Re: [syzbot] [net?] WARNING: bad unlock balance in do_setlink
From: Dmitry Vyukov
Date: Tue Apr 08 2025 - 06:54:07 EST
On Tue, 8 Apr 2025 at 10:11, Aleksandr Nogikh <nogikh@xxxxxxxxxx> wrote:
>
> On Mon, Apr 7, 2025 at 6:13 PM 'Kuniyuki Iwashima' via syzkaller-bugs
> <syzkaller-bugs@xxxxxxxxxxxxxxxx> wrote:
> >
> > From: Stanislav Fomichev <stfomichev@xxxxxxxxx>
> > Date: Mon, 7 Apr 2025 07:19:54 -0700
> > > On 04/07, syzbot wrote:
> > > > Hello,
> > > >
> > > > syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> > > > unregister_netdevice: waiting for DEV to become free
> > > >
> > > > unregister_netdevice: waiting for batadv0 to become free. Usage count = 3
> > >
> > > So it does fix the lock unbalance issue, but now there is a hang?
> >
> > I think this is an orthogonal issue.
> >
> > I saw this in another report as well.
> > https://lore.kernel.org/netdev/67f208ea.050a0220.0a13.025b.GAE@xxxxxxxxxx/
> >
> > syzbot may want to find a better way to filter this kind of noise.
> >
>
> Syzbot treats this message as a problem worthy of reporting since a
> long time (Cc'd Dmitry who may remember the context):
> https://github.com/google/syzkaller/commit/7a67784ca8bdc3b26cce2f0ec9a40d2dd9ec9396
>
> Since v6.15-rc1, we do observe it happen at least 10x more often than
> before, both during fuzzing and while processing #syz test commands:
> https://syzkaller.appspot.com/bug?extid=881d65229ca4f9ae8c84
IIUC this error means a leaked reference count on a device, and the
device and everything it references leaked forever + a kernel thread
looping forever. This does not look like noise.
Eric, should know more. Eric fixed a bunch of these bugs and added a
ref count tracker to devices to provide better diagnostics. For some
reason I don't see the reftracker output in the console output, but
CONFIG_NET_DEV_REFCNT_TRACKER=y is enabled in the config.