Revision - 90d7225 - gtp: fix bad unlock balance in gtp_encap_enable_socket

Revision 90d72256addff9e5f8ad645e8f632750dd1f8935 authored by Eric Dumazet on 06 January 2020, 14:45:37 UTC, committed by David S. Miller on 08 January 2020, 20:42:49 UTC

gtp: fix bad unlock balance in gtp_encap_enable_socket

WARNING: bad unlock balance detected!
5.5.0-rc5-syzkaller #0 Not tainted
-------------------------------------
syz-executor921/9688 is trying to release lock (sk_lock-AF_INET6) at:
[<ffffffff84bf8506>] gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz-executor921/9688:
 #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 net/core/rtnetlink.c:5421
 #1: ffff88809304b560 (slock-AF_INET6){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
 #1: ffff88809304b560 (slock-AF_INET6){+...}, at: release_sock+0x20/0x1c0 net/core/sock.c:2951

stack backtrace:
CPU: 0 PID: 9688 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline]
 print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984
 __lock_release kernel/locking/lockdep.c:4242 [inline]
 lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4503
 sock_release_ownership include/net/sock.h:1496 [inline]
 release_sock+0x17c/0x1c0 net/core/sock.c:2961
 gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
 gtp_encap_enable drivers/net/gtp.c:852 [inline]
 gtp_newlink+0x9fc/0xc60 drivers/net/gtp.c:666
 __rtnl_newlink+0x109e/0x1790 net/core/rtnetlink.c:3305
 rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3363
 rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:659
 ____sys_sendmsg+0x753/0x880 net/socket.c:2330
 ___sys_sendmsg+0x100/0x170 net/socket.c:2384
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg net/socket.c:2424 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445d49
Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8019074db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445d49
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00000000006dac30 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006dac3c
R13: 00007ffea687f6bf R14: 00007f80190759c0 R15: 20c49ba5e353f7cf

Fixes: e198987e7dd7 ("gtp: fix suspicious RCU usage")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 parent d9e15a2

Files
Changes

Permalinks

File	Mode	Size
partitions
Kconfig	-rw-r--r--	6.2 KB
Kconfig.iosched	-rw-r--r--	1.4 KB
Makefile	-rw-r--r--	1.6 KB
badblocks.c	-rw-r--r--	14.1 KB
bfq-cgroup.c	-rw-r--r--	37.4 KB
bfq-iosched.c	-rw-r--r--	236.1 KB
bfq-iosched.h	-rw-r--r--	36.6 KB
bfq-wf2q.c	-rw-r--r--	52.4 KB
bio-integrity.c	-rw-r--r--	12.3 KB
bio.c	-rw-r--r--	54.1 KB
blk-cgroup-rwstat.c	-rw-r--r--	3.4 KB
blk-cgroup-rwstat.h	-rw-r--r--	3.9 KB
blk-cgroup.c	-rw-r--r--	44.3 KB
blk-core.c	-rw-r--r--	48.7 KB
blk-exec.c	-rw-r--r--	2.6 KB
blk-flush.c	-rw-r--r--	15.0 KB
blk-integrity.c	-rw-r--r--	11.6 KB
blk-ioc.c	-rw-r--r--	10.2 KB
blk-iocost.c	-rw-r--r--	67.1 KB
blk-iolatency.c	-rw-r--r--	28.0 KB
blk-lib.c	-rw-r--r--	10.2 KB
blk-map.c	-rw-r--r--	6.0 KB
blk-merge.c	-rw-r--r--	24.5 KB
blk-mq-cpumap.c	-rw-r--r--	2.2 KB
blk-mq-debugfs-zoned.c	-rw-r--r--	435 bytes
blk-mq-debugfs.c	-rw-r--r--	24.4 KB
blk-mq-debugfs.h	-rw-r--r--	2.7 KB
blk-mq-pci.c	-rw-r--r--	1.3 KB
blk-mq-rdma.c	-rw-r--r--	1.3 KB
blk-mq-sched.c	-rw-r--r--	14.1 KB
blk-mq-sched.h	-rw-r--r--	2.5 KB
blk-mq-sysfs.c	-rw-r--r--	8.4 KB
blk-mq-tag.c	-rw-r--r--	15.0 KB
blk-mq-tag.h	-rw-r--r--	2.2 KB
blk-mq-virtio.c	-rw-r--r--	1.3 KB
blk-mq.c	-rw-r--r--	85.8 KB
blk-mq.h	-rw-r--r--	7.6 KB
blk-pm.c	-rw-r--r--	6.6 KB
blk-pm.h	-rw-r--r--	1.4 KB
blk-rq-qos.c	-rw-r--r--	7.1 KB
blk-rq-qos.h	-rw-r--r--	5.0 KB
blk-settings.c	-rw-r--r--	28.0 KB
blk-softirq.c	-rw-r--r--	3.7 KB
blk-stat.c	-rw-r--r--	4.6 KB
blk-stat.h	-rw-r--r--	4.6 KB
blk-sysfs.c	-rw-r--r--	26.3 KB
blk-throttle.c	-rw-r--r--	69.2 KB
blk-timeout.c	-rw-r--r--	3.8 KB
blk-wbt.c	-rw-r--r--	19.9 KB
blk-wbt.h	-rw-r--r--	2.9 KB
blk-zoned.c	-rw-r--r--	12.3 KB
blk.h	-rw-r--r--	10.7 KB
bounce.c	-rw-r--r--	9.3 KB
bsg-lib.c	-rw-r--r--	9.8 KB
bsg.c	-rw-r--r--	11.1 KB
cmdline-parser.c	-rw-r--r--	4.9 KB
compat_ioctl.c	-rw-r--r--	11.2 KB
elevator.c	-rw-r--r--	18.9 KB
genhd.c	-rw-r--r--	50.7 KB
ioctl.c	-rw-r--r--	14.6 KB
ioprio.c	-rw-r--r--	5.1 KB
kyber-iosched.c	-rw-r--r--	27.8 KB
mq-deadline.c	-rw-r--r--	20.6 KB
opal_proto.h	-rw-r--r--	9.3 KB
partition-generic.c	-rw-r--r--	15.3 KB
scsi_ioctl.c	-rw-r--r--	22.4 KB
sed-opal.c	-rw-r--r--	62.4 KB
t10-pi.c	-rw-r--r--	7.7 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...