WARNING: bad unlock balance in ucma_event_handler
14 views
Skip to first unread message
syzbot
Oct 8, 2019, 4:22:08 AM10/8/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 58fce206 Linux 4.19.78
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d6e693600000
kernel config: https://syzkaller.appspot.com/x/.config?x=385b97bfadb400be
dashboard link: https://syzkaller.appspot.com/bug?extid=b703fa607d1fc3f80e5b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b703fa...@syzkaller.appspotmail.com
print_req_error: I/O error, dev nbd0, sector 64
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 2048
=====================================
WARNING: bad unlock balance detected!
4.19.78 #0 Not tainted
-------------------------------------
kworker/u4:8/25804 is trying to release lock (&file->mut) at:
[<ffffffff8502a531>] ucma_event_handler+0x711/0xef0
drivers/infiniband/core/ucma.c:394
but there are no more locks to release!
other info that might help us debug this:
4 locks held by kworker/u4:8/25804:
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 000000009537e01c ((work_completion)(&(&req->work)->work)){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
#2: 00000000e8277d03 (&id_priv->handler_mutex){+.+.}, at:
addr_handler+0xaf/0x3e0 drivers/infiniband/core/cma.c:2873
#3: 000000007749e66f (&file->mut){+.+.}, at: ucma_event_handler+0xb3/0xef0
drivers/infiniband/core/ucma.c:354
stack backtrace:
CPU: 0 PID: 25804 Comm: kworker/u4:8 Not tainted 4.19.78 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_unlock_imbalance_bug kernel/locking/lockdep.c:3464 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3441
__lock_release kernel/locking/lockdep.c:3674 [inline]
lock_release+0x6cd/0xa30 kernel/locking/lockdep.c:3922
__mutex_unlock_slowpath+0x8e/0x6b0 kernel/locking/mutex.c:1197
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713
ucma_event_handler+0x711/0xef0 drivers/infiniband/core/ucma.c:394
addr_handler+0x2f1/0x3e0 drivers/infiniband/core/cma.c:2906
process_one_req+0xfc/0x640 drivers/infiniband/core/addr.c:570
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 4096
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 64
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop2' (00000000551bf7c9): kobject_cleanup, parent
(null)
kobject: 'loop2' (00000000551bf7c9): calling ktype release
kobject: 'loop2': free name
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
UDF-fs: Scanning with blocksize 512 failed
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
kobject: 'loop5' (000000007d6876c3): kobject_uevent_env
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'loop5' (000000007d6876c3): fill_kobj_path: path
= '/devices/virtual/block/loop5'
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'rx-0' (000000007fff931d): kobject_cleanup, parent 00000000c8e22d33
kobject: 'rx-0' (000000007fff931d): auto cleanup 'remove' event
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'rx-0' (000000007fff931d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'rx-0' (000000007fff931d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000007fff931d): auto cleanup kobject_del
kobject: 'rx-0' (000000007fff931d): calling ktype release
kobject: 'rx-0': free name
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (000000003f732eab): kobject_cleanup, parent 00000000c8e22d33
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'tx-0' (000000003f732eab): auto cleanup 'remove' event
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'tx-0' (000000003f732eab): kobject_uevent_env
kobject: 'tx-0' (000000003f732eab): kobject_uevent_env: uevent_suppress
caused the event to drop!
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
kobject: 'tx-0' (000000003f732eab): auto cleanup kobject_del
kobject: 'tx-0' (000000003f732eab): calling ktype release
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'tx-0': free name
kobject: 'loop3' (000000003369e740): kobject_uevent_env
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'queues' (00000000c8e22d33): kobject_cleanup, parent
(null)
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'queues' (00000000c8e22d33): calling ktype release
kobject: 'queues' (00000000c8e22d33): kset_release
kobject: 'queues': free name
kobject: 'ip6gre0' (00000000dc240b16): kobject_uevent_env
kobject: 'ip6gre0' (00000000dc240b16): kobject_uevent_env: uevent_suppress
caused the event to drop!
