Re: [PATCH net] net/handshake: Fix null-ptr-deref in handshake_complete()
From: kernel test robot
Date: Tue Dec 09 2025 - 20:36:37 EST
Hi Wang,
kernel test robot noticed the following build errors:
[auto build test ERROR on net/main]
url: https://github.com/intel-lab-lkp/linux/commits/Wang-Liang/net-handshake-Fix-null-ptr-deref-in-handshake_complete/20251209-194006
base: net/main
patch link: https://lore.kernel.org/r/20251209115852.3827876-1-wangliang74%40huawei.com
patch subject: [PATCH net] net/handshake: Fix null-ptr-deref in handshake_complete()
config: arm-mps2_defconfig (https://download.01.org/0day-ci/archive/20251210/202512100952.cr9q1lGr-lkp@xxxxxxxxx/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 6ec8c4351cfc1d0627d1633b02ea787bd29c77d8)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251210/202512100952.cr9q1lGr-lkp@xxxxxxxxx/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512100952.cr9q1lGr-lkp@xxxxxxxxx/
All errors (new ones prefixed by >>):
>> net/handshake/netlink.c:110:3: error: cannot jump from this goto statement to its label
110 | goto out_status;
| ^
net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
114 | FD_PREPARE(fdf, O_CLOEXEC, sock->file);
| ^
net/handshake/netlink.c:104:3: error: cannot jump from this goto statement to its label
104 | goto out_status;
| ^
net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
114 | FD_PREPARE(fdf, O_CLOEXEC, sock->file);
| ^
net/handshake/netlink.c:100:3: error: cannot jump from this goto statement to its label
100 | goto out_status;
| ^
net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
114 | FD_PREPARE(fdf, O_CLOEXEC, sock->file);
| ^
3 errors generated.
vim +110 net/handshake/netlink.c
89
90 int handshake_nl_accept_doit(struct sk_buff *skb, struct genl_info *info)
91 {
92 struct net *net = sock_net(skb->sk);
93 struct handshake_net *hn = handshake_pernet(net);
94 struct handshake_req *req = NULL;
95 struct socket *sock;
96 int class, err;
97
98 err = -EOPNOTSUPP;
99 if (!hn)
100 goto out_status;
101
102 err = -EINVAL;
103 if (GENL_REQ_ATTR_CHECK(info, HANDSHAKE_A_ACCEPT_HANDLER_CLASS))
104 goto out_status;
105 class = nla_get_u32(info->attrs[HANDSHAKE_A_ACCEPT_HANDLER_CLASS]);
106
107 err = -EAGAIN;
108 req = handshake_req_next(hn, class);
109 if (!req)
> 110 goto out_status;
111
112 sock = req->hr_sk->sk_socket;
113
114 FD_PREPARE(fdf, O_CLOEXEC, sock->file);
115 if (fdf.err) {
116 err = fdf.err;
117 goto out_complete;
118 }
119
120 get_file(sock->file); /* FD_PREPARE() consumes a reference. */
121 err = req->hr_proto->hp_accept(req, info, fd_prepare_fd(fdf));
122 if (err)
123 goto out_complete; /* Automatic cleanup handles fput */
124
125 trace_handshake_cmd_accept(net, req, req->hr_sk, fd_prepare_fd(fdf));
126 fd_publish(fdf);
127 return 0;
128
129 out_complete:
130 handshake_complete(req, -EIO, NULL);
131 out_status:
132 trace_handshake_cmd_accept_err(net, req, NULL, err);
133 return err;
134 }
135
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki