WARNING: bad unlock balance in xfs_iunlock
7 views
Skip to first unread message
syzbot
Nov 27, 2022, 9:49:49 PM11/27/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15930a03880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link: https://syzkaller.appspot.com/bug?extid=27c5e199cc153e13d840
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27c5e1...@syzkaller.appspotmail.com
ffff8880b1b1f810: 00 00 00 42 00 00 7f be 00 00 00 42 00 00 7f be ...B.......B....
ffff8880b1b1f820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8880b1b1f830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop3): metadata I/O error: block 0x5 ("xfs_trans_read_buf_map") error 117 numblks 1
=====================================
WARNING: bad unlock balance detected!
4.14.300-syzkaller #0 Not tainted
-------------------------------------
syz-executor.3/9799 is trying to release lock (&xfs_nondir_ilock_class) at:
[<ffffffff825c248f>] mrunlock_excl fs/xfs/mrlock.h:74 [inline]
[<ffffffff825c248f>] xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
but there are no more locks to release!
other info that might help us debug this:
2 locks held by syz-executor.3/9799:
#0: (&type->s_umount_key#49/1){+.+.}, at: [<ffffffff81878e26>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#49/1){+.+.}, at: [<ffffffff81878e26>] sget_userns+0x556/0xc10 fs/super.c:516
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] sb_start_intwrite include/linux/fs.h:1598 [inline]
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] xfs_trans_alloc+0x259/0x320 fs/xfs/xfs_trans.c:242
stack backtrace:
CPU: 1 PID: 9799 Comm: syz-executor.3 Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]
__lock_release kernel/locking/lockdep.c:3769 [inline]
lock_release.cold+0x70/0xbf kernel/locking/lockdep.c:4017
up_write+0x17/0x60 kernel/locking/rwsem.c:115
mrunlock_excl fs/xfs/mrlock.h:74 [inline]
xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
xfs_inode_item_unlock+0x83/0xa0 fs/xfs/xfs_inode_item.c:613
xfs_trans_free_items+0x172/0x230 fs/xfs/xfs_trans.c:768
xfs_trans_cancel+0x1ae/0x250 fs/xfs/xfs_trans.c:1025
xfs_qm_dqread+0x9c2/0xe50 fs/xfs/xfs_dquot.c:684
xfs_qm_dqget+0x4f4/0x19a0 fs/xfs/xfs_dquot.c:837
xfs_qm_quotacheck_dqadjust+0x96/0x5c0 fs/xfs/xfs_qm.c:1077
xfs_qm_dqusage_adjust+0x428/0xc20 fs/xfs/xfs_qm.c:1192
xfs_bulkstat_ag_ichunk fs/xfs/xfs_itable.c:313 [inline]
xfs_bulkstat+0x72a/0xf60 fs/xfs/xfs_itable.c:498
xfs_qm_quotacheck+0x223/0x790 fs/xfs/xfs_qm.c:1338
xfs_qm_mount_quotas+0xe9/0x570 fs/xfs/xfs_qm.c:1457
xfs_mountfs+0x18be/0x1f40 fs/xfs/xfs_mount.c:979
xfs_fs_fill_super+0xb7a/0x1380 fs/xfs/xfs_super.c:1688
mount_bdev+0x2b3/0x360 fs/super.c:1134
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2572 [inline]
do_mount+0xe65/0x2a30 fs/namespace.c:2905
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
XFS (loop3): Quotacheck: Done.
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15930a03880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link: https://syzkaller.appspot.com/bug?extid=27c5e199cc153e13d840
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27c5e1...@syzkaller.appspotmail.com
ffff8880b1b1f810: 00 00 00 42 00 00 7f be 00 00 00 42 00 00 7f be ...B.......B....
ffff8880b1b1f820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8880b1b1f830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop3): metadata I/O error: block 0x5 ("xfs_trans_read_buf_map") error 117 numblks 1
=====================================
WARNING: bad unlock balance detected!
4.14.300-syzkaller #0 Not tainted
-------------------------------------
syz-executor.3/9799 is trying to release lock (&xfs_nondir_ilock_class) at:
[<ffffffff825c248f>] mrunlock_excl fs/xfs/mrlock.h:74 [inline]
[<ffffffff825c248f>] xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
but there are no more locks to release!
