syzbot


WARNING: bad unlock balance in ovl_workdir_create

Status: auto-closed as invalid on 2020/09/06 18:37
Reported-by: syzbot+143205c303a525ccf766@syzkaller.appspotmail.com
First crash: 850d, last: 788d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING: bad unlock balance in ovl_workdir_create (2) 1 514d 514d 0/1 auto-closed as invalid on 2021/06/08 14:33
linux-4.14 WARNING: bad unlock balance in ovl_workdir_create (3) C 2 18d 138d 0/1 upstream: reported C repro on 2022/02/18 20:51

Sample crash report:
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
overlayfs: failed to create directory ./file1/index (errno: 30); mounting read-only
=====================================
WARNING: bad unlock balance detected!
4.14.179-syzkaller #0 Not tainted
-------------------------------------
syz-executor.2/22270 is trying to release lock (sb_writers) at:
[<ffffffff8221c9a2>] ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor.2/22270:
 #0:  (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818bb076>] alloc_super fs/super.c:251 [inline]
 #0:  (&type->s_umount_key#58/1){+.+.}, at: [<ffffffff818bb076>] sget_userns+0x556/0xc30 fs/super.c:516

stack backtrace:
CPU: 1 PID: 22270 Comm: syz-executor.2 Not tainted 4.14.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 print_unlock_imbalance_bug kernel/locking/lockdep.c:3552 [inline]
 print_unlock_imbalance_bug.cold+0x110/0x11f kernel/locking/lockdep.c:3529
 __lock_release kernel/locking/lockdep.c:3769 [inline]
 lock_release+0x5e2/0x7f0 kernel/locking/lockdep.c:4017
 ovl_workdir_create.cold+0xeb/0xf7 fs/overlayfs/super.c:546
 ovl_fill_super+0x1d73/0x265d fs/overlayfs/super.c:1084
 mount_nodev+0x4c/0xf0 fs/super.c:1180
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x3c0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x3c9/0x24f0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3072
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c829
RSP: 002b:00007f43f3d0cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00000000004f62e0 RCX: 000000000045c829
RDX: 0000000020000100 RSI: 0000000020000000 RDI: 0000000000400000
RBP: 000000000078bf00 R08: 0000000020000400 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000075c R14: 00000000004ca197 R15: 00007f43f3d0d6d4
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
EXT4-fs error (device sda1): ext4_remount:5227: Abort forced by user
------------[ cut here ]------------
WARNING: CPU: 1 PID: 19251 at fs/namespace.c:1178 cleanup_mnt+0xfc/0x140 fs/namespace.c:1178

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/05/09 18:36 linux-4.14.y d71f695ce745 88cb3e92 .config log report
ci2-linux-4-14 2020/03/09 15:33 linux-4.14.y 78d697fc93f9 35f53e45 .config log report