Re: [PATCH v2 net] net: read sk->sk_family once in sk_mc_loop()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: patchwork-bot+netdevbpf@kernel.org
To: Eric Dumazet <edumazet@google.com>
Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
	netdev@vger.kernel.org, eric.dumazet@gmail.com,
	syzkaller@googlegroups.com, kuniyu@amazon.com
Subject: Re: [PATCH v2 net] net: read sk->sk_family once in sk_mc_loop()
Date: Thu, 31 Aug 2023 10:30:23 +0000	[thread overview]
Message-ID: <169347782367.15498.7858009369964639708.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20230830101244.1146934-1-edumazet@google.com>

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Wed, 30 Aug 2023 10:12:44 +0000 you wrote:
> syzbot is playing with IPV6_ADDRFORM quite a lot these days,
> and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop()
> 
> We have many more similar issues to fix.
> 
> WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260
> Modules linked in:
> CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
> Workqueue: events_power_efficient gc_worker
> RIP: 0010:sk_mc_loop+0x165/0x260 net/core/sock.c:782
> Code: 34 1b fd 49 81 c7 18 05 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 25 36 6d fd 4d 8b 37 eb 13 e8 db 33 1b fd <0f> 0b b3 01 eb 34 e8 d0 33 1b fd 45 31 f6 49 83 c6 38 4c 89 f0 48
> RSP: 0018:ffffc90000388530 EFLAGS: 00010246
> RAX: ffffffff846d9b55 RBX: 0000000000000011 RCX: ffff88814f884980
> RDX: 0000000000000102 RSI: ffffffff87ae5160 RDI: 0000000000000011
> RBP: ffffc90000388550 R08: 0000000000000003 R09: ffffffff846d9a65
> R10: 0000000000000002 R11: ffff88814f884980 R12: dffffc0000000000
> R13: ffff88810dbee000 R14: 0000000000000010 R15: ffff888150084000
> FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020000180 CR3: 000000014ee5b000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <IRQ>
> [<ffffffff8507734f>] ip6_finish_output2+0x33f/0x1ae0 net/ipv6/ip6_output.c:83
> [<ffffffff85062766>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline]
> [<ffffffff85062766>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211
> [<ffffffff85061f8c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline]
> [<ffffffff85061f8c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232
> [<ffffffff852071cf>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff852071cf>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161
> [<ffffffff83618fb4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline]
> [<ffffffff83618fb4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]
> [<ffffffff83618fb4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
> [<ffffffff83618fb4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677
> [<ffffffff8361ddd9>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229
> [<ffffffff84763fc0>] netdev_start_xmit include/linux/netdevice.h:4925 [inline]
> [<ffffffff84763fc0>] xmit_one net/core/dev.c:3644 [inline]
> [<ffffffff84763fc0>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660
> [<ffffffff8494c650>] sch_direct_xmit+0x2a0/0x9c0 net/sched/sch_generic.c:342
> [<ffffffff8494d883>] qdisc_restart net/sched/sch_generic.c:407 [inline]
> [<ffffffff8494d883>] __qdisc_run+0xb13/0x1e70 net/sched/sch_generic.c:415
> [<ffffffff8478c426>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125
> [<ffffffff84796eac>] net_tx_action+0x7ac/0x940 net/core/dev.c:5247
> [<ffffffff858002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:599
> [<ffffffff814c3fe8>] invoke_softirq kernel/softirq.c:430 [inline]
> [<ffffffff814c3fe8>] __irq_exit_rcu+0xc8/0x170 kernel/softirq.c:683
> [<ffffffff814c3f09>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:695
> 
> [...]

Here is the summary with links:
  - [v2,net] net: read sk->sk_family once in sk_mc_loop()
    https://git.kernel.org/netdev/net/c/a3e0fdf71bbe

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

     prev parent reply	other threads:[~2023-08-31 10:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-30 10:12 [PATCH v2 net] net: read sk->sk_family once in sk_mc_loop() Eric Dumazet
2023-08-31 10:30 ` patchwork-bot+netdevbpf [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=169347782367.15498.7858009369964639708.git-patchwork-notify@kernel.org \
    --to=patchwork-bot+netdevbpf@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=kuba@kernel.org \
    --cc=kuniyu@amazon.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.