Hello, On 03/03/2026 11:56, Matthieu Baerts (NGI0) wrote: > Syzkaller managed to find a combination of actions that was generating > this warning: (...)
> diff --git a/net/mptcp/pm_kernel.c b/net/mptcp/pm_kernel.c > index b5316a6c7d1b..b2b9df43960e 100644 > --- a/net/mptcp/pm_kernel.c > +++ b/net/mptcp/pm_kernel.c > @@ -418,6 +418,15 @@ static void > mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) > } > > exit: > + /* If an endpoint has both the signal and subflow flags, but it is not > + * possible to create subflows -- the 'while' loop body above never > + * executed -- then still mark the endp as used, which is somehow the > + * case. This avoids issues later when removing the endpoint and calling > + * __mark_subflow_endp_available(), which expects the increment here. > + */ Regarding the AI review [1], I don't think the comment should be more precise by stating each case where the 'while' loop body is not executed: such comment would easily get outdated when the conditions are modified, and we forget to update it. The commit message explains the conditions which are used today, but might change later. Also, the endpoint is considered as used, not to create a subflow, but to signal it in this strange specific case that probably only syzbot will use. [1] https://netdev-ai.bots.linux.dev/ai-review.html?id=addc1ffd-bcde-4ce7-80a5-306564dde16f Cheers, Matt -- Sponsored by the NGI0 Core fund.
