WARNING: bad unlock balance in ucma_event_handler
8 views
Skip to first unread message
syzbot
Jan 1, 2020, 8:32:10 PM1/1/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4c5bf01e Linux 4.14.161
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1026b9fee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f880a3dbba6d2e2
dashboard link: https://syzkaller.appspot.com/bug?extid=e8ab33b4c811424f4648
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106b8885e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=152f3059e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8ab33...@syzkaller.appspotmail.com
audit: type=1400 audit(1577928562.856:36): avc: denied { map } for
pid=7014 comm="syz-executor679" path="/root/syz-executor679939913"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
=====================================
WARNING: bad unlock balance detected!
4.14.161-syzkaller #0 Not tainted
-------------------------------------
kworker/u4:2/64 is trying to release lock (&file->mut) at:
[<ffffffff84c061fe>] ucma_event_handler+0x6be/0xe20
drivers/infiniband/core/ucma.c:377
but there are no more locks to release!
other info that might help us debug this:
4 locks held by kworker/u4:2/64:
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] work_static
include/linux/workqueue.h:199 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] set_work_data
kernel/workqueue.c:619 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>]
set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>]
process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&(&req->work)->work)){+.+.}, at: [<ffffffff813d585b>]
process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&id_priv->handler_mutex){+.+.}, at: [<ffffffff84bc50d6>]
addr_handler+0xa6/0x2b0 drivers/infiniband/core/cma.c:2781
#3: (&file->mut){+.+.}, at: [<ffffffff84c05bfd>]
ucma_event_handler+0xbd/0xe20 drivers/infiniband/core/ucma.c:337
stack backtrace:
CPU: 0 PID: 64 Comm: kworker/u4:2 Not tainted 4.14.161-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3525
__lock_release kernel/locking/lockdep.c:3765 [inline]
lock_release+0x616/0x940 kernel/locking/lockdep.c:4013
__mutex_unlock_slowpath+0x71/0x800 kernel/locking/mutex.c:1018
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:614
ucma_event_handler+0x6be/0xe20 drivers/infiniband/core/ucma.c:377
addr_handler+0x1db/0x2b0 drivers/infiniband/core/cma.c:2805
process_one_req+0x239/0x590 drivers/infiniband/core/addr.c:625
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 4c5bf01e Linux 4.14.161
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1026b9fee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f880a3dbba6d2e2
dashboard link: https://syzkaller.appspot.com/bug?extid=e8ab33b4c811424f4648
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106b8885e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=152f3059e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8ab33...@syzkaller.appspotmail.com
audit: type=1400 audit(1577928562.856:36): avc: denied { map } for
pid=7014 comm="syz-executor679" path="/root/syz-executor679939913"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
=====================================
WARNING: bad unlock balance detected!
4.14.161-syzkaller #0 Not tainted
-------------------------------------
kworker/u4:2/64 is trying to release lock (&file->mut) at:
[<ffffffff84c061fe>] ucma_event_handler+0x6be/0xe20
drivers/infiniband/core/ucma.c:377
but there are no more locks to release!
other info that might help us debug this:
4 locks held by kworker/u4:2/64:
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] work_static
include/linux/workqueue.h:199 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] set_work_data
kernel/workqueue.c:619 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>]
set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("ib_addr"){+.+.}, at: [<ffffffff813d581e>]
process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&(&req->work)->work)){+.+.}, at: [<ffffffff813d585b>]
process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&id_priv->handler_mutex){+.+.}, at: [<ffffffff84bc50d6>]
addr_handler+0xa6/0x2b0 drivers/infiniband/core/cma.c:2781
#3: (&file->mut){+.+.}, at: [<ffffffff84c05bfd>]
ucma_event_handler+0xbd/0xe20 drivers/infiniband/core/ucma.c:337
stack backtrace:
CPU: 0 PID: 64 Comm: kworker/u4:2 Not tainted 4.14.161-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3525
__lock_release kernel/locking/lockdep.c:3765 [inline]
lock_release+0x616/0x940 kernel/locking/lockdep.c:4013
__mutex_unlock_slowpath+0x71/0x800 kernel/locking/mutex.c:1018
mutex_unlock+0xd/0x10 kernel/locking/mutex.c:614
ucma_event_handler+0x6be/0xe20 drivers/infiniband/core/ucma.c:377
addr_handler+0x1db/0x2b0 drivers/infiniband/core/cma.c:2805
process_one_req+0x239/0x590 drivers/infiniband/core/addr.c:625
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages