From: syzbot <syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, bgeffon@google.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
peterx@redhat.com, syzkaller-bugs@googlegroups.com,
torvalds@linux-foundation.org
Subject: Re: WARNING: bad unlock balance in __get_user_pages_remote
Date: Tue, 07 Apr 2020 18:37:15 -0700 [thread overview]
Message-ID: <00000000000046629905a2bd8acc@google.com> (raw)
In-Reply-To: <00000000000005c65d05a2b90e70@google.com>
syzbot has found a reproducer for the following crash on:
HEAD commit: 763dede1 Merge tag 'for-linus-5.7-rc1' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17731b0be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=12205d036cec317f
dashboard link: https://syzkaller.appspot.com/bug?extid=a8c70b7f3579fc0587dc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=135855cde00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149ea07de00000
The bug was bisected to:
commit 71335f37c5e8ec9225285206f7f875057b9737ad
Author: Peter Xu <peterx@redhat.com>
Date: Thu Apr 2 04:08:53 2020 +0000
mm/gup: allow to react to fatal signals
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17dba9b3e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=143ba9b3e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=103ba9b3e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com
Fixes: 71335f37c5e8 ("mm/gup: allow to react to fatal signals")
=====================================
WARNING: bad unlock balance detected!
5.6.0-syzkaller #0 Not tainted
-------------------------------------
syz-executor151/7052 is trying to release lock (&mm->mmap_sem) at:
[<ffffffff819fbf60>] __get_user_pages_locked mm/gup.c:1366 [inline]
[<ffffffff819fbf60>] __get_user_pages_remote mm/gup.c:1831 [inline]
[<ffffffff819fbf60>] __get_user_pages_remote+0x540/0x740 mm/gup.c:1806
but there are no more locks to release!
other info that might help us debug this:
no locks held by syz-executor151/7052.
stack backtrace:
CPU: 0 PID: 7052 Comm: syz-executor151 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
__lock_release kernel/locking/lockdep.c:4633 [inline]
lock_release+0x586/0x800 kernel/locking/lockdep.c:4941
up_read+0x79/0x750 kernel/locking/rwsem.c:1573
__get_user_pages_locked mm/gup.c:1366 [inline]
__get_user_pages_remote mm/gup.c:1831 [inline]
__get_user_pages_remote+0x540/0x740 mm/gup.c:1806
pin_user_pages_remote+0x67/0xa0 mm/gup.c:2897
process_vm_rw_single_vec mm/process_vm_access.c:108 [inline]
process_vm_rw_core.isra.0+0x423/0x940 mm/process_vm_access.c:218
compat_process_vm_rw+0x21f/0x240 mm/process_vm_access.c:343
__do_compat_sys_process_vm_writev mm/process_vm_access.c:370 [inline]
__se_compat_sys_process_vm_writev mm/process_vm_access.c:363 [inline]
__ia32_compat_sys_process_vm_writev+0xdc/0x1b0 mm/process_vm_access.c:363
do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline]
do_fast_syscall_32+0x270/0xe90 arch/x86/entry/common.c:396
entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff88809e2392f8, owner = 0x3, curr 0xffff88809a6c6240, list empty
WARNING: CPU: 1 PID: 7052 at kernel/locking/rwsem.c:1435 __up_read kernel/locking/rwsem.c:1435 [inline]
WARNING: CPU: 1 PID: 7052 at kernel/locking/rwsem.c:1435 up_read+0x5f9/0x750 kernel/locking/rwsem.c:1574
prev parent reply other threads:[~2020-04-08 1:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 20:16 WARNING: bad unlock balance in __get_user_pages_remote syzbot
2020-04-07 20:47 ` Peter Xu
2020-04-07 21:08 ` syzbot
2020-04-08 1:37 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000046629905a2bd8acc@google.com \
--to=syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=bgeffon@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterx@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.