From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Hillf Danton <hdanton@sina.com>,
syzbot <syzbot+33e06702fd6cffc24c40@syzkaller.appspotmail.com>,
Florian Westphal <fw@strlen.de>,
Stefano Brivio <sbrivio@redhat.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.6 43/79] netfilter: nat: fix error handling upon registering inet hook
Date: Thu, 30 Apr 2020 09:50:07 -0400 [thread overview]
Message-ID: <20200430135043.19851-43-sashal@kernel.org> (raw)
In-Reply-To: <20200430135043.19851-1-sashal@kernel.org>
From: Hillf Danton <hdanton@sina.com>
[ Upstream commit b4faef1739dd1f3b3981b8bf173a2266ea86b1eb ]
A case of warning was reported by syzbot.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 19934 at net/netfilter/nf_nat_core.c:1106
nf_nat_unregister_fn+0x532/0x5c0 net/netfilter/nf_nat_core.c:1106
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 19934 Comm: syz-executor.5 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x35 kernel/panic.c:582
report_bug+0x27b/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:175 [inline]
fixup_bug arch/x86/kernel/traps.c:170 [inline]
do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:nf_nat_unregister_fn+0x532/0x5c0 net/netfilter/nf_nat_core.c:1106
Code: ff df 48 c1 ea 03 80 3c 02 00 75 75 48 8b 44 24 10 4c 89 ef 48 c7 00 00 00 00 00 e8 e8 f8 53 fb e9 4d fe ff ff e8 ee 9c 16 fb <0f> 0b e9 41 fe ff ff e8 e2 45 54 fb e9 b5 fd ff ff 48 8b 7c 24 20
RSP: 0018:ffffc90005487208 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000004 RCX: ffffc9001444a000
RDX: 0000000000040000 RSI: ffffffff865c94a2 RDI: 0000000000000005
RBP: ffff88808b5cf000 R08: ffff8880a2620140 R09: fffffbfff14bcd79
R10: ffffc90005487208 R11: fffffbfff14bcd78 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
nf_nat_ipv6_unregister_fn net/netfilter/nf_nat_proto.c:1017 [inline]
nf_nat_inet_register_fn net/netfilter/nf_nat_proto.c:1038 [inline]
nf_nat_inet_register_fn+0xfc/0x140 net/netfilter/nf_nat_proto.c:1023
nf_tables_register_hook net/netfilter/nf_tables_api.c:224 [inline]
nf_tables_addchain.constprop.0+0x82e/0x13c0 net/netfilter/nf_tables_api.c:1981
nf_tables_newchain+0xf68/0x16a0 net/netfilter/nf_tables_api.c:2235
nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
___sys_sendmsg+0x100/0x170 net/socket.c:2416
__sys_sendmsg+0xec/0x1b0 net/socket.c:2449
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
and to quiesce it, unregister NFPROTO_IPV6 hook instead of NFPROTO_INET
in case of failing to register NFPROTO_IPV4 hook.
Reported-by: syzbot <syzbot+33e06702fd6cffc24c40@syzkaller.appspotmail.com>
Fixes: d164385ec572 ("netfilter: nat: add inet family nat support")
Cc: Florian Westphal <fw@strlen.de>
Cc: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_nat_proto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c
index 64eedc17037ad..3d816a1e5442e 100644
--- a/net/netfilter/nf_nat_proto.c
+++ b/net/netfilter/nf_nat_proto.c
@@ -1035,8 +1035,8 @@ int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops)
ret = nf_nat_register_fn(net, NFPROTO_IPV4, ops, nf_nat_ipv4_ops,
ARRAY_SIZE(nf_nat_ipv4_ops));
if (ret)
- nf_nat_ipv6_unregister_fn(net, ops);
-
+ nf_nat_unregister_fn(net, NFPROTO_IPV6, ops,
+ ARRAY_SIZE(nf_nat_ipv6_ops));
return ret;
}
EXPORT_SYMBOL_GPL(nf_nat_inet_register_fn);
--
2.20.1
next prev parent reply other threads:[~2020-04-30 14:10 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 13:49 [PATCH AUTOSEL 5.6 01/79] ARM: dts: OMAP3: disable RNG on N950/N9 Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 02/79] drm/bridge: analogix_dp: Split bind() into probe() and real bind() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 03/79] ARM: dts: bcm283x: Add cells encoding format to firmware bus Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 04/79] iio:ad7797: Use correct attribute_group Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 05/79] iio: imu: st_lsm6dsx: fix read misalignment on untagged FIFO Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 06/79] iio: imu: st_lsm6dsx: specify slave odr in slv_odr Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 07/79] ASoC: topology: Add missing memory checks Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 08/79] ASoC: topology: Check return value of soc_tplg_create_tlv Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 09/79] ASoC: topology: Check return value of soc_tplg_*_create Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 10/79] ASoC: topology: Check soc_tplg_add_route return value Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 11/79] ASoC: topology: Check return value of pcm_new_ver Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 12/79] ASoC: topology: Check return value of soc_tplg_dai_config Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 13/79] nfsd: memory corruption in nfsd4_lock() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 14/79] SUNRPC/cache: Fix unsafe traverse caused double-free in cache_purge Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 15/79] selftests: vm: Do not override definition of ARCH Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 16/79] selftests: vm: Fix 64-bit test builds for powerpc64le Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 17/79] ASoC: samsung: s3c24xx-i2s: Fix build after removal of DAI suspend/resume Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 18/79] Revert "Kernel selftests: tpm2: check for tpm support" Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 19/79] selftests/ipc: Fix test failure seen after initial test run Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 20/79] drm/bridge: anx6345: set correct BPC for display_info of connector Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 21/79] scsi: sg: add sg_remove_request in sg_write Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 22/79] drivers: soc: xilinx: fix firmware driver Kconfig dependency Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 23/79] drm/scheduler: fix drm_sched_get_cleanup_job Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 24/79] ASoC: sgtl5000: Fix VAG power-on handling Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 25/79] ASoC: q6dsp6: q6afe-dai: add missing channels to MI2S DAIs Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 26/79] ASoC: topology: Fix endianness issue Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 27/79] usb: dwc3: gadget: Properly set maxpacket limit Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 28/79] usb: dwc3: gadget: Do link recovery for SS and SSP Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 29/79] ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 30/79] ASoC: rsnd: Fix HDMI channel mapping for " Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 31/79] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 32/79] ARM: dts: bcm283x: Disable dsi0 node Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 33/79] remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 34/79] usb: gadget: udc: atmel: Fix vbus disconnect handling Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 35/79] svcrdma: Fix trace point use-after-free race Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 36/79] ASoC: stm32: sai: fix sai probe Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 37/79] ASoC: SOF: Intel: add min/max channels for SSP on Baytrail/Broadwell Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 38/79] drm/amd/powerplay: fix resume failed as smu table initialize early exit Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 39/79] drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 40/79] wimax/i2400m: Fix potential urb refcnt leak Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 41/79] net: stmmac: fix enabling socfpga's ptp_ref_clock Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 42/79] net: stmmac: Fix sub-second increment Sasha Levin
2020-04-30 13:50 ` Sasha Levin [this message]
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 44/79] counter: 104-quad-8: Add lock guards - generic interface Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 45/79] ASoC: meson: axg-card: fix codec-to-codec link setup Sasha Levin
2020-04-30 13:56 ` Mark Brown
2020-05-02 13:46 ` Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 46/79] ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 47/79] ASoC: rsnd: Fix "status check failed" spam for multi-SSI Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 48/79] net/mlx5: Fix failing fw tracer allocation on s390 Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 49/79] net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to avoid WQ overruns Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 50/79] net/mlx5e: Get the latest values from counters in switchdev mode Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 51/79] cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 52/79] bpf: Forbid XADD on spilled pointers for unprivileged users Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 53/79] bpf: Fix handling of XADD on BTF memory Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 54/79] bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 55/79] iwlwifi: actually check allocated conf_tlv pointer Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 56/79] ASoC: wm8960: Fix wrong clock after suspend & resume Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 57/79] cifs: protect updating server->dstaddr with a spinlock Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 58/79] blk-iocost: Fix error on iocost_ioc_vrate_adj Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 59/79] s390/ftrace: fix potential crashes when switching tracers Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 60/79] scripts/config: allow colons in option strings for sed Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 61/79] sched/core: Fix reset-on-fork from RT with uclamp Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 62/79] perf/core: fix parent pid/tid in task exit events Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 63/79] cifs: do not share tcons with DFS Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 64/79] tracing: Fix memory leaks in trace_events_hist.c Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 65/79] um: ensure `make ARCH=um mrproper` removes arch/$(SUBARCH)/include/generated/ Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 66/79] ftrace: Fix memory leak caused by not freeing entry in unregister_ftrace_direct() Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 67/79] net: phy: bcm84881: clear settings on link down Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 68/79] lib/mpi: Fix building for powerpc with clang Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 69/79] mac80211: sta_info: Add lockdep condition for RCU list usage Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 70/79] afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 71/79] afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 72/79] net: bcmgenet: suppress warnings on failed Rx SKB allocations Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 73/79] net: systemport: " Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 74/79] bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 75/79] bpf, x86_32: Fix clobbering of dst for BPF_JSET Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 76/79] bpf, x86_32: Fix logic error in BPF_LDX zero-extension Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 77/79] bpf: Propagate expected_attach_type when verifying freplace programs Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 78/79] tools/runqslower: Ensure own vmlinux.h is picked up first Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 79/79] selftests/bpf: Fix a couple of broken test_btf cases Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430135043.19851-43-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=coreteam@netfilter.org \
--cc=fw@strlen.de \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sbrivio@redhat.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+33e06702fd6cffc24c40@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox