Re: [syzbot] [mptcp?] WARNING in __mptcp_clean_una (2)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+ebc0b8ae5d3590b2c074@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, mptcp@lists.linux.dev,
	pabeni@redhat.com,  syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [mptcp?] WARNING in __mptcp_clean_una (2)
Date: Thu, 16 Jan 2025 17:29:02 -0800	[thread overview]
Message-ID: <6789b25e.050a0220.20d369.004d.GAE@google.com> (raw)
In-Reply-To: <1ac7d9c7-9f30-4915-ac6d-fe12b188d3b0@redhat.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __mptcp_clean_una

MPTCP: snd_una 52e55b5d657ac4e2 snd_nxt 52e55b5d657ac4e2 write_seq 52e55b5d657ac4e2 idsn 52e55b5d657ac4e1 dfrag seq 3d10b145d4f45513 len 32728
------------[ cut here ]------------
WARNING: CPU: 0 PID: 204 at net/mptcp/protocol.c:1030 __mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Modules linked in:
CPU: 0 UID: 0 PID: 204 Comm: kworker/u8:6 Not tainted 6.13.0-rc7-syzkaller-gce69b4019001-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: krdsd rds_tcp_accept_worker
RIP: 0010:__mptcp_clean_una+0xede/0x1160 net/mptcp/protocol.c:1030
Code: 68 0f 54 f6 4c 8b 03 48 c7 c7 80 62 30 8d 48 8b 74 24 28 4c 89 f2 4c 89 f9 4c 8b 4c 24 38 41 55 e8 57 29 55 f5 48 83 c4 08 90 <0f> 0b 90 e9 ff f3 ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 3f f9 ff ff
RSP: 0000:ffffc90000006da0 EFLAGS: 00010296
RAX: 000000000000008e RBX: ffff888078274c28 RCX: e4b9e8819bb74600
RDX: 0000000000000100 RSI: 0000000000000303 RDI: 0000000000000000
RBP: ffffc90000006eb0 R08: ffffffff817f1b5c R09: 1ffff92000000d50
R10: dffffc0000000000 R11: fffff52000000d51 R12: ffff888061554648
R13: 0000000000007fd8 R14: 52e55b5d657ac4e2 R15: 52e55b5d657ac4e2
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f84b8a1d3d7 CR3: 0000000067206000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 mptcp_incoming_options+0xc49/0x2540 net/mptcp/options.c:1144
 tcp_data_queue+0xf9/0x7310 net/ipv4/tcp_input.c:5233
 tcp_rcv_established+0xed0/0x1f20 net/ipv4/tcp_input.c:6264
 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1916
 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351
 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5704 [inline]
 __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5817
 process_backlog+0x662/0x15b0 net/core/dev.c:6149
 __napi_poll+0xcb/0x490 net/core/dev.c:6902
 napi_poll net/core/dev.c:6971 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:7093
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 do_softirq+0x11b/0x1e0 kernel/softirq.c:462
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
 __dev_queue_xmit+0x1775/0x3f50 net/core/dev.c:4493
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 neigh_hh_output include/net/neighbour.h:523 [inline]
 neigh_output include/net/neighbour.h:537 [inline]
 ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236
 ip_local_out net/ipv4/ip_output.c:130 [inline]
 __ip_queue_xmit+0x12ca/0x1ef0 net/ipv4/ip_output.c:536
 __tcp_transmit_skb+0x2582/0x3ba0 net/ipv4/tcp_output.c:1468
 tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
 tcp_write_xmit+0x17b5/0x6bf0 net/ipv4/tcp_output.c:2829
 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3012
 __tcp_close+0xa7f/0xde0 net/ipv4/tcp.c:3130
 tcp_close+0x28/0x110 net/ipv4/tcp.c:3221
 inet_release+0x17d/0x200 net/ipv4/af_inet.c:435
 __sock_release net/socket.c:640 [inline]
 sock_release+0x82/0x150 net/socket.c:668
 rds_tcp_accept_one+0x1b3/0xbe0 net/rds/tcp_listen.c:234
 rds_tcp_accept_worker+0x3f/0xa0 net/rds/tcp.c:533
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>


Tested on:

commit:         ce69b401 Merge tag 'net-6.13-rc8' of git://git.kernel...
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=175b27c4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=aadf89e2f6db86cc
dashboard link: https://syzkaller.appspot.com/bug?extid=ebc0b8ae5d3590b2c074
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17fb9a18580000

next prev parent reply	other threads:[~2025-01-17  1:29 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-16 16:42 [syzbot] [mptcp?] WARNING in __mptcp_clean_una (2) syzbot
2025-01-16 17:38 ` Paolo Abeni
2025-01-17  1:29   ` syzbot [this message]
2025-01-17 15:54     ` Paolo Abeni
2025-01-16 17:38 ` [syzbot] " syzbot
2025-01-17 17:01 ` Paolo Abeni
2025-01-17 17:32   ` syzbot
2025-01-17 17:01 ` [syzbot] " syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6789b25e.050a0220.20d369.004d.GAE@google.com \
    --to=syzbot+ebc0b8ae5d3590b2c074@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mptcp@lists.linux.dev \
    --cc=pabeni@redhat.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.