WARNING: proc registration bug in clusterip_tg_check

[syzbot]

Hello,

syzbot hit the following crash on net-next commit
617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +0000)
Merge tag 'usercopy-v4.16-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

So far this crash happened 5 times on net-next, upstream.
C reproducer is attached.
syzkaller reproducer is attached.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+03218b...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.

x_tables: ip_tables: osf match: only valid for protocol 6
x_tables: ip_tables: osf match: only valid for protocol 6
x_tables: ip_tables: osf match: only valid for protocol 6
------------[ cut here ]------------
proc_dir_entry 'ipt_CLUSTERIP/172.20.0.170' already registered
WARNING: CPU: 1 PID: 4152 at fs/proc/generic.c:330
proc_register+0x2a4/0x370 fs/proc/generic.c:329
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 4152 Comm: syzkaller851476 Not tainted 4.15.0+ #221
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
panic+0x1e4/0x41c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
report_bug+0x211/0x2d0 lib/bug.c:184
fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1097
RIP: 0010:proc_register+0x2a4/0x370 fs/proc/generic.c:329
RSP: 0018:ffff8801cbd6ee20 EFLAGS: 00010286
RAX: dffffc0000000008 RBX: ffff8801d2181038 RCX: ffffffff815a57ae
RDX: 0000000000000000 RSI: 1ffff100397add74 RDI: 1ffff100397add49
RBP: ffff8801cbd6ee70 R08: 1ffff100397add0b R09: 0000000000000000
R10: ffff8801cbd6ecd8 R11: 0000000000000000 R12: ffff8801b2bb1cc0
R13: dffffc0000000000 R14: ffff8801b0d8dbc8 R15: ffff8801b2bb1d81
proc_create_data+0xf8/0x180 fs/proc/generic.c:494
clusterip_config_init net/ipv4/netfilter/ipt_CLUSTERIP.c:250 [inline]
clusterip_tg_check+0xf9c/0x16d0 net/ipv4/netfilter/ipt_CLUSTERIP.c:488
xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:850
check_target net/ipv4/netfilter/ip_tables.c:513 [inline]
find_check_entry.isra.8+0x8c8/0xcb0 net/ipv4/netfilter/ip_tables.c:554
translate_table+0xed1/0x1610 net/ipv4/netfilter/ip_tables.c:725
do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
do_ipt_set_ctl+0x370/0x5f0 net/ipv4/netfilter/ip_tables.c:1675
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x446839
RSP: 002b:00007f0309d0fdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000446839
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000006dbc20 R08: 0000000000000348 R09: 0000000000000000
R10: 0000000020013c90 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc7d53f79f R14: 00007f0309d109c0 R15: 0000000000000003
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.

syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.

[Cong Wang]

I think there is probably a race condition between clusterip_config_entry_put()
and clusterip_config_init(), after we release the spinlock, a new proc
with the same IP could be created therefore triggers this warning....

I am not sure if it is enough to just move the proc_remove() under
spinlock...


diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c
b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 3a84a60f6b39..1ff72b87a066 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -107,12 +107,6 @@ clusterip_config_entry_put(struct net *net,
struct clusterip_config *c)

local_bh_disable();
if (refcount_dec_and_lock(&c->entries, &cn->lock)) {
- list_del_rcu(&c->list);
- spin_unlock(&cn->lock);
- local_bh_enable();
-
- unregister_netdevice_notifier(&c->notifier);
-
/* In case anyone still accesses the file, the open/close
* functions are also incrementing the refcount on their own,
* so it's safe to remove the entry even if it's in use. */
@@ -120,6 +114,12 @@ clusterip_config_entry_put(struct net *net,
struct clusterip_config *c)
if (cn->procdir)
proc_remove(c->pde);
#endif
+ list_del_rcu(&c->list);
+ spin_unlock(&cn->lock);
+ local_bh_enable();
+
+ unregister_netdevice_notifier(&c->notifier);
+
return;
}
local_bh_enable();

[Paolo Abeni]

I *think* we should change the order on proc fs entry creation,
because clusterip_config_init() can race with itself,
clusterip_config_init() returns NULL if the clusterip_config_init has
no pte, and currently such entry is inserted into the list with NULL
pte and the list lock itself is released before creating the PTE.

