Re: WARNING in dev_change_net_namespace
From: Eric Dumazet
Date: Thu Feb 13 2020 - 15:00:26 EST
On 2/13/20 11:57 AM, Eric Dumazet wrote:
>
>
> On 2/13/20 11:00 AM, Eric W. Biederman wrote:
>> syzbot <syzbot+830c6dbfc71edc4f0b8f@xxxxxxxxxxxxxxxxxxxxxxxxx> writes:
>>
>>> Hello,
>>
>> Has someone messed up the network device kobject support.
>> I don't have the exact same code as listed here so I may
>> be misreading things. But the only WARN_ON I see in
>> dev_change_net_namespaces is from kobject_rename.
>>
>> It is not supposed to be possible for that to fail.
>
> Well, this code is attempting kmalloc() calls, so can definitely fail.
>
> syzbot is using fault injection to force few kmalloc() to return NULL
[ 533.360275][T24839] FAULT_INJECTION: forcing a failure.
[ 533.360275][T24839] name failslab, interval 1, probability 0, space 0, times 0
[ 533.418952][T24839] CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[ 533.427669][T24839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 533.437873][T24839] Call Trace:
[ 533.441188][T24839] dump_stack+0x1fb/0x318
[ 533.445677][T24839] should_fail+0x4b8/0x660
[ 533.450125][T24839] __should_failslab+0xb9/0xe0
[ 533.454913][T24839] ? kzalloc+0x21/0x40
[ 533.459000][T24839] should_failslab+0x9/0x20
[ 533.463524][T24839] __kmalloc+0x7a/0x340
[ 533.467698][T24839] kzalloc+0x21/0x40
[ 533.471604][T24839] kobject_rename+0x12f/0x4d0
[ 533.476399][T24839] ? sysfs_rename_link_ns+0x179/0x1b0
[ 533.481782][T24839] device_rename+0x16d/0x190
[ 533.486380][T24839] dev_change_net_namespace+0x1375/0x16b0
[ 533.492550][T24839] ? ns_capable+0x91/0xf0
[ 533.496900][T24839] ? netlink_ns_capable+0xcf/0x100
[ 533.502038][T24839] ? rtnl_link_get_net_capable+0x136/0x280
[ 533.508470][T24839] do_setlink+0x196/0x3880
[ 533.512943][T24839] ? __kasan_check_read+0x11/0x20
[ 533.517992][T24839] rtnl_newlink+0x1509/0x1c00