other info that might help us debug this:
2 locks held by syz-executor.3/9799:
#0: (&type->s_umount_key#49/1){+.+.}, at: [<ffffffff81878e26>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#49/1){+.+.}, at: [<ffffffff81878e26>] sget_userns+0x556/0xc10 fs/super.c:516
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] sb_start_intwrite include/linux/fs.h:1598 [inline]
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] xfs_trans_alloc+0x259/0x320 fs/xfs/xfs_trans.c:242
stack backtrace:
CPU: 1 PID: 9799 Comm: syz-executor.3 Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]
__lock_release kernel/locking/lockdep.c:3769 [inline]
lock_release.cold+0x70/0xbf kernel/locking/lockdep.c:4017
up_write+0x17/0x60 kernel/locking/rwsem.c:115
mrunlock_excl fs/xfs/mrlock.h:74 [inline]
xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
xfs_inode_item_unlock+0x83/0xa0 fs/xfs/xfs_inode_item.c:613
xfs_trans_free_items+0x172/0x230 fs/xfs/xfs_trans.c:768
xfs_trans_cancel+0x1ae/0x250 fs/xfs/xfs_trans.c:1025
xfs_qm_dqread+0x9c2/0xe50 fs/xfs/xfs_dquot.c:684
xfs_qm_dqget+0x4f4/0x19a0 fs/xfs/xfs_dquot.c:837
xfs_qm_quotacheck_dqadjust+0x96/0x5c0 fs/xfs/xfs_qm.c:1077
xfs_qm_dqusage_adjust+0x428/0xc20 fs/xfs/xfs_qm.c:1192
xfs_bulkstat_ag_ichunk fs/xfs/xfs_itable.c:313 [inline]
xfs_bulkstat+0x72a/0xf60 fs/xfs/xfs_itable.c:498
xfs_qm_quotacheck+0x223/0x790 fs/xfs/xfs_qm.c:1338
xfs_qm_mount_quotas+0xe9/0x570 fs/xfs/xfs_qm.c:1457
xfs_mountfs+0x18be/0x1f40 fs/xfs/xfs_mount.c:979
xfs_fs_fill_super+0xb7a/0x1380 fs/xfs/xfs_super.c:1688
mount_bdev+0x2b3/0x360 fs/super.c:1134
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2572 [inline]
do_mount+0xe65/0x2a30 fs/namespace.c:2905
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
XFS (loop3): Quotacheck: Done.
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 27, 2022, 9:58:28 PM11/27/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10ed94e3880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16648381880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/be499bac9893/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27c5e1...@syzkaller.appspotmail.com
ffff8880a1aef360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8880a1aef370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop0): metadata I/O error: block 0x5 ("xfs_trans_read_buf_map") error 117 numblks 1
#0: (&type->s_umount_key#46/1){+.+.}, at: [<ffffffff81878e26>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#46/1){+.+.}, at: [<ffffffff81878e26>] sget_userns+0x556/0xc10 fs/super.c:516
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link: https://syzkaller.appspot.com/bug?extid=27c5e199cc153e13d840
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1657a58d880000
dashboard link: https://syzkaller.appspot.com/bug?extid=27c5e199cc153e13d840
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16648381880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27c5e1...@syzkaller.appspotmail.com
ffff8880a1aef370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop0): metadata I/O error: block 0x5 ("xfs_trans_read_buf_map") error 117 numblks 1
=====================================
WARNING: bad unlock balance detected!
4.14.300-syzkaller #0 Not tainted
-------------------------------------
syz-executor163/7965 is trying to release lock (&xfs_nondir_ilock_class) at:
WARNING: bad unlock balance detected!
4.14.300-syzkaller #0 Not tainted
-------------------------------------
[<ffffffff825c248f>] mrunlock_excl fs/xfs/mrlock.h:74 [inline]
[<ffffffff825c248f>] xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
but there are no more locks to release!
other info that might help us debug this:
2 locks held by syz-executor163/7965:
[<ffffffff825c248f>] xfs_iunlock+0x29f/0x3b0 fs/xfs/xfs_inode.c:327
but there are no more locks to release!
other info that might help us debug this:
#0: (&type->s_umount_key#46/1){+.+.}, at: [<ffffffff81878e26>] alloc_super fs/super.c:251 [inline]
#0: (&type->s_umount_key#46/1){+.+.}, at: [<ffffffff81878e26>] sget_userns+0x556/0xc10 fs/super.c:516
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] sb_start_intwrite include/linux/fs.h:1598 [inline]
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] xfs_trans_alloc+0x259/0x320 fs/xfs/xfs_trans.c:242
stack backtrace:
CPU: 1 PID: 7965 Comm: syz-executor163 Not tainted 4.14.300-syzkaller #0
#1: (sb_internal#2){.+.+}, at: [<ffffffff825f02f9>] xfs_trans_alloc+0x259/0x320 fs/xfs/xfs_trans.c:242
stack backtrace:
Reply all
Reply to author
Forward
0 new messages