I'll try to test something the following:
---
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 3a84a60f6b39..d8807c44cc61 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -230,17 +230,6 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
refcount_set(&c->refcount, 1);
refcount_set(&c->entries, 1);

- spin_lock_bh(&cn->lock);
- if (__clusterip_config_find(net, ip)) {
- spin_unlock_bh(&cn->lock);
- kfree(c);
-
- return ERR_PTR(-EBUSY);
- }
-
- list_add_rcu(&c->list, &cn->configs);
- spin_unlock_bh(&cn->lock);
-
#ifdef CONFIG_PROC_FS
{
char buffer[16];
@@ -257,6 +246,18 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
}
#endif

+ spin_lock_bh(&cn->lock);
+ if (__clusterip_config_find(net, ip)) {
+ spin_unlock_bh(&cn->lock);
+ kfree(c);
+
+ proc_remove(c->pde);
+ return ERR_PTR(-EBUSY);
+ }
+
+ list_add_rcu(&c->list, &cn->configs);
+ spin_unlock_bh(&cn->lock);
+
c->notifier.notifier_call = clusterip_netdev_event;
err = register_netdevice_notifier(&c->notifier);
if (!err)
---

Cheers,

Paolo

[Paolo Abeni]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git master

I can't reproduce the issue locally, so asking the syzbot to test the
tentive fix for me (and hoping I did not mess with the tag/format)

---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 3a84a60f6b39..db103cd971a9 100644

--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -230,17 +230,6 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
refcount_set(&c->refcount, 1);
refcount_set(&c->entries, 1);

- spin_lock_bh(&cn->lock);
- if (__clusterip_config_find(net, ip)) {
- spin_unlock_bh(&cn->lock);
- kfree(c);
-
- return ERR_PTR(-EBUSY);
- }
-
- list_add_rcu(&c->list, &cn->configs);
- spin_unlock_bh(&cn->lock);
-
#ifdef CONFIG_PROC_FS
{
char buffer[16];

@@ -257,20 +246,31 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,

}
#endif

+ spin_lock_bh(&cn->lock);
+ if (__clusterip_config_find(net, ip)) {
+ spin_unlock_bh(&cn->lock);

+ err = -EBUSY;
+ goto err_remove_pte:

+ }
+
+ list_add_rcu(&c->list, &cn->configs);
+ spin_unlock_bh(&cn->lock);
+
c->notifier.notifier_call = clusterip_netdev_event;
err = register_netdevice_notifier(&c->notifier);
if (!err)

return c;

+ spin_lock_bh(&cn->lock);
+ list_del_rcu(&c->list);
+ spin_unlock_bh(&cn->lock);
+
+err_remove_pte:
#ifdef CONFIG_PROC_FS
proc_remove(c->pde);
err:
#endif
- spin_lock_bh(&cn->lock);
- list_del_rcu(&c->list);
- spin_unlock_bh(&cn->lock);
kfree(c);
-
return ERR_PTR(err);
}

--
2.14.3

[syzbot]

> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
> master

Can't find the corresponding bug.

> --
> You received this message because you are subscribed to the Google
> Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/945c8517a87c671825b61223088064ea2ad0a8cb.1517999262.git.pabeni%40redhat.com.
> For more options, visit https://groups.google.com/d/optout.

[Dmitry Vyukov]

You dropped syzbot from CC ;)
Add syzbot+03218b...@syzkaller.appspotmail.com to To or CC.

> https://groups.google.com/d/msgid/syzkaller-bugs/001a114372a68e749405649cf352%40google.com.

[syzbot]

Hello,

syzbot tried to test the proposed patch but build/boot failed:

is larger than 2048 bytes [-Wframe-larger-than=]
}
^
CC net/netfilter/xt_CLASSIFY.o
CC drivers/tty/vt/vc_screen.o
CC drivers/tty/vt/selection.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_scl_filters.o
CC net/netfilter/xt_CONNSECMARK.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.o
CC drivers/tty/vt/keyboard.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_clocks.o
AR drivers/virtio/virtio_pci.o
AR drivers/tty/serdev/serdev.o
AR drivers/tty/serdev/built-in.o
CC drivers/tty/vt/consolemap.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_opp.o
CC drivers/tty/serial/8250/8250_pnp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_dmcu.o
CC drivers/video/fbdev/xen-fbfront.o
CC net/netfilter/xt_CT.o
AR drivers/virtio/built-in.o
CC drivers/video/fbdev/core/fbsysfs.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_abm.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_ipp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/gpio_base.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/gpio_service.o
CC drivers/tty/serial/8250/8250_port.o
CC drivers/tty/serial/8250/8250_dma.o
CC drivers/tty/serial/8250/8250_pci.o
CC drivers/tty/vt/consolemap_deftbl.o
CC drivers/video/fbdev/core/modedb.o
CC drivers/video/fbdev/core/fbcvt.o
CC drivers/video/fbdev/core/fb_defio.o
CC drivers/video/fbdev/core/fbcon.o
CC drivers/tty/serial/8250/8250_early.o
CC drivers/xen/cpu_hotplug.o
CC net/netfilter/xt_DSCP.o
CC drivers/xen/fallback.o
CC drivers/xen/grant-table.o
CC drivers/xen/features.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_factory.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_gpio.o
CC drivers/video/fbdev/core/bitblit.o
AR drivers/usb/core/usbcore.o
AR drivers/usb/core/built-in.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_hpd.o
CC drivers/xen/balloon.o
CC drivers/tty/serial/8250/8250_lpss.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_ddc.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_translate.o
CC drivers/tty/vt/vt.o
CC net/netfilter/xt_HL.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce80/hw_translate_dce80.o
CC drivers/xen/manage.o
CC drivers/video/fbdev/core/softcursor.o
CC drivers/xen/preempt.o
CC net/netfilter/xt_HMARK.o
CC drivers/usb/mon/mon_main.o
CC drivers/tty/serial/8250/8250_mid.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce80/hw_factory_dce80.o
CC drivers/video/fbdev/core/tileblit.o
CC drivers/video/fbdev/core/cfbfillrect.o
CC drivers/video/fbdev/core/cfbcopyarea.o
CC drivers/xen/time.o
CC net/netfilter/xt_LED.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce110/hw_translate_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce110/hw_factory_dce110.o
AR drivers/usb/host/built-in.o
CC drivers/video/fbdev/core/cfbimgblt.o
AR drivers/tty/serial/8250/8250.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce120/hw_translate_dce120.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce120/hw_factory_dce120.o
CC drivers/video/fbdev/core/sysfillrect.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/diagnostics/hw_translate_diag.o
CC drivers/xen/events/events_base.o
CC drivers/video/fbdev/efifb.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/diagnostics/hw_factory_diag.o
CC drivers/xen/xen-pciback/pci_stub.o
CC drivers/xen/events/events_2l.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/aux_engine.o
CC drivers/usb/mon/mon_stat.o
CC drivers/video/fbdev/core/syscopyarea.o
CC drivers/xen/xenbus/xenbus_client.o
CC drivers/xen/xenbus/xenbus_comms.o
CC drivers/xen/xenbus/xenbus_xs.o
CC drivers/xen/xenbus/xenbus_probe.o
CC drivers/video/fbdev/core/sysimgblt.o
CC drivers/video/fbdev/core/fb_sys_fops.o
CC drivers/xen/xenfs/super.o
CC drivers/xen/xenfs/xenstored.o
CC drivers/xen/xenfs/xensyms.o
CC drivers/xen/pci.o
CC drivers/xen/dbgp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/engine_base.o
CC drivers/xen/acpi.o
CC net/netfilter/xt_LOG.o
CC drivers/xen/xen-acpi-pad.o
CC net/netfilter/xt_NETMAP.o
CC drivers/usb/mon/mon_text.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2caux.o
CC drivers/xen/xenbus/xenbus_probe_backend.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_engine.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_generic_hw_engine.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_hw_engine.o
CC drivers/xen/events/events_fifo.o
CC drivers/xen/xenbus/xenbus_dev_frontend.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_sw_engine.o
CC drivers/xen/xenbus/xenbus_dev_backend.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2caux_dce80.o