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'ip6gre0' (00000000dc240b16): kobject_cleanup, parent
(null)
UDF-fs: Scanning with blocksize 4096 failed
kobject: 'ip6gre0' (00000000dc240b16): calling ktype release
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'ip6gre0': free name
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): kobject_cleanup, parent 00000000adb503d1
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'rx-0' (00000000770650f5): auto cleanup 'remove' event
kobject: 'loop5' (000000007d6876c3): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): kobject_uevent_env
kobject: 'loop5' (000000007d6876c3): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'rx-0' (00000000770650f5): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): auto cleanup kobject_del
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (00000000770650f5): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000bba24d99): kobject_cleanup, parent 00000000adb503d1
kobject: 'tx-0' (00000000bba24d99): auto cleanup 'remove' event
kobject: 'tx-0' (00000000bba24d99): kobject_uevent_env
kobject: 'tx-0' (00000000bba24d99): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000bba24d99): auto cleanup kobject_del
kobject: 'tx-0' (00000000bba24d99): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000adb503d1): kobject_cleanup, parent
(null)
kobject: 'queues' (00000000adb503d1): calling ktype release
kobject: 'queues' (00000000adb503d1): kset_release
kobject: 'queues': free name
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_uevent_env
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_cleanup, parent
(null)
kobject: 'ip6tnl0' (00000000c7fd0244): calling ktype release
kobject: 'ip6tnl0': free name
kobject: 'rx-0' (000000005a9a08ec): kobject_cleanup, parent 0000000056ca2194
kobject: 'rx-0' (000000005a9a08ec): auto cleanup 'remove' event
kobject: 'rx-0' (000000005a9a08ec): kobject_uevent_env
kobject: 'rx-0' (000000005a9a08ec): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000005a9a08ec): auto cleanup kobject_del
kobject: 'rx-0' (000000005a9a08ec): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000eb69ba72): kobject_cleanup, parent 0000000056ca2194
kobject: 'tx-0' (00000000eb69ba72): auto cleanup 'remove' event
kobject: 'tx-0' (00000000eb69ba72): kobject_uevent_env
kobject: 'tx-0' (00000000eb69ba72): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000eb69ba72): auto cleanup kobject_del
kobject: 'tx-0' (00000000eb69ba72): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (0000000056ca2194): kobject_cleanup, parent
(null)
kobject: 'queues' (0000000056ca2194): calling ktype release
kobject: 'queues' (0000000056ca2194): kset_release
kobject: 'queues': free name
kobject: 'sit0' (00000000cc614e35): kobject_uevent_env
kobject: 'sit0' (00000000cc614e35): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'sit0' (00000000cc614e35): kobject_cleanup, parent (null)
kobject: 'sit0' (00000000cc614e35): calling ktype release
kobject: 'sit0': free name
kobject: 'rx-0' (0000000006daf758): kobject_cleanup, parent 00000000d0811bc9
kobject: 'rx-0' (0000000006daf758): auto cleanup 'remove' event
kobject: 'rx-0' (0000000006daf758): kobject_uevent_env
kobject: 'rx-0' (0000000006daf758): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (0000000006daf758): auto cleanup kobject_del
kobject: 'rx-0' (0000000006daf758): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000e5575d4b): kobject_cleanup, parent 00000000d0811bc9
kobject: 'tx-0' (00000000e5575d4b): auto cleanup 'remove' event
kobject: 'tx-0' (00000000e5575d4b): kobject_uevent_env
kobject: 'tx-0' (00000000e5575d4b): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000e5575d4b): auto cleanup kobject_del
kobject: 'tx-0' (00000000e5575d4b): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000d0811bc9): kobject_cleanup, parent
(null)
kobject: 'queues' (00000000d0811bc9): calling ktype release
kobject: 'queues' (00000000d0811bc9): kset_release
kobject: 'queues': free name
kobject: 'ip6_vti0' (0000000065525e5f): kobject_uevent_env
kobject: 'ip6_vti0' (0000000065525e5f): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'ip6_vti0' (0000000065525e5f): kobject_cleanup, parent
(null)
kobject: 'ip6_vti0' (0000000065525e5f): calling ktype release
kobject: 'ip6_vti0': free name
kobject: 'rx-0' (000000008415cebd): kobject_cleanup, parent 000000000f27179f
kobject: 'rx-0' (000000008415cebd): auto cleanup 'remove' event
kobject: 'rx-0' (000000008415cebd): kobject_uevent_env
kobject: 'rx-0' (000000008415cebd): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000008415cebd): auto cleanup kobject_del
kobject: 'rx-0' (000000008415cebd): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000009c5413c3): kobject_cleanup, parent 000000000f27179f
kobject: 'tx-0' (000000009c5413c3): auto cleanup 'remove' event
kobject: 'tx-0' (000000009c5413c3): kobject_uevent_env
kobject: 'tx-0' (000000009c5413c3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000009c5413c3): auto cleanup kobject_del
kobject: 'tx-0' (000000009c5413c3): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000000f27179f): kobject_cleanup, parent
(null)
kobject: 'queues' (000000000f27179f): calling ktype release
kobject: 'queues' (000000000f27179f): kset_release
kobject: 'queues': free name
kobject: 'ip_vti0' (0000000034a89301): kobject_uevent_env
kobject: 'ip_vti0' (0000000034a89301): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'ip_vti0' (0000000034a89301): kobject_cleanup, parent
