WARNING: proc registration bug in clusterip_tg_check
From: syzbot
Date: Wed Feb 07 2018 - 06:23:07 EST
Hello,
syzbot tried to test the proposed patch but build/boot failed:
kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/gcc/bin/gcc]: exit status 2
scripts/kconfig/conf --silentoldconfig Kconfig
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CHK scripts/mod/devicetable-offsets.h
CHK include/generated/bounds.h
CHK include/generated/timeconst.h
CHK include/generated/asm-offsets.h
CALL scripts/checksyscalls.sh
CHK include/generated/compile.h
CC net/psample/psample.o
CC net/packet/af_packet.o
CC net/strparser/strparser.o
CC net/switchdev/switchdev.o
CC net/rfkill/core.o
CC net/compat.o
CC net/rfkill/input.o
CC net/sysctl_net.o
CC net/tls/tls_main.o
CC net/tls/tls_sw.o
CC net/unix/af_unix.o
CC net/wimax/id-table.o
CC net/unix/garbage.o
CC net/wimax/op-msg.o
CC net/unix/sysctl_net_unix.o
CC net/wimax/op-reset.o
CC net/wimax/op-rfkill.o
CC net/wimax/op-state-get.o
AR net/ipv4/netfilter/nf_conntrack_ipv4.o
AR net/ipv4/netfilter/nf_nat_ipv4.o
CC net/vmw_vsock/af_vsock.o
AR net/ipv4/netfilter/nf_nat_snmp_basic.o
CC net/tipc/addr.o
CC net/xfrm/xfrm_policy.o
CC net/ipv4/netfilter/ipt_CLUSTERIP.o
CC net/tipc/bcast.o
CC net/wireless/core.o
CC net/sunrpc/clnt.o
CC net/rds/af_rds.o
CC net/ipv4/netfilter/ipt_ECN.o
CC net/sched/sch_generic.o
CC net/sched/sch_mq.o
CC net/sctp/sm_statetable.o
CC net/sctp/sm_statefuns.o
CC net/wimax/stack.o
CC net/wimax/debugfs.o
CC net/sctp/sm_sideeffect.o
CC net/sctp/protocol.o
AR net/psample/built-in.o
CC net/sctp/endpointola.o
CC net/rds/bind.o
CC net/sunrpc/xprt.o
CC net/rds/cong.o
AR net/switchdev/built-in.o
CC net/sched/sch_api.o
AR net/rfkill/rfkill.o
net/ipv4/netfilter/ipt_CLUSTERIP.c: In function âclusterip_config_initâ:
net/ipv4/netfilter/ipt_CLUSTERIP.c:253:22: error: expected â;â before â:â
token
goto err_remove_pte:
^
AR net/rfkill/built-in.o
CC net/rds/connection.o
scripts/Makefile.build:316: recipe for
target 'net/ipv4/netfilter/ipt_CLUSTERIP.o' failed
make[3]: *** [net/ipv4/netfilter/ipt_CLUSTERIP.o] Error 1
make[3]: *** Waiting for unfinished jobs....
CC net/rds/info.o
CC net/sctp/associola.o
CC net/sctp/transport.o
AR net/strparser/built-in.o
CC net/sctp/chunk.o
CC net/sunrpc/socklib.o
CC net/tipc/bearer.o
scripts/Makefile.build:575: recipe for target 'net/ipv4/netfilter' failed
make[2]: *** [net/ipv4/netfilter] Error 2
scripts/Makefile.build:575: recipe for target 'net/ipv4' failed
make[1]: *** [net/ipv4] Error 2
make[1]: *** Waiting for unfinished jobs....