AR drivers/tty/serial/8250/8250_base.o
AR drivers/tty/serial/8250/built-in.o
CC drivers/xen/xenbus/xenbus_probe_frontend.o
AR drivers/tty/serial/built-in.o
CC drivers/xen/pcpu.o
CC drivers/xen/biomerge.o
AR drivers/xen/xenfs/xenfs.o
AR drivers/xen/xenfs/built-in.o
CC drivers/xen/xen-balloon.o
CC drivers/xen/xen-pciback/pciback_ops.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2c_hw_engine_dce80.o
CC drivers/xen/evtchn.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2c_sw_engine_dce80.o
CC drivers/xen/xen-pciback/xenbus.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce100/i2caux_dce100.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2caux_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_sw_engine_dce110.o
CC drivers/xen/xen-pciback/conf_space.o
CC drivers/tty/vt/defkeymap.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/aux_engine_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce112/i2caux_dce112.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce120/i2caux_dce120.o
CC net/netfilter/xt_NFLOG.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/diagnostics/i2caux_diag.o
CC drivers/xen/gntdev.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/irq/irq_service.o
CC drivers/xen/gntalloc.o
CC net/netfilter/xt_NFQUEUE.o
CC drivers/xen/sys-hypervisor.o
CC drivers/xen/platform-pci.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce80/irq_service_dce80.o
AR drivers/xen/xenbus/xenbus.o
CC drivers/usb/mon/mon_bin.o
CC net/netfilter/xt_RATEEST.o
CC drivers/xen/swiotlb-xen.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce110/irq_service_dce110.o
AR drivers/xen/events/events.o
AR drivers/xen/events/built-in.o
CC drivers/xen/mcelog.o
AR drivers/xen/xenbus/built-in.o
CC drivers/xen/privcmd.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce120/irq_service_dce120.o
CC drivers/usb/typec/typec.o
CC drivers/usb/storage/scsiglue.o
CC drivers/usb/typec/tcpm.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/virtual/virtual_link_encoder.o
CC drivers/xen/xen-pciback/conf_space_header.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/virtual/virtual_stream_encoder.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_resource.o
CC drivers/xen/xen-pciback/conf_space_capability.o
CC drivers/usb/storage/protocol.o
CC net/netfilter/xt_REDIRECT.o
CC drivers/usb/typec/ucsi/ucsi.o
CC net/netfilter/xt_SECMARK.o
CC drivers/xen/xen-pciback/conf_space_quirks.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_timing_generator.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_hw_sequencer.o
CC drivers/usb/storage/transport.o
CC drivers/xen/xen-acpi-processor.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_compressor.o
CC drivers/xen/efi.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_hw_sequencer.o
CC net/netfilter/xt_TPROXY.o
CC drivers/xen/xlate_mmu.o
CC net/netfilter/xt_TCPMSS.o
CC drivers/usb/typec/ucsi/trace.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_resource.o
CC drivers/xen/xen-pciback/vpci.o
CC drivers/usb/storage/usb.o
CC drivers/xen/xen-pciback/passthrough.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_timing_generator.o
CC drivers/xen/pvcalls-back.o
CC drivers/xen/pvcalls-front.o
CC drivers/usb/storage/initializers.o
AR drivers/video/fbdev/core/fb.o
AR drivers/video/fbdev/core/built-in.o
AR drivers/video/fbdev/built-in.o
CC drivers/usb/storage/sierra_ms.o
AR drivers/video/built-in.o
CC drivers/usb/storage/option_ms.o
CC drivers/usb/storage/usual-tables.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_compressor.o
CC net/netfilter/xt_TCPOPTSTRIP.o
AR drivers/usb/mon/usbmon.o
AR drivers/usb/mon/built-in.o
CC net/netfilter/xt_TEE.o
AR drivers/xen/xen-evtchn.o
AR drivers/xen/xen-gntalloc.o
AR drivers/xen/xen-privcmd.o
CC drivers/usb/typec/ucsi/ucsi_acpi.o
AR drivers/xen/xen-gntdev.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.o
CC net/netfilter/xt_TRACE.o
CC net/netfilter/xt_IDLETIMER.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_regamma_v.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_csc_v.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_timing_generator_v.o
CC net/netfilter/xt_addrtype.o
CC net/netfilter/xt_bpf.o
AR drivers/xen/xen-pciback/xen-pciback.o
AR drivers/xen/xen-pciback/built-in.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_mem_input_v.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_v.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_transform_v.o
CC net/netfilter/xt_cluster.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce100/dce100_resource.o
AR drivers/usb/typec/ucsi/typec_ucsi.o
CC net/netfilter/xt_comment.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce100/dce100_hw_sequencer.o
CC net/netfilter/xt_connbytes.o
AR drivers/usb/typec/ucsi/built-in.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_timing_generator.o
CC net/netfilter/xt_connlabel.o
AR drivers/tty/vt/built-in.o
AR drivers/tty/built-in.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_compressor.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_hw_sequencer.o
AR drivers/usb/storage/usb-storage.o
AR drivers/usb/storage/built-in.o
CC net/netfilter/xt_connlimit.o
CC net/netfilter/xt_conntrack.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_resource.o
CC net/netfilter/xt_cpu.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link.o
CC net/netfilter/xt_dccp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.o
CC net/netfilter/xt_devgroup.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_hw_sequencer.o
CC net/netfilter/xt_dscp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_sink.o
CC net/netfilter/xt_ecn.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_surface.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_hwss.o
CC net/netfilter/xt_esp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_dp.o
CC net/netfilter/xt_hashlimit.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_ddc.o
CC net/netfilter/xt_helper.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_debug.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.o
CC drivers/gpu/drm/amd/amdgpu/../display/modules/freesync/freesync.o
CC net/netfilter/xt_hl.o
CC net/netfilter/xt_ipcomp.o
CC net/netfilter/xt_iprange.o
CC net/netfilter/xt_ipvs.o
CC net/netfilter/xt_l2tp.o
CC net/netfilter/xt_length.o
AR drivers/xen/built-in.o
CC net/netfilter/xt_limit.o
CC net/netfilter/xt_mac.o
CC net/netfilter/xt_multiport.o
CC net/netfilter/xt_osf.o
CC net/netfilter/xt_nfacct.o
CC net/netfilter/xt_owner.o
CC net/netfilter/xt_cgroup.o
CC net/netfilter/xt_physdev.o
CC net/netfilter/xt_pkttype.o
CC net/netfilter/xt_policy.o
CC net/netfilter/xt_quota.o
CC net/netfilter/xt_rateest.o
CC net/netfilter/xt_realm.o
CC net/netfilter/xt_recent.o
CC net/netfilter/xt_sctp.o
CC net/netfilter/xt_socket.o
CC net/netfilter/xt_state.o
CC net/netfilter/xt_statistic.o
CC net/netfilter/xt_string.o
CC net/netfilter/xt_tcpmss.o
CC net/netfilter/xt_time.o
CC net/netfilter/xt_u32.o
AR drivers/usb/typec/built-in.o
AR drivers/usb/built-in.o
AR net/netfilter/netfilter.o
AR net/netfilter/nf_conntrack.o
AR net/netfilter/nf_conntrack_h323.o
AR net/netfilter/nf_nat.o
AR net/netfilter/nf_tables.o
CC net/netfilter/ipset/ip_set_core.o
CC net/netfilter/ipvs/ip_vs_conn.o
CC net/netfilter/ipset/ip_set_getport.o
CC net/netfilter/ipvs/ip_vs_core.o
CC net/netfilter/ipset/pfxlen.o
CC net/netfilter/ipvs/ip_vs_ctl.o
CC net/netfilter/ipset/ip_set_bitmap_ip.o
CC net/netfilter/ipset/ip_set_bitmap_ipmac.o
CC net/netfilter/ipvs/ip_vs_sched.o
CC net/netfilter/ipset/ip_set_bitmap_port.o
CC net/netfilter/ipvs/ip_vs_xmit.o
CC net/netfilter/ipset/ip_set_hash_ip.o
CC net/netfilter/ipvs/ip_vs_app.o
CC net/netfilter/ipvs/ip_vs_sync.o
CC net/netfilter/ipvs/ip_vs_est.o
CC net/netfilter/ipvs/ip_vs_proto.o
CC net/netfilter/ipset/ip_set_hash_ipmac.o
CC net/netfilter/ipset/ip_set_hash_ipmark.o
CC net/netfilter/ipset/ip_set_hash_ipport.o
CC net/netfilter/ipvs/ip_vs_pe.o
CC net/netfilter/ipset/ip_set_hash_ipportip.o
CC net/netfilter/ipvs/ip_vs_proto_tcp.o
CC net/netfilter/ipset/ip_set_hash_ipportnet.o
CC net/netfilter/ipvs/ip_vs_proto_udp.o
CC net/netfilter/ipset/ip_set_hash_mac.o
CC net/netfilter/ipset/ip_set_hash_net.o
CC net/netfilter/ipvs/ip_vs_proto_ah_esp.o
CC net/netfilter/ipvs/ip_vs_proto_sctp.o
CC net/netfilter/ipset/ip_set_hash_netport.o
CC net/netfilter/ipvs/ip_vs_nfct.o
CC net/netfilter/ipset/ip_set_hash_netiface.o
CC net/netfilter/ipvs/ip_vs_wlc.o
CC net/netfilter/ipset/ip_set_hash_netnet.o
CC net/netfilter/ipset/ip_set_hash_netportnet.o
CC net/netfilter/ipvs/ip_vs_ftp.o
CC net/netfilter/ipvs/ip_vs_pe_sip.o
CC net/netfilter/ipset/ip_set_list_set.o
AR net/netfilter/ipset/ip_set.o
AR drivers/gpu/drm/amd/amdgpu/amdgpu.o
AR drivers/gpu/drm/amd/amdgpu/built-in.o
AR drivers/gpu/drm/built-in.o
AR drivers/gpu/built-in.o
AR drivers/built-in.o
AR net/netfilter/ipvs/ip_vs.o
AR net/netfilter/ipvs/built-in.o
AR net/netfilter/ipset/built-in.o
AR net/netfilter/built-in.o
Makefile:1020: recipe for target 'net' failed
make: *** [net] Error 2


