WARNING in dev_change_net_namespace
27 views
Skip to first unread message
syzbot
Feb 11, 2020, 11:06:11 AM2/11/20
to and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, ku...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
Hello,
syzbot found the following crash on:
HEAD commit: 0a679e13 Merge branch 'for-5.6-fixes' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15142701e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6780df5a5f208964
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
------------[ cut here ]------------
WARNING: CPU: 0 PID: 24839 at net/core/dev.c:10108 dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Code: b7 f9 02 01 48 c7 c7 5d 66 e6 88 48 c7 c6 b4 42 04 89 ba 25 27 00 00 31 c0 e8 6d a6 dc fa 0f 0b e9 0d eb ff ff e8 a1 e6 0a fb <0f> 0b e9 2f fe ff ff e8 95 e6 0a fb c6 05 05 b7 f9 02 01 48 c7 c7
RSP: 0018:ffffc90001ae7140 EFLAGS: 00010246
RAX: ffffffff866c18df RBX: 00000000fffffff4 RCX: 0000000000040000
RDX: ffffc90012028000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffc90001ae7240 R08: ffffffff866c1700 R09: fffffbfff1406318
R10: fffffbfff1406318 R11: 0000000000000000 R12: ffff8880918d2b60
R13: ffff8880918d20b8 R14: ffffc90001ae71e8 R15: ffffc90001ae71e0
do_setlink+0x196/0x3880 net/core/rtnetlink.c:2501
__rtnl_newlink net/core/rtnetlink.c:3252 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3377
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5438
netlink_rcv_skb+0x19e/0x3e0 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5456
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0x766/0x920 net/netlink/af_netlink.c:1328
netlink_sendmsg+0xa2b/0xd40 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x4f7/0x7f0 net/socket.c:2343
___sys_sendmsg net/socket.c:2397 [inline]
__sys_sendmsg+0x1ed/0x290 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x7f/0x90 net/socket.c:2437
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b3b9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f483611ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f483611b6d4 RCX: 000000000045b3b9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 0a679e13 Merge branch 'for-5.6-fixes' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15142701e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6780df5a5f208964
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
------------[ cut here ]------------
WARNING: CPU: 0 PID: 24839 at net/core/dev.c:10108 dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x155f/0x16b0 net/core/dev.c:10108
Code: b7 f9 02 01 48 c7 c7 5d 66 e6 88 48 c7 c6 b4 42 04 89 ba 25 27 00 00 31 c0 e8 6d a6 dc fa 0f 0b e9 0d eb ff ff e8 a1 e6 0a fb <0f> 0b e9 2f fe ff ff e8 95 e6 0a fb c6 05 05 b7 f9 02 01 48 c7 c7
RSP: 0018:ffffc90001ae7140 EFLAGS: 00010246
RAX: ffffffff866c18df RBX: 00000000fffffff4 RCX: 0000000000040000
RDX: ffffc90012028000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffc90001ae7240 R08: ffffffff866c1700 R09: fffffbfff1406318
R10: fffffbfff1406318 R11: 0000000000000000 R12: ffff8880918d2b60
R13: ffff8880918d20b8 R14: ffffc90001ae71e8 R15: ffffc90001ae71e0
do_setlink+0x196/0x3880 net/core/rtnetlink.c:2501
__rtnl_newlink net/core/rtnetlink.c:3252 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3377
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5438
netlink_rcv_skb+0x19e/0x3e0 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5456
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0x766/0x920 net/netlink/af_netlink.c:1328
netlink_sendmsg+0xa2b/0xd40 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x4f7/0x7f0 net/socket.c:2343
___sys_sendmsg net/socket.c:2397 [inline]
__sys_sendmsg+0x1ed/0x290 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x7f/0x90 net/socket.c:2437
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b3b9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f483611ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f483611b6d4 RCX: 000000000045b3b9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000009cb R14: 00000000004cb3dd R15: 0000000000000016
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Eric W. Biederman
Feb 13, 2020, 2:02:47 PM2/13/20
to syzbot, and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, ku...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
syzbot <syzbot+830c6d...@syzkaller.appspotmail.com> writes:
> Hello,
Has someone messed up the network device kobject support.
