syzbot


WARNING: bad unlock balance in ucma_event_handler

Status: upstream: reported C repro on 2020/01/02 01:32
Reported-by: syzbot+e8ab33b4c811424f4648@syzkaller.appspotmail.com
First crash: 912d, last: 415d

Fix bisection: the fix commit could be any of (bisect log):
  4c5bf01e16a7 Linux 4.14.161
  4139fb08c05f Linux 4.14.187
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING: bad unlock balance in ucma_event_handler C error 13 268d 998d 0/1 upstream: reported C repro on 2019/10/08 08:22
upstream WARNING: bad unlock balance in ucma_event_handler C done 143 815d 1479d 17/22 fixed on 2020/05/10 10:42

Sample crash report:
audit: type=1400 audit(1577928562.856:36): avc:  denied  { map } for  pid=7014 comm="syz-executor679" path="/root/syz-executor679939913" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
=====================================
WARNING: bad unlock balance detected!
4.14.161-syzkaller #0 Not tainted
-------------------------------------
kworker/u4:2/64 is trying to release lock (&file->mut) at:
[<ffffffff84c061fe>] ucma_event_handler+0x6be/0xe20 drivers/infiniband/core/ucma.c:377
but there are no more locks to release!

other info that might help us debug this:
4 locks held by kworker/u4:2/64:
 #0:  ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] work_static include/linux/workqueue.h:199 [inline]
 #0:  ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] set_work_data kernel/workqueue.c:619 [inline]
 #0:  ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 #0:  ("ib_addr"){+.+.}, at: [<ffffffff813d581e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
 #1:  ((&(&req->work)->work)){+.+.}, at: [<ffffffff813d585b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
 #2:  (&id_priv->handler_mutex){+.+.}, at: [<ffffffff84bc50d6>] addr_handler+0xa6/0x2b0 drivers/infiniband/core/cma.c:2781
 #3:  (&file->mut){+.+.}, at: [<ffffffff84c05bfd>] ucma_event_handler+0xbd/0xe20 drivers/infiniband/core/ucma.c:337

stack backtrace:
CPU: 0 PID: 64 Comm: kworker/u4:2 Not tainted 4.14.161-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ib_addr process_one_req
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
 print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3525
 __lock_release kernel/locking/lockdep.c:3765 [inline]
 lock_release+0x616/0x940 kernel/locking/lockdep.c:4013
 __mutex_unlock_slowpath+0x71/0x800 kernel/locking/mutex.c:1018
 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:614
 ucma_event_handler+0x6be/0xe20 drivers/infiniband/core/ucma.c:377
 addr_handler+0x1db/0x2b0 drivers/infiniband/core/cma.c:2805
 process_one_req+0x239/0x590 drivers/infiniband/core/addr.c:625
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/01/02 01:31 linux-4.14.y 4c5bf01e16a7 25a0186e .config log report syz C
ci2-linux-4-14 2021/05/12 18:00 linux-4.14.y 7d7d1c0ab3eb 86294427 .config log report info WARNING: bad unlock balance in ucma_event_handler