CC net/tipc/core.o
CC net/sctp/sm_make_chunk.o
CC net/wireless/sysfs.o
CC net/wireless/radiotap.o
AR net/tls/tls.o
AR net/tls/built-in.o
CC net/sched/sch_blackhole.o
CC net/sched/cls_api.o
CC net/sctp/ulpevent.o
AR net/wimax/wimax.o
AR net/wimax/built-in.o
CC net/wireless/util.o
CC net/rds/message.o
CC net/sunrpc/xprtsock.o
CC net/sctp/inqueue.o
CC net/vmw_vsock/af_vsock_tap.o
CC net/rds/recv.o
CC net/wireless/reg.o
CC net/rds/send.o
CC net/tipc/link.o
CC net/sctp/outqueue.o
CC net/sched/act_api.o
CC net/sched/act_police.o
CC net/sctp/ulpqueue.o
CC net/rds/stats.o
CC net/rds/sysctl.o
CC net/sctp/tsnmap.o
CC net/sched/act_sample.o
CC net/vmw_vsock/vsock_addr.o
CC net/wireless/scan.o
CC net/sctp/bind_addr.o
CC net/rds/threads.o
CC net/rds/transport.o
CC net/sctp/socket.o
CC net/sunrpc/sched.o
AR net/unix/unix.o
CC net/tipc/discover.o
AR net/unix/built-in.o
CC net/tipc/msg.o
CC net/wireless/nl80211.o
CC net/sched/act_nat.o
CC net/rds/loop.o
CC net/rds/page.o
CC net/sctp/primitive.o
CC net/sched/act_pedit.o
CC net/sctp/output.o
CC net/vmw_vsock/diag.o
CC net/sctp/input.o
CC net/vmw_vsock/virtio_transport.o
CC net/sched/act_simple.o
CC net/rds/rdma.o
CC net/sched/act_bpf.o
CC net/tipc/name_distr.o
CC net/rds/tcp.o
CC net/sctp/debug.o
net/sctp/outqueue.c: In function âsctp_outq_flushâ:
net/sctp/outqueue.c:1205:1: warning: the frame size of 2144 bytes is larger
than 2048 bytes [-Wframe-larger-than=]
}
^
CC net/sctp/stream.o
CC net/rds/tcp_connect.o
CC net/sctp/auth.o
CC net/rds/tcp_listen.o
CC net/sched/sch_fifo.o
CC net/rds/tcp_recv.o
CC net/sctp/offload.o
CC net/tipc/subscr.o
CC net/vmw_vsock/virtio_transport_common.o
CC net/wireless/mlme.o
CC net/sched/sch_cbq.o
CC net/sched/sch_htb.o
CC net/sunrpc/auth.o
CC net/sctp/stream_sched.o
CC net/sunrpc/auth_null.o
net/wireless/scan.c: In function âcfg80211_bss_updateâ:
net/wireless/scan.c:1059:1: warning: the frame size of 2120 bytes is larger
than 2048 bytes [-Wframe-larger-than=]
}
^
CC net/sctp/stream_sched_prio.o
AR net/vmw_vsock/vsock.o
AR net/vmw_vsock/vsock_diag.o
AR net/vmw_vsock/vmw_vsock_virtio_transport.o
CC net/sched/sch_hfsc.o
CC net/sunrpc/auth_unix.o
CC net/xfrm/xfrm_state.o
CC net/wireless/ibss.o
CC net/sctp/stream_sched_rr.o
AR net/packet/built-in.o
CC net/sctp/stream_interleave.o
CC net/tipc/monitor.o
CC net/rds/tcp_send.o
CC net/rds/tcp_stats.o
CC net/xfrm/xfrm_hash.o
CC net/sctp/proc.o
AR net/rds/rds.o
CC net/sctp/sysctl.o
CC net/sctp/ipv6.o
CC net/tipc/name_table.o
CC net/wireless/sme.o
CC net/wireless/chan.o
CC net/wireless/ethtool.o
CC net/sunrpc/auth_generic.o
CC net/sunrpc/svc.o
CC net/tipc/net.o
CC net/sunrpc/svcsock.o
CC net/sunrpc/svcauth.o
CC net/wireless/mesh.o
CC net/xfrm/xfrm_input.o
CC net/xfrm/xfrm_output.o
CC net/sunrpc/svcauth_unix.o
CC net/sunrpc/addr.o
CC net/sunrpc/rpcb_clnt.o
CC net/xfrm/xfrm_sysctl.o
AR net/rds/rds_tcp.o
AR net/rds/built-in.o
CC net/xfrm/xfrm_replay.o
AR net/vmw_vsock/vmw_vsock_virtio_transport_common.o
AR net/vmw_vsock/built-in.o
CC net/xfrm/xfrm_device.o
CC net/sunrpc/timer.o
CC net/tipc/netlink.o
CC net/tipc/netlink_compat.o
CC net/sunrpc/xdr.o
CC net/tipc/node.o
CC net/sunrpc/sunrpc_syms.o
CC net/wireless/ap.o
net/wireless/nl80211.c: In function ânl80211_add_commands_unsplitâ:
net/wireless/nl80211.c:1444:1: warning: the frame size of 2224 bytes is
larger than 2048 bytes [-Wframe-larger-than=]
}
^
CC net/sched/sch_red.o
CC net/tipc/socket.o
CC net/wireless/trace.o
CC net/wireless/ocb.o
CC net/xfrm/xfrm_proc.o
CC net/sched/sch_gred.o
CC net/xfrm/xfrm_algo.o
CC net/tipc/eth_media.o
CC net/sunrpc/cache.o
CC net/sched/sch_ingress.o
CC net/xfrm/xfrm_user.o
CC net/sunrpc/rpc_pipe.o
CC net/tipc/server.o
CC net/wireless/shipped-certs.o
CC net/sunrpc/svc_xprt.o
CC net/xfrm/xfrm_ipcomp.o