I don't have the exact same code as listed here so I may
be misreading things. But the only WARN_ON I see in
dev_change_net_namespaces is from kobject_rename.
It is not supposed to be possible for that to fail.
Historically it only failed when network devices were put into sysfs
in a way that required network devices to have names separate from
sysfs files. We fixed that ages ago, so I don't have a clue why
kobject_rename would be failing now.
szybot any idea what network device was changing network namespaces?
Eric
> Hello,
Has someone messed up the network device kobject support.
I don't have the exact same code as listed here so I may
be misreading things. But the only WARN_ON I see in
dev_change_net_namespaces is from kobject_rename.
It is not supposed to be possible for that to fail.
Historically it only failed when network devices were put into sysfs
in a way that required network devices to have names separate from
sysfs files. We fixed that ages ago, so I don't have a clue why
kobject_rename would be failing now.
szybot any idea what network device was changing network namespaces?
Eric
Eric Dumazet
Feb 13, 2020, 2:57:46 PM2/13/20
to Eric W. Biederman, syzbot, and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, ku...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
On 2/13/20 11:00 AM, Eric W. Biederman wrote:
> syzbot <syzbot+830c6d...@syzkaller.appspotmail.com> writes:
>
>> Hello,
>
> Has someone messed up the network device kobject support.
> I don't have the exact same code as listed here so I may
> be misreading things. But the only WARN_ON I see in
> dev_change_net_namespaces is from kobject_rename.
>
> It is not supposed to be possible for that to fail.
syzbot is using fault injection to force few kmalloc() to return NULL
Eric Dumazet
Feb 13, 2020, 3:00:24 PM2/13/20
to Eric W. Biederman, syzbot, and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, ku...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
On 2/13/20 11:57 AM, Eric Dumazet wrote:
>
>
> On 2/13/20 11:00 AM, Eric W. Biederman wrote:
>> syzbot <syzbot+830c6d...@syzkaller.appspotmail.com> writes:
>>
>>> Hello,
>>
>> Has someone messed up the network device kobject support.
>> I don't have the exact same code as listed here so I may
>> be misreading things. But the only WARN_ON I see in
>> dev_change_net_namespaces is from kobject_rename.
>>
>> It is not supposed to be possible for that to fail.
>
> Well, this code is attempting kmalloc() calls, so can definitely fail.
>
> syzbot is using fault injection to force few kmalloc() to return NULL
[ 533.360275][T24839] name failslab, interval 1, probability 0, space 0, times 0
[ 533.418952][T24839] CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[ 533.427669][T24839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 533.437873][T24839] Call Trace:
[ 533.441188][T24839] dump_stack+0x1fb/0x318
[ 533.445677][T24839] should_fail+0x4b8/0x660
[ 533.450125][T24839] __should_failslab+0xb9/0xe0
[ 533.454913][T24839] ? kzalloc+0x21/0x40
[ 533.459000][T24839] should_failslab+0x9/0x20
[ 533.463524][T24839] __kmalloc+0x7a/0x340
[ 533.467698][T24839] kzalloc+0x21/0x40
[ 533.471604][T24839] kobject_rename+0x12f/0x4d0
[ 533.476399][T24839] ? sysfs_rename_link_ns+0x179/0x1b0
[ 533.481782][T24839] device_rename+0x16d/0x190
[ 533.486380][T24839] dev_change_net_namespace+0x1375/0x16b0
[ 533.492550][T24839] ? ns_capable+0x91/0xf0
[ 533.496900][T24839] ? netlink_ns_capable+0xcf/0x100
[ 533.502038][T24839] ? rtnl_link_get_net_capable+0x136/0x280
[ 533.508470][T24839] do_setlink+0x196/0x3880
[ 533.512943][T24839] ? __kasan_check_read+0x11/0x20
[ 533.517992][T24839] rtnl_newlink+0x1509/0x1c00
syzbot
Jun 6, 2020, 6:21:15 AM6/6/20
to and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ebie...@xmission.com, edum...@google.com, eric.d...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10112212100000
kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8201 at net/core/dev.c:10239 dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
panic+0x264/0x7a0 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1ac/0x2d0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:105 [inline]
do_error_trap+0xca/0x1c0 arch/x86/kernel/traps.c:197
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:216
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
Code: 5f 00 03 01 48 c7 c7 2c 28 e9 88 48 c7 c6 6f 6d 07 89 ba a8 27 00 00 31 c0 e8 c1 76 de fa 0f 0b e9 f5 ea ff ff e8 85 b0 0c fb <0f> 0b e9 fb fd ff ff e8 79 b0 0c fb 0f 0b e9 1b fe ff ff e8 6d b0
RSP: 0018:ffffc9000a3f7160 EFLAGS: 00010293
RAX: ffffffff8667f2ab RBX: 00000000fffffff4 RCX: ffff88808f6d43c0
RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
RBP: ffffc9000a3f7270 R08: ffffffff8667f096 R09: ffffed1015d270fc
R10: ffffed1015d270fc R11: 0000000000000000 R12: ffff8880888600b8
R13: ffff888088860b90 R14: dffffc0000000000 R15: dffffc0000000000
do_setlink+0x196/0x3900 net/core/rtnetlink.c:2510
__rtnl_newlink net/core/rtnetlink.c:3273 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3398
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5461
netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2469
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1329
netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1918
___sys_sendmsg net/socket.c:2406 [inline]
__sys_sendmsg+0x2b1/0x360 net/socket.c:2439
do_syscall_64+0xf3/0x1b0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca69
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9ea16a0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500f80 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
HEAD commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10112212100000
kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12032832100000
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8201 at net/core/dev.c:10239 dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8201 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1e9/0x30e lib/dump_stack.c:118
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
panic+0x264/0x7a0 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1ac/0x2d0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:105 [inline]
do_error_trap+0xca/0x1c0 arch/x86/kernel/traps.c:197
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:216
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:dev_change_net_namespace+0x15bb/0x1710 net/core/dev.c:10239
Code: 5f 00 03 01 48 c7 c7 2c 28 e9 88 48 c7 c6 6f 6d 07 89 ba a8 27 00 00 31 c0 e8 c1 76 de fa 0f 0b e9 f5 ea ff ff e8 85 b0 0c fb <0f> 0b e9 fb fd ff ff e8 79 b0 0c fb 0f 0b e9 1b fe ff ff e8 6d b0
RSP: 0018:ffffc9000a3f7160 EFLAGS: 00010293
RAX: ffffffff8667f2ab RBX: 00000000fffffff4 RCX: ffff88808f6d43c0
RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
RBP: ffffc9000a3f7270 R08: ffffffff8667f096 R09: ffffed1015d270fc
R10: ffffed1015d270fc R11: 0000000000000000 R12: ffff8880888600b8
R13: ffff888088860b90 R14: dffffc0000000000 R15: dffffc0000000000
do_setlink+0x196/0x3900 net/core/rtnetlink.c:2510
__rtnl_newlink net/core/rtnetlink.c:3273 [inline]
rtnl_newlink+0x1509/0x1c00 net/core/rtnetlink.c:3398
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5461
netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2469
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1329
netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x519/0x800 net/socket.c:2352
sock_sendmsg net/socket.c:672 [inline]
___sys_sendmsg net/socket.c:2406 [inline]
__sys_sendmsg+0x2b1/0x360 net/socket.c:2439
do_syscall_64+0xf3/0x1b0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca69
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9ea16a0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500f80 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 0000000000000a04 R14: 00000000004cce0c R15: 00007f9ea16a16d4
syzbot
Jun 6, 2020, 10:03:04 AM6/6/20
to and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ebie...@xmission.com, edum...@google.com, eric.d...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, le...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, saipraka...@codeaurora.org, songliu...@fb.com, suzuki....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org, y...@fb.com
syzbot has bisected this bug to:
commit 13dc4d836179444f0ca90188cfccd23f9cd9ff05
Author: Will Deacon <wi...@kernel.org>
Date: Tue Apr 21 14:29:18 2020 +0000
arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109aa3b1100000
start commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=129aa3b1100000
console output: https://syzkaller.appspot.com/x/log.txt?x=149aa3b1100000
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
Fixes: 13dc4d836179 ("arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 13dc4d836179444f0ca90188cfccd23f9cd9ff05
Author: Will Deacon <wi...@kernel.org>
Date: Tue Apr 21 14:29:18 2020 +0000
arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109aa3b1100000
start commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=129aa3b1100000
console output: https://syzkaller.appspot.com/x/log.txt?x=149aa3b1100000
kernel config: https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12032832100000
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
Reported-by: syzbot+830c6d...@syzkaller.appspotmail.com
Fixes: 13dc4d836179 ("arm64: cpufeature: Remove redundant call to id_aa64pfr0_32bit_el0()")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Will Deacon
Jun 8, 2020, 3:09:39 AM6/8/20
to syzbot, and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, ebie...@xmission.com, edum...@google.com, eric.d...@gmail.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, le...@kernel.org, linux-...@vger.kernel.org, mkub...@suse.cz, net...@vger.kernel.org, saipraka...@codeaurora.org, songliu...@fb.com, suzuki....@arm.com, syzkall...@googlegroups.com, y...@fb.com
Will
syzbot
Dec 21, 2021, 3:03:11 PM12/21/21
to and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, dsa...@kernel.org, ebie...@xmission.com, edum...@google.com, eric.d...@gmail.com, f...@strlen.de, harshit.m....@oracle.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, le...@kernel.org, linux-...@vger.kernel.org, marcelo...@gmail.com, mkub...@suse.cz, net...@vger.kernel.org, ro...@cumulusnetworks.com, saipraka...@codeaurora.org, songliu...@fb.com, suzuki....@arm.com, syzkall...@googlegroups.com, tonymaris...@yandex.com, wi...@kernel.org, yajun...@linux.dev, y...@fb.com
syzbot suspects this issue was fixed by commit:
commit f123cffdd8fe8ea6c7fded4b88516a42798797d0
Author: Harshit Mogalapalli <harshit.m....@oracle.com>
Date: Mon Nov 29 17:53:27 2021 +0000
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=168acc95b00000
start commit: 990f227371a4 Merge tag 's390-5.9-2' of git://git.kernel.or..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=21f0d1d2df6d5fc
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101761e2900000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
commit f123cffdd8fe8ea6c7fded4b88516a42798797d0
Author: Harshit Mogalapalli <harshit.m....@oracle.com>
Date: Mon Nov 29 17:53:27 2021 +0000
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=168acc95b00000
start commit: 990f227371a4 Merge tag 's390-5.9-2' of git://git.kernel.or..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=21f0d1d2df6d5fc
dashboard link: https://syzkaller.appspot.com/bug?extid=830c6dbfc71edc4f0b8f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101761e2900000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
Dmitry Vyukov
May 19, 2022, 7:18:48 AM5/19/22
to syzbot, and...@fb.com, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, dsa...@kernel.org, ebie...@xmission.com, edum...@google.com, eric.d...@gmail.com, f...@strlen.de, harshit.m....@oracle.com, ha...@kernel.org, ji...@mellanox.com, johann...@intel.com, john.fa...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, le...@kernel.org, linux-...@vger.kernel.org, marcelo...@gmail.com, mkub...@suse.cz, net...@vger.kernel.org, ro...@cumulusnetworks.com, saipraka...@codeaurora.org, songliu...@fb.com, suzuki....@arm.com, syzkall...@googlegroups.com, tonymaris...@yandex.com, wi...@kernel.org, yajun...@linux.dev, y...@fb.com
Reply all
Reply to author
Forward
0 new messages