Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp668913pxb;
        Thu, 23 Sep 2021 08:16:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzPtkbIUraPUvxn5MS9rn83lxBDQxnDOBmdI/6qS6xDSpBnuTOw+2ZrK9By52ofp2vewAjA
X-Received: by 2002:a02:6988:: with SMTP id e130mr4448118jac.97.1632410184946;
        Thu, 23 Sep 2021 08:16:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1632410184; cv=none;
        d=google.com; s=arc-20160816;
        b=kERQ5PfpSJxWN4R1t4pcIYR2QAlxI6PHPeUWJVcN5W36IrLCpVBwpTKIJq/yge/0vh
         pn7EK2qo9OJD0cUGsnO4htJwOvpXSjx0OgfKo9YwX+frvkOoLqmJe86/w9A6RP3TUH2+
         cRX/JImZf3+Ax4i/1G5kVUOXWJFVM9608Xq1nqAAeJ1OMI9iqCWZmwwdOiN8PS/WTlqx
         ia7G1OfSH59E1yN0aluXNP64MTalHuu7D3n8JOh2xMHJcadsyHgS7lHo44l5WGwIMA5s
         6ylfSktaeT+pReLuuVQ9RMgRwM1u2J3yf10N+nvQG973wwGAfnED5kkCfCIj8fu7UjOT
         FHWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=VqdjaNmOy3AFkCrcLAGhcrhZbFXF1wKvJPiKrQRv8Nc=;
        b=noaRPwDRpqLMtrM0StLNAOV+ouDrycXrI/IQerRwj8uV5l6hHnwcM8s4tOJPtcKyCb
         UMWI/JmaLdUSz7tozOUcWqhBenjXmnJqSZD0CbHL9Wryp5rRcl2Ta3FVzZ6zgVYln8Rf
         /CuP+fbHWMoI1bQDLobXm9JYN9CNV7GpZfIMY7Q8O9JzLvJidcLZ4ULs5JagZuJcTNkH
         tSbsKncYIqGa89m32Va53XsD+hUCpitqOuRkwoz9ZcvXsipHueD6F3Tr+MsdJHoFVmy4
         4LxszslTv08uyMwr1RUCbv38GYFWAfHWENqdMHiIbh/GRJ+apprzvNfhkEhMRWaH6BK9
         ndPA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AYb91eWU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a6si6528017ilt.68.2021.09.23.08.16.12;
        Thu, 23 Sep 2021 08:16:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AYb91eWU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241960AbhIWPPa (ORCPT <rfc822;llc123456a@gmail.com> + 99 others);
        Thu, 23 Sep 2021 11:15:30 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:24894 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S241947AbhIWPP3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 Sep 2021 11:15:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1632410037;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=VqdjaNmOy3AFkCrcLAGhcrhZbFXF1wKvJPiKrQRv8Nc=;
        b=AYb91eWUCdKQiWU3z0qpNoUv81R2fE1f6LsUgdGFtnZcAyIWdlattp1mIxxG3EFC6pAmoT
        5UjsEwmiTs/yLfMAWFDEyP0uXNbrM6PqgmIladOEfuDnoLHVUA42y4AjomMhuP9fy+X9Us
        2DryJvyRVYvR4HI6RsQ1W1t9ZVs9wvg=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-356-dkBYWIH-Nk6hmZy-bJgioA-1; Thu, 23 Sep 2021 11:13:56 -0400
X-MC-Unique: dkBYWIH-Nk6hmZy-bJgioA-1
Received: by mail-wr1-f71.google.com with SMTP id l9-20020adfc789000000b00160111fd4e8so5399900wrg.17
        for <linux-kernel@vger.kernel.org>; Thu, 23 Sep 2021 08:13:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
         :references:user-agent:mime-version:content-transfer-encoding;
        bh=VqdjaNmOy3AFkCrcLAGhcrhZbFXF1wKvJPiKrQRv8Nc=;
        b=b2tyWrTaq8RmzX6d3ZSAHCokCLmFi3XBz3tvWKg2F7CwdYmdmVMYoSt+Sx520qCaCQ
         D7wiqX29rPhS4lHBFBW+fYYNY6A5WKusEm2g4EDMcLGqTCmEOdsxek4TF9ItVMbvLaQm
         d3nTqI+rVKuxlr/Emv0Nt5DLBO5fylZaEnSs2F96nYDIdjbZSwOnN3KlK+TTktpNsfNJ
         4NcXfF/SaD7lBqzc0nt93uYm/bgQvraBFixtkmQI8JfQFmXhI1TzbFQntOd30KcINTVf
         ltZoFbEFVO8vJuLRPVjd5KSzEXysyV+Wcd2Xe3XXcQYClmdWaW9ThTU3UcqmGE2LySPB
         eENA==
X-Gm-Message-State: AOAM530RX9GVep4r0AVWyK8KB4nUnCNMjQi91OgEYNAiIgJ86VYCAOwv
        FFau7rD9mdiXbXU9AB63BMyPQjl2deivxLnNHcTAcS7dZkBZmkNARE8OyDuoqu27jKf850HSTVK
        L7VoC7yfH/SQlL3heXorqFhGP
X-Received: by 2002:a5d:544c:: with SMTP id w12mr5948215wrv.398.1632410034872;
        Thu, 23 Sep 2021 08:13:54 -0700 (PDT)
X-Received: by 2002:a5d:544c:: with SMTP id w12mr5948190wrv.398.1632410034662;
        Thu, 23 Sep 2021 08:13:54 -0700 (PDT)
Received: from gerbillo.redhat.com (146-241-102-46.dyn.eolo.it. [146.241.102.46])
        by smtp.gmail.com with ESMTPSA id u25sm6278000wmm.5.2021.09.23.08.13.53
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 23 Sep 2021 08:13:54 -0700 (PDT)
Message-ID: <286faa2529e01e6091666f97ad0cc703e5e80c7c.camel@redhat.com>
Subject: Re: [syzbot] WARNING in mptcp_sendmsg_frag
From:   Paolo Abeni <pabeni@redhat.com>
To:     Dan Carpenter <dan.carpenter@oracle.com>
Cc:     syzbot <syzbot+263a248eec3e875baa7b@syzkaller.appspotmail.com>,
        davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org,
        mathew.j.martineau@linux.intel.com, matthieu.baerts@tessares.net,
        mptcp@lists.linux.dev, netdev@vger.kernel.org,
        syzkaller-bugs@googlegroups.com
Date:   Thu, 23 Sep 2021 17:13:53 +0200
In-Reply-To: <20210923143728.GD2083@kadam>
References: <00000000000015991c05cc43a736@google.com>
         <7de92627f85522bf5640defe16eee6c8825f5c55.camel@redhat.com>
         <20210923141942.GD2048@kadam> <20210923143728.GD2083@kadam>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,

On Thu, 2021-09-23 at 17:37 +0300, Dan Carpenter wrote:
> On Thu, Sep 23, 2021 at 05:19:42PM +0300, Dan Carpenter wrote:
> > On Wed, Sep 22, 2021 at 12:32:56PM +0200, Paolo Abeni wrote:
> > > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > > 
> > > The debug code helped a bit. It looks like we have singed/unsigned
> > > comparisons issue
> > 
> > There should be a static checker warning for these.  I have created one
> > in response to your email.  It turns out there are a couple other
> > instances of this bug in the same file.

Thank you!

I was quite suprised the plain compiler did not emit a warn, even with
W=1.

> > net/mptcp/protocol.c:479 mptcp_subflow_could_cleanup() warn: unsigned subtraction: '(null)' use '!='
> 
> I should have checked my output a bit more carefully.  I don't want this
> one to generate a warning.
> 
> > net/mptcp/protocol.c:909 mptcp_frag_can_collapse_to() warn: unsigned subtraction: 'pfrag->size - pfrag->offset' use '!='
> 
> Likely "pfrag->offset" can't be larger than "pfrag->size".  Smatch has
> some code to try track this information but it's not clever enough.

Yes, this looks safe, offset can't be larger than size.

Even the last reported warning looks safe to me: 'info->size_goal -
skb->len', we just check for size_goal being greater then skb->len.

Cheers,

Paolo