(null)
kobject: 'ip_vti0' (0000000034a89301): calling ktype release
kobject: 'ip_vti0': free name
kobject: 'batman_adv' (0000000028c4b300): kobject_uevent_env
kobject: 'batman_adv' (0000000028c4b300): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (0000000028c4b300): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (0000000028c4b300): calling ktype release
kobject: (0000000028c4b300): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (00000000155afab5): kobject_cleanup, parent 000000003e068c7f
kobject: 'rx-0' (00000000155afab5): auto cleanup 'remove' event
kobject: 'rx-0' (00000000155afab5): kobject_uevent_env
kobject: 'rx-0' (00000000155afab5): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000155afab5): auto cleanup kobject_del
kobject: 'rx-0' (00000000155afab5): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000002c24ee2a): kobject_cleanup, parent 000000003e068c7f
kobject: 'tx-0' (000000002c24ee2a): auto cleanup 'remove' event
kobject: 'tx-0' (000000002c24ee2a): kobject_uevent_env
kobject: 'tx-0' (000000002c24ee2a): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000002c24ee2a): auto cleanup kobject_del
kobject: 'tx-0' (000000002c24ee2a): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000003e068c7f): kobject_cleanup, parent
(null)
kobject: 'queues' (000000003e068c7f): calling ktype release
kobject: 'queues' (000000003e068c7f): kset_release
kobject: 'queues': free name
kobject: 'erspan0' (00000000ecb566f3): kobject_uevent_env
kobject: 'erspan0' (00000000ecb566f3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'erspan0' (00000000ecb566f3): kobject_cleanup, parent
(null)
kobject: 'erspan0' (00000000ecb566f3): calling ktype release
kobject: 'erspan0': free name
kobject: 'batman_adv' (00000000ff9934af): kobject_uevent_env
kobject: 'batman_adv' (00000000ff9934af): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (00000000ff9934af): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (00000000ff9934af): calling ktype release
kobject: (00000000ff9934af): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (00000000d8bbd9c4): kobject_cleanup, parent 000000005b905095
kobject: 'rx-0' (00000000d8bbd9c4): auto cleanup 'remove' event
kobject: 'rx-0' (00000000d8bbd9c4): kobject_uevent_env
kobject: 'rx-0' (00000000d8bbd9c4): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000d8bbd9c4): auto cleanup kobject_del
kobject: 'rx-0' (00000000d8bbd9c4): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (0000000070e6ae24): kobject_cleanup, parent 000000005b905095
kobject: 'tx-0' (0000000070e6ae24): auto cleanup 'remove' event
kobject: 'tx-0' (0000000070e6ae24): kobject_uevent_env
kobject: 'tx-0' (0000000070e6ae24): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (0000000070e6ae24): auto cleanup kobject_del
kobject: 'tx-0' (0000000070e6ae24): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000005b905095): kobject_cleanup, parent
(null)
kobject: 'queues' (000000005b905095): calling ktype release
kobject: 'queues' (000000005b905095): kset_release
kobject: 'queues': free name
kobject: 'gretap0' (00000000eb9678a3): kobject_uevent_env
kobject: 'gretap0' (00000000eb9678a3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'gretap0' (00000000eb9678a3): kobject_cleanup, parent
(null)
kobject: 'gretap0' (00000000eb9678a3): calling ktype release
kobject: 'gretap0': free name
kobject: 'rx-0' (000000000698b525): kobject_cleanup, parent 000000002b86a53e
kobject: 'rx-0' (000000000698b525): auto cleanup 'remove' event
kobject: 'rx-0' (000000000698b525): kobject_uevent_env
kobject: 'rx-0' (000000000698b525): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000000698b525): auto cleanup kobject_del
kobject: 'rx-0' (000000000698b525): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000009cba555d): kobject_cleanup, parent 000000002b86a53e
kobject: 'tx-0' (000000009cba555d): auto cleanup 'remove' event
kobject: 'tx-0' (000000009cba555d): kobject_uevent_env
kobject: 'tx-0' (000000009cba555d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000009cba555d): auto cleanup kobject_del
kobject: 'tx-0' (000000009cba555d): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000002b86a53e): kobject_cleanup, parent
(null)
kobject: 'queues' (000000002b86a53e): calling ktype release
kobject: 'queues' (000000002b86a53e): kset_release
kobject: 'queues': free name
kobject: 'gre0' (00000000c61bdc2d): kobject_uevent_env
kobject: 'gre0' (00000000c61bdc2d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'gre0' (00000000c61bdc2d): kobject_cleanup, parent (null)
kobject: 'gre0' (00000000c61bdc2d): calling ktype release
kobject: 'gre0': free name
kobject: 'rx-0' (000000006517f1b9): kobject_cleanup, parent 0000000072dd3214
kobject: 'rx-0' (000000006517f1b9): auto cleanup 'remove' event
kobject: 'rx-0' (000000006517f1b9): kobject_uevent_env
kobject: 'rx-0' (000000006517f1b9): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000006517f1b9): auto cleanup kobject_del
kobject: 'rx-0' (000000006517f1b9): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000008e369f24): kobject_cleanup, parent 0000000072dd3214
kobject: 'tx-0' (000000008e369f24): auto cleanup 'remove' event
kobject: 'tx-0' (000000008e369f24): kobject_uevent_env
kobject: 'tx-0' (000000008e369f24): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000008e369f24): auto cleanup kobject_del
