WARNING: bad unlock balance in ovl_workdir_create
5 views
Skip to first unread message
syzbot
Mar 9, 2020, 11:34:13 AM3/9/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 78d697fc Linux 4.14.172
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17f4c191e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3484a1ea90b8523a
dashboard link: https://syzkaller.appspot.com/bug?extid=143205c303a525ccf766
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+143205...@syzkaller.appspotmail.com
EXT4-fs error (device sda1): ext4_remount:5193: Abort forced by user
EXT4-fs (sda1): Remounting filesystem read-only
overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.
overlayfs: failed to create directory ./file0/work (errno: 30); mounting read-only
=====================================
WARNING: bad unlock balance detected!
4.14.172-syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/16833 is trying to release lock (sb_writers) at:
[<ffffffff822174d2>] ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
but there are no more locks to release!
other info that might help us debug this:
1 lock held by syz-executor.0/16833:
#0: (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818baa56>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818baa56>] sget_userns+0x556/0xc30 fs/super.c:516
stack backtrace:
CPU: 1 PID: 16833 Comm: syz-executor.0 Not tainted 4.14.172-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
print_unlock_imbalance_bug.cold+0x110/0x11f kernel/locking/lockdep.c:3525
__lock_release kernel/locking/lockdep.c:3765 [inline]
lock_release+0x5e2/0x7f0 kernel/locking/lockdep.c:4013
ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
ovl_fill_super+0x1009/0x265d fs/overlayfs/super.c:988
mount_nodev+0x4c/0xf0 fs/super.c:1180
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x3c0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x3c9/0x24f0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3072
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c4a9
RSP: 002b:00007fb8446aac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fb8446ab6d4 RCX: 000000000045c4a9
RDX: 0000000020000100 RSI: 0000000020000000 RDI: 0000000000400019
RBP: 000000000076bfc0 R08: 0000000020000300 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000755 R14: 00000000004c9d6d R15: 000000000076bfcc
------------[ cut here ]------------
WARNING: CPU: 0 PID: 27940 at fs/namespace.c:1178 cleanup_mnt+0xfc/0x140 fs/namespace.c:1178
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 78d697fc Linux 4.14.172
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17f4c191e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3484a1ea90b8523a
dashboard link: https://syzkaller.appspot.com/bug?extid=143205c303a525ccf766
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+143205...@syzkaller.appspotmail.com
EXT4-fs error (device sda1): ext4_remount:5193: Abort forced by user
EXT4-fs (sda1): Remounting filesystem read-only
overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.
overlayfs: failed to create directory ./file0/work (errno: 30); mounting read-only
=====================================
WARNING: bad unlock balance detected!
4.14.172-syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/16833 is trying to release lock (sb_writers) at:
[<ffffffff822174d2>] ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
but there are no more locks to release!
other info that might help us debug this:
1 lock held by syz-executor.0/16833:
#0: (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818baa56>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818baa56>] sget_userns+0x556/0xc30 fs/super.c:516
stack backtrace:
CPU: 1 PID: 16833 Comm: syz-executor.0 Not tainted 4.14.172-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
print_unlock_imbalance_bug.cold+0x110/0x11f kernel/locking/lockdep.c:3525
__lock_release kernel/locking/lockdep.c:3765 [inline]
lock_release+0x5e2/0x7f0 kernel/locking/lockdep.c:4013
ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
ovl_fill_super+0x1009/0x265d fs/overlayfs/super.c:988
mount_nodev+0x4c/0xf0 fs/super.c:1180
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x3c0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x3c9/0x24f0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3072
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c4a9
RSP: 002b:00007fb8446aac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fb8446ab6d4 RCX: 000000000045c4a9
RDX: 0000000020000100 RSI: 0000000020000000 RDI: 0000000000400019
RBP: 000000000076bfc0 R08: 0000000020000300 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000755 R14: 00000000004c9d6d R15: 000000000076bfcc
------------[ cut here ]------------
WARNING: CPU: 0 PID: 27940 at fs/namespace.c:1178 cleanup_mnt+0xfc/0x140 fs/namespace.c:1178
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 6, 2020, 2:37:12 PM9/6/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages