultiPath TCP Linux kernel 🐧
https://mptcp.dev
Other
290 stars 41 forks source link

[syzbot] WARNING in `__mptcp_move_skbs_from_subflow` #513

Closed cpaasch closed 1 month ago

cpaasch commented 3 months ago

Raising awareness here to this issue: https://syzkaller.appspot.com/bug?id=e1909b42f954d6302231753e99ff2fef6d763447

We are hitting this as well in our deployment.

matttbe commented 3 months ago

@cpaasch : thank you for this reminder. By chance, do you have a reproducer? Did you get it while validating the export branch?

cpaasch commented 3 months ago

No reproducer yet.

pabeni commented 3 months ago

Some occurrence of the reported splats should be fixed by the following commit

commit 68cc924729ffcfe90d0383177192030a9aeb2ee4 Author: Paolo Abeni pabeni@redhat.com Date: Wed Jul 31 12:10:15 2024 +0200

mptcp: fix duplicate data handling

According to the syzbot status, syzkaller was able to reproduce the splat on top of linux@6a0e38264012 which includes the above commit, so there should be something more.

pabeni commented 3 months ago

The splat is caused by a somewhat bad mapping: the current data mapping covers only partially the current skb contents. In theory we could 'downgrade' the warning to a dbg message and/or a mib count increase, as an evil/bad pear could trigger this at will, but syzkaller is observing the splat when the peer is the in-tree mptcp implementation: we need to dig the root cause.

cpaasch commented 3 months ago

The splat is caused by a somewhat bad mapping: the current data mapping covers only partially the current skb contents

Yes, that is something that can happen, so downgrading to dbg with a MIB-counter would be good.