kobject: 'tx-0' (000000008e369f24): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (0000000072dd3214): kobject_cleanup, parent
(null)
kobject: 'queues' (0000000072dd3214): calling ktype release
kobject: 'queues' (0000000072dd3214): kset_release
kobject: 'queues': free name
kobject: 'tunl0' (000000005001c172): kobject_uevent_env
kobject: 'tunl0' (000000005001c172): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tunl0' (000000005001c172): kobject_cleanup, parent
(null)
kobject: 'tunl0' (000000005001c172): calling ktype release
kobject: 'tunl0': free name
kobject: 'rx-0' (000000000fba1731): kobject_cleanup, parent 000000005170b098
kobject: 'rx-0' (000000000fba1731): auto cleanup 'remove' event
kobject: 'rx-0' (000000000fba1731): kobject_uevent_env
kobject: 'rx-0' (000000000fba1731): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000000fba1731): auto cleanup kobject_del
kobject: 'rx-0' (000000000fba1731): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000590e4d94): kobject_cleanup, parent 000000005170b098
kobject: 'tx-0' (00000000590e4d94): auto cleanup 'remove' event
kobject: 'tx-0' (00000000590e4d94): kobject_uevent_env
kobject: 'tx-0' (00000000590e4d94): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000590e4d94): auto cleanup kobject_del
kobject: 'tx-0' (00000000590e4d94): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000005170b098): kobject_cleanup, parent
(null)
kobject: 'queues' (000000005170b098): calling ktype release
kobject: 'queues' (000000005170b098): kset_release
kobject: 'queues': free name
kobject: 'lo' (000000005f4338bc): kobject_uevent_env
kobject: 'lo' (000000005f4338bc): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'lo' (000000005f4338bc): kobject_cleanup, parent (null)
kobject: 'lo' (000000005f4338bc): calling ktype release
kobject: 'lo': free name
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 58fce206 Linux 4.19.78
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d6e693600000
kernel config: https://syzkaller.appspot.com/x/.config?x=385b97bfadb400be
dashboard link: https://syzkaller.appspot.com/bug?extid=b703fa607d1fc3f80e5b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b703fa...@syzkaller.appspotmail.com
print_req_error: I/O error, dev nbd0, sector 64
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 2048
=====================================
WARNING: bad unlock balance detected!
4.19.78 #0 Not tainted
-------------------------------------
kworker/u4:8/25804 is trying to release lock (&file->mut) at:
[<ffffffff8502a531>] ucma_event_handler+0x711/0xef0
drivers/infiniband/core/ucma.c:394
but there are no more locks to release!
other info that might help us debug this:
4 locks held by kworker/u4:8/25804:
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000365c56a5 ((wq_completion)"ib_addr"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 000000009537e01c ((work_completion)(&(&req->work)->work)){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
#2: 00000000e8277d03 (&id_priv->handler_mutex){+.+.}, at:
addr_handler+0xaf/0x3e0 drivers/infiniband/core/cma.c:2873
#3: 000000007749e66f (&file->mut){+.+.}, at: ucma_event_handler+0xb3/0xef0
drivers/infiniband/core/ucma.c:354
stack backtrace:
CPU: 0 PID: 25804 Comm: kworker/u4:8 Not tainted 4.19.78 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_unlock_imbalance_bug kernel/locking/lockdep.c:3464 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3441
__lock_release kernel/locking/lockdep.c:3674 [inline]
lock_release+0x6cd/0xa30 kernel/locking/lockdep.c:3922
__mutex_unlock_slowpath+0x8e/0x6b0 kernel/locking/mutex.c:1197
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713
ucma_event_handler+0x711/0xef0 drivers/infiniband/core/ucma.c:394
addr_handler+0x2f1/0x3e0 drivers/infiniband/core/cma.c:2906
process_one_req+0xfc/0x640 drivers/infiniband/core/addr.c:570
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 4096
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 64
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop2' (00000000551bf7c9): kobject_cleanup, parent
(null)
kobject: 'loop2' (00000000551bf7c9): calling ktype release
kobject: 'loop2': free name
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
UDF-fs: Scanning with blocksize 512 failed
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
kobject: 'loop5' (000000007d6876c3): kobject_uevent_env
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'loop5' (000000007d6876c3): fill_kobj_path: path
= '/devices/virtual/block/loop5'
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'rx-0' (000000007fff931d): kobject_cleanup, parent 00000000c8e22d33
kobject: 'rx-0' (000000007fff931d): auto cleanup 'remove' event
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'rx-0' (000000007fff931d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'rx-0' (000000007fff931d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000007fff931d): auto cleanup kobject_del
kobject: 'rx-0' (000000007fff931d): calling ktype release
kobject: 'rx-0': free name
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (000000003f732eab): kobject_cleanup, parent 00000000c8e22d33
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'tx-0' (000000003f732eab): auto cleanup 'remove' event
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'tx-0' (000000003f732eab): kobject_uevent_env
kobject: 'tx-0' (000000003f732eab): kobject_uevent_env: uevent_suppress
caused the event to drop!
