On Thu, 2016-10-06 at 20:50 -0400, David Miller wrote: > From: Anoob Soman <[email protected]> > Date: Wed, 5 Oct 2016 15:12:54 +0100 > > > If a socket has FANOUT sockopt set, a new proto_hook is registered > > as part of fanout_add(). When processing a NETDEV_UNREGISTER event in > > af_packet, __fanout_unlink is called for all sockets, but prot_hook which > > was > > registered as part of fanout_add is not removed. Call fanout_release, on a > > NETDEV_UNREGISTER, which removes prot_hook and removes fanout from the > > fanout_list. > > > > This fixes BUG_ON(!list_empty(&dev->ptype_specific)) in netdev_run_todo() > > > > Signed-off-by: Anoob Soman <[email protected]> > > Applied and queued up for -stable, thanks.
This commit (6664498280cf "packet: call fanout_release, while UNREGISTERING a netdev") looks buggy : We end up calling fanout_release() while holding a spinlock ( spin_lock(&po->bind_lock); ) But fanout_release() grabs a mutex ( mutex_lock(&fanout_mutex) ), and this is absolutely not valid while holding a spinlock. Anoob, can you cook a fix, I guess you have a way to reproduce the thing that wanted a kernel patch ? (Please build your test kernel with CONFIG_LOCKDEP=y) Thanks.
