github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
776a81a024
linux/drivers
History
Eric Dumazet 776a81a024 gtp: fix bad unlock balance in gtp_encap_enable_socket 
[ Upstream commit 90d72256ad ]

WARNING: bad unlock balance detected!
5.5.0-rc5-syzkaller #0 Not tainted
-------------------------------------
syz-executor921/9688 is trying to release lock (sk_lock-AF_INET6) at:
[<ffffffff84bf8506>] gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz-executor921/9688:
 #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 net/core/rtnetlink.c:5421
 #1: ffff88809304b560 (slock-AF_INET6){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
 #1: ffff88809304b560 (slock-AF_INET6){+...}, at: release_sock+0x20/0x1c0 net/core/sock.c:2951

stack backtrace:
CPU: 0 PID: 9688 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline]
 print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984
 __lock_release kernel/locking/lockdep.c:4242 [inline]
 lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4503
 sock_release_ownership include/net/sock.h:1496 [inline]
 release_sock+0x17c/0x1c0 net/core/sock.c:2961
 gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
 gtp_encap_enable drivers/net/gtp.c:852 [inline]
 gtp_newlink+0x9fc/0xc60 drivers/net/gtp.c:666
 __rtnl_newlink+0x109e/0x1790 net/core/rtnetlink.c:3305
 rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3363
 rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:659
 ____sys_sendmsg+0x753/0x880 net/socket.c:2330
 ___sys_sendmsg+0x100/0x170 net/socket.c:2384
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg net/socket.c:2424 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445d49
Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8019074db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445d49
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00000000006dac30 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006dac3c
R13: 00007ffea687f6bf R14: 00007f80190759c0 R15: 20c49ba5e353f7cf

Fixes: e198987e7d ("gtp: fix suspicious RCU usage")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-12 12:17:24 +01:00
..
accessibility
acpi ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 2020-01-09 10:19:04 +01:00
amba
android binder: Handle start==NULL in binder_update_page_range() 2019-12-13 08:52:52 +01:00
ata libata: Fix retrieving of active qcs 2020-01-09 10:19:01 +01:00
atm atm: zatm: Fix empty body Clang warnings 2019-12-01 09:16:41 +01:00
auxdisplay
base drivers/base/platform.c: kmemleak ignore a known leak 2019-12-05 09:21:04 +01:00
bcma
block xen/blkback: Avoid unmapping unmapped grant pages 2020-01-09 10:19:09 +01:00
bluetooth Bluetooth: btusb: fix PM leak in error case of setup 2020-01-09 10:19:04 +01:00
bus bus: ti-sysc: Fix getting optional clocks in clock_roles 2019-12-13 08:51:23 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char ipmi: Don't allow device module unload when in use 2019-12-31 16:35:23 +01:00
clk clk: pxa: fix one of the pxa RTC clocks 2020-01-04 19:12:57 +01:00
clocksource clocksource/drivers/timer-of: Use unique device name instead of timer 2020-01-04 19:12:45 +01:00
connector
cpufreq cpufreq: imx6q: read OCOTP through nvmem for imx6ul/imx6ull 2020-01-12 12:17:24 +01:00
cpuidle cpuidle: Do not unset the driver if it is there already 2019-12-17 20:35:00 +01:00
crypto crypto: vmx - Avoid weird build failures 2019-12-31 16:36:13 +01:00
dax
dca
devfreq PM / devfreq: Check NULL governor in available_governors_show 2020-01-09 10:19:03 +01:00
dio
dma dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset 2020-01-04 19:12:38 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 10:57:38 +01:00
edac EDAC/ghes: Fix grain calculation 2019-12-31 16:35:58 +01:00
eisa
extcon extcon: sm5502: Reset registers during initialization 2019-12-31 16:35:11 +01:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware efi/gop: Fix memory leak in __gop_query32/64() 2020-01-12 12:17:08 +01:00
fmc
fpga
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:35:55 +01:00
gnss
gpio gpiolib: fix up emulated open drain outputs 2020-01-09 10:19:01 +01:00
gpu drm/exynos: gsc: add missed component_del 2020-01-12 12:17:21 +01:00
hid HID: i2c-hid: Reset ALPS touchpads on resume 2020-01-09 10:19:03 +01:00
hsi
hv vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
hwmon hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255 2019-11-24 08:21:01 +01:00
hwspinlock
hwtracing intel_th: pci: Add Elkhart Lake SOC support 2019-12-31 16:36:24 +01:00
i2c i2c: imx: don't print error message on probe defer 2019-12-13 08:51:57 +01:00
ide
idle
iio iio: adc: max9611: Fix too short conversion time delay 2020-01-09 10:18:55 +01:00
infiniband IB/mlx5: Fix steering rule of drop and count 2020-01-09 10:18:58 +01:00
input Input: atmel_mxt_ts - disable IRQ across suspend 2020-01-04 19:12:36 +01:00
iommu iommu/iova: Init the struct iova to fix the possible memleak 2020-01-12 12:17:18 +01:00
ipack
irqchip irqchip: ingenic: Error out if IRQ domain creation failed 2020-01-04 19:12:52 +01:00
isdn staging: gigaset: add endpoint-type sanity check 2019-12-17 20:34:33 +01:00
leds leds: lm3692x: Handle failure to probe the regulator 2020-01-04 19:12:43 +01:00
lightnvm lightnvm: pblk: consider max hw sectors supported for max_write_pgs 2019-11-24 08:20:52 +01:00
macintosh macintosh/windfarm_smu_sat: Fix debug output 2019-12-01 09:16:37 +01:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:13:17 +01:00
mcb
md md: raid1: check rdev before reference in raid1_sync_request func 2020-01-09 10:18:57 +01:00
media media: usb: fix memory leak in af9005_identify_state 2020-01-09 10:19:06 +01:00
memory memory: omap-gpmc: Get the header of the enum 2019-12-05 09:20:29 +01:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-29 09:20:07 +01:00
message
mfd mfd: max8997: Enale irq-wakeup unconditionally 2019-12-01 09:16:57 +01:00
misc altera-stapl: check for a null key before strcasecmp'ing it 2019-12-13 08:51:56 +01:00
mmc mmc: sdhci: Add a quirk for broken command queuing 2019-12-31 16:36:36 +01:00
mtd mtd: spear_smi: Fix Write Burst mode 2019-12-17 20:34:42 +01:00
mux
net gtp: fix bad unlock balance in gtp_encap_enable_socket 2020-01-12 12:17:24 +01:00
nfc NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error 2019-12-13 08:51:03 +01:00
ntb ntb: intel: fix return value for ndev_vec_mask() 2019-12-01 09:17:13 +01:00
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:13:00 +01:00
nvme nvme-fc: fix double-free scenarios on hw queues 2020-01-09 10:18:54 +01:00
nvmem nvmem: imx-ocotp: reset error status on probe 2019-12-31 16:35:37 +01:00
of of: unittest: fix memory leak in attach_node_and_children 2019-12-17 20:36:04 +01:00
opp OPP: Return error on error from dev_pm_opp_get_opp_count() 2019-11-24 08:20:06 +01:00
oprofile
parisc
parport parport: load lowlevel driver if ports not found 2019-12-31 16:36:01 +01:00
pci PCI/switchtec: Read all 64 bits of part_event_bitmap 2020-01-12 12:17:24 +01:00
pcmcia
perf
phy phy: qcom-usb-hs: Fix extcon double register after power cycle 2019-12-31 16:35:30 +01:00
pinctrl pinctrl: baytrail: Really serialize all register accesses 2020-01-04 19:13:45 +01:00
platform platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table 2020-01-09 10:19:04 +01:00
pnp
power power: supply: cpcap-battery: Fix signed counter sample register 2019-12-17 20:35:37 +01:00
powercap
pps
ps3
ptp ptp: fix the race between the release of ptp_clock and cdev 2020-01-04 19:13:35 +01:00
pwm pwm: Clear chip_data in pwm_put() 2019-12-05 09:21:29 +01:00
rapidio
ras
regulator regulator: rn5t618: fix module aliases 2020-01-12 12:17:18 +01:00
remoteproc remoteproc: qcom: q6v5: Fix a race condition on fatal crash 2019-11-24 08:20:29 +01:00
reset reset: Fix memory leak in reset_control_array_put() 2019-12-05 09:19:36 +01:00
rpmsg rpmsg: glink: Free pending deferred work on remove 2019-12-21 10:57:30 +01:00
rtc rtc: disable uie before setting time and enable after 2019-12-17 20:35:43 +01:00
s390 s390/dasd: fix memleak in path handling error case 2020-01-12 12:17:22 +01:00
sbus
scsi scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails 2020-01-09 10:19:07 +01:00
sfi
sh
siox
slimbus slimbus: ngd: Fix build error on x86 2019-12-13 08:51:54 +01:00
sn
soc soc: renesas: r8a77990-sysc: Fix initialization order of 3DG-{A,B} 2019-12-13 08:52:29 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:35:55 +01:00
spi spi: spi-ti-qspi: Fix a bug when accessing non default CS 2020-01-12 12:17:12 +01:00
spmi
ssb
staging staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value 2019-12-31 16:36:26 +01:00
target scsi: target: iscsi: Wait for all commands to finish before freeing a session 2020-01-04 19:13:06 +01:00
tc
tee tee: optee: add missing of_node_put after of_device_is_available 2019-11-24 08:19:08 +01:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:52:50 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-12-05 09:21:27 +01:00
tty powerpc/pseries/hvconsole: Fix stack overread via udbg 2020-01-09 10:19:08 +01:00
uio vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
usb USB: dummy-hcd: increase max number of devices to 32 2020-01-12 12:17:04 +01:00
uwb
vfio vfio/pci: call irq_bypass_unregister_producer() before freeing irq 2019-12-21 10:57:37 +01:00
vhost vhost/vsock: accept only packets with the right dst_cid 2020-01-04 19:13:36 +01:00
video video/hdmi: Fix AVI bar unpack 2019-12-17 20:35:17 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-11-06 13:06:04 +01:00
virtio virtio-balloon: fix managed page counts when migrating pages between zones 2019-12-17 20:34:43 +01:00
visorbus
vlynq
vme
w1 w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). 2019-12-01 09:16:22 +01:00
watchdog watchdog: Fix the race between the release of watchdog_core_data and cdev 2020-01-04 19:13:01 +01:00
xen xen/balloon: fix ballooned page accounting without hotplug enabled 2020-01-09 10:18:58 +01:00
zorro
Kconfig
Makefile