bisecting fixing commit since 84f5ad468100f86d70096799e4ee716a17c2962f
building syzkaller on 438e1227121e9d4bbca7b12b6e1b715524d512c2
testing commit 84f5ad468100f86d70096799e4ee716a17c2962f with gcc (GCC) 8.1.0
kernel signature: 9968184ddc959521a974f0dea24579f7a44ba6ee7a45a3cf73109716fba98c3b
all runs: crashed: WARNING: bad unlock balance in gtp_encap_enable_socket
testing current HEAD e0f8b8a65a473a8baa439cf865a694bbeb83fe90
testing commit e0f8b8a65a473a8baa439cf865a694bbeb83fe90 with gcc (GCC) 8.1.0
kernel signature: 1a4fb6749f6a1e88cea1418d5aa386c19a871f721fd260a1bee2ced80343f7fe
all runs: OK
# git bisect start e0f8b8a65a473a8baa439cf865a694bbeb83fe90 84f5ad468100f86d70096799e4ee716a17c2962f
Bisecting: 395 revisions left to test after this (roughly 9 steps)
[e3064d2f21f4a684539384055956605e4dfdc97b] ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
testing commit e3064d2f21f4a684539384055956605e4dfdc97b with gcc (GCC) 8.1.0
kernel signature: b506dc4c046e33a1add6bcc485b275f0c8eefe6c9dbf7a6acebda9042ffd991e
all runs: OK
# git bisect bad e3064d2f21f4a684539384055956605e4dfdc97b
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[d070b8d5701e91dee87603c784cfb2484e5db4e1] RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
testing commit d070b8d5701e91dee87603c784cfb2484e5db4e1 with gcc (GCC) 8.1.0
kernel signature: fbaf31c1aacaebf9e5b55f0ac3853076a1f663248c28e13306767f1df919b0d7
all runs: OK
# git bisect bad d070b8d5701e91dee87603c784cfb2484e5db4e1
Bisecting: 98 revisions left to test after this (roughly 7 steps)
[c7a6c3d2c372a592c975cda98a479287ebd169d1] rfkill: Fix incorrect check to avoid NULL pointer dereference
testing commit c7a6c3d2c372a592c975cda98a479287ebd169d1 with gcc (GCC) 8.1.0
kernel signature: 9e0178b40039386f9e31e9fd654a0612bb94b9e614fcd4746b6c1cb3305bc509
all runs: crashed: WARNING: bad unlock balance in gtp_encap_enable_socket
# git bisect good c7a6c3d2c372a592c975cda98a479287ebd169d1
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[54a5ba5136c188c9d349236cc0a0abc5dc0a899d] can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
testing commit 54a5ba5136c188c9d349236cc0a0abc5dc0a899d with gcc (GCC) 8.1.0
kernel signature: e5fef1cdbf45db92ddddc828744a3172482cd5cdbcf75c6b967bb577f3c59e48
all runs: OK
# git bisect bad 54a5ba5136c188c9d349236cc0a0abc5dc0a899d
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[19716758430e63e0cf6097cdde2a72b6ac28dc75] net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
testing commit 19716758430e63e0cf6097cdde2a72b6ac28dc75 with gcc (GCC) 8.1.0
kernel signature: 1c53a1804e1a43fa4e0965afbf2cfb5d044aa2ce0d43ca93a692036faaf6080a
all runs: OK
# git bisect bad 19716758430e63e0cf6097cdde2a72b6ac28dc75
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[3a8d4b961747e79a9d28e9f7621216045403b2bb] llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
testing commit 3a8d4b961747e79a9d28e9f7621216045403b2bb with gcc (GCC) 8.1.0
kernel signature: 95154cff31b727dd4c42910563c2772ae8b6ffa017866ac86e6a4c79c2783c86
all runs: crashed: WARNING: bad unlock balance in gtp_encap_enable_socket
# git bisect good 3a8d4b961747e79a9d28e9f7621216045403b2bb
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[ae4e8ce0d86159bbba7cfaa44f6276d38b1f2200] mmc: block: Delete mmc_access_rpmb()
testing commit ae4e8ce0d86159bbba7cfaa44f6276d38b1f2200 with gcc (GCC) 8.1.0
kernel signature: 218b56222b3637ead5c34c9440c57db2e7be89bb6cb7c417fa091ae1c164f10e
all runs: crashed: WARNING: bad unlock balance in gtp_encap_enable_socket
# git bisect good ae4e8ce0d86159bbba7cfaa44f6276d38b1f2200
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[0f65291617d4117379ba702130040d2db283c2fb] mmc: block: propagate correct returned value in mmc_rpmb_ioctl
testing commit 0f65291617d4117379ba702130040d2db283c2fb with gcc (GCC) 8.1.0
kernel signature: 4de522d975efdb931fbd910de54985203aa91077b76a6efcfde2c4ac0ee02c26
all runs: crashed: WARNING: bad unlock balance in gtp_encap_enable_socket
# git bisect good 0f65291617d4117379ba702130040d2db283c2fb
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4a953272f2d2db63bba97137b64b3f1770634e00] macvlan: do not assume mac_header is set in macvlan_broadcast()
testing commit 4a953272f2d2db63bba97137b64b3f1770634e00 with gcc (GCC) 8.1.0
kernel signature: d1596fafb1a135008717ed1e73e50f777a46408fe09bb07c07e7d59cd83c8bfd
all runs: OK
# git bisect bad 4a953272f2d2db63bba97137b64b3f1770634e00
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[887b0296a905f8d5cc090ca08d309918fc24bf24] gtp: fix bad unlock balance in gtp_encap_enable_socket
testing commit 887b0296a905f8d5cc090ca08d309918fc24bf24 with gcc (GCC) 8.1.0
kernel signature: 788015f4ae1c417e2a5468adaf87cee0a83aaf164b53309d1122b3856da23a67
all runs: OK
# git bisect bad 887b0296a905f8d5cc090ca08d309918fc24bf24
887b0296a905f8d5cc090ca08d309918fc24bf24 is the first bad commit
commit 887b0296a905f8d5cc090ca08d309918fc24bf24
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon Jan 6 06:45:37 2020 -0800

    gtp: fix bad unlock balance in gtp_encap_enable_socket
    
    [ Upstream commit 90d72256addff9e5f8ad645e8f632750dd1f8935 ]
    
    WARNING: bad unlock balance detected!
    5.5.0-rc5-syzkaller #0 Not tainted
    -------------------------------------
    syz-executor921/9688 is trying to release lock (sk_lock-AF_INET6) at:
    [<ffffffff84bf8506>] gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
    but there are no more locks to release!
    
    other info that might help us debug this:
    2 locks held by syz-executor921/9688:
     #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
     #0: ffffffff8a4d8840 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 net/core/rtnetlink.c:5421
     #1: ffff88809304b560 (slock-AF_INET6){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
     #1: ffff88809304b560 (slock-AF_INET6){+...}, at: release_sock+0x20/0x1c0 net/core/sock.c:2951
    
    stack backtrace:
    CPU: 0 PID: 9688 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:77 [inline]
     dump_stack+0x197/0x210 lib/dump_stack.c:118
     print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline]
     print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984
     __lock_release kernel/locking/lockdep.c:4242 [inline]
     lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4503
     sock_release_ownership include/net/sock.h:1496 [inline]
     release_sock+0x17c/0x1c0 net/core/sock.c:2961
     gtp_encap_enable_socket+0x146/0x400 drivers/net/gtp.c:830
     gtp_encap_enable drivers/net/gtp.c:852 [inline]
     gtp_newlink+0x9fc/0xc60 drivers/net/gtp.c:666
     __rtnl_newlink+0x109e/0x1790 net/core/rtnetlink.c:3305
     rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3363
     rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424
     netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
     rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
     netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
     netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328
     netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
     sock_sendmsg_nosec net/socket.c:639 [inline]
     sock_sendmsg+0xd7/0x130 net/socket.c:659
     ____sys_sendmsg+0x753/0x880 net/socket.c:2330
     ___sys_sendmsg+0x100/0x170 net/socket.c:2384
     __sys_sendmsg+0x105/0x1d0 net/socket.c:2417
     __do_sys_sendmsg net/socket.c:2426 [inline]
     __se_sys_sendmsg net/socket.c:2424 [inline]
     __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424
     do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
     entry_SYSCALL_64_after_hwframe+0x49/0xbe
    RIP: 0033:0x445d49
    Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
    RSP: 002b:00007f8019074db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
    RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445d49
    RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
    RBP: 00000000006dac30 R08: 0000000000000004 R09: 0000000000000000
    R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006dac3c
    R13: 00007ffea687f6bf R14: 00007f80190759c0 R15: 20c49ba5e353f7cf
    
    Fixes: e198987e7dd7 ("gtp: fix suspicious RCU usage")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: syzbot <syzkaller@googlegroups.com>
    Cc: Taehee Yoo <ap420073@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/net/gtp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
culprit signature: 788015f4ae1c417e2a5468adaf87cee0a83aaf164b53309d1122b3856da23a67
parent  signature: 4de522d975efdb931fbd910de54985203aa91077b76a6efcfde2c4ac0ee02c26
revisions tested: 12, total time: 3h18m7.054925464s (build: 1h42m40.993515783s, test: 1h33m56.233231759s)
first good commit: 887b0296a905f8d5cc090ca08d309918fc24bf24 gtp: fix bad unlock balance in gtp_encap_enable_socket
cc: ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org"]