https://github.com/torvalds/linux
Revision 90d72256addff9e5f8ad645e8f632750dd1f8935 authored by Eric Dumazet on 06 January 2020, 14:45:37 UTC, committed by David S. Miller on 08 January 2020, 20:42:49 UTC
WARNING: bad unlock balance detected!
5.5.0-rc5-syzkaller #0 Not tainted
-------------------------------------
syz-executor921/9688 is trying to release lock (sk_lock-AF_INET6) at:
[<ffffffff84bf8506>] gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
but there are no more locks to release!
other info that might help us debug this:
2 locks held by syz-executor921/9688:
#0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 net/core/rtnetlink.c:5421
#1: ffff88809304b560 (slock-AF_INET6){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
#1: ffff88809304b560 (slock-AF_INET6){+...}, at: release_sock+0x20/0x1c0 net/core/sock.c:2951
stack backtrace:
CPU: 0 PID: 9688 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984
__lock_release kernel/locking/lockdep.c:4242 [inline]
lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4503
sock_release_ownership include/net/sock.h:1496 [inline]
release_sock+0x17c/0x1c0 net/core/sock.c:2961
gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
gtp_encap_enable drivers/net/gtp.c:852 [inline]
gtp_newlink+0x9fc/0xc60 drivers/net/gtp.c:666
__rtnl_newlink+0x109e/0x1790 net/core/rtnetlink.c:3305
rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3363
rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424
netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328
netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:639 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:659
____sys_sendmsg+0x753/0x880 net/socket.c:2330
___sys_sendmsg+0x100/0x170 net/socket.c:2384
__sys_sendmsg+0x105/0x1d0 net/socket.c:2417
__do_sys_sendmsg net/socket.c:2426 [inline]
__se_sys_sendmsg net/socket.c:2424 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445d49
Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8019074db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445d49
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00000000006dac30 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006dac3c
R13: 00007ffea687f6bf R14: 00007f80190759c0 R15: 20c49ba5e353f7cf
Fixes: e198987e7dd7 ("gtp: fix suspicious RCU usage")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent d9e15a2
Tip revision: 90d72256addff9e5f8ad645e8f632750dd1f8935 authored by Eric Dumazet on 06 January 2020, 14:45:37 UTC
gtp: fix bad unlock balance in gtp_encap_enable_socket
gtp: fix bad unlock balance in gtp_encap_enable_socket
Tip revision: 90d7225
| File | Mode | Size |
|---|---|---|
| kasan | ||
| Kconfig | -rw-r--r-- | 24.1 KB |
| Kconfig.debug | -rw-r--r-- | 4.7 KB |
| Makefile | -rw-r--r-- | 3.9 KB |
| backing-dev.c | -rw-r--r-- | 28.4 KB |
| balloon_compaction.c | -rw-r--r-- | 8.2 KB |
| cleancache.c | -rw-r--r-- | 9.8 KB |
| cma.c | -rw-r--r-- | 14.3 KB |
| cma.h | -rw-r--r-- | 573 bytes |
| cma_debug.c | -rw-r--r-- | 4.5 KB |
| compaction.c | -rw-r--r-- | 74.8 KB |
| debug.c | -rw-r--r-- | 6.2 KB |
| debug_page_ref.c | -rw-r--r-- | 1.4 KB |
| dmapool.c | -rw-r--r-- | 13.8 KB |
| early_ioremap.c | -rw-r--r-- | 6.8 KB |
| fadvise.c | -rw-r--r-- | 5.4 KB |
| failslab.c | -rw-r--r-- | 1.4 KB |
| filemap.c | -rw-r--r-- | 96.6 KB |
| frame_vector.c | -rw-r--r-- | 6.5 KB |
| frontswap.c | -rw-r--r-- | 14.2 KB |
| gup.c | -rw-r--r-- | 66.2 KB |
| gup_benchmark.c | -rw-r--r-- | 2.7 KB |
| highmem.c | -rw-r--r-- | 11.7 KB |