CC net/sched/sch_dsmark.o
CC net/sunrpc/xprtmultipath.o
CC net/sunrpc/stats.o
CC net/sunrpc/sysctl.o
CC net/sched/sch_sfb.o
CC net/tipc/group.o
CC net/tipc/udp_media.o
CC net/tipc/sysctl.o
CC net/sched/sch_sfq.o
CC net/sched/sch_tbf.o
CC net/sched/sch_teql.o
CC net/sunrpc/auth_gss/auth_gss.o
CC net/sunrpc/auth_gss/gss_generic_token.o
CC net/sched/sch_prio.o
CC net/sunrpc/auth_gss/gss_mech_switch.o
CC net/sched/sch_multiq.o
CC net/sunrpc/auth_gss/svcauth_gss.o
CC net/sched/sch_atm.o
CC net/sched/sch_netem.o
CC net/sunrpc/auth_gss/gss_rpc_upcall.o
CC net/sched/sch_cbs.o
CC net/sched/cls_u32.o
CC net/sunrpc/auth_gss/gss_rpc_xdr.o
CC net/sched/cls_route.o
CC net/sched/cls_fw.o
CC net/sunrpc/auth_gss/gss_krb5_mech.o
CC net/sched/cls_rsvp.o
CC net/sched/cls_tcindex.o
CC net/sched/cls_rsvp6.o
CC net/sched/cls_basic.o
CC net/sched/cls_flow.o
CC net/sunrpc/auth_gss/gss_krb5_seal.o
CC net/sched/cls_bpf.o
CC net/sched/cls_flower.o
CC net/sunrpc/auth_gss/gss_krb5_unseal.o
CC net/sunrpc/auth_gss/gss_krb5_seqnum.o
CC net/sched/ematch.o
CC net/sched/em_cmp.o
CC net/sched/em_nbyte.o
CC net/sunrpc/auth_gss/gss_krb5_wrap.o
CC net/sched/em_u32.o
CC net/sched/em_meta.o
CC net/sched/em_text.o
CC net/sunrpc/auth_gss/gss_krb5_crypto.o
CC net/sunrpc/auth_gss/gss_krb5_keys.o
CC net/sched/em_ipset.o
AR net/sunrpc/sunrpc.o
net/sctp/socket.c: In function âsctp_getsockoptâ:
net/sctp/socket.c:7271:1: warning: the frame size of 3120 bytes is larger
than 2048 bytes [-Wframe-larger-than=]
}
^
AR net/sctp/sctp.o
AR net/sctp/built-in.o
AR net/sunrpc/auth_gss/auth_rpcgss.o
AR net/xfrm/built-in.o
AR net/sunrpc/auth_gss/rpcsec_gss_krb5.o
AR net/sunrpc/auth_gss/built-in.o
AR net/sunrpc/built-in.o
AR net/tipc/tipc.o
AR net/tipc/built-in.o
AR net/sched/built-in.o
net/wireless/nl80211.c: In function ânl80211_get_mesh_configâ:
net/wireless/nl80211.c:5855:1: warning: the frame size of 2336 bytes is
larger than 2048 bytes [-Wframe-larger-than=]
}
^
net/wireless/nl80211.c: In function ânl80211_send_station.isra.61â:
net/wireless/nl80211.c:4547:1: warning: the frame size of 2232 bytes is
larger than 2048 bytes [-Wframe-larger-than=]
}
^
net/wireless/nl80211.c: In function ânl80211_send_wiphyâ:
net/wireless/nl80211.c:1938:1: warning: the frame size of 4240 bytes is
larger than 2048 bytes [-Wframe-larger-than=]
}
^
AR net/wireless/cfg80211.o
AR net/wireless/built-in.o
Makefile:1020: recipe for target 'net' failed
make: *** [net] Error 2
Tested on net commit
176bfb406d735655f9a69d868a7af0c3da959d51 (Tue Feb 6 16:48:40 2018 +0000)
Merge branch 'be2net-patch-set'
compiler: gcc (GCC) 7.1.1 20170620
Patch is attached.
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -230,17 +230,6 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
refcount_set(&c->refcount, 1);
refcount_set(&c->entries, 1);
- spin_lock_bh(&cn->lock);
- if (__clusterip_config_find(net, ip)) {
- spin_unlock_bh(&cn->lock);
- kfree(c);
-
- return ERR_PTR(-EBUSY);
- }
-
- list_add_rcu(&c->list, &cn->configs);
- spin_unlock_bh(&cn->lock);
-
#ifdef CONFIG_PROC_FS
{
char buffer[16];
@@ -257,20 +246,31 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
}
#endif
+ spin_lock_bh(&cn->lock);
+ if (__clusterip_config_find(net, ip)) {
+ spin_unlock_bh(&cn->lock);
+ err = -EBUSY;
+ goto err_remove_pte:
+ }
+
+ list_add_rcu(&c->list, &cn->configs);
+ spin_unlock_bh(&cn->lock);
+
c->notifier.notifier_call = clusterip_netdev_event;
err = register_netdevice_notifier(&c->notifier);
if (!err)
return c;
+ spin_lock_bh(&cn->lock);
+ list_del_rcu(&c->list);
+ spin_unlock_bh(&cn->lock);
+
+err_remove_pte:
#ifdef CONFIG_PROC_FS
proc_remove(c->pde);
err:
#endif
- spin_lock_bh(&cn->lock);
- list_del_rcu(&c->list);
- spin_unlock_bh(&cn->lock);
kfree(c);
-
return ERR_PTR(err);
}