https://github.com/torvalds/linux
Revision 90d72256addff9e5f8ad645e8f632750dd1f8935 authored by Eric Dumazet on 06 January 2020, 14:45:37 UTC, committed by David S. Miller on 08 January 2020, 20:42:49 UTC
WARNING: bad unlock balance detected! 5.5.0-rc5-syzkaller #0 Not tainted ------------------------------------- syz-executor921/9688 is trying to release lock (sk_lock-AF_INET6) at: [<ffffffff84bf8506>] gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830 but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor921/9688: #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 net/core/rtnetlink.c:5421 #1: ffff88809304b560 (slock-AF_INET6){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline] #1: ffff88809304b560 (slock-AF_INET6){+...}, at: release_sock+0x20/0x1c0 net/core/sock.c:2951 stack backtrace: CPU: 0 PID: 9688 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline] print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984 __lock_release kernel/locking/lockdep.c:4242 [inline] lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4503 sock_release_ownership include/net/sock.h:1496 [inline] release_sock+0x17c/0x1c0 net/core/sock.c:2961 gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830 gtp_encap_enable drivers/net/gtp.c:852 [inline] gtp_newlink+0x9fc/0xc60 drivers/net/gtp.c:666 __rtnl_newlink+0x109e/0x1790 net/core/rtnetlink.c:3305 rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3363 rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline] netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:639 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:659 ____sys_sendmsg+0x753/0x880 net/socket.c:2330 ___sys_sendmsg+0x100/0x170 net/socket.c:2384 __sys_sendmsg+0x105/0x1d0 net/socket.c:2417 __do_sys_sendmsg net/socket.c:2426 [inline] __se_sys_sendmsg net/socket.c:2424 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x445d49 Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f8019074db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445d49 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00000000006dac30 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006dac3c R13: 00007ffea687f6bf R14: 00007f80190759c0 R15: 20c49ba5e353f7cf Fixes: e198987e7dd7 ("gtp: fix suspicious RCU usage") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Cc: Taehee Yoo <ap420073@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent d9e15a2
Tip revision: 90d72256addff9e5f8ad645e8f632750dd1f8935 authored by Eric Dumazet on 06 January 2020, 14:45:37 UTC
gtp: fix bad unlock balance in gtp_encap_enable_socket
gtp: fix bad unlock balance in gtp_encap_enable_socket
Tip revision: 90d7225
File | Mode | Size |
---|---|---|
kasan | ||
Kconfig | -rw-r--r-- | 24.1 KB |
Kconfig.debug | -rw-r--r-- | 4.7 KB |
Makefile | -rw-r--r-- | 3.9 KB |
backing-dev.c | -rw-r--r-- | 28.4 KB |
balloon_compaction.c | -rw-r--r-- | 8.2 KB |
cleancache.c | -rw-r--r-- | 9.8 KB |
cma.c | -rw-r--r-- | 14.3 KB |
cma.h | -rw-r--r-- | 573 bytes |
cma_debug.c | -rw-r--r-- | 4.5 KB |
compaction.c | -rw-r--r-- | 74.8 KB |
debug.c | -rw-r--r-- | 6.2 KB |
debug_page_ref.c | -rw-r--r-- | 1.4 KB |
dmapool.c | -rw-r--r-- | 13.8 KB |
early_ioremap.c | -rw-r--r-- | 6.8 KB |
fadvise.c | -rw-r--r-- | 5.4 KB |
failslab.c | -rw-r--r-- | 1.4 KB |
filemap.c | -rw-r--r-- | 96.6 KB |
frame_vector.c | -rw-r--r-- | 6.5 KB |
frontswap.c | -rw-r--r-- | 14.2 KB |
gup.c | -rw-r--r-- | 66.2 KB |
gup_benchmark.c | -rw-r--r-- | 2.7 KB |
highmem.c | -rw-r--r-- | 11.7 KB |
hmm.c | -rw-r--r-- | 19.0 KB |
huge_memory.c | -rw-r--r-- | 84.9 KB |
hugetlb.c | -rw-r--r-- | 135.1 KB |
hugetlb_cgroup.c | -rw-r--r-- | 10.9 KB |
hwpoison-inject.c | -rw-r--r-- | 2.8 KB |
init-mm.c | -rw-r--r-- | 1.2 KB |
internal.h | -rw-r--r-- | 17.7 KB |
interval_tree.c | -rw-r--r-- | 3.1 KB |
khugepaged.c | -rw-r--r-- | 55.0 KB |
kmemleak-test.c | -rw-r--r-- | 2.6 KB |
kmemleak.c | -rw-r--r-- | 56.0 KB |
ksm.c | -rw-r--r-- | 89.2 KB |
list_lru.c | -rw-r--r-- | 14.6 KB |
maccess.c | -rw-r--r-- | 7.9 KB |
madvise.c | -rw-r--r-- | 28.8 KB |
mapping_dirty_helpers.c | -rw-r--r-- | 9.6 KB |
memblock.c | -rw-r--r-- | 58.0 KB |
memcontrol.c | -rw-r--r-- | 185.6 KB |
memfd.c | -rw-r--r-- | 7.9 KB |
memory-failure.c | -rw-r--r-- | 51.5 KB |
memory.c | -rw-r--r-- | 129.0 KB |
memory_hotplug.c | -rw-r--r-- | 48.1 KB |
mempolicy.c | -rw-r--r-- | 74.7 KB |
mempool.c | -rw-r--r-- | 15.8 KB |
memremap.c | -rw-r--r-- | 12.2 KB |
memtest.c | -rw-r--r-- | 2.8 KB |
migrate.c | -rw-r--r-- | 76.2 KB |
mincore.c | -rw-r--r-- | 7.5 KB |
mlock.c | -rw-r--r-- | 22.7 KB |
mm_init.c | -rw-r--r-- | 4.8 KB |
mmap.c | -rw-r--r-- | 100.1 KB |
mmu_context.c | -rw-r--r-- | 1.3 KB |
mmu_gather.c | -rw-r--r-- | 6.7 KB |
mmu_notifier.c | -rw-r--r-- | 31.4 KB |
mmzone.c | -rw-r--r-- | 2.4 KB |
mprotect.c | -rw-r--r-- | 15.5 KB |
mremap.c | -rw-r--r-- | 19.4 KB |
msync.c | -rw-r--r-- | 2.7 KB |
nommu.c | -rw-r--r-- | 45.6 KB |
oom_kill.c | -rw-r--r-- | 30.1 KB |
page-writeback.c | -rw-r--r-- | 84.7 KB |
page_alloc.c | -rw-r--r-- | 240.8 KB |
page_counter.c | -rw-r--r-- | 6.6 KB |
page_ext.c | -rw-r--r-- | 10.9 KB |
page_idle.c | -rw-r--r-- | 5.5 KB |
page_io.c | -rw-r--r-- | 10.8 KB |
page_isolation.c | -rw-r--r-- | 9.2 KB |
page_owner.c | -rw-r--r-- | 16.0 KB |
page_poison.c | -rw-r--r-- | 3.0 KB |
page_vma_mapped.c | -rw-r--r-- | 7.6 KB |
pagewalk.c | -rw-r--r-- | 12.0 KB |
percpu-internal.h | -rw-r--r-- | 6.3 KB |
percpu-km.c | -rw-r--r-- | 3.0 KB |
percpu-stats.c | -rw-r--r-- | 5.7 KB |
percpu-vm.c | -rw-r--r-- | 10.3 KB |
percpu.c | -rw-r--r-- | 92.3 KB |
pgtable-generic.c | -rw-r--r-- | 5.6 KB |
process_vm_access.c | -rw-r--r-- | 9.8 KB |
readahead.c | -rw-r--r-- | 16.5 KB |
rmap.c | -rw-r--r-- | 55.0 KB |
rodata_test.c | -rw-r--r-- | 1.3 KB |
shmem.c | -rw-r--r-- | 107.6 KB |
shuffle.c | -rw-r--r-- | 5.7 KB |
shuffle.h | -rw-r--r-- | 1.5 KB |
slab.c | -rw-r--r-- | 105.5 KB |
slab.h | -rw-r--r-- | 19.3 KB |
slab_common.c | -rw-r--r-- | 44.6 KB |
slob.c | -rw-r--r-- | 18.0 KB |
slub.c | -rw-r--r-- | 143.4 KB |
sparse-vmemmap.c | -rw-r--r-- | 6.9 KB |
sparse.c | -rw-r--r-- | 25.4 KB |
swap.c | -rw-r--r-- | 30.4 KB |
swap_cgroup.c | -rw-r--r-- | 5.2 KB |
swap_slots.c | -rw-r--r-- | 9.4 KB |
swap_state.c | -rw-r--r-- | 22.4 KB |
swapfile.c | -rw-r--r-- | 95.0 KB |
truncate.c | -rw-r--r-- | 26.7 KB |
usercopy.c | -rw-r--r-- | 9.5 KB |
userfaultfd.c | -rw-r--r-- | 15.7 KB |
util.c | -rw-r--r-- | 22.2 KB |
vmacache.c | -rw-r--r-- | 2.7 KB |
vmalloc.c | -rw-r--r-- | 93.2 KB |
vmpressure.c | -rw-r--r-- | 13.9 KB |
vmscan.c | -rw-r--r-- | 124.9 KB |
vmstat.c | -rw-r--r-- | 51.9 KB |
workingset.c | -rw-r--r-- | 20.5 KB |
z3fold.c | -rw-r--r-- | 46.6 KB |
zbud.c | -rw-r--r-- | 18.2 KB |
zpool.c | -rw-r--r-- | 11.2 KB |
zsmalloc.c | -rw-r--r-- | 61.9 KB |
zswap.c | -rw-r--r-- | 34.2 KB |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...