Hi Florian, kernel test robot noticed the following build warnings: [auto build test WARNING on linus/master] [also build test WARNING on v6.4-rc5 next-20230606] [cannot apply to nf-next/master] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Florian-Westphal/netfilter-snat-evict-closing-tcp-entries-on-reply-tuple-collision/20230606-205654 base: linus/master patch link: https://lore.kernel.org/r/20230606125421.15487-1-fw%40strlen.de patch subject: [PATCH nf-next] netfilter: snat: evict closing tcp entries on reply tuple collision config: x86_64-randconfig-a014-20230606 (https://download.01.org/0day-ci/archive/20230607/202306070406.KtN7gaNL-lkp@xxxxxxxxx/config) compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project.git 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a) reproduce (this is a W=1 build): mkdir -p ~/bin wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout linus/master b4 shazam https://lore.kernel.org/r/20230606125421.15487-1-fw@xxxxxxxxx # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=x86_64 olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang ~/bin/make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash net/netfilter/ If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202306070406.KtN7gaNL-lkp@xxxxxxxxx/ All warnings (new ones prefixed by >>): >> net/netfilter/nf_nat_core.c:262:6: warning: variable 'ct' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] if (thash->tuple.dst.dir == IP_CT_DIR_ORIGINAL) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/netfilter/nf_nat_core.c:280:12: note: uninitialized use occurs here nf_ct_put(ct); ^~ net/netfilter/nf_nat_core.c:262:2: note: remove the 'if' if its condition is always false if (thash->tuple.dst.dir == IP_CT_DIR_ORIGINAL) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/netfilter/nf_nat_core.c:239:20: note: initialize the variable 'ct' to silence this warning struct nf_conn *ct; ^ = NULL 1 warning generated. vim +262 net/netfilter/nf_nat_core.c 228 229 static int 230 nf_nat_used_tuple_harder(const struct nf_conntrack_tuple *tuple, 231 const struct nf_conn *ignored_conntrack, 232 unsigned int attempts_left) 233 { 234 static const unsigned long flags_offload = IPS_OFFLOAD | IPS_HW_OFFLOAD; 235 struct nf_conntrack_tuple_hash *thash; 236 const struct nf_conntrack_zone *zone; 237 struct nf_conntrack_tuple reply; 238 unsigned long flags; 239 struct nf_conn *ct; 240 bool taken = true; 241 struct net *net; 242 243 nf_ct_invert_tuple(&reply, tuple); 244 245 if (attempts_left > NF_NAT_HARDER_THRESH || 246 tuple->dst.protonum != IPPROTO_TCP || 247 ignored_conntrack->proto.tcp.state != TCP_CONNTRACK_SYN_SENT) 248 return nf_conntrack_tuple_taken(&reply, ignored_conntrack); 249 250 /* :ast few attempts to find a free tcp port. Destructive 251 * action: evict colliding if its in timewait state and the 252 * tcp sequence number has advanced past the one used by the 253 * old entry. 254 */ 255 net = nf_ct_net(ignored_conntrack); 256 zone = nf_ct_zone(ignored_conntrack); 257 258 thash = nf_conntrack_find_get(net, zone, &reply); 259 if (!thash) 260 return false; 261 > 262 if (thash->tuple.dst.dir == IP_CT_DIR_ORIGINAL) 263 goto out; 264 265 ct = nf_ct_tuplehash_to_ctrack(thash); 266 if (WARN_ON_ONCE(ct == ignored_conntrack)) 267 goto out; 268 269 flags = READ_ONCE(ct->status); 270 if (!nf_nat_may_kill(ct, flags)) 271 goto out; 272 273 if (!nf_seq_has_advanced(ct, ignored_conntrack)) 274 goto out; 275 276 /* Even if we can evict do not reuse if entry is offloaded. */ 277 if (nf_ct_kill(ct)) 278 taken = flags & flags_offload; 279 out: 280 nf_ct_put(ct); 281 return taken; 282 } 283 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
