From: Nikolay Aleksandrov <niko...@cumulusnetworks.com> Date: Wed, 31 Jan 2018 16:29:30 +0200
> When we dump the ip6mr mfc entries via proc, we initialize an iterator > with the table to dump but we don't clear the cache pointer which might > be initialized from a prior read on the same descriptor that ended. This > can result in lock imbalance (an unnecessary unlock) leading to other > crashes and hangs. Clear the cache pointer like ipmr does to fix the issue. > Thanks for the reliable reproducer. > > Here's syzbot's trace: ... > Reported-by: syzbot > <bot+eceb3204562c41a438fa1f2335e0fe4f6886d...@syzkaller.appspotmail.com> > Signed-off-by: Nikolay Aleksandrov <niko...@cumulusnetworks.com> > --- > v2: make sure the trace doesn't ruin the patch > No fixes tag because it seems this has been there forever. Applied and queued up for -stable.