Error text is too large and was truncated, full error text is attached.


Tested on net commit
176bfb406d735655f9a69d868a7af0c3da959d51 (Tue Feb 6 16:48:40 2018 +0000)
Merge branch 'be2net-patch-set'

compiler: gcc (GCC) 7.1.1 20170620

Patch is attached.

[Paolo Abeni]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
master

Third attempt to properly trigger syz bot. On the previous one I did
not refreshed the patch after compile-testing it locally; the build
issue should be fixed now. Also dropping all the not needed recipients

[syzbot]

Hello,

syzbot tried to test the proposed patch but build/boot failed:

kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/gcc/bin/gcc]: exit status 2
scripts/kconfig/conf --silentoldconfig Kconfig
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CHK scripts/mod/devicetable-offsets.h
CHK include/generated/bounds.h
CHK include/generated/timeconst.h
CHK include/generated/asm-offsets.h
CALL scripts/checksyscalls.sh
CHK include/generated/compile.h
CC net/psample/psample.o
CC net/packet/af_packet.o
CC net/strparser/strparser.o
CC net/switchdev/switchdev.o
CC net/rfkill/core.o
CC net/compat.o
CC net/rfkill/input.o
CC net/sysctl_net.o
CC net/tls/tls_main.o
CC net/tls/tls_sw.o
CC net/unix/af_unix.o
CC net/wimax/id-table.o
CC net/unix/garbage.o
CC net/wimax/op-msg.o
CC net/unix/sysctl_net_unix.o
CC net/wimax/op-reset.o
CC net/wimax/op-rfkill.o
CC net/wimax/op-state-get.o
AR net/ipv4/netfilter/nf_conntrack_ipv4.o
AR net/ipv4/netfilter/nf_nat_ipv4.o
CC net/vmw_vsock/af_vsock.o
AR net/ipv4/netfilter/nf_nat_snmp_basic.o
CC net/tipc/addr.o
CC net/xfrm/xfrm_policy.o
CC net/ipv4/netfilter/ipt_CLUSTERIP.o
CC net/tipc/bcast.o
CC net/wireless/core.o
CC net/sunrpc/clnt.o
CC net/rds/af_rds.o
CC net/ipv4/netfilter/ipt_ECN.o
CC net/sched/sch_generic.o
CC net/sched/sch_mq.o
CC net/sctp/sm_statetable.o
CC net/sctp/sm_statefuns.o
CC net/wimax/stack.o
CC net/wimax/debugfs.o
CC net/sctp/sm_sideeffect.o
CC net/sctp/protocol.o
AR net/psample/built-in.o
CC net/sctp/endpointola.o
CC net/rds/bind.o
CC net/sunrpc/xprt.o
CC net/rds/cong.o
AR net/switchdev/built-in.o
CC net/sched/sch_api.o
AR net/rfkill/rfkill.o
net/ipv4/netfilter/ipt_CLUSTERIP.c: In function ‘clusterip_config_init’:
net/ipv4/netfilter/ipt_CLUSTERIP.c:253:22: error: expected ‘;’ before ‘:’
token
goto err_remove_pte:
^
AR net/rfkill/built-in.o
CC net/rds/connection.o
scripts/Makefile.build:316: recipe for
target 'net/ipv4/netfilter/ipt_CLUSTERIP.o' failed
make[3]: *** [net/ipv4/netfilter/ipt_CLUSTERIP.o] Error 1
make[3]: *** Waiting for unfinished jobs....
CC net/rds/info.o
CC net/sctp/associola.o
CC net/sctp/transport.o
AR net/strparser/built-in.o
CC net/sctp/chunk.o
CC net/sunrpc/socklib.o
CC net/tipc/bearer.o
scripts/Makefile.build:575: recipe for target 'net/ipv4/netfilter' failed
make[2]: *** [net/ipv4/netfilter] Error 2
scripts/Makefile.build:575: recipe for target 'net/ipv4' failed
make[1]: *** [net/ipv4] Error 2
make[1]: *** Waiting for unfinished jobs....
CC net/tipc/core.o
CC net/sctp/sm_make_chunk.o
CC net/wireless/sysfs.o
CC net/wireless/radiotap.o
AR net/tls/tls.o
AR net/tls/built-in.o
CC net/sched/sch_blackhole.o
CC net/sched/cls_api.o
CC net/sctp/ulpevent.o
AR net/wimax/wimax.o
AR net/wimax/built-in.o
CC net/wireless/util.o
CC net/rds/message.o
CC net/sunrpc/xprtsock.o
CC net/sctp/inqueue.o
CC net/vmw_vsock/af_vsock_tap.o
CC net/rds/recv.o
CC net/wireless/reg.o
CC net/rds/send.o
CC net/tipc/link.o
CC net/sctp/outqueue.o
CC net/sched/act_api.o
CC net/sched/act_police.o
CC net/sctp/ulpqueue.o
CC net/rds/stats.o
CC net/rds/sysctl.o
CC net/sctp/tsnmap.o
CC net/sched/act_sample.o
CC net/vmw_vsock/vsock_addr.o
CC net/wireless/scan.o
CC net/sctp/bind_addr.o
CC net/rds/threads.o
CC net/rds/transport.o
CC net/sctp/socket.o
CC net/sunrpc/sched.o
AR net/unix/unix.o
CC net/tipc/discover.o
AR net/unix/built-in.o
CC net/tipc/msg.o
CC net/wireless/nl80211.o
CC net/sched/act_nat.o
CC net/rds/loop.o
CC net/rds/page.o
CC net/sctp/primitive.o
CC net/sched/act_pedit.o
CC net/sctp/output.o
CC net/vmw_vsock/diag.o
CC net/sctp/input.o
CC net/vmw_vsock/virtio_transport.o
CC net/sched/act_simple.o
CC net/rds/rdma.o
CC net/sched/act_bpf.o
CC net/tipc/name_distr.o
CC net/rds/tcp.o
CC net/sctp/debug.o
net/sctp/outqueue.c: In function ‘sctp_outq_flush’:
net/sctp/outqueue.c:1205:1: warning: the frame size of 2144 bytes is larger

