[syzbot] [mptcp?] WARNING in __mptcp_clean_una (2)
11 views
Skip to first unread message
syzbot
Dec 16, 2024, 11:42:26āÆAM12/16/24
to da...@davemloft.net, edum...@google.com, gelian...@linux.dev, gel...@kernel.org, ho...@kernel.org, ku...@kernel.org, linux-...@vger.kernel.org, mart...@kernel.org, mat...@kernel.org, mp...@lists.linux.dev, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 00a5acdbf398 bpf: Fix configuration-dependent BTF function..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=148de730580000
kernel config: https://syzkaller.appspot.com/x/.config?x=fee25f93665c89ac
dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d82344580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=179654f8580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc306c95490c/disk-00a5acdb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e17d5125ee77/vmlinux-00a5acdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65f791a7fd14/bzImage-00a5acdb.xz
The issue was bisected to:
commit 3f83d8a77eeeb47011b990fd766a421ee64f1d73
Author: Paolo Abeni <pab...@redhat.com>
Date: Thu Feb 8 18:03:51 2024 +0000
mptcp: fix more tx path fields initialization
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12d2c7e8580000
final oops: https://syzkaller.appspot.com/x/report.txt?x=11d2c7e8580000
console output: https://syzkaller.appspot.com/x/log.txt?x=16d2c7e8580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Fixes: 3f83d8a77eee ("mptcp: fix more tx path fields initialization")
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Modules linked in:
CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 <0f> 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07
RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293
RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928
R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000
R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000
FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074
mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493
release_sock+0x1aa/0x1f0 net/core/sock.c:3640
inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]
__inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703
mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755
mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x1a6/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e86ebfe69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69
RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc
R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 00a5acdbf398 bpf: Fix configuration-dependent BTF function..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=148de730580000
kernel config: https://syzkaller.appspot.com/x/.config?x=fee25f93665c89ac
dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d82344580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=179654f8580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc306c95490c/disk-00a5acdb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e17d5125ee77/vmlinux-00a5acdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65f791a7fd14/bzImage-00a5acdb.xz
The issue was bisected to:
commit 3f83d8a77eeeb47011b990fd766a421ee64f1d73
Author: Paolo Abeni <pab...@redhat.com>
Date: Thu Feb 8 18:03:51 2024 +0000
mptcp: fix more tx path fields initialization
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12d2c7e8580000
final oops: https://syzkaller.appspot.com/x/report.txt?x=11d2c7e8580000
console output: https://syzkaller.appspot.com/x/log.txt?x=16d2c7e8580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Fixes: 3f83d8a77eee ("mptcp: fix more tx path fields initialization")
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Modules linked in:
CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 <0f> 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07
RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293
RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928
R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000
R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000
FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074
mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493
release_sock+0x1aa/0x1f0 net/core/sock.c:3640
inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]
__inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703
mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755
mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x1a6/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e86ebfe69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69
RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc
R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Paolo Abeni
Jan 16, 2025, 12:38:33āÆPM1/16/25
to syzbot, mp...@lists.linux.dev, syzkall...@googlegroups.com
the bot can reply it on such a tree and additionally add report debug
