1. 02 Oct, 2015 2 commits
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-4.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1bca1000
      Linus Torvalds authored
      Pull power management and ACPI fixes from Rafael Wysocki:
       "These are fixes mostly, for a few changes made in this cycle (the
        intel_idle driver, the OPP library, the ACPI EC driver, turbostat) and
        for some issues that have just been discovered (ACPI PCI IRQ
        management, PCI power management documentation, turbostat), with a
        couple of cleanups on top of them.
      
        Specifics:
      
         - intel_idle driver fixup for the recently added Skylake chips
           support (Len Brown).
      
         - Operating Performance Points (OPP) library fix related to the
           recently added support for new DT bindings and a fix for a typo in
           a comment (Viresh Kumar, Stephen Boyd).
      
         - ACPI EC driver fix for a recently introduced memory leak in an
           error code path (Lv Zheng).
      
         - ACPI PCI IRQ management fix for the issue where an ISA IRQ is
           shared with a PCI device which requires it to be configured in a
           different way and may cause an interrupt storm to happen as a
           result with an extra ACPI SCI IRQ handling simplification on top of
           it (Jiang Liu).
      
         - Update of the PCI power management documentation that became
           outdated and started to actively confuse the readers to make it
           actually reflect the code (Rafael J Wysocki).
      
         - turbostat fixes including an IVB Xeon regression fix (related to
           the --debug command line option), Skylake adjustment for the TSC
           running at a frequency that doesn't match the base one exactly, and
           a Knights Landing quirk to account for the fact that it only
           updates APERF and MPERF every 1024 clock cycles plus bumping up the
           turbostat version number (Len Brown, Hubert Chrzaniuk)"
      
      * tag 'pm+acpi-4.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        tools/power turbosat: update version number
        tools/power turbostat: SKL: Adjust for TSC difference from base frequency
        tools/power turbostat: KNL workaround for %Busy and Avg_MHz
        tools/power turbostat: IVB Xeon: fix --debug regression
        ACPI / PCI: Remove duplicated penalty on SCI IRQ
        ACPI, PCI, irq: Do not share PCI IRQ with ISA IRQ
        ACPI / EC: Fix a memory leak issue in acpi_ec_query()
        PM / OPP: Fix typo modifcation -> modification
        PCI / PM: Update runtime PM documentation for PCI devices
        PM / OPP: of_property_count_u32_elems() can return errors
        intel_idle: Skylake Client Support - updated
      1bca1000
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 3deaa4f5
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
      1) Fix regression in SKB partial checksum handling, from Pravin B
         Shalar.
      
      2) Fix VLAN inside of VXLAN handling in i40e driver, from Jesse
         Brandeburg.
      
      3) Cure softlockups during accept() in SCTP, from Karl Heiss.
      
      4) MSG_PEEK should return multiple SKBs worth of data in AF_UNIX, from
         Aaron Conole.
      
      5) IPV6 erroneously ignores output interface specifier in lookup key for
         route lookups, fix from David Ahern.
      
      6) In Marvell DSA driver, forward unknown frames to CPU port, from
         Andrew Lunn.
      
      7) Mission flow flag initializations in some code paths, from David
         Ahern.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        net: Initialize flow flags in input path
        net: dsa: fix preparation of a port STP update
        testptp: Silence compiler warnings on ppc64
        net/mlx4: Handle return codes in mlx4_qp_attach_common
        dsa: mv88e6xxx: Enable forwarding for unknown to the CPU port
        skbuff: Fix skb checksum partial check.
        net: ipv6: Add RT6_LOOKUP_F_IFACE flag if oif is set
        net sysfs: Print link speed as signed integer
        bna: fix error handling
        af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag
        af_unix: Convert the unix_sk macro to an inline function for type safety
        net: sctp: Don't use 64 kilobyte lookup table for four elements
        l2tp: protect tunnel->del_work by ref_count
        net/ibm/emac: bump version numbers for correct work with ethtool
        sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
        sctp: Whitespace fix
        i40e/i40evf: check for stopped admin queue
        i40e: fix VLAN inside VXLAN
        r8169: fix handling rtl_readphy result
        net: hisilicon: fix handling platform_get_irq result
      3deaa4f5
  2. 01 Oct, 2015 13 commits
  3. 30 Sep, 2015 9 commits
  4. 29 Sep, 2015 16 commits
    • Pravin B Shelar's avatar
      skbuff: Fix skb checksum partial check. · 31b33dfb
      Pravin B Shelar authored
      Earlier patch 6ae459bd tried to detect void ckecksum partial
      skb by comparing pull length to checksum offset. But it does
      not work for all cases since checksum-offset depends on
      updates to skb->data.
      