than 2048 bytes [-Wframe-larger-than=]
}
^

CC net/sctp/stream.o
CC net/rds/tcp_connect.o
CC net/sctp/auth.o
CC net/rds/tcp_listen.o
CC net/sched/sch_fifo.o
CC net/rds/tcp_recv.o
CC net/sctp/offload.o
CC net/tipc/subscr.o
CC net/vmw_vsock/virtio_transport_common.o
CC net/wireless/mlme.o
CC net/sched/sch_cbq.o
CC net/sched/sch_htb.o
CC net/sunrpc/auth.o
CC net/sctp/stream_sched.o
CC net/sunrpc/auth_null.o
net/wireless/scan.c: In function ‘cfg80211_bss_update’:
net/wireless/scan.c:1059:1: warning: the frame size of 2120 bytes is larger

than 2048 bytes [-Wframe-larger-than=]
}
^

CC net/sctp/stream_sched_prio.o
AR net/vmw_vsock/vsock.o
AR net/vmw_vsock/vsock_diag.o
AR net/vmw_vsock/vmw_vsock_virtio_transport.o
CC net/sched/sch_hfsc.o
CC net/sunrpc/auth_unix.o
CC net/xfrm/xfrm_state.o
CC net/wireless/ibss.o
CC net/sctp/stream_sched_rr.o
AR net/packet/built-in.o
CC net/sctp/stream_interleave.o
CC net/tipc/monitor.o
CC net/rds/tcp_send.o
CC net/rds/tcp_stats.o
CC net/xfrm/xfrm_hash.o
CC net/sctp/proc.o
AR net/rds/rds.o
CC net/sctp/sysctl.o
CC net/sctp/ipv6.o
CC net/tipc/name_table.o
CC net/wireless/sme.o
CC net/wireless/chan.o
CC net/wireless/ethtool.o
CC net/sunrpc/auth_generic.o
CC net/sunrpc/svc.o
CC net/tipc/net.o
CC net/sunrpc/svcsock.o
CC net/sunrpc/svcauth.o
CC net/wireless/mesh.o
CC net/xfrm/xfrm_input.o
CC net/xfrm/xfrm_output.o
CC net/sunrpc/svcauth_unix.o
CC net/sunrpc/addr.o
CC net/sunrpc/rpcb_clnt.o
CC net/xfrm/xfrm_sysctl.o
AR net/rds/rds_tcp.o
AR net/rds/built-in.o
CC net/xfrm/xfrm_replay.o
AR net/vmw_vsock/vmw_vsock_virtio_transport_common.o
AR net/vmw_vsock/built-in.o
CC net/xfrm/xfrm_device.o
CC net/sunrpc/timer.o
CC net/tipc/netlink.o
CC net/tipc/netlink_compat.o
CC net/sunrpc/xdr.o
CC net/tipc/node.o
CC net/sunrpc/sunrpc_syms.o
CC net/wireless/ap.o
net/wireless/nl80211.c: In function ‘nl80211_add_commands_unsplit’:
net/wireless/nl80211.c:1444:1: warning: the frame size of 2224 bytes is

larger than 2048 bytes [-Wframe-larger-than=]
}
^

CC net/sched/sch_red.o
CC net/tipc/socket.o
CC net/wireless/trace.o
CC net/wireless/ocb.o
CC net/xfrm/xfrm_proc.o
CC net/sched/sch_gred.o
CC net/xfrm/xfrm_algo.o
CC net/tipc/eth_media.o
CC net/sunrpc/cache.o
CC net/sched/sch_ingress.o
CC net/xfrm/xfrm_user.o
CC net/sunrpc/rpc_pipe.o
CC net/tipc/server.o
CC net/wireless/shipped-certs.o
CC net/sunrpc/svc_xprt.o
CC net/xfrm/xfrm_ipcomp.o
CC net/sched/sch_dsmark.o
CC net/sunrpc/xprtmultipath.o
CC net/sunrpc/stats.o
CC net/sunrpc/sysctl.o
CC net/sched/sch_sfb.o
CC net/tipc/group.o
CC net/tipc/udp_media.o
CC net/tipc/sysctl.o
CC net/sched/sch_sfq.o
CC net/sched/sch_tbf.o
CC net/sched/sch_teql.o
CC net/sunrpc/auth_gss/auth_gss.o
CC net/sunrpc/auth_gss/gss_generic_token.o
CC net/sched/sch_prio.o
CC net/sunrpc/auth_gss/gss_mech_switch.o
CC net/sched/sch_multiq.o
CC net/sunrpc/auth_gss/svcauth_gss.o
CC net/sched/sch_atm.o
CC net/sched/sch_netem.o
CC net/sunrpc/auth_gss/gss_rpc_upcall.o
CC net/sched/sch_cbs.o
CC net/sched/cls_u32.o
CC net/sunrpc/auth_gss/gss_rpc_xdr.o
CC net/sched/cls_route.o
CC net/sched/cls_fw.o
CC net/sunrpc/auth_gss/gss_krb5_mech.o
CC net/sched/cls_rsvp.o
CC net/sched/cls_tcindex.o
CC net/sched/cls_rsvp6.o
CC net/sched/cls_basic.o
CC net/sched/cls_flow.o
CC net/sunrpc/auth_gss/gss_krb5_seal.o
CC net/sched/cls_bpf.o
CC net/sched/cls_flower.o
CC net/sunrpc/auth_gss/gss_krb5_unseal.o
CC net/sunrpc/auth_gss/gss_krb5_seqnum.o
CC net/sched/ematch.o
CC net/sched/em_cmp.o
CC net/sched/em_nbyte.o
CC net/sunrpc/auth_gss/gss_krb5_wrap.o
CC net/sched/em_u32.o
CC net/sched/em_meta.o
CC net/sched/em_text.o
CC net/sunrpc/auth_gss/gss_krb5_crypto.o
CC net/sunrpc/auth_gss/gss_krb5_keys.o
CC net/sched/em_ipset.o
AR net/sunrpc/sunrpc.o
net/sctp/socket.c: In function ‘sctp_getsockopt’:
net/sctp/socket.c:7271:1: warning: the frame size of 3120 bytes is larger