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
kobject: 'tx-0' (000000003f732eab): auto cleanup kobject_del
kobject: 'tx-0' (000000003f732eab): calling ktype release
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
kobject: 'tx-0': free name
kobject: 'loop3' (000000003369e740): kobject_uevent_env
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
kobject: 'queues' (00000000c8e22d33): kobject_cleanup, parent
(null)
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
kobject: 'loop1' (00000000c3b3d90d): kobject_uevent_env
kobject: 'loop1' (00000000c3b3d90d): fill_kobj_path: path
= '/devices/virtual/block/loop1'
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'queues' (00000000c8e22d33): calling ktype release
kobject: 'queues' (00000000c8e22d33): kset_release
kobject: 'queues': free name
kobject: 'ip6gre0' (00000000dc240b16): kobject_uevent_env
kobject: 'ip6gre0' (00000000dc240b16): kobject_uevent_env: uevent_suppress
caused the event to drop!
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256,
location=256
UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512,
location=512
UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
kobject: 'ip6gre0' (00000000dc240b16): kobject_cleanup, parent
(null)
UDF-fs: Scanning with blocksize 4096 failed
kobject: 'ip6gre0' (00000000dc240b16): calling ktype release
UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
kobject: 'ip6gre0': free name
kobject: 'loop2' (00000000334db80d): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): kobject_cleanup, parent 00000000adb503d1
kobject: 'loop2' (00000000334db80d): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'rx-0' (00000000770650f5): auto cleanup 'remove' event
kobject: 'loop5' (000000007d6876c3): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): kobject_uevent_env
kobject: 'loop5' (000000007d6876c3): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'rx-0' (00000000770650f5): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop0' (0000000040a7c88d): kobject_uevent_env
kobject: 'rx-0' (00000000770650f5): auto cleanup kobject_del
kobject: 'loop0' (0000000040a7c88d): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (00000000770650f5): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000bba24d99): kobject_cleanup, parent 00000000adb503d1
kobject: 'tx-0' (00000000bba24d99): auto cleanup 'remove' event
kobject: 'tx-0' (00000000bba24d99): kobject_uevent_env
kobject: 'tx-0' (00000000bba24d99): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000bba24d99): auto cleanup kobject_del
kobject: 'tx-0' (00000000bba24d99): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000adb503d1): kobject_cleanup, parent
(null)
kobject: 'queues' (00000000adb503d1): calling ktype release
kobject: 'queues' (00000000adb503d1): kset_release
kobject: 'queues': free name
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_uevent_env
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (000000003369e740): kobject_uevent_env
kobject: 'loop3' (000000003369e740): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'ip6tnl0' (00000000c7fd0244): kobject_cleanup, parent
(null)
kobject: 'ip6tnl0' (00000000c7fd0244): calling ktype release
kobject: 'ip6tnl0': free name
kobject: 'rx-0' (000000005a9a08ec): kobject_cleanup, parent 0000000056ca2194
kobject: 'rx-0' (000000005a9a08ec): auto cleanup 'remove' event
kobject: 'rx-0' (000000005a9a08ec): kobject_uevent_env
kobject: 'rx-0' (000000005a9a08ec): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000005a9a08ec): auto cleanup kobject_del
kobject: 'rx-0' (000000005a9a08ec): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000eb69ba72): kobject_cleanup, parent 0000000056ca2194
kobject: 'tx-0' (00000000eb69ba72): auto cleanup 'remove' event
kobject: 'tx-0' (00000000eb69ba72): kobject_uevent_env
kobject: 'tx-0' (00000000eb69ba72): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000eb69ba72): auto cleanup kobject_del
kobject: 'tx-0' (00000000eb69ba72): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (0000000056ca2194): kobject_cleanup, parent
(null)
kobject: 'queues' (0000000056ca2194): calling ktype release
kobject: 'queues' (0000000056ca2194): kset_release
kobject: 'queues': free name
kobject: 'sit0' (00000000cc614e35): kobject_uevent_env
kobject: 'sit0' (00000000cc614e35): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'sit0' (00000000cc614e35): kobject_cleanup, parent (null)
kobject: 'sit0' (00000000cc614e35): calling ktype release
kobject: 'sit0': free name
kobject: 'rx-0' (0000000006daf758): kobject_cleanup, parent 00000000d0811bc9
kobject: 'rx-0' (0000000006daf758): auto cleanup 'remove' event
kobject: 'rx-0' (0000000006daf758): kobject_uevent_env
kobject: 'rx-0' (0000000006daf758): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (0000000006daf758): auto cleanup kobject_del
kobject: 'rx-0' (0000000006daf758): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000e5575d4b): kobject_cleanup, parent 00000000d0811bc9
kobject: 'tx-0' (00000000e5575d4b): auto cleanup 'remove' event
kobject: 'tx-0' (00000000e5575d4b): kobject_uevent_env
kobject: 'tx-0' (00000000e5575d4b): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000e5575d4b): auto cleanup kobject_del
kobject: 'tx-0' (00000000e5575d4b): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000d0811bc9): kobject_cleanup, parent
(null)
kobject: 'queues' (00000000d0811bc9): calling ktype release
kobject: 'queues' (00000000d0811bc9): kset_release
kobject: 'queues': free name
kobject: 'ip6_vti0' (0000000065525e5f): kobject_uevent_env
kobject: 'ip6_vti0' (0000000065525e5f): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'ip6_vti0' (0000000065525e5f): kobject_cleanup, parent
(null)
kobject: 'ip6_vti0' (0000000065525e5f): calling ktype release
kobject: 'ip6_vti0': free name
kobject: 'rx-0' (000000008415cebd): kobject_cleanup, parent 000000000f27179f
kobject: 'rx-0' (000000008415cebd): auto cleanup 'remove' event
kobject: 'rx-0' (000000008415cebd): kobject_uevent_env
kobject: 'rx-0' (000000008415cebd): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000008415cebd): auto cleanup kobject_del
kobject: 'rx-0' (000000008415cebd): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000009c5413c3): kobject_cleanup, parent 000000000f27179f
kobject: 'tx-0' (000000009c5413c3): auto cleanup 'remove' event
kobject: 'tx-0' (000000009c5413c3): kobject_uevent_env
kobject: 'tx-0' (000000009c5413c3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000009c5413c3): auto cleanup kobject_del
kobject: 'tx-0' (000000009c5413c3): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000000f27179f): kobject_cleanup, parent
(null)
kobject: 'queues' (000000000f27179f): calling ktype release
kobject: 'queues' (000000000f27179f): kset_release
kobject: 'queues': free name
kobject: 'ip_vti0' (0000000034a89301): kobject_uevent_env
kobject: 'ip_vti0' (0000000034a89301): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'ip_vti0' (0000000034a89301): kobject_cleanup, parent
(null)
kobject: 'ip_vti0' (0000000034a89301): calling ktype release
kobject: 'ip_vti0': free name
kobject: 'batman_adv' (0000000028c4b300): kobject_uevent_env
kobject: 'batman_adv' (0000000028c4b300): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (0000000028c4b300): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (0000000028c4b300): calling ktype release
kobject: (0000000028c4b300): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (00000000155afab5): kobject_cleanup, parent 000000003e068c7f
kobject: 'rx-0' (00000000155afab5): auto cleanup 'remove' event
kobject: 'rx-0' (00000000155afab5): kobject_uevent_env
kobject: 'rx-0' (00000000155afab5): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000155afab5): auto cleanup kobject_del
kobject: 'rx-0' (00000000155afab5): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000002c24ee2a): kobject_cleanup, parent 000000003e068c7f
kobject: 'tx-0' (000000002c24ee2a): auto cleanup 'remove' event
kobject: 'tx-0' (000000002c24ee2a): kobject_uevent_env
kobject: 'tx-0' (000000002c24ee2a): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000002c24ee2a): auto cleanup kobject_del
kobject: 'tx-0' (000000002c24ee2a): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000003e068c7f): kobject_cleanup, parent
(null)
kobject: 'queues' (000000003e068c7f): calling ktype release
kobject: 'queues' (000000003e068c7f): kset_release
kobject: 'queues': free name
kobject: 'erspan0' (00000000ecb566f3): kobject_uevent_env
kobject: 'erspan0' (00000000ecb566f3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'erspan0' (00000000ecb566f3): kobject_cleanup, parent
(null)
kobject: 'erspan0' (00000000ecb566f3): calling ktype release
kobject: 'erspan0': free name
kobject: 'batman_adv' (00000000ff9934af): kobject_uevent_env
kobject: 'batman_adv' (00000000ff9934af): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (00000000ff9934af): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (00000000ff9934af): calling ktype release
kobject: (00000000ff9934af): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (00000000d8bbd9c4): kobject_cleanup, parent 000000005b905095
kobject: 'rx-0' (00000000d8bbd9c4): auto cleanup 'remove' event
kobject: 'rx-0' (00000000d8bbd9c4): kobject_uevent_env
kobject: 'rx-0' (00000000d8bbd9c4): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000d8bbd9c4): auto cleanup kobject_del
kobject: 'rx-0' (00000000d8bbd9c4): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (0000000070e6ae24): kobject_cleanup, parent 000000005b905095
kobject: 'tx-0' (0000000070e6ae24): auto cleanup 'remove' event
kobject: 'tx-0' (0000000070e6ae24): kobject_uevent_env
kobject: 'tx-0' (0000000070e6ae24): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (0000000070e6ae24): auto cleanup kobject_del
kobject: 'tx-0' (0000000070e6ae24): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000005b905095): kobject_cleanup, parent
(null)
kobject: 'queues' (000000005b905095): calling ktype release
kobject: 'queues' (000000005b905095): kset_release
kobject: 'queues': free name
kobject: 'gretap0' (00000000eb9678a3): kobject_uevent_env
kobject: 'gretap0' (00000000eb9678a3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'gretap0' (00000000eb9678a3): kobject_cleanup, parent
(null)
kobject: 'gretap0' (00000000eb9678a3): calling ktype release
kobject: 'gretap0': free name
kobject: 'rx-0' (000000000698b525): kobject_cleanup, parent 000000002b86a53e
kobject: 'rx-0' (000000000698b525): auto cleanup 'remove' event
kobject: 'rx-0' (000000000698b525): kobject_uevent_env
kobject: 'rx-0' (000000000698b525): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000000698b525): auto cleanup kobject_del
kobject: 'rx-0' (000000000698b525): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000009cba555d): kobject_cleanup, parent 000000002b86a53e
kobject: 'tx-0' (000000009cba555d): auto cleanup 'remove' event
kobject: 'tx-0' (000000009cba555d): kobject_uevent_env
kobject: 'tx-0' (000000009cba555d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000009cba555d): auto cleanup kobject_del
kobject: 'tx-0' (000000009cba555d): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000002b86a53e): kobject_cleanup, parent
(null)
kobject: 'queues' (000000002b86a53e): calling ktype release
kobject: 'queues' (000000002b86a53e): kset_release
kobject: 'queues': free name
kobject: 'gre0' (00000000c61bdc2d): kobject_uevent_env
kobject: 'gre0' (00000000c61bdc2d): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'gre0' (00000000c61bdc2d): kobject_cleanup, parent (null)
kobject: 'gre0' (00000000c61bdc2d): calling ktype release
kobject: 'gre0': free name
kobject: 'rx-0' (000000006517f1b9): kobject_cleanup, parent 0000000072dd3214
kobject: 'rx-0' (000000006517f1b9): auto cleanup 'remove' event
kobject: 'rx-0' (000000006517f1b9): kobject_uevent_env
kobject: 'rx-0' (000000006517f1b9): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000006517f1b9): auto cleanup kobject_del
kobject: 'rx-0' (000000006517f1b9): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000008e369f24): kobject_cleanup, parent 0000000072dd3214
kobject: 'tx-0' (000000008e369f24): auto cleanup 'remove' event
kobject: 'tx-0' (000000008e369f24): kobject_uevent_env
kobject: 'tx-0' (000000008e369f24): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000008e369f24): auto cleanup kobject_del
kobject: 'tx-0' (000000008e369f24): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (0000000072dd3214): kobject_cleanup, parent
(null)
kobject: 'queues' (0000000072dd3214): calling ktype release
kobject: 'queues' (0000000072dd3214): kset_release
kobject: 'queues': free name
kobject: 'tunl0' (000000005001c172): kobject_uevent_env
kobject: 'tunl0' (000000005001c172): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tunl0' (000000005001c172): kobject_cleanup, parent
(null)
kobject: 'tunl0' (000000005001c172): calling ktype release
kobject: 'tunl0': free name
kobject: 'rx-0' (000000000fba1731): kobject_cleanup, parent 000000005170b098
kobject: 'rx-0' (000000000fba1731): auto cleanup 'remove' event
kobject: 'rx-0' (000000000fba1731): kobject_uevent_env
kobject: 'rx-0' (000000000fba1731): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (000000000fba1731): auto cleanup kobject_del
kobject: 'rx-0' (000000000fba1731): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000590e4d94): kobject_cleanup, parent 000000005170b098
kobject: 'tx-0' (00000000590e4d94): auto cleanup 'remove' event
kobject: 'tx-0' (00000000590e4d94): kobject_uevent_env