info if the splat happens
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git main
syzbot
Jan 16, 2025, 8:29:04āÆPM1/16/25
to linux-...@vger.kernel.org, mp...@lists.linux.dev, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __mptcp_clean_una
MPTCP: snd_una 52e55b5d657ac4e2 snd_nxt 52e55b5d657ac4e2 write_seq 52e55b5d657ac4e2 idsn 52e55b5d657ac4e1 dfrag seq 3d10b145d4f45513 len 32728
------------[ cut here ]------------
WARNING: CPU: 0 PID: 204 at net/mptcp/protocol.c:1030 __mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Modules linked in:
CPU: 0 UID: 0 PID: 204 Comm: kworker/u8:6 Not tainted 6.13.0-rc7-syzkaller-gce69b4019001-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: krdsd rds_tcp_accept_worker
RIP: 0010:__mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Code: 68 0f 54 f6 4c 8b 03 48 c7 c7 80 62 30 8d 48 8b 74 24 28 4c 89 f2 4c 89 f9 4c 8b 4c 24 38 41 55 e8 57 29 55 f5 48 83 c4 08 90 <0f> 0b 90 e9 ff f3 ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 3f f9 ff ff
RSP: 0000:ffffc90000006da0 EFLAGS: 00010296
RAX: 000000000000008e RBX: ffff888078274c28 RCX: e4b9e8819bb74600
RDX: 0000000000000100 RSI: 0000000000000303 RDI: 0000000000000000
RBP: ffffc90000006eb0 R08: ffffffff817f1b5c R09: 1ffff92000000d50
R10: dffffc0000000000 R11: fffff52000000d51 R12: ffff888061554648
R13: 0000000000007fd8 R14: 52e55b5d657ac4e2 R15: 52e55b5d657ac4e2
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
mptcp_incoming_options+0xc49/0x2540 net/mptcp/options.c:1144
tcp_data_queue+0xf9/0x7310 net/ipv4/tcp_input.c:5233
tcp_rcv_established+0xed0/0x1f20 net/ipv4/tcp_input.c:6264
tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1916
tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351
ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5704 [inline]
__netif_receive_skb+0x2bf/0x650 net/core/dev.c:5817
process_backlog+0x662/0x15b0 net/core/dev.c:6149
__napi_poll+0xcb/0x490 net/core/dev.c:6902
napi_poll net/core/dev.c:6971 [inline]
net_rx_action+0x89b/0x1240 net/core/dev.c:7093
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
do_softirq+0x11b/0x1e0 kernel/softirq.c:462
</IRQ>
<TASK>
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x1775/0x3f50 net/core/dev.c:4493
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
neigh_hh_output include/net/neighbour.h:523 [inline]
neigh_output include/net/neighbour.h:537 [inline]
ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236
ip_local_out net/ipv4/ip_output.c:130 [inline]
__ip_queue_xmit+0x12ca/0x1ef0 net/ipv4/ip_output.c:536
__tcp_transmit_skb+0x2582/0x3ba0 net/ipv4/tcp_output.c:1468
tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
tcp_write_xmit+0x17b5/0x6bf0 net/ipv4/tcp_output.c:2829
__tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3012
__tcp_close+0xa7f/0xde0 net/ipv4/tcp.c:3130
tcp_close+0x28/0x110 net/ipv4/tcp.c:3221
inet_release+0x17d/0x200 net/ipv4/af_inet.c:435
__sock_release net/socket.c:640 [inline]
sock_release+0x82/0x150 net/socket.c:668
rds_tcp_accept_one+0x1b3/0xbe0 net/rds/tcp_listen.c:234
rds_tcp_accept_worker+0x3f/0xa0 net/rds/tcp.c:533
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Tested on:
commit: ce69b401 Merge tag 'net-6.13-rc8' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=175b27c4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=aadf89e2f6db86cc
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __mptcp_clean_una
MPTCP: snd_una 52e55b5d657ac4e2 snd_nxt 52e55b5d657ac4e2 write_seq 52e55b5d657ac4e2 idsn 52e55b5d657ac4e1 dfrag seq 3d10b145d4f45513 len 32728
------------[ cut here ]------------
WARNING: CPU: 0 PID: 204 at net/mptcp/protocol.c:1030 __mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Modules linked in:
CPU: 0 UID: 0 PID: 204 Comm: kworker/u8:6 Not tainted 6.13.0-rc7-syzkaller-gce69b4019001-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: krdsd rds_tcp_accept_worker
RIP: 0010:__mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Code: 68 0f 54 f6 4c 8b 03 48 c7 c7 80 62 30 8d 48 8b 74 24 28 4c 89 f2 4c 89 f9 4c 8b 4c 24 38 41 55 e8 57 29 55 f5 48 83 c4 08 90 <0f> 0b 90 e9 ff f3 ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 3f f9 ff ff
RSP: 0000:ffffc90000006da0 EFLAGS: 00010296
RAX: 000000000000008e RBX: ffff888078274c28 RCX: e4b9e8819bb74600
RDX: 0000000000000100 RSI: 0000000000000303 RDI: 0000000000000000
RBP: ffffc90000006eb0 R08: ffffffff817f1b5c R09: 1ffff92000000d50
R10: dffffc0000000000 R11: fffff52000000d51 R12: ffff888061554648
R13: 0000000000007fd8 R14: 52e55b5d657ac4e2 R15: 52e55b5d657ac4e2
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f84b8a1d3d7 CR3: 0000000067206000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
mptcp_incoming_options+0xc49/0x2540 net/mptcp/options.c:1144
tcp_data_queue+0xf9/0x7310 net/ipv4/tcp_input.c:5233
tcp_rcv_established+0xed0/0x1f20 net/ipv4/tcp_input.c:6264
tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1916
tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351
ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5704 [inline]
__netif_receive_skb+0x2bf/0x650 net/core/dev.c:5817
process_backlog+0x662/0x15b0 net/core/dev.c:6149
__napi_poll+0xcb/0x490 net/core/dev.c:6902
napi_poll net/core/dev.c:6971 [inline]
net_rx_action+0x89b/0x1240 net/core/dev.c:7093
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
do_softirq+0x11b/0x1e0 kernel/softirq.c:462
</IRQ>
<TASK>
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x1775/0x3f50 net/core/dev.c:4493
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
neigh_hh_output include/net/neighbour.h:523 [inline]
neigh_output include/net/neighbour.h:537 [inline]
ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236
ip_local_out net/ipv4/ip_output.c:130 [inline]
__ip_queue_xmit+0x12ca/0x1ef0 net/ipv4/ip_output.c:536
__tcp_transmit_skb+0x2582/0x3ba0 net/ipv4/tcp_output.c:1468
tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
tcp_write_xmit+0x17b5/0x6bf0 net/ipv4/tcp_output.c:2829
__tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3012
__tcp_close+0xa7f/0xde0 net/ipv4/tcp.c:3130
tcp_close+0x28/0x110 net/ipv4/tcp.c:3221
inet_release+0x17d/0x200 net/ipv4/af_inet.c:435
__sock_release net/socket.c:640 [inline]
sock_release+0x82/0x150 net/socket.c:668
rds_tcp_accept_one+0x1b3/0xbe0 net/rds/tcp_listen.c:234
rds_tcp_accept_worker+0x3f/0xa0 net/rds/tcp.c:533
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Tested on:
commit: ce69b401 Merge tag 'net-6.13-rc8' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=175b27c4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=aadf89e2f6db86cc
dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=17fb9a18580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Paolo Abeni
Jan 17, 2025, 10:54:43āÆAM1/17/25
to syzbot, linux-...@vger.kernel.org, mp...@lists.linux.dev, syzkall...@googlegroups.com
On 1/17/25 2:29 AM, syzbot wrote:
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> WARNING in __mptcp_clean_una
>
> MPTCP: snd_una 52e55b5d657ac4e2 snd_nxt 52e55b5d657ac4e2 write_seq 52e55b5d657ac4e2 idsn 52e55b5d657ac4e1 dfrag seq 3d10b145d4f45513 len 32728
It looks like we are not catching a disconnect().
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> WARNING in __mptcp_clean_una
>
> MPTCP: snd_una 52e55b5d657ac4e2 snd_nxt 52e55b5d657ac4e2 write_seq 52e55b5d657ac4e2 idsn 52e55b5d657ac4e1 dfrag seq 3d10b145d4f45513 len 32728
Add the missing accounting and more debug, in case the problem is elsewhere.
/P
Paolo Abeni
Jan 17, 2025, 12:01:50āÆPM1/17/25
to syzbot, mp...@lists.linux.dev, net...@vger.kernel.org, syzkall...@googlegroups.com
On 12/16/24 5:42 PM, syzbot wrote:
> syzbot found the following issue on:
>
> HEAD commit: 00a5acdbf398 bpf: Fix configuration-dependent BTF function..
> git tree: bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=148de730580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=fee25f93665c89ac
> dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d82344580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=179654f8580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/fc306c95490c/disk-00a5acdb.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/e17d5125ee77/vmlinux-00a5acdb.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/65f791a7fd14/bzImage-00a5acdb.xz
Trying again... Mat noted I actually forgot the actual command
>
> HEAD commit: 00a5acdbf398 bpf: Fix configuration-dependent BTF function..
> git tree: bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=148de730580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=fee25f93665c89ac
> dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d82344580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=179654f8580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/fc306c95490c/disk-00a5acdb.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/e17d5125ee77/vmlinux-00a5acdb.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/65f791a7fd14/bzImage-00a5acdb.xz
syzbot
Jan 17, 2025, 12:32:05āÆPM1/17/25
to linux-...@vger.kernel.org, mp...@lists.linux.dev, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Tested-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Tested on:
commit: 5d6a361d Merge branch 'realtek-link-down'
kernel config: https://syzkaller.appspot.com/x/.config?x=aadf89e2f6db86cc
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Tested-by: syzbot+ebc0b8...@syzkaller.appspotmail.com
Tested on:
commit: 5d6a361d Merge branch 'realtek-link-down'
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=151669df980000
kernel config: https://syzkaller.appspot.com/x/.config?x=aadf89e2f6db86cc
dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=10983a18580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages