On Wed, Jan 31, 2018 at 3:52 PM, Nikolay Aleksandrov <niko...@cumulusnetworks.com> wrote: > On 31/01/18 16:49, Dmitry Vyukov wrote: >> On Wed, Jan 31, 2018 at 3:29 PM, Nikolay Aleksandrov >> <niko...@cumulusnetworks.com> wrote: >>> When we dump the ip6mr mfc entries via proc, we initialize an iterator >>> with the table to dump but we don't clear the cache pointer which might >>> be initialized from a prior read on the same descriptor that ended. This >>> can result in lock imbalance (an unnecessary unlock) leading to other >>> crashes and hangs. Clear the cache pointer like ipmr does to fix the issue. >>> Thanks for the reliable reproducer. > [snip] >>> Reported-by: syzbot >>> <bot+eceb3204562c41a438fa1f2335e0fe4f6886d...@syzkaller.appspotmail.com> >>> Signed-off-by: Nikolay Aleksandrov <niko...@cumulusnetworks.com> >>> --- >>> v2: make sure the trace doesn't ruin the patch >>> No fixes tag because it seems this has been there forever. >> >> Don't we need to Cc stable 2.6 in this case or something like this. We >> want it to be backported. > > AFAIK Dave takes care of queueing the patches for stable backports and > maintainers get them from his stable queue.
Good to know. Thanks. >>> net/ipv6/ip6mr.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c >>> index a2e1a864eb46..4fc566ec7e79 100644 >>> --- a/net/ipv6/ip6mr.c >>> +++ b/net/ipv6/ip6mr.c >>> @@ -495,6 +495,7 @@ static void *ipmr_mfc_seq_start(struct seq_file *seq, >>> loff_t *pos) >>> return ERR_PTR(-ENOENT); >>> >>> it->mrt = mrt; >>> + it->cache = NULL; >>> return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1) >>> : SEQ_START_TOKEN; >>> } >>> -- >>> 2.1.4 >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "syzkaller-bugs" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to syzkaller-bugs+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/syzkaller-bugs/1517408970-14210-1-git-send-email-nikolay%40cumulusnetworks.com. >>> For more options, visit https://groups.google.com/d/optout. >