[syzbot] WARNING: proc registration bug in clusterip_tg_check (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+08e6343a8cbd89b0c9d8@syzkaller.appspotmail.com>
To: ap420073@gmail.com, coreteam@netfilter.org, davem@davemloft.net,
	dsahern@kernel.org, fw@strlen.de, kadlec@blackhole.kfki.hu,
	kadlec@netfilter.org, kuba@kernel.org, kuznet@ms2.inr.ac.ru,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org, pablo@netfilter.org,
	syzkaller-bugs@googlegroups.com, yoshfuji@linux-ipv6.org
Subject: [syzbot] WARNING: proc registration bug in clusterip_tg_check (3)
Date: Wed, 04 Aug 2021 10:28:22 -0700	[thread overview]
Message-ID: <0000000000000cda0605c8bf219e@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    4039146777a9 net: ipv6: fix returned variable type in ip6_..
git tree:       net
console output: https://syzkaller.appspot.com/x/log.txt?x=112e9a8e300000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bfd78f4abd4edaa6
dashboard link: https://syzkaller.appspot.com/bug?extid=08e6343a8cbd89b0c9d8
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1555b98e300000

The issue was bisected to:

commit 2a61d8b883bbad26b06d2e6cc3777a697e78830d
Author: Taehee Yoo <ap420073@gmail.com>
Date:   Mon Nov 5 09:23:13 2018 +0000

    netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put()

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=16ce2121300000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=15ce2121300000
console output: https://syzkaller.appspot.com/x/log.txt?x=11ce2121300000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+08e6343a8cbd89b0c9d8@syzkaller.appspotmail.com
Fixes: 2a61d8b883bb ("netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put()")

------------[ cut here ]------------
proc_dir_entry 'ipt_CLUSTERIP/172.30.0.3' already registered
WARNING: CPU: 1 PID: 7506 at fs/proc/generic.c:376 proc_register+0x34c/0x700 fs/proc/generic.c:376
Modules linked in:
CPU: 1 PID: 7506 Comm: syz-executor.2 Not tainted 5.14.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:proc_register+0x34c/0x700 fs/proc/generic.c:376
Code: df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 5d 03 00 00 48 8b 44 24 28 48 c7 c7 20 64 9c 89 48 8b b0 d8 00 00 00 e8 85 b2 f7 06 <0f> 0b 48 c7 c7 20 2c b4 8b e8 36 a0 3c 07 48 8b 4c 24 38 48 b8 00
RSP: 0018:ffffc90002fdf3e8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801ac9b880 RSI: ffffffff815d7935 RDI: fffff520005fbe6f
RBP: ffff888020f320b8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815d176e R11: 0000000000000000 R12: ffff88804449b218
R13: ffff88804699b700 R14: dffffc0000000000 R15: 000000000000000a
FS:  00007f2fa9dcc700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fa9dcc718 CR3: 0000000036ad1000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 proc_create_data+0x130/0x190 fs/proc/generic.c:575
 clusterip_config_init net/ipv4/netfilter/ipt_CLUSTERIP.c:281 [inline]
 clusterip_tg_check+0x1834/0x1e40 net/ipv4/netfilter/ipt_CLUSTERIP.c:502
 xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1024
 check_target net/ipv4/netfilter/ip_tables.c:511 [inline]
 find_check_entry.constprop.0+0x7a9/0x9a0 net/ipv4/netfilter/ip_tables.c:553
 translate_table+0xc26/0x16a0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
 do_ipt_set_ctl+0x56e/0xb80 net/ipv4/netfilter/ip_tables.c:1629
 nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0x3c3/0x3a60 net/ipv4/ip_sockglue.c:1435
 udp_setsockopt+0x76/0xc0 net/ipv4/udp.c:2771
 __sys_setsockopt+0x2db/0x610 net/socket.c:2159
 __do_sys_setsockopt net/socket.c:2170 [inline]
 __se_sys_setsockopt net/socket.c:2167 [inline]
 __x64_sys_setsockopt+0xba/0x150 net/socket.c:2167
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2fa9dcc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
RDX: 0000000000000040 RSI: 8001000000000000 RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 00000000000002a8 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 000000000056c038
R13: 00007fffa358c32f R14: 00007f2fa9dcc300 R15: 0000000000022000


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2021-08-04 17:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-04 17:28 syzbot [this message]
2021-10-21 21:55 ` [syzbot] WARNING: proc registration bug in clusterip_tg_check (3) syzbot
2023-04-02  6:03   ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000000cda0605c8bf219e@google.com \
    --to=syzbot+08e6343a8cbd89b0c9d8@syzkaller.appspotmail.com \
    --cc=ap420073@gmail.com \
    --cc=coreteam@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=fw@strlen.de \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=kadlec@netfilter.org \
    --cc=kuba@kernel.org \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.