From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net v2] ip6mr: fix stale iterator Date: Wed, 31 Jan 2018 10:34:00 -0500 (EST) Message-ID: <20180131.103400.2134338827807349026.davem@davemloft.net> References: <1517405989-18714-1-git-send-email-nikolay@cumulusnetworks.com> <1517408970-14210-1-git-send-email-nikolay@cumulusnetworks.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, yoshfuji@linux-ipv6.org, syzkaller-bugs@googlegroups.com, bot+eceb3204562c41a438fa1f2335e0fe4f6886d669@syzkaller.appspotmail.com, kuznet@ms2.inr.ac.ru, roopa@cumulusnetworks.com, ebiggers3@gmail.com To: nikolay@cumulusnetworks.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:44968 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932126AbeAaPeC (ORCPT ); Wed, 31 Jan 2018 10:34:02 -0500 In-Reply-To: <1517408970-14210-1-git-send-email-nikolay@cumulusnetworks.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Nikolay Aleksandrov Date: Wed, 31 Jan 2018 16:29:30 +0200 > When we dump the ip6mr mfc entries via proc, we initialize an iterator > with the table to dump but we don't clear the cache pointer which might > be initialized from a prior read on the same descriptor that ended. This > can result in lock imbalance (an unnecessary unlock) leading to other > crashes and hangs. Clear the cache pointer like ipmr does to fix the issue. > Thanks for the reliable reproducer. > > Here's syzbot's trace: ... > Reported-by: syzbot > Signed-off-by: Nikolay Aleksandrov > --- > v2: make sure the trace doesn't ruin the patch > No fixes tag because it seems this has been there forever. Applied and queued up for -stable.