| hmm.c | -rw-r--r-- | 19.0 KB |
| huge_memory.c | -rw-r--r-- | 84.9 KB |
| hugetlb.c | -rw-r--r-- | 135.1 KB |
| hugetlb_cgroup.c | -rw-r--r-- | 10.9 KB |
| hwpoison-inject.c | -rw-r--r-- | 2.8 KB |
| init-mm.c | -rw-r--r-- | 1.2 KB |
| internal.h | -rw-r--r-- | 17.7 KB |
| interval_tree.c | -rw-r--r-- | 3.1 KB |
| khugepaged.c | -rw-r--r-- | 55.0 KB |
| kmemleak-test.c | -rw-r--r-- | 2.6 KB |
| kmemleak.c | -rw-r--r-- | 56.0 KB |
| ksm.c | -rw-r--r-- | 89.2 KB |
| list_lru.c | -rw-r--r-- | 14.6 KB |
| maccess.c | -rw-r--r-- | 7.9 KB |
| madvise.c | -rw-r--r-- | 28.8 KB |
| mapping_dirty_helpers.c | -rw-r--r-- | 9.6 KB |
| memblock.c | -rw-r--r-- | 58.0 KB |
| memcontrol.c | -rw-r--r-- | 185.6 KB |
| memfd.c | -rw-r--r-- | 7.9 KB |
| memory-failure.c | -rw-r--r-- | 51.5 KB |
| memory.c | -rw-r--r-- | 129.0 KB |
| memory_hotplug.c | -rw-r--r-- | 48.1 KB |
| mempolicy.c | -rw-r--r-- | 74.7 KB |
| mempool.c | -rw-r--r-- | 15.8 KB |
| memremap.c | -rw-r--r-- | 12.2 KB |
| memtest.c | -rw-r--r-- | 2.8 KB |
| migrate.c | -rw-r--r-- | 76.2 KB |
| mincore.c | -rw-r--r-- | 7.5 KB |
| mlock.c | -rw-r--r-- | 22.7 KB |
| mm_init.c | -rw-r--r-- | 4.8 KB |
| mmap.c | -rw-r--r-- | 100.1 KB |
| mmu_context.c | -rw-r--r-- | 1.3 KB |
| mmu_gather.c | -rw-r--r-- | 6.7 KB |
| mmu_notifier.c | -rw-r--r-- | 31.4 KB |
| mmzone.c | -rw-r--r-- | 2.4 KB |
| mprotect.c | -rw-r--r-- | 15.5 KB |
| mremap.c | -rw-r--r-- | 19.4 KB |
| msync.c | -rw-r--r-- | 2.7 KB |
| nommu.c | -rw-r--r-- | 45.6 KB |
| oom_kill.c | -rw-r--r-- | 30.1 KB |
| page-writeback.c | -rw-r--r-- | 84.7 KB |
| page_alloc.c | -rw-r--r-- | 240.8 KB |
| page_counter.c | -rw-r--r-- | 6.6 KB |
| page_ext.c | -rw-r--r-- | 10.9 KB |
| page_idle.c | -rw-r--r-- | 5.5 KB |
| page_io.c | -rw-r--r-- | 10.8 KB |
| page_isolation.c | -rw-r--r-- | 9.2 KB |
| page_owner.c | -rw-r--r-- | 16.0 KB |
| page_poison.c | -rw-r--r-- | 3.0 KB |
| page_vma_mapped.c | -rw-r--r-- | 7.6 KB |
| pagewalk.c | -rw-r--r-- | 12.0 KB |
| percpu-internal.h | -rw-r--r-- | 6.3 KB |
| percpu-km.c | -rw-r--r-- | 3.0 KB |
| percpu-stats.c | -rw-r--r-- | 5.7 KB |
| percpu-vm.c | -rw-r--r-- | 10.3 KB |
| percpu.c | -rw-r--r-- | 92.3 KB |
| pgtable-generic.c | -rw-r--r-- | 5.6 KB |
| process_vm_access.c | -rw-r--r-- | 9.8 KB |
| readahead.c | -rw-r--r-- | 16.5 KB |
| rmap.c | -rw-r--r-- | 55.0 KB |
| rodata_test.c | -rw-r--r-- | 1.3 KB |
| shmem.c | -rw-r--r-- | 107.6 KB |
| shuffle.c | -rw-r--r-- | 5.7 KB |
| shuffle.h | -rw-r--r-- | 1.5 KB |
| slab.c | -rw-r--r-- | 105.5 KB |
| slab.h | -rw-r--r-- | 19.3 KB |
| slab_common.c | -rw-r--r-- | 44.6 KB |
| slob.c | -rw-r--r-- | 18.0 KB |
| slub.c | -rw-r--r-- | 143.4 KB |
| sparse-vmemmap.c | -rw-r--r-- | 6.9 KB |
| sparse.c | -rw-r--r-- | 25.4 KB |
| swap.c | -rw-r--r-- | 30.4 KB |
| swap_cgroup.c | -rw-r--r-- | 5.2 KB |
| swap_slots.c | -rw-r--r-- | 9.4 KB |
| swap_state.c | -rw-r--r-- | 22.4 KB |
| swapfile.c | -rw-r--r-- | 95.0 KB |
| truncate.c | -rw-r--r-- | 26.7 KB |
| usercopy.c | -rw-r--r-- | 9.5 KB |
| userfaultfd.c | -rw-r--r-- | 15.7 KB |
| util.c | -rw-r--r-- | 22.2 KB |
| vmacache.c | -rw-r--r-- | 2.7 KB |
| vmalloc.c | -rw-r--r-- | 93.2 KB |
| vmpressure.c | -rw-r--r-- | 13.9 KB |
| vmscan.c | -rw-r--r-- | 124.9 KB |
| vmstat.c | -rw-r--r-- | 51.9 KB |
| workingset.c | -rw-r--r-- | 20.5 KB |
| z3fold.c | -rw-r--r-- | 46.6 KB |
| zbud.c | -rw-r--r-- | 18.2 KB |
| zpool.c | -rw-r--r-- | 11.2 KB |
| zsmalloc.c | -rw-r--r-- | 61.9 KB |
| zswap.c | -rw-r--r-- | 34.2 KB |
Computing file changes ...
