* [syzbot] [net?] [afs?] WARNING in rxrpc_send_data
@ 2024-12-10 8:27 syzbot
2024-12-10 14:44 ` syzbot
2024-12-12 17:57 ` David Howells
0 siblings, 2 replies; 4+ messages in thread
From: syzbot @ 2024-12-10 8:27 UTC (permalink / raw)
To: davem, dhowells, edumazet, horms, kuba, linux-afs, linux-kernel,
marc.dionne, netdev, pabeni, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: e58b4771af2b Merge branch 'vxlan-support-user-defined-rese..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=16b9a8f8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1362a5aee630ff34
dashboard link: https://syzkaller.appspot.com/bug?extid=ff11be94dfcd7a5af8da
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14cb93e8580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a3d4df980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b527c0c7acd8/disk-e58b4771.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/41720c9a36cc/vmlinux-e58b4771.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8888d773b743/bzImage-e58b4771.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5822 at net/rxrpc/sendmsg.c:296 rxrpc_alloc_txqueue net/rxrpc/sendmsg.c:296 [inline]
WARNING: CPU: 0 PID: 5822 at net/rxrpc/sendmsg.c:296 rxrpc_send_data+0x2969/0x2b30 net/rxrpc/sendmsg.c:390
Modules linked in:
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor280 Not tainted 6.13.0-rc1-syzkaller-00332-ge58b4771af2b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:rxrpc_alloc_txqueue net/rxrpc/sendmsg.c:296 [inline]
RIP: 0010:rxrpc_send_data+0x2969/0x2b30 net/rxrpc/sendmsg.c:390
Code: 24 48 48 89 de e8 37 38 ab f6 4c 39 f3 b8 00 fe ff ff 41 bf fc ff ff ff 44 0f 44 f8 45 31 f6 e9 71 fd ff ff e8 38 33 ab f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 4a d3 09 f7 e9 46 fd ff ff 89 d9 80 e1
RSP: 0018:ffffc90003d9f620 EFLAGS: 00010293
RAX: ffffffff8af43ee8 RBX: ffff88814e6b4e80 RCX: ffff88802b741e00
RDX: 0000000000000000 RSI: 00000000000000ff RDI: ffff88807d0ea440
RBP: ffffc90003d9f8d0 R08: ffff88807d0ea43f R09: 0000000000000000
R10: ffff88807d0ea340 R11: ffffed100fa1d488 R12: ffff88814e6b4e48
R13: 1ffff11029cd69cf R14: ffff88807d0ea000 R15: 0000000000000000
FS: 0000555559fc7380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f831d7fb0d0 CR3: 000000007f1c2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rxrpc_do_sendmsg+0x1569/0x1910 net/rxrpc/sendmsg.c:763
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f831d783ab9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd37defc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f831d783ab9
RDX: 0000000000008880 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f831d7cd0fd R08: 0000000000000000 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f831d7d213c
R13: 00007f831d7cd082 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [net?] [afs?] WARNING in rxrpc_send_data
2024-12-10 8:27 [syzbot] [net?] [afs?] WARNING in rxrpc_send_data syzbot
@ 2024-12-10 14:44 ` syzbot
2024-12-12 17:57 ` David Howells
1 sibling, 0 replies; 4+ messages in thread
From: syzbot @ 2024-12-10 14:44 UTC (permalink / raw)
To: davem, dhowells, edumazet, horms, kuba, linux-afs, linux-kernel,
linux-trace-kernel, marc.dionne, mathieu.desnoyers, mhiramat,
netdev, pabeni, rostedt, syzkaller-bugs
syzbot has bisected this issue to:
commit b341a0263b1b804d329f864c2dc24815364510ec
Author: David Howells <dhowells@redhat.com>
Date: Wed Dec 4 07:46:46 2024 +0000
rxrpc: Implement progressive transmission queue struct
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17bbeb30580000
start commit: e58b4771af2b Merge branch 'vxlan-support-user-defined-rese..
git tree: net-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=147beb30580000
console output: https://syzkaller.appspot.com/x/log.txt?x=107beb30580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1362a5aee630ff34
dashboard link: https://syzkaller.appspot.com/bug?extid=ff11be94dfcd7a5af8da
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14cb93e8580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a3d4df980000
Reported-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
Fixes: b341a0263b1b ("rxrpc: Implement progressive transmission queue struct")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [net?] [afs?] WARNING in rxrpc_send_data
2024-12-10 8:27 [syzbot] [net?] [afs?] WARNING in rxrpc_send_data syzbot
2024-12-10 14:44 ` syzbot
@ 2024-12-12 17:57 ` David Howells
2024-12-12 18:26 ` syzbot
1 sibling, 1 reply; 4+ messages in thread
From: David Howells @ 2024-12-12 17:57 UTC (permalink / raw)
To: syzbot
Cc: dhowells, davem, edumazet, horms, kuba, linux-afs, linux-kernel,
marc.dionne, netdev, pabeni, syzkaller-bugs
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 0c0a3c89dba3..718193df9d2e 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -571,6 +571,7 @@ enum rxrpc_call_flag {
RXRPC_CALL_RX_LAST, /* Received the last packet (at rxtx_top) */
RXRPC_CALL_TX_LAST, /* Last packet in Tx buffer (at rxtx_top) */
RXRPC_CALL_TX_ALL_ACKED, /* Last packet has been hard-acked */
+ RXRPC_CALL_TX_NO_MORE, /* No more data to transmit (MSG_MORE deasserted) */
RXRPC_CALL_SEND_PING, /* A ping will need to be sent */
RXRPC_CALL_RETRANS_TIMEOUT, /* Retransmission due to timeout occurred */
RXRPC_CALL_BEGAN_RX_TIMER, /* We began the expect_rx_by timer */
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index c4c8b718cafa..0e8da909d4f2 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -266,6 +266,7 @@ static void rxrpc_queue_packet(struct rxrpc_sock *rx, struct rxrpc_call *call,
/* Order send_top after the queue->next pointer and txb content. */
smp_store_release(&call->send_top, seq);
if (last) {
+ set_bit(RXRPC_CALL_TX_NO_MORE, &call->flags);
rxrpc_notify_end_tx(rx, call, notify_end_tx);
call->send_queue = NULL;
}
@@ -329,6 +330,13 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
bool more = msg->msg_flags & MSG_MORE;
int ret, copied = 0;
+ if (test_bit(RXRPC_CALL_TX_NO_MORE, &call->flags)) {
+ trace_rxrpc_abort(call->debug_id, rxrpc_sendmsg_late_send,
+ call->cid, call->call_id, call->rx_consumed,
+ 0, -EPROTO);
+ return -EPROTO;
+ }
+
timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
ret = rxrpc_wait_to_be_connected(call, &timeo);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [syzbot] [net?] [afs?] WARNING in rxrpc_send_data
2024-12-12 17:57 ` David Howells
@ 2024-12-12 18:26 ` syzbot
0 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2024-12-12 18:26 UTC (permalink / raw)
To: davem, dhowells, edumazet, horms, kuba, linux-afs, linux-kernel,
marc.dionne, netdev, pabeni, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
Tested-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
Tested on:
commit: f3674384 Merge branch 'net-smc-two-features-for-smc-r'
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=13a34d44580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1362a5aee630ff34
dashboard link: https://syzkaller.appspot.com/bug?extid=ff11be94dfcd7a5af8da
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=169d4d44580000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-12-12 18:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-10 8:27 [syzbot] [net?] [afs?] WARNING in rxrpc_send_data syzbot
2024-12-10 14:44 ` syzbot
2024-12-12 17:57 ` David Howells
2024-12-12 18:26 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).