* WARNING in dev_change_net_namespace
@ 2020-02-11 16:06 syzbot
2020-02-13 19:00 ` Eric W. Biederman
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: syzbot @ 2020-02-11 16:06 UTC (permalink / raw)
To: andriin, ast, bpf, daniel, davem, dsahern, hawk, jiri,
johannes.berg, john.fastabend, kafai, kuba, linux-kernel,
mkubecek, netdev, songliubraving, syzkaller-bugs, yhs
Hello,
syzbot found the following crash on:
HEAD commit: 0a679e13 Merge branch 'for-5.6-fixes' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15142701e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6780df5a5f208964
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
------------[ cut here ]------------
WARNING: CPU: 0 PID: 24839 at net/core/dev.c:10108 dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Code: b7 f9 02 01 48 c7 c7 5d 66 e6 88 48 c7 c6 b4 42 04 89 ba 25 27 00 00 31 c0 e8 6d a6 dc fa 0f 0b e9 0d eb ff ff e8 a1 e6 0a fb <0f> 0b e9 2f fe ff ff e8 95 e6 0a fb c6 05 05 b7 f9 02 01 48 c7 c7
RSP: 0018:ffffc90001ae7140 EFLAGS: 00010246
RAX: ffffffff866c18df RBX: 00000000fffffff4 RCX: 0000000000040000
RDX: ffffc90012028000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffc90001ae7240 R08: ffffffff866c1700 R09: fffffbfff1406318
R10: fffffbfff1406318 R11: 0000000000000000 R12: ffff8880918d2b60
R13: ffff8880918d20b8 R14: ffffc90001ae71e8 R15: ffffc90001ae71e0
do_setlink+0x196/0x3880 net/core/rtnetlink.c:2501
__rtnl_newlink net/core/rtnetlink.c:3252 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3377
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5438
netlink_rcv_skb+0x19e/0x3e0 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5456
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0x766/0x920 net/netlink/af_netlink.c:1328
netlink_sendmsg+0xa2b/0xd40 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x4f7/0x7f0 net/socket.c:2343
___sys_sendmsg net/socket.c:2397 [inline]
__sys_sendmsg+0x1ed/0x290 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x7f/0x90 net/socket.c:2437
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b3b9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f483611ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f483611b6d4 RCX: 000000000045b3b9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-02-11 16:06 WARNING in dev_change_net_namespace syzbot
@ 2020-02-13 19:00 ` Eric W. Biederman
2020-02-13 19:57 ` Eric Dumazet
2020-06-06 10:21 ` syzbot
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Eric W. Biederman @ 2020-02-13 19:00 UTC (permalink / raw)
To: syzbot
Cc: andriin, ast, bpf, daniel, davem, dsahern, hawk, jiri,
johannes.berg, john.fastabend, kafai, kuba, linux-kernel,
mkubecek, netdev, songliubraving, syzkaller-bugs, yhs
syzbot <syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com> writes:
> Hello,
Has someone messed up the network device kobject support.
I don't have the exact same code as listed here so I may
be misreading things. But the only WARN_ON I see in
dev_change_net_namespaces is from kobject_rename.
It is not supposed to be possible for that to fail.
Historically it only failed when network devices were put into sysfs
in a way that required network devices to have names separate from
sysfs files. We fixed that ages ago, so I don't have a clue why
kobject_rename would be failing now.
szybot any idea what network device was changing network namespaces?
Eric
> syzbot found the following crash on:
>
> HEAD commit: 0a679e13 Merge branch 'for-5.6-fixes' of git://git.kernel...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15142701e00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6780df5a5f208964
> dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
> compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
>
> RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
> RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
> R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 24839 at net/core/dev.c:10108 dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
> Kernel panic - not syncing: panic_on_warn set ...
> CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1fb/0x318 lib/dump_stack.c:118
> panic+0x264/0x7a9 kernel/panic.c:221
> __warn+0x209/0x210 kernel/panic.c:582
> report_bug+0x1b6/0x2f0 lib/bug.c:195
> fixup_bug arch/x86/kernel/traps.c:174 [inline]
> do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
> do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
> invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
> RIP: 0010:dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
> Code: b7 f9 02 01 48 c7 c7 5d 66 e6 88 48 c7 c6 b4 42 04 89 ba 25 27 00 00 31 c0 e8 6d a6 dc fa 0f 0b e9 0d eb ff ff e8 a1 e6 0a fb <0f> 0b e9 2f fe ff ff e8 95 e6 0a fb c6 05 05 b7 f9 02 01 48 c7 c7
> RSP: 0018:ffffc90001ae7140 EFLAGS: 00010246
> RAX: ffffffff866c18df RBX: 00000000fffffff4 RCX: 0000000000040000
> RDX: ffffc90012028000 RSI: 000000000003ffff RDI: 0000000000040000
> RBP: ffffc90001ae7240 R08: ffffffff866c1700 R09: fffffbfff1406318
> R10: fffffbfff1406318 R11: 0000000000000000 R12: ffff8880918d2b60
> R13: ffff8880918d20b8 R14: ffffc90001ae71e8 R15: ffffc90001ae71e0
> do_setlink+0x196/0x3880 net/core/rtnetlink.c:2501
> __rtnl_newlink net/core/rtnetlink.c:3252 [inline]
> rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3377
> rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5438
> netlink_rcv_skb+0x19e/0x3e0 net/netlink/af_netlink.c:2477
> rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5456
> netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
> netlink_unicast+0x766/0x920 net/netlink/af_netlink.c:1328
> netlink_sendmsg+0xa2b/0xd40 net/netlink/af_netlink.c:1917
> sock_sendmsg_nosec net/socket.c:652 [inline]
> sock_sendmsg net/socket.c:672 [inline]
> ____sys_sendmsg+0x4f7/0x7f0 net/socket.c:2343
> ___sys_sendmsg net/socket.c:2397 [inline]
> __sys_sendmsg+0x1ed/0x290 net/socket.c:2430
> __do_sys_sendmsg net/socket.c:2439 [inline]
> __se_sys_sendmsg net/socket.c:2437 [inline]
> __x64_sys_sendmsg+0x7f/0x90 net/socket.c:2437
> do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x45b3b9
> Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007f483611ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> RAX: ffffffffffffffda RBX: 00007f483611b6d4 RCX: 000000000045b3b9
> RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
> RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
> R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-02-13 19:00 ` Eric W. Biederman
@ 2020-02-13 19:57 ` Eric Dumazet
2020-02-13 20:00 ` Eric Dumazet
0 siblings, 1 reply; 9+ messages in thread
From: Eric Dumazet @ 2020-02-13 19:57 UTC (permalink / raw)
To: Eric W. Biederman, syzbot
Cc: andriin, ast, bpf, daniel, davem, dsahern, hawk, jiri,
johannes.berg, john.fastabend, kafai, kuba, linux-kernel,
mkubecek, netdev, songliubraving, syzkaller-bugs, yhs
On 2/13/20 11:00 AM, Eric W. Biederman wrote:
> syzbot <syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com> writes:
>
>> Hello,
>
> Has someone messed up the network device kobject support.
> I don't have the exact same code as listed here so I may
> be misreading things. But the only WARN_ON I see in
> dev_change_net_namespaces is from kobject_rename.
>
> It is not supposed to be possible for that to fail.
Well, this code is attempting kmalloc() calls, so can definitely fail.
syzbot is using fault injection to force few kmalloc() to return NULL
>
> Historically it only failed when network devices were put into sysfs
> in a way that required network devices to have names separate from
> sysfs files. We fixed that ages ago, so I don't have a clue why
> kobject_rename would be failing now.
>
> szybot any idea what network device was changing network namespaces?
>
> Eric
>
>
>> syzbot found the following crash on:
>>
>> HEAD commit: 0a679e13 Merge branch 'for-5.6-fixes' of git://git.kernel...
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=15142701e00000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=6780df5a5f208964
>> dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
>> compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
>>
>> Unfortunately, I don't have any reproducer for this crash yet.
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
>>
>> RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
>> RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
>> R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
>> ------------[ cut here ]------------
>> WARNING: CPU: 0 PID: 24839 at net/core/dev.c:10108 dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
>> Kernel panic - not syncing: panic_on_warn set ...
>> CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
>> Call Trace:
>> __dump_stack lib/dump_stack.c:77 [inline]
>> dump_stack+0x1fb/0x318 lib/dump_stack.c:118
>> panic+0x264/0x7a9 kernel/panic.c:221
>> __warn+0x209/0x210 kernel/panic.c:582
>> report_bug+0x1b6/0x2f0 lib/bug.c:195
>> fixup_bug arch/x86/kernel/traps.c:174 [inline]
>> do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
>> do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
>> invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
>> RIP: 0010:dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
>> Code: b7 f9 02 01 48 c7 c7 5d 66 e6 88 48 c7 c6 b4 42 04 89 ba 25 27 00 00 31 c0 e8 6d a6 dc fa 0f 0b e9 0d eb ff ff e8 a1 e6 0a fb <0f> 0b e9 2f fe ff ff e8 95 e6 0a fb c6 05 05 b7 f9 02 01 48 c7 c7
>> RSP: 0018:ffffc90001ae7140 EFLAGS: 00010246
>> RAX: ffffffff866c18df RBX: 00000000fffffff4 RCX: 0000000000040000
>> RDX: ffffc90012028000 RSI: 000000000003ffff RDI: 0000000000040000
>> RBP: ffffc90001ae7240 R08: ffffffff866c1700 R09: fffffbfff1406318
>> R10: fffffbfff1406318 R11: 0000000000000000 R12: ffff8880918d2b60
>> R13: ffff8880918d20b8 R14: ffffc90001ae71e8 R15: ffffc90001ae71e0
>> do_setlink+0x196/0x3880 net/core/rtnetlink.c:2501
>> __rtnl_newlink net/core/rtnetlink.c:3252 [inline]
>> rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3377
>> rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5438
>> netlink_rcv_skb+0x19e/0x3e0 net/netlink/af_netlink.c:2477
>> rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5456
>> netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
>> netlink_unicast+0x766/0x920 net/netlink/af_netlink.c:1328
>> netlink_sendmsg+0xa2b/0xd40 net/netlink/af_netlink.c:1917
>> sock_sendmsg_nosec net/socket.c:652 [inline]
>> sock_sendmsg net/socket.c:672 [inline]
>> ____sys_sendmsg+0x4f7/0x7f0 net/socket.c:2343
>> ___sys_sendmsg net/socket.c:2397 [inline]
>> __sys_sendmsg+0x1ed/0x290 net/socket.c:2430
>> __do_sys_sendmsg net/socket.c:2439 [inline]
>> __se_sys_sendmsg net/socket.c:2437 [inline]
>> __x64_sys_sendmsg+0x7f/0x90 net/socket.c:2437
>> do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x45b3b9
>> Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
>> RSP: 002b:00007f483611ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
>> RAX: ffffffffffffffda RBX: 00007f483611b6d4 RCX: 000000000045b3b9
>> RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
>> RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
>> R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
>> Kernel Offset: disabled
>> Rebooting in 86400 seconds..
>>
>>
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-02-13 19:57 ` Eric Dumazet
@ 2020-02-13 20:00 ` Eric Dumazet
0 siblings, 0 replies; 9+ messages in thread
From: Eric Dumazet @ 2020-02-13 20:00 UTC (permalink / raw)
To: Eric W. Biederman, syzbot
Cc: andriin, ast, bpf, daniel, davem, dsahern, hawk, jiri,
johannes.berg, john.fastabend, kafai, kuba, linux-kernel,
mkubecek, netdev, songliubraving, syzkaller-bugs, yhs
On 2/13/20 11:57 AM, Eric Dumazet wrote:
>
>
> On 2/13/20 11:00 AM, Eric W. Biederman wrote:
>> syzbot <syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com> writes:
>>
>>> Hello,
>>
>> Has someone messed up the network device kobject support.
>> I don't have the exact same code as listed here so I may
>> be misreading things. But the only WARN_ON I see in
>> dev_change_net_namespaces is from kobject_rename.
>>
>> It is not supposed to be possible for that to fail.
>
> Well, this code is attempting kmalloc() calls, so can definitely fail.
>
> syzbot is using fault injection to force few kmalloc() to return NULL
[ 533.360275][T24839] FAULT_INJECTION: forcing a failure.
[ 533.360275][T24839] name failslab, interval 1, probability 0, space 0, times 0
[ 533.418952][T24839] CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[ 533.427669][T24839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 533.437873][T24839] Call Trace:
[ 533.441188][T24839] dump_stack+0x1fb/0x318
[ 533.445677][T24839] should_fail+0x4b8/0x660
[ 533.450125][T24839] __should_failslab+0xb9/0xe0
[ 533.454913][T24839] ? kzalloc+0x21/0x40
[ 533.459000][T24839] should_failslab+0x9/0x20
[ 533.463524][T24839] __kmalloc+0x7a/0x340
[ 533.467698][T24839] kzalloc+0x21/0x40
[ 533.471604][T24839] kobject_rename+0x12f/0x4d0
[ 533.476399][T24839] ? sysfs_rename_link_ns+0x179/0x1b0
[ 533.481782][T24839] device_rename+0x16d/0x190
[ 533.486380][T24839] dev_change_net_namespace+0x1375/0x16b0
[ 533.492550][T24839] ? ns_capable+0x91/0xf0
[ 533.496900][T24839] ? netlink_ns_capable+0xcf/0x100
[ 533.502038][T24839] ? rtnl_link_get_net_capable+0x136/0x280
[ 533.508470][T24839] do_setlink+0x196/0x3880
[ 533.512943][T24839] ? __kasan_check_read+0x11/0x20
[ 533.517992][T24839] rtnl_newlink+0x1509/0x1c00
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-02-11 16:06 WARNING in dev_change_net_namespace syzbot
2020-02-13 19:00 ` Eric W. Biederman
@ 2020-06-06 10:21 ` syzbot
2020-06-06 14:03 ` syzbot
2021-12-21 20:03 ` [syzbot] " syzbot
3 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2020-06-06 10:21 UTC (permalink / raw)
To: andriin, ast, bpf, daniel, davem, dsahern, ebiederm, edumazet,
eric.dumazet, hawk, jiri, johannes.berg, john.fastabend, kafai,
kpsingh, kuba, linux-kernel, mkubecek, netdev, songliubraving,
syzkaller-bugs, yhs
syzbot has found a reproducer for the following crash on:
HEAD commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10112212100000
kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12032832100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8201 at net/core/dev.c:10239 dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8201 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1e9/0x30e lib/dump_stack.c:118
panic+0x264/0x7a0 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1ac/0x2d0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:105 [inline]
do_error_trap+0xca/0x1c0 arch/x86/kernel/traps.c:197
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:216
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
Code: 5f 00 03 01 48 c7 c7 2c 28 e9 88 48 c7 c6 6f 6d 07 89 ba a8 27 00 00 31 c0 e8 c1 76 de fa 0f 0b e9 f5 ea ff ff e8 85 b0 0c fb <0f> 0b e9 fb fd ff ff e8 79 b0 0c fb 0f 0b e9 1b fe ff ff e8 6d b0
RSP: 0018:ffffc9000a3f7160 EFLAGS: 00010293
RAX: ffffffff8667f2ab RBX: 00000000fffffff4 RCX: ffff88808f6d43c0
RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
RBP: ffffc9000a3f7270 R08: ffffffff8667f096 R09: ffffed1015d270fc
R10: ffffed1015d270fc R11: 0000000000000000 R12: ffff8880888600b8
R13: ffff888088860b90 R14: dffffc0000000000 R15: dffffc0000000000
do_setlink+0x196/0x3900 net/core/rtnetlink.c:2510
__rtnl_newlink net/core/rtnetlink.c:3273 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3398
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5461
netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2469
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1329
netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x519/0x800 net/socket.c:2352
___sys_sendmsg net/socket.c:2406 [inline]
__sys_sendmsg+0x2b1/0x360 net/socket.c:2439
do_syscall_64+0xf3/0x1b0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca69
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9ea16a0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500f80 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
Kernel Offset: disabled
Rebooting in 86400 seconds..
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-02-11 16:06 WARNING in dev_change_net_namespace syzbot
2020-02-13 19:00 ` Eric W. Biederman
2020-06-06 10:21 ` syzbot
@ 2020-06-06 14:03 ` syzbot
2020-06-08 7:09 ` Will Deacon
2021-12-21 20:03 ` [syzbot] " syzbot
3 siblings, 1 reply; 9+ messages in thread
From: syzbot @ 2020-06-06 14:03 UTC (permalink / raw)
To: andriin, ast, bpf, daniel, davem, dsahern, ebiederm, edumazet,
eric.dumazet, hawk, jiri, johannes.berg, john.fastabend, kafai,
kpsingh, kuba, leon, linux-kernel, mkubecek, netdev,
saiprakash.ranjan, songliubraving, suzuki.poulose,
syzkaller-bugs, will, yhs
syzbot has bisected this bug to:
commit 13dc4d836179444f0ca90188cfccd23f9cd9ff05
Author: Will Deacon <will@kernel.org>
Date: Tue Apr 21 14:29:18 2020 +0000
arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109aa3b1100000
start commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=129aa3b1100000
console output: https://syzkaller.appspot.com/x/log.txt?x=149aa3b1100000
kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12032832100000
Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
Fixes: 13dc4d836179 ("arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING in dev_change_net_namespace
2020-06-06 14:03 ` syzbot
@ 2020-06-08 7:09 ` Will Deacon
0 siblings, 0 replies; 9+ messages in thread
From: Will Deacon @ 2020-06-08 7:09 UTC (permalink / raw)
To: syzbot
Cc: andriin, ast, bpf, daniel, davem, dsahern, ebiederm, edumazet,
eric.dumazet, hawk, jiri, johannes.berg, john.fastabend, kafai,
kpsingh, kuba, leon, linux-kernel, mkubecek, netdev,
saiprakash.ranjan, songliubraving, suzuki.poulose,
syzkaller-bugs, yhs
On Sat, Jun 06, 2020 at 07:03:03AM -0700, syzbot wrote:
> syzbot has bisected this bug to:
>
> commit 13dc4d836179444f0ca90188cfccd23f9cd9ff05
> Author: Will Deacon <will@kernel.org>
> Date: Tue Apr 21 14:29:18 2020 +0000
>
> arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109aa3b1100000
> start commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
> git tree: upstream
> final crash: https://syzkaller.appspot.com/x/report.txt?x=129aa3b1100000
> console output: https://syzkaller.appspot.com/x/log.txt?x=149aa3b1100000
> kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
> dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12032832100000
>
> Reported-by: syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com
> Fixes: 13dc4d836179 ("arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()")
Yeah... I doubt that very much.
Will
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING in dev_change_net_namespace
2020-02-11 16:06 WARNING in dev_change_net_namespace syzbot
` (2 preceding siblings ...)
2020-06-06 14:03 ` syzbot
@ 2021-12-21 20:03 ` syzbot
2022-05-19 11:18 ` Dmitry Vyukov
3 siblings, 1 reply; 9+ messages in thread
From: syzbot @ 2021-12-21 20:03 UTC (permalink / raw)
To: andriin, ast, bpf, daniel, davem, dsahern, dsahern, ebiederm,
edumazet, eric.dumazet, fw, harshit.m.mogalapalli, hawk, jiri,
johannes.berg, john.fastabend, kafai, kpsingh, kuba, leon,
linux-kernel, marcelo.leitner, mkubecek, netdev, roopa,
saiprakash.ranjan, songliubraving, suzuki.poulose,
syzkaller-bugs, tonymarislogistics, will, yajun.deng, yhs
syzbot suspects this issue was fixed by commit:
commit f123cffdd8fe8ea6c7fded4b88516a42798797d0
Author: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Mon Nov 29 17:53:27 2021 +0000
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=168acc95b00000
start commit: 990f227371a4 Merge tag 's390-5.9-2' of git://git.kernel.or..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=21f0d1d2df6d5fc
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101761e2900000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING in dev_change_net_namespace
2021-12-21 20:03 ` [syzbot] " syzbot
@ 2022-05-19 11:18 ` Dmitry Vyukov
0 siblings, 0 replies; 9+ messages in thread
From: Dmitry Vyukov @ 2022-05-19 11:18 UTC (permalink / raw)
To: syzbot
Cc: andriin, ast, bpf, daniel, davem, dsahern, dsahern, ebiederm,
edumazet, eric.dumazet, fw, harshit.m.mogalapalli, hawk, jiri,
johannes.berg, john.fastabend, kafai, kpsingh, kuba, leon,
linux-kernel, marcelo.leitner, mkubecek, netdev, roopa,
saiprakash.ranjan, songliubraving, suzuki.poulose,
syzkaller-bugs, tonymarislogistics, will, yajun.deng, yhs
On Tue, 21 Dec 2021 at 21:03, syzbot
<syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this issue was fixed by commit:
>
> commit f123cffdd8fe8ea6c7fded4b88516a42798797d0
> Author: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> Date: Mon Nov 29 17:53:27 2021 +0000
>
> net: netlink: af_netlink: Prevent empty skb by adding a check on len.
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=168acc95b00000
> start commit: 990f227371a4 Merge tag 's390-5.9-2' of git://git.kernel.or..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=21f0d1d2df6d5fc
> dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101761e2900000
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Looks reasonable, let's close the bug:
#syz fix:
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-05-19 11:19 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-11 16:06 WARNING in dev_change_net_namespace syzbot
2020-02-13 19:00 ` Eric W. Biederman
2020-02-13 19:57 ` Eric Dumazet
2020-02-13 20:00 ` Eric Dumazet
2020-06-06 10:21 ` syzbot
2020-06-06 14:03 ` syzbot
2020-06-08 7:09 ` Will Deacon
2021-12-21 20:03 ` [syzbot] " syzbot
2022-05-19 11:18 ` Dmitry Vyukov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.