      Following patch fixes it by validating checksum start offset
      after skb-data pointer is updated. Negative value of checksum
      offset start means there is no need to checksum.
      
      Fixes: 6ae459bd ("skbuff: Fix skb checksum flag on skb pull")
      Reported-by: default avatarAndrew Vagin <avagin@odin.com>
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31b33dfb
    • David Ahern's avatar
      net: ipv6: Add RT6_LOOKUP_F_IFACE flag if oif is set · 741a11d9
      David Ahern authored
      Wolfgang reported that IPv6 stack is ignoring oif in output route lookups:
      
          With ipv6, ip -6 route get always returns the specific route.
      
          $ ip -6 r
          2001:db8:e2::1 dev enp2s0  proto kernel  metric 256
          2001:db8:e2::/64 dev enp2s0  metric 1024
          2001:db8:e3::1 dev enp3s0  proto kernel  metric 256
          2001:db8:e3::/64 dev enp3s0  metric 1024
          fe80::/64 dev enp3s0  proto kernel  metric 256
          default via 2001:db8:e3::255 dev enp3s0  metric 1024
      
          $ ip -6 r get 2001:db8:e2::100
          2001:db8:e2::100 from :: dev enp2s0  src 2001:db8:e3::1  metric 0
              cache
      
          $ ip -6 r get 2001:db8:e2::100 oif enp3s0
          2001:db8:e2::100 from :: dev enp2s0  src 2001:db8:e3::1  metric 0
              cache
      
      The stack does consider the oif but a mismatch in rt6_device_match is not
      considered fatal because RT6_LOOKUP_F_IFACE is not set in the flags.
      
      Cc: Wolfgang Nothdurft <netdev@linux-dude.de>
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      741a11d9
    • Alexander Stein's avatar
      net sysfs: Print link speed as signed integer · 75c261b5
      Alexander Stein authored
      Otherwise 4294967295 (MBit/s) (-1) will be printed when there is no link.
      Documentation/ABI/testing/sysfs-class-net does not state if this shall be
      signed or unsigned.
      Also remove the now unused variable fmt_udec.
      Signed-off-by: default avatarAlexander Stein <alexander.stein@systec-electronic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      75c261b5
    • Andrzej Hajda's avatar
      bna: fix error handling · 4c52b1da
      Andrzej Hajda authored
      Several functions can return negative value in case of error,
      so their return type should be fixed as well as type of variables
      to which this value is assigned.
      
      The problem has been detected using proposed semantic patch
      scripts/coccinelle/tests/assign_signed_to_unsigned.cocci [1].
      
      [1]: http://permalink.gmane.org/gmane.linux.kernel/2046107Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c52b1da
    • David S. Miller's avatar
      Merge branch 'af_unix_MSG_PEEK' · 3504bb63
      David S. Miller authored
      Aaron Conole says:
      
      ====================
      af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag
      
      This patch set implements a bugfix for kernel.org bugzilla #12323, allowing
      MSG_PEEK to return all queued data on the unix domain socket, not just the
      data contained in a single SKB.
      
      This is the v3 version of this patch, which includes a suggested modification
      by Eric Dumazet to convert the unix_sk() conversion macro to a static inline
      function. These patches are independent and can be applied separately.
      
      This set was tested over a 24-hour period, utilizing a loop continually
      executing the bugzilla issue attached python code. It was instrumented with
      a pr_err_once() ([   13.798683] unix: went there at least one time).
      
      v2->v3:
       - Added Eric Dumazet's suggestion for #define to static inline
       - Fixed an issue calling unix_state_lock() with an invalid argument
      
      v3->v4:
       - Eliminated an XXX comment
       - Changed from goto unlock to explicit unix_state_unlock() and break
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3504bb63
    • Aaron Conole's avatar
      af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag · 9f389e35
      Aaron Conole authored
      AF_UNIX sockets now return multiple skbs from recv() when MSG_PEEK flag
      is set.
      
      This is referenced in kernel bugzilla #12323 @
      https://bugzilla.kernel.org/show_bug.cgi?id=12323
      
      As described both in the BZ and lkml thread @
      http://lkml.org/lkml/2008/1/8/444 calling recv() with MSG_PEEK on an
      AF_UNIX socket only reads a single skb, where the desired effect is
      to return as much skb data has been queued, until hitting the recv
      buffer size (whichever comes first).
      
