On 2/13/20 11:57 AM, Eric Dumazet wrote: > > > On 2/13/20 11:00 AM, Eric W. Biederman wrote: >> syzbot <syzbot+830c6dbfc71edc4f0b8f@xxxxxxxxxxxxxxxxxxxxxxxxx> writes: >> >>> Hello, >> >> Has someone messed up the network device kobject support. >> I don't have the exact same code as listed here so I may >> be misreading things. But the only WARN_ON I see in >> dev_change_net_namespaces is from kobject_rename. >> >> It is not supposed to be possible for that to fail. > > Well, this code is attempting kmalloc() calls, so can definitely fail. > > syzbot is using fault injection to force few kmalloc() to return NULL [ 533.360275][T24839] FAULT_INJECTION: forcing a failure. [ 533.360275][T24839] name failslab, interval 1, probability 0, space 0, times 0 [ 533.418952][T24839] CPU: 0 PID: 24839 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 533.427669][T24839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.437873][T24839] Call Trace: [ 533.441188][T24839] dump_stack+0x1fb/0x318 [ 533.445677][T24839] should_fail+0x4b8/0x660 [ 533.450125][T24839] __should_failslab+0xb9/0xe0 [ 533.454913][T24839] ? kzalloc+0x21/0x40 [ 533.459000][T24839] should_failslab+0x9/0x20 [ 533.463524][T24839] __kmalloc+0x7a/0x340 [ 533.467698][T24839] kzalloc+0x21/0x40 [ 533.471604][T24839] kobject_rename+0x12f/0x4d0 [ 533.476399][T24839] ? sysfs_rename_link_ns+0x179/0x1b0 [ 533.481782][T24839] device_rename+0x16d/0x190 [ 533.486380][T24839] dev_change_net_namespace+0x1375/0x16b0 [ 533.492550][T24839] ? ns_capable+0x91/0xf0 [ 533.496900][T24839] ? netlink_ns_capable+0xcf/0x100 [ 533.502038][T24839] ? rtnl_link_get_net_capable+0x136/0x280 [ 533.508470][T24839] do_setlink+0x196/0x3880 [ 533.512943][T24839] ? __kasan_check_read+0x11/0x20 [ 533.517992][T24839] rtnl_newlink+0x1509/0x1c00