than 2048 bytes [-Wframe-larger-than=]
}
^

AR net/sctp/sctp.o
AR net/sctp/built-in.o
AR net/sunrpc/auth_gss/auth_rpcgss.o
AR net/xfrm/built-in.o
AR net/sunrpc/auth_gss/rpcsec_gss_krb5.o
AR net/sunrpc/auth_gss/built-in.o
AR net/sunrpc/built-in.o
AR net/tipc/tipc.o
AR net/tipc/built-in.o
AR net/sched/built-in.o
net/wireless/nl80211.c: In function ‘nl80211_get_mesh_config’:
net/wireless/nl80211.c:5855:1: warning: the frame size of 2336 bytes is

larger than 2048 bytes [-Wframe-larger-than=]
}
^

net/wireless/nl80211.c: In function ‘nl80211_send_station.isra.61’:
net/wireless/nl80211.c:4547:1: warning: the frame size of 2232 bytes is

larger than 2048 bytes [-Wframe-larger-than=]
}
^

net/wireless/nl80211.c: In function ‘nl80211_send_wiphy’:
net/wireless/nl80211.c:1938:1: warning: the frame size of 4240 bytes is

larger than 2048 bytes [-Wframe-larger-than=]
}
^

AR net/wireless/cfg80211.o
AR net/wireless/built-in.o

Makefile:1020: recipe for target 'net' failed
make: *** [net] Error 2

[syzbot]

Hello,

syzbot tried to test the proposed patch but build/boot failed:

kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/gcc/bin/gcc]: exit status 2
scripts/kconfig/conf --silentoldconfig Kconfig
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CHK scripts/mod/devicetable-offsets.h
CHK include/generated/bounds.h
CHK include/generated/timeconst.h
CHK include/generated/asm-offsets.h
CALL scripts/checksyscalls.sh
CHK include/generated/compile.h

CC net/ipv4/netfilter/ipt_CLUSTERIP.o
CC net/ipv4/netfilter/ipt_MASQUERADE.o
CC net/ipv4/netfilter/ipt_REJECT.o
CC net/ipv4/netfilter/ipt_SYNPROXY.o
CC net/ipv4/netfilter/arp_tables.o
CC net/ipv4/netfilter/arpt_mangle.o
CC net/ipv4/netfilter/arptable_filter.o
CC net/ipv4/netfilter/nf_dup_ipv4.o

net/ipv4/netfilter/ipt_CLUSTERIP.c: In function ‘clusterip_config_init’:
net/ipv4/netfilter/ipt_CLUSTERIP.c:253:22: error: expected ‘;’ before ‘:’
token
goto err_remove_pte:
^

scripts/Makefile.build:316: recipe for
target 'net/ipv4/netfilter/ipt_CLUSTERIP.o' failed
make[3]: *** [net/ipv4/netfilter/ipt_CLUSTERIP.o] Error 1
make[3]: *** Waiting for unfinished jobs....

scripts/Makefile.build:575: recipe for target 'net/ipv4/netfilter' failed
make[2]: *** [net/ipv4/netfilter] Error 2
scripts/Makefile.build:575: recipe for target 'net/ipv4' failed
make[1]: *** [net/ipv4] Error 2

[Florian Westphal]

Paolo Abeni <pab...@redhat.com> wrote:

[ pruning CC list ]

> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git master
>
> I can't reproduce the issue locally, so asking the syzbot to test the
> tentive fix for me (and hoping I did not mess with the tag/format)

I can reproduce it.

CLUSTERIP has multiple other bugs that need to be fixed, I'll look into
this asap.

[Paolo Abeni]

I was wrong. My suggested fix does not work at all.

I tried your code and it fixes the issue here.

Feel free to submit with:

Tested-by: Paolo Abeni <pab...@redhat.com>

Thank you,

Paolo