TCP recvmsg seq # bug 2: copied 8EC065BF, seq 8EC06587, rcvnxt 8EC06588, fl 40
WARNING: CPU: 0 PID: 6454 at net/ipv4/tcp.c:2408 tcp_recvmsg_locked+0x5ac/0x1cf8 net/ipv4/tcp.c:2406
Modules linked in:
CPU: 0 PID: 6454 Comm: syz-executor.1 Not tainted 6.9.0-rc2-syzkaller-00080-gc85af715cac0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : tcp_recvmsg_locked+0x5ac/0x1cf8 net/ipv4/tcp.c:2406
lr : tcp_recvmsg_locked+0x5ac/0x1cf8 net/ipv4/tcp.c:2406
sp : ffff80009cc67160
x29: ffff80009cc67320 x28: ffff0000cadc14b8 x27: ffff0000cadc0d28
x26: ffff0000cd9ad270 x25: ffff0000cadc0d28 x24: 1fffe00019b35a53
x23: 0000000000000001 x22: 000000008ec06587 x21: 1fffe00019b35a54
x20: 000000008ec065bf x19: dfff800000000000 x18: 1fffe00036841796
x17: ffff80008e17d000 x16: ffff80008032e768 x15: 0000000000000001
x14: 1fffe00036844390 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : c9a79c1e3a416f00
x8 : c9a79c1e3a416f00 x7 : ffff8000802a7924 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80008a89f7c0 x0 : ffff800126140000
Call trace:
 tcp_recvmsg_locked+0x5ac/0x1cf8 net/ipv4/tcp.c:2406
 receive_fallback_to_copy net/ipv4/tcp.c:1877 [inline]
 tcp_zerocopy_receive+0x660/0x1e60 net/ipv4/tcp.c:2109
 do_tcp_getsockopt+0x1cc4/0x2a8c net/ipv4/tcp.c:4290
 tcp_getsockopt+0x6c/0xe8 net/ipv4/tcp.c:4377
 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3700
 do_sock_getsockopt+0x274/0x660 net/socket.c:2373
 __sys_getsockopt+0x120/0x19c net/socket.c:2402
 __do_sys_getsockopt net/socket.c:2412 [inline]
 __se_sys_getsockopt net/socket.c:2409 [inline]
 __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2409
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 1752
hardirqs last  enabled at (1751): [<ffff8000802a79c4>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1397 [inline]
hardirqs last  enabled at (1751): [<ffff8000802a79c4>] finish_lock_switch+0xbc/0x1e4 kernel/sched/core.c:5163
hardirqs last disabled at (1752): [<ffff80008a73780c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:470
softirqs last  enabled at (1730): [<ffff80008887d278>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (1730): [<ffff80008887d278>] lock_sock_nested net/core/sock.c:3542 [inline]
softirqs last  enabled at (1730): [<ffff80008887d278>] lock_sock include/net/sock.h:1671 [inline]
softirqs last  enabled at (1730): [<ffff80008887d278>] sockopt_lock_sock+0xf8/0x148 net/core/sock.c:1061
softirqs last disabled at (1728): [<ffff80008887d220>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1728): [<ffff80008887d220>] lock_sock_nested net/core/sock.c:3538 [inline]
softirqs last disabled at (1728): [<ffff80008887d220>] lock_sock include/net/sock.h:1671 [inline]
softirqs last disabled at (1728): [<ffff80008887d220>] sockopt_lock_sock+0xa0/0x148 net/core/sock.c:1061
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
cleanup rbuf bug: copied 8EC065BF seq 8EC06588 rcvnxt 8EC06588
WARNING: CPU: 0 PID: 6454 at net/ipv4/tcp.c:1502 tcp_cleanup_rbuf net/ipv4/tcp.c:1500 [inline]
WARNING: CPU: 0 PID: 6454 at net/ipv4/tcp.c:1502 tcp_recvmsg_locked+0x19b0/0x1cf8 net/ipv4/tcp.c:2548
Modules linked in:
CPU: 0 PID: 6454 Comm: syz-executor.1 Tainted: G        W          6.9.0-rc2-syzkaller-00080-gc85af715cac0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : tcp_cleanup_rbuf net/ipv4/tcp.c:1500 [inline]
pc : tcp_recvmsg_locked+0x19b0/0x1cf8 net/ipv4/tcp.c:2548
lr : tcp_cleanup_rbuf net/ipv4/tcp.c:1500 [inline]
lr : tcp_recvmsg_locked+0x19b0/0x1cf8 net/ipv4/tcp.c:2548
sp : ffff80009cc67160
x29: ffff80009cc67320 x28: ffff70001398ce54 x27: ffff0000cadc0d28
x26: ffff0000cd9ad270 x25: ffff0000cadc0d28 x24: ffff0000cadc0c40
x23: 0000000000000000 x22: 0000000000000037 x21: 000000008ec06588
x20: 000000008ec065bf x19: dfff800000000000 x18: 1fffe00036841796
x17: ffff80008e17d000 x16: ffff80008032e768 x15: 0000000000000001
x14: 1fffe00036844390 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : c9a79c1e3a416f00
x8 : c9a79c1e3a416f00 x7 : ffff8000802a7924 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80008a89f7c0 x0 : ffff800126140000
Call trace:
 tcp_cleanup_rbuf net/ipv4/tcp.c:1500 [inline]
 tcp_recvmsg_locked+0x19b0/0x1cf8 net/ipv4/tcp.c:2548
 receive_fallback_to_copy net/ipv4/tcp.c:1877 [inline]
 tcp_zerocopy_receive+0x660/0x1e60 net/ipv4/tcp.c:2109
 do_tcp_getsockopt+0x1cc4/0x2a8c net/ipv4/tcp.c:4290
 tcp_getsockopt+0x6c/0xe8 net/ipv4/tcp.c:4377
 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3700
 do_sock_getsockopt+0x274/0x660 net/socket.c:2373
 __sys_getsockopt+0x120/0x19c net/socket.c:2402
 __do_sys_getsockopt net/socket.c:2412 [inline]
 __se_sys_getsockopt net/socket.c:2409 [inline]
 __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2409
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 2204
hardirqs last  enabled at (2203): [<ffff8000802a79c4>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1397 [inline]
hardirqs last  enabled at (2203): [<ffff8000802a79c4>] finish_lock_switch+0xbc/0x1e4 kernel/sched/core.c:5163
hardirqs last disabled at (2204): [<ffff80008a73780c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:470
softirqs last  enabled at (2186): [<ffff8000800218e4>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (2186): [<ffff8000800218e4>] __do_softirq+0xb10/0xd2c kernel/softirq.c:583
softirqs last disabled at (2007): [<ffff80008002ad34>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
---[ end trace 0000000000000000 ]---