      The modified MSG_PEEK path will now move to the next skb in the tree
      and jump to the again: label, rather than following the natural loop
      structure. This requires duplicating some of the loop head actions.
      
      This was tested using the python socketpair python code attached to
      the bugzilla issue.
      Signed-off-by: default avatarAaron Conole <aconole@bytheb.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f389e35
    • Aaron Conole's avatar
      af_unix: Convert the unix_sk macro to an inline function for type safety · 4613012d
      Aaron Conole authored
      As suggested by Eric Dumazet this change replaces the
      #define with a static inline function to enjoy
      complaints by the compiler when misusing the API.
      Signed-off-by: default avatarAaron Conole <aconole@bytheb.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4613012d
    • shengyong's avatar
      UBI: return ENOSPC if no enough space available · 7c7feb2e
      shengyong authored
      UBI: attaching mtd1 to ubi0
      UBI: scanning is finished
      UBI error: init_volumes: not enough PEBs, required 706, available 686
      UBI error: ubi_wl_init: no enough physical eraseblocks (-20, need 1)
      UBI error: ubi_attach_mtd_dev: failed to attach mtd1, error -12 <= NOT ENOMEM
      UBI error: ubi_init: cannot attach mtd1
      
      If available PEBs are not enough when initializing volumes, return -ENOSPC
      directly. If available PEBs are not enough when initializing WL, return
      -ENOSPC instead of -ENOMEM.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarSheng Yong <shengyong1@huawei.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      Reviewed-by: default avatarDavid Gstir <david@sigma-star.at>
      7c7feb2e
    • Richard Weinberger's avatar
      UBI: Validate data_size · 281fda27
      Richard Weinberger authored
      Make sure that data_size is less than LEB size.
      Otherwise a handcrafted UBI image is able to trigger
      an out of bounds memory access in ubi_compare_lebs().
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      Reviewed-by: default avatarDavid Gstir <david@sigma-star.at>
      281fda27
    • Richard Weinberger's avatar
      UBIFS: Kill unneeded locking in ubifs_init_security · cf6f54e3
      Richard Weinberger authored
      Fixes the following lockdep splat:
      [    1.244527] =============================================
      [    1.245193] [ INFO: possible recursive locking detected ]
      [    1.245193] 4.2.0-rc1+ #37 Not tainted
      [    1.245193] ---------------------------------------------
      [    1.245193] cp/742 is trying to acquire lock:
      [    1.245193]  (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff812b3f69>] ubifs_init_security+0x29/0xb0
      [    1.245193]
      [    1.245193] but task is already holding lock:
      [    1.245193]  (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81198e7f>] path_openat+0x3af/0x1280
      [    1.245193]
      [    1.245193] other info that might help us debug this:
      [    1.245193]  Possible unsafe locking scenario:
      [    1.245193]
      [    1.245193]        CPU0
      [    1.245193]        ----
      [    1.245193]   lock(&sb->s_type->i_mutex_key#9);
      [    1.245193]   lock(&sb->s_type->i_mutex_key#9);
      [    1.245193]
      [    1.245193]  *** DEADLOCK ***
      [    1.245193]
      [    1.245193]  May be due to missing lock nesting notation
      [    1.245193]
      [    1.245193] 2 locks held by cp/742:
      [    1.245193]  #0:  (sb_writers#5){.+.+.+}, at: [<ffffffff811ad37f>] mnt_want_write+0x1f/0x50
      [    1.245193]  #1:  (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81198e7f>] path_openat+0x3af/0x1280
      [    1.245193]
      [    1.245193] stack backtrace:
      [    1.245193] CPU: 2 PID: 742 Comm: cp Not tainted 4.2.0-rc1+ #37
      [    1.245193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140816_022509-build35 04/01/2014
      [    1.245193]  ffffffff8252d530 ffff88007b023a38 ffffffff814f6f49 ffffffff810b56c5
      [    1.245193]  ffff88007c30cc80 ffff88007b023af8 ffffffff810a150d ffff88007b023a68
      [    1.245193]  000000008101302a ffff880000000000 00000008f447e23f ffffffff8252d500
      [    1.245193] Call Trace:
      [    1.245193]  [<ffffffff814f6f49>] dump_stack+0x4c/0x65
      [    1.245193]  [<ffffffff810b56c5>] ? console_unlock+0x1c5/0x510
      [    1.245193]  [<ffffffff810a150d>] __lock_acquire+0x1a6d/0x1ea0
      [    1.245193]  [<ffffffff8109fa78>] ? __lock_is_held+0x58/0x80
      [    1.245193]  [<ffffffff810a1a93>] lock_acquire+0xd3/0x270
      [    1.245193]  [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
      [    1.245193]  [<ffffffff814fc83b>] mutex_lock_nested+0x6b/0x3a0
      [    1.245193]  [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
      [    1.245193]  [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
      [    1.245193]  [<ffffffff812b3f69>] ubifs_init_security+0x29/0xb0
      [    1.245193]  [<ffffffff8128e286>] ubifs_create+0xa6/0x1f0
      [    1.245193]  [<ffffffff81198e7f>] ? path_openat+0x3af/0x1280
      [    1.245193]  [<ffffffff81195d15>] vfs_create+0x95/0xc0
      [    1.245193]  [<ffffffff8119929c>] path_openat+0x7cc/0x1280
      [    1.245193]  [<ffffffff8109ffe3>] ? __lock_acquire+0x543/0x1ea0
      [    1.245193]  [<ffffffff81088f20>] ? sched_clock_cpu+0x90/0xc0
      [    1.245193]  [<ffffffff81088c00>] ? calc_global_load_tick+0x60/0x90
      [    1.245193]  [<ffffffff81088f20>] ? sched_clock_cpu+0x90/0xc0
      [    1.245193]  [<ffffffff811a9cef>] ? __alloc_fd+0xaf/0x180
      [    1.245193]  [<ffffffff8119ac55>] do_filp_open+0x75/0xd0
      [    1.245193]  [<ffffffff814ffd86>] ? _raw_spin_unlock+0x26/0x40
      [    1.245193]  [<ffffffff811a9cef>] ? __alloc_fd+0xaf/0x180
      [    1.245193]  [<ffffffff81189bd9>] do_sys_open+0x129/0x200
      [    1.245193]  [<ffffffff81189cc9>] SyS_open+0x19/0x20
      [    1.245193]  [<ffffffff81500717>] entry_SYSCALL_64_fastpath+0x12/0x6f
      
      While the lockdep splat is a false positive, becuase path_openat holds i_mutex
      of the parent directory and ubifs_init_security() tries to acquire i_mutex
      of a new inode, it reveals that taking i_mutex in ubifs_init_security() is
      in vain because it is only being called in the inode allocation path
      and therefore nobody else can see the inode yet.
      
      Cc: stable@vger.kernel.org # 3.20-
      Reported-and-tested-by: default avatarBoris Brezillon <boris.brezillon@free-electrons.com>
      Reviewed-and-tested-by: default avatarDongsheng Yang <yangds.fnst@cn.fujitsu.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      Signed-off-by: dedekind1@gmail.com
      cf6f54e3
    • James Morris's avatar
      Merge tag 'keys-fixes-20150925' of... · 02667151
      James Morris authored
      Merge tag 'keys-fixes-20150925' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into for-linus
      
      Keyrings fixes from David Howells, for current Linus.
      02667151
    • Denys Vlasenko's avatar
      net: sctp: Don't use 64 kilobyte lookup table for four elements · 2103d6b8
      Denys Vlasenko authored
      Seemingly innocuous sctp_trans_state_to_prio_map[] array
      is way bigger than it looks, since
      "[SCTP_UNKNOWN] = 2" expands into "[0xffff] = 2" !
      
      This patch replaces it with switch() statement.
      Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      CC: Vlad Yasevich <vyasevich@gmail.com>
      CC: Neil Horman <nhorman@tuxdriver.com>
      CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      CC: linux-sctp@vger.kernel.org
      CC: netdev@vger.kernel.org
      CC: linux-kernel@vger.kernel.org
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2103d6b8
    • Alexander Couzens's avatar
      l2tp: protect tunnel->del_work by ref_count · 06a15f51
      Alexander Couzens authored
      There is a small chance that tunnel_free() is called before tunnel->del_work scheduled
      resulting in a zero pointer dereference.
      Signed-off-by: default avatarAlexander Couzens <lynxis@fe80.eu>
      Acked-by: default avatarJames Chapman <jchapman@katalix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06a15f51
    • Ivan Mikhaylov's avatar
      net/ibm/emac: bump version numbers for correct work with ethtool · 661dfc65
      Ivan Mikhaylov authored
      The size of the MAC register dump used to be the size specified by the
      reg property in the device tree.  Userland has no good way of finding
      out that size, and it was not specified consistently for each MAC type,
      so ethtool would end up printing junk at the end of the register dump
      if the device tree didn't match the size it assumed.
      
