BPF Archive on lore.kernel.org
 help / color / Atom feed
From: Eric Dumazet <eric.dumazet@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
	syzbot <syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com>
Cc: andriin@fb.com, ast@kernel.org, bpf@vger.kernel.org,
	daniel@iogearbox.net, davem@davemloft.net, dsahern@gmail.com,
	hawk@kernel.org, jiri@mellanox.com, johannes.berg@intel.com,
	john.fastabend@gmail.com, kafai@fb.com, kuba@kernel.org,
	linux-kernel@vger.kernel.org, mkubecek@suse.cz,
	netdev@vger.kernel.org, songliubraving@fb.com,
	syzkaller-bugs@googlegroups.com, yhs@fb.com
Subject: Re: WARNING in dev_change_net_namespace
Date: Thu, 13 Feb 2020 12:00:21 -0800
Message-ID: <a116fc12-92ea-7609-1d60-4fd90939141a@gmail.com> (raw)
In-Reply-To: <4802635e-0ef1-b96c-e596-fa83cd597e20@gmail.com>



On 2/13/20 11:57 AM, Eric Dumazet wrote:
> 
> 
> On 2/13/20 11:00 AM, Eric W. Biederman wrote:
>> syzbot <syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com> writes:
>>
>>> Hello,
>>
>> Has someone messed up the network device kobject support.
>> I don't have the exact same code as listed here so I may
>> be misreading things.  But the only WARN_ON I see in
>> dev_change_net_namespaces is from kobject_rename.
>>
>> It is not supposed to be possible for that to fail.
> 
> Well, this code is attempting kmalloc() calls, so can definitely fail.
> 
> syzbot is using fault injection to force few kmalloc() to return NULL

[  533.360275][T24839] FAULT_INJECTION: forcing a failure.
[  533.360275][T24839] name failslab, interval 1, probability 0, space 0, times 0
[  533.418952][T24839] CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  533.427669][T24839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  533.437873][T24839] Call Trace:
[  533.441188][T24839]  dump_stack+0x1fb/0x318
[  533.445677][T24839]  should_fail+0x4b8/0x660
[  533.450125][T24839]  __should_failslab+0xb9/0xe0
[  533.454913][T24839]  ? kzalloc+0x21/0x40
[  533.459000][T24839]  should_failslab+0x9/0x20
[  533.463524][T24839]  __kmalloc+0x7a/0x340
[  533.467698][T24839]  kzalloc+0x21/0x40
[  533.471604][T24839]  kobject_rename+0x12f/0x4d0
[  533.476399][T24839]  ? sysfs_rename_link_ns+0x179/0x1b0
[  533.481782][T24839]  device_rename+0x16d/0x190
[  533.486380][T24839]  dev_change_net_namespace+0x1375/0x16b0
[  533.492550][T24839]  ? ns_capable+0x91/0xf0
[  533.496900][T24839]  ? netlink_ns_capable+0xcf/0x100
[  533.502038][T24839]  ? rtnl_link_get_net_capable+0x136/0x280
[  533.508470][T24839]  do_setlink+0x196/0x3880
[  533.512943][T24839]  ? __kasan_check_read+0x11/0x20
[  533.517992][T24839]  rtnl_newlink+0x1509/0x1c00


      reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-11 16:06 syzbot
2020-02-13 19:00 ` Eric W. Biederman
2020-02-13 19:57   ` Eric Dumazet
2020-02-13 20:00     ` Eric Dumazet [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a116fc12-92ea-7609-1d60-4fd90939141a@gmail.com \
    --to=eric.dumazet@gmail.com \
    --cc=andriin@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=hawk@kernel.org \
    --cc=jiri@mellanox.com \
    --cc=johannes.berg@intel.com \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mkubecek@suse.cz \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    --cc=syzbot+830c6dbfc71edc4f0b8f@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

BPF Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/bpf/0 bpf/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 bpf bpf/ https://lore.kernel.org/bpf \
		bpf@vger.kernel.org
	public-inbox-index bpf

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.bpf


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git