syzbot


WARNING: bad unlock balance in rcu_core

Status: fixed on 2020/08/18 12:30
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+36baa6c2180e959e19b1@syzkaller.appspotmail.com
Fix commit: 10476e630422 locking/lockdep: Fix bad recursion pattern
First crash: 1930d, last: 1573d
Cause bisection: the cause commit could be any of (bisect log):
  9211bfbff80a netfilter: add missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to header-file.
  47e640af2e49 netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
  a1b2f04ea527 netfilter: add missing includes to a number of header-files.
  0abc8bf4f284 netfilter: add missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files.
  bd96b4c75675 netfilter: inline four headers files into another one.
  43dd16efc7f2 netfilter: nf_tables: store data in offload context registers
  78458e3e08cd netfilter: add missing IS_ENABLED(CONFIG_NETFILTER) checks to some header-files.
  20a9379d9a03 netfilter: remove "#ifdef __KERNEL__" guards from some headers.
  bd8699e9e292 netfilter: nft_bitwise: add offload support
  2a475c409fe8 kbuild: remove all netfilter headers from header-test blacklist.
  7e59b3fea2a2 netfilter: remove unnecessary spaces
  1b90af292e71 ipvs: Improve robustness to the ipvs sysctl
  5785cf15fd74 netfilter: nf_tables: add missing prototypes.
  0a30ba509fde netfilter: nf_nat_proto: make tables static
  e84fb4b3666d netfilter: conntrack: use shared sysctl constants
  105333435b4f netfilter: connlabels: prefer static lock initialiser
  8c0bb7873815 netfilter: synproxy: rename mss synproxy_options field
  c162610c7db2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
  
Fix bisection: fixed by (bisect log) :
commit 10476e6304222ced7df9b3d5fb0a043b3c2a1ad8
Author: Peter Zijlstra <peterz@infradead.org>
Date: Fri Mar 13 08:56:38 2020 +0000

  locking/lockdep: Fix bad recursion pattern

  
Discussions (3)
Title Replies (including bot) Last reply
WARNING: bad unlock balance in rcu_core 3 (6) 2020/05/04 07:05
Reminder: 5 open syzbot bugs in "fs/ntfs" subsystem 1 (1) 2019/07/24 02:30
Reminder: 5 open syzbot bugs in "fs/ntfs" subsystem 1 (1) 2019/07/09 20:27

Sample crash report:
=====================================
WARNING: bad unlock balance detected!
5.4.0-rc4+ #0 Not tainted
-------------------------------------
syz-executor755/9375 is trying to release lock (rcu_callback) at:
[<ffffffff8160c174>] __write_once_size include/linux/compiler.h:226 [inline]
[<ffffffff8160c174>] __rcu_reclaim kernel/rcu/rcu.h:221 [inline]
[<ffffffff8160c174>] rcu_do_batch kernel/rcu/tree.c:2157 [inline]
[<ffffffff8160c174>] rcu_core+0x574/0x1560 kernel/rcu/tree.c:2377
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor755/9375:
 #0: ffff888095fc40d8 (&type->s_umount_key#55/1){+.+.}, at: alloc_super+0x158/0x910 fs/super.c:229

stack backtrace:
CPU: 0 PID: 9375 Comm: syz-executor755 Not tainted 5.4.0-rc4+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_unlock_imbalance_bug kernel/locking/lockdep.c:4008 [inline]
 print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3984
 __lock_release kernel/locking/lockdep.c:4244 [inline]
 lock_release+0x5f2/0x960 kernel/locking/lockdep.c:4506
 rcu_lock_release include/linux/rcupdate.h:213 [inline]
 __rcu_reclaim kernel/rcu/rcu.h:223 [inline]
 rcu_do_batch kernel/rcu/tree.c:2157 [inline]
 rcu_core+0x599/0x1560 kernel/rcu/tree.c:2377
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2386
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x19b/0x1e0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1137
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:756 [inline]
RIP: 0010:console_unlock+0xbc7/0xf10 kernel/printk/printk.c:2481
Code: f3 88 48 c1 e8 03 42 80 3c 30 00 0f 85 e4 02 00 00 48 83 3d 6a be 96 07 00 0f 84 91 01 00 00 e8 ef c1 16 00 48 8b 7d 98 57 9d <0f> 1f 44 00 00 e9 6d ff ff ff e8 da c1 16 00 48 8b 7d 08 c7 05 fc
RSP: 0018:ffff88809711f8f0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff88809a9de100 RBX: 0000000000000200 RCX: 1ffffffff138d4fe
RDX: 0000000000000000 RSI: ffffffff815c5fc1 RDI: 0000000000000293
RBP: ffff88809711f978 R08: ffff88809a9de100 R09: fffffbfff11f40e1
R10: fffffbfff11f40e0 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff843de6c0 R14: dffffc0000000000 R15: ffffffff895daff0
 vprintk_emit+0x2a0/0x700 kernel/printk/printk.c:1996
 vprintk_default+0x28/0x30 kernel/printk/printk.c:2023
 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:386
 printk+0xba/0xed kernel/printk/printk.c:2056
 __ntfs_error.cold+0x91/0xc7 fs/ntfs/debug.c:89
 read_ntfs_boot_sector fs/ntfs/super.c:675 [inline]
 ntfs_fill_super+0x1a32/0x3160 fs/ntfs/super.c:2784
 mount_bdev+0x304/0x3c0 fs/super.c:1415
 ntfs_mount+0x35/0x40 fs/ntfs/super.c:3051
 legacy_get_tree+0x108/0x220 fs/fs_context.c:647
 vfs_get_tree+0x8e/0x300 fs/super.c:1545
 do_new_mount fs/namespace.c:2823 [inline]
 do_mount+0x143d/0x1d10 fs/namespace.c:3143
 ksys_mount+0xdb/0x150 fs/namespace.c:3352
 __do_sys_mount fs/namespace.c:3366 [inline]
 __se_sys_mount fs/namespace.c:3363 [inline]
 __x64_sys_mount+0xbe/0x150 fs/namespace.c:3363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4411a9
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdddadfba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004411a9
RDX: 0000000020000140 RSI: 0000000020000280 RDI: 00000000200004c0
RBP: 0000000000013f49 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401fd0
R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000

Crashes (3578):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/27 14:40 upstream 5a1e843c66fa 25bb509e .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/10/26 03:43 upstream 8caacaad78b6 c2e837da .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/10/22 01:31 upstream 7d194c2100ad b24d2b8a .config console log report syz C ci-upstream-kasan-gce-root
2019/11/09 04:02 linux-next 5591cf003452 dc438b91 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/11/07 14:06 linux-next c68c5373c504 d797d201 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/10/16 09:26 linux-next 0e9d28bc6c81 d4ea592f .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/03/31 01:21 upstream 7111951b8d49 c8d1cc20 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/31 00:03 upstream 7111951b8d49 c8d1cc20 .config console log report ci-upstream-kasan-gce-root
2020/03/30 20:06 upstream 7111951b8d49 c8d1cc20 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/30 19:10 upstream 7111951b8d49 c8d1cc20 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/30 18:03 upstream 7111951b8d49 c8d1cc20 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/30 11:30 upstream 7111951b8d49 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/30 07:06 upstream e595dd94515e 05736b29 .config console log report ci-upstream-kasan-gce-root
2020/03/30 04:40 upstream e595dd94515e 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/29 19:35 upstream e595dd94515e 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/29 19:25 upstream e595dd94515e 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/29 16:54 upstream 906c40438bb6 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/29 15:32 upstream 906c40438bb6 05736b29 .config console log report ci-upstream-kasan-gce-root
2020/03/29 06:50 upstream 906c40438bb6 05736b29 .config console log report ci-upstream-kasan-gce-root
2020/03/29 02:05 upstream 906c40438bb6 05736b29 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/28 21:35 upstream 69c5eea3128e f1ebdfba .config console log report ci-upstream-kasan-gce-root
2020/03/25 19:50 upstream 76ccd234269b 78267cec .config console log report ci-qemu-upstream
2019/06/18 05:19 upstream 9e0babf2c06c 442206d7 .config console log report ci-upstream-kasan-gce-smack-root
2019/04/13 10:47 upstream 6d0a598489ca c402d8f1 .config console log report ci-upstream-kasan-gce-smack-root
2020/03/18 09:20 upstream ac309e7744be 0a96a13c .config console log report ci-qemu-upstream-386
2019/09/24 06:02 bpf 733ef7f056a5 c68252d2 .config console log report ci-upstream-bpf-kasan-gce
2019/09/25 01:12 bpf-next b41dae061bbd 0942eab8 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/25 00:01 net-next-old b41dae061bbd 0942eab8 .config console log report ci-upstream-net-kasan-gce
2020/04/03 23:55 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 21:19 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 19:11 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 17:52 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 14:27 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 12:01 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 10:37 linux-next 770fbb32d34e 5ed396e6 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 08:50 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 06:53 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 03:53 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 02:50 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 02:40 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/03 00:08 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 22:54 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 21:47 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 18:48 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 16:48 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 15:06 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/02 11:43 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/01 17:23 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/01 12:04 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/01 01:33 linux-next 770fbb32d34e a34e2c33 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/31 08:33 linux-next 770fbb32d34e c8d1cc20 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/30 22:11 linux-next 770fbb32d34e c8d1cc20 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/30 13:42 linux-next 770fbb32d34e c8d1cc20 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/30 02:46 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/30 00:33 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/29 21:37 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/29 07:54 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/29 04:47 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/29 03:30 linux-next 770fbb32d34e 05736b29 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/28 23:27 linux-next 770fbb32d34e f1ebdfba .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.