      Using the new version numbers indicates unambiguously that the size of
      the MAC register dump is dependent only on the MAC type.
      
      Fixes: 5369c71f ("net/ibm/emac: fix size of emac dump memory areas")
      Signed-off-by: default avatarIvan Mikhaylov <ivan@ru.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      661dfc65
    • David S. Miller's avatar
      Merge branch 'sctp-accept-deadlock' · 51359bfc
      David S. Miller authored
      Karl Heiss says:
      
      ====================
      sctp: Fix SCTP deadlock
      
      These patches fix a deadlock during accept() of an SCTP connection.
      
      The first patch fixes whitespace issues.
      
      The second patch actually fixes the deadlock race.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      51359bfc
    • Karl Heiss's avatar
      sctp: Prevent soft lockup when sctp_accept() is called during a timeout event · 635682a1
      Karl Heiss authored
      A case can occur when sctp_accept() is called by the user during
      a heartbeat timeout event after the 4-way handshake.  Since
      sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
      bh_sock_lock in sctp_generate_heartbeat_event() will be taken with
      the listening socket but released with the new association socket.
      The result is a deadlock on any future attempts to take the listening
      socket lock.
      
      Note that this race can occur with other SCTP timeouts that take
      the bh_lock_sock() in the event sctp_accept() is called.
      
       BUG: soft lockup - CPU#9 stuck for 67s! [swapper:0]
       ...
       RIP: 0010:[<ffffffff8152d48e>]  [<ffffffff8152d48e>] _spin_lock+0x1e/0x30
       RSP: 0018:ffff880028323b20  EFLAGS: 00000206
       RAX: 0000000000000002 RBX: ffff880028323b20 RCX: 0000000000000000
       RDX: 0000000000000000 RSI: ffff880028323be0 RDI: ffff8804632c4b48
       RBP: ffffffff8100bb93 R08: 0000000000000000 R09: 0000000000000000
       R10: ffff880610662280 R11: 0000000000000100 R12: ffff880028323aa0
       R13: ffff8804383c3880 R14: ffff880028323a90 R15: ffffffff81534225
       FS:  0000000000000000(0000) GS:ffff880028320000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
       CR2: 00000000006df528 CR3: 0000000001a85000 CR4: 00000000000006e0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
       Process swapper (pid: 0, threadinfo ffff880616b70000, task ffff880616b6cab0)
       Stack:
       ffff880028323c40 ffffffffa01c2582 ffff880614cfb020 0000000000000000
       <d> 0100000000000000 00000014383a6c44 ffff8804383c3880 ffff880614e93c00
       <d> ffff880614e93c00 0000000000000000 ffff8804632c4b00 ffff8804383c38b8
       Call Trace:
       <IRQ>
       [<ffffffffa01c2582>] ? sctp_rcv+0x492/0xa10 [sctp]
       [<ffffffff8148c559>] ? nf_iterate+0x69/0xb0
       [<ffffffff814974a0>] ? ip_local_deliver_finish+0x0/0x2d0
       [<ffffffff8148c716>] ? nf_hook_slow+0x76/0x120
       [<ffffffff814974a0>] ? ip_local_deliver_finish+0x0/0x2d0
       [<ffffffff8149757d>] ? ip_local_deliver_finish+0xdd/0x2d0
       [<ffffffff81497808>] ? ip_local_deliver+0x98/0xa0
       [<ffffffff81496ccd>] ? ip_rcv_finish+0x12d/0x440
       [<ffffffff81497255>] ? ip_rcv+0x275/0x350
       [<ffffffff8145cfeb>] ? __netif_receive_skb+0x4ab/0x750
       ...
      
      With lockdep debugging:
      
       =====================================
       [ BUG: bad unlock balance detected! ]
       -------------------------------------
       CslRx/12087 is trying to release lock (slock-AF_INET) at:
       [<ffffffffa01bcae0>] sctp_generate_timeout_event+0x40/0xe0 [sctp]
       but there are no more locks to release!
      
       other info that might help us debug this:
       2 locks held by CslRx/12087:
       #0:  (&asoc->timers[i]){+.-...}, at: [<ffffffff8108ce1f>] run_timer_softirq+0x16f/0x3e0
       #1:  (slock-AF_INET){+.-...}, at: [<ffffffffa01bcac3>] sctp_generate_timeout_event+0x23/0xe0 [sctp]
      
      Ensure the socket taken is also the same one that is released by
      saving a copy of the socket before entering the timeout event
      critical section.
      Signed-off-by: default avatarKarl Heiss <kheiss@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      635682a1