kobject: 'tx-0' (00000000590e4d94): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (00000000590e4d94): auto cleanup kobject_del
kobject: 'tx-0' (00000000590e4d94): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000005170b098): kobject_cleanup, parent
(null)
kobject: 'queues' (000000005170b098): calling ktype release
kobject: 'queues' (000000005170b098): kset_release
kobject: 'queues': free name
kobject: 'lo' (000000005f4338bc): kobject_uevent_env
kobject: 'lo' (000000005f4338bc): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'lo' (000000005f4338bc): kobject_cleanup, parent (null)
kobject: 'lo' (000000005f4338bc): calling ktype release
kobject: 'lo': free name
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 2, 2020, 12:05:08 AM1/2/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: c7ecf3e3 Linux 4.19.92
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13d6b98ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f1b833aa58e7216b
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d2963ee00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b703fa...@syzkaller.appspotmail.com
audit: type=1400 audit(1577941332.011:36): avc: denied { map } for
pid=7724 comm="syz-executor251" path="/root/syz-executor251409847"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
-------------------------------------
kworker/u4:3/184 is trying to release lock (&file->mut) at:
[<ffffffff85564cf1>] ucma_event_handler+0x711/0xef0
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 000000004776d5af ((work_completion)(&(&req->work)->work)){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
#2: 0000000097e2b64c (&id_priv->handler_mutex){+.+.}, at:
addr_handler+0xaf/0x3e0 drivers/infiniband/core/cma.c:2874
#3: 00000000b74af1e5 (&file->mut){+.+.}, at: ucma_event_handler+0xb3/0xef0
drivers/infiniband/core/ucma.c:354
stack backtrace:
CPU: 0 PID: 184 Comm: kworker/u4:3 Not tainted 4.19.92-syzkaller #0
HEAD commit: c7ecf3e3 Linux 4.19.92
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13d6b98ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f1b833aa58e7216b
dashboard link: https://syzkaller.appspot.com/bug?extid=b703fa607d1fc3f80e5b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15715e49e00000
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d2963ee00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b703fa...@syzkaller.appspotmail.com
pid=7724 comm="syz-executor251" path="/root/syz-executor251409847"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
=====================================
WARNING: bad unlock balance detected!
4.19.92-syzkaller #0 Not tainted
WARNING: bad unlock balance detected!
-------------------------------------
kworker/u4:3/184 is trying to release lock (&file->mut) at:
[<ffffffff85564cf1>] ucma_event_handler+0x711/0xef0
drivers/infiniband/core/ucma.c:394
but there are no more locks to release!
other info that might help us debug this:
4 locks held by kworker/u4:3/184:
but there are no more locks to release!
other info that might help us debug this:
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000086f9aafc ((wq_completion)"ib_addr"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 000000004776d5af ((work_completion)(&(&req->work)->work)){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
#2: 0000000097e2b64c (&id_priv->handler_mutex){+.+.}, at:
addr_handler+0xaf/0x3e0 drivers/infiniband/core/cma.c:2874
#3: 00000000b74af1e5 (&file->mut){+.+.}, at: ucma_event_handler+0xb3/0xef0
drivers/infiniband/core/ucma.c:354
stack backtrace:
CPU: 0 PID: 184 Comm: kworker/u4:3 Not tainted 4.19.92-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
print_unlock_imbalance_bug kernel/locking/lockdep.c:3464 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3441
__lock_release kernel/locking/lockdep.c:3674 [inline]
lock_release+0x6cd/0xa30 kernel/locking/lockdep.c:3922
__mutex_unlock_slowpath+0x8e/0x6b0 kernel/locking/mutex.c:1197
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713
ucma_event_handler+0x711/0xef0 drivers/infiniband/core/ucma.c:394
addr_handler+0x2f1/0x3e0 drivers/infiniband/core/cma.c:2907
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3441
__lock_release kernel/locking/lockdep.c:3674 [inline]
lock_release+0x6cd/0xa30 kernel/locking/lockdep.c:3922
__mutex_unlock_slowpath+0x8e/0x6b0 kernel/locking/mutex.c:1197
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713
ucma_event_handler+0x711/0xef0 drivers/infiniband/core/ucma.c:394
Reply all
Reply to author
Forward
0 new messages