From: syzbot <syzbot+8f9f411152c9539f4e59@syzkaller.appspotmail.com>
To: eadavis@qq.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [xfs?] [mm?] WARNING: bad unlock balance in __mm_populate
Date: Mon, 03 Mar 2025 18:22:02 -0800 [thread overview]
Message-ID: <67c663ca.050a0220.eb84a.0048.GAE@google.com> (raw)
In-Reply-To: <tencent_B976976066C3B3690374096D23B1845F3705@qq.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING: bad unlock balance in __mm_populate
XFS (loop0): Ending clean mount
XFS (loop0): Quotacheck needed: Please wait.
XFS (loop0): Quotacheck: Done.
=====================================
WARNING: bad unlock balance detected!
6.14.0-rc4-syzkaller-ge056da87c780-dirty #0 Not tainted
-------------------------------------
syz.0.16/7412 is trying to release lock (&mm->mmap_lock) at:
[<ffff800080a63c80>] mmap_read_unlock include/linux/mmap_lock.h:217 [inline]
[<ffff800080a63c80>] __mm_populate+0x354/0x408 mm/gup.c:2048
but there are no more locks to release!
other info that might help us debug this:
no locks held by syz.0.16/7412.
stack backtrace:
CPU: 0 UID: 0 PID: 7412 Comm: syz.0.16 Not tainted 6.14.0-rc4-syzkaller-ge056da87c780-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
print_unlock_imbalance_bug+0x254/0x2ac kernel/locking/lockdep.c:5289
__lock_release kernel/locking/lockdep.c:5518 [inline]
lock_release+0x410/0x9e4 kernel/locking/lockdep.c:5872
up_read+0x24/0x3c kernel/locking/rwsem.c:1619
mmap_read_unlock include/linux/mmap_lock.h:217 [inline]
__mm_populate+0x354/0x408 mm/gup.c:2048
mm_populate include/linux/mm.h:3386 [inline]
vm_mmap_pgoff+0x304/0x3c4 mm/util.c:580
ksys_mmap_pgoff+0x3a4/0x5c8 mm/mmap.c:607
__do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
__se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
__arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff0000d520abe0, owner = 0x1, curr 0xffff0000c9001e80, list empty
WARNING: CPU: 0 PID: 7412 at kernel/locking/rwsem.c:1346 __up_read+0x3bc/0x5f8 kernel/locking/rwsem.c:1346
Modules linked in:
CPU: 0 UID: 0 PID: 7412 Comm: syz.0.16 Not tainted 6.14.0-rc4-syzkaller-ge056da87c780-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3bc/0x5f8 kernel/locking/rwsem.c:1346
lr : __up_read+0x3bc/0x5f8 kernel/locking/rwsem.c:1346
sp : ffff80009c0c79e0
x29: ffff80009c0c7a60 x28: 1ffff00011f780cb x27: ffff80008fbc0000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff0000d520ac38
x23: ffff0000d520abe0 x22: ffffffffffffff00 x21: 0000000000000001
x20: ffff0000c9001e80 x19: ffff0000d520abe0 x18: 0000000000000008
x17: 0000000000000000 x16: ffff8000832b81a0 x15: 0000000000000001
x14: 1ffff00013818e94 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000003 x10: 0000000000ff0100 x9 : bdbc827636499100
x8 : bdbc827636499100 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009c0c7198 x4 : ffff80008fcaf780 x3 : ffff80008324a1b4
x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000
Call trace:
__up_read+0x3bc/0x5f8 kernel/locking/rwsem.c:1346 (P)
up_read+0x2c/0x3c kernel/locking/rwsem.c:1620
mmap_read_unlock include/linux/mmap_lock.h:217 [inline]
__mm_populate+0x354/0x408 mm/gup.c:2048
mm_populate include/linux/mm.h:3386 [inline]
vm_mmap_pgoff+0x304/0x3c4 mm/util.c:580
ksys_mmap_pgoff+0x3a4/0x5c8 mm/mmap.c:607
__do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
__se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
__arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 74469
hardirqs last enabled at (74469): [<ffff80008b7e85f8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (74469): [<ffff80008b7e85f8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (74468): [<ffff80008b7e8428>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (74468): [<ffff80008b7e8428>] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162
softirqs last enabled at (74288): [<ffff8000801283e0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (74286): [<ffff8000801283ac>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
Tested on:
commit: e056da87 Merge remote-tracking branch 'will/for-next/p..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=125fafb8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d6b7e15dc5b5e776
dashboard link: https://syzkaller.appspot.com/bug?extid=8f9f411152c9539f4e59
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=13a598b7980000
next prev parent reply other threads:[~2025-03-04 2:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-02 17:15 [syzbot] [xfs?] [mm?] WARNING: bad unlock balance in __mm_populate syzbot
2025-03-04 1:38 ` Edward Adam Davis
2025-03-04 1:54 ` syzbot
2025-03-04 2:01 ` Edward Adam Davis
2025-03-04 2:22 ` syzbot [this message]
2025-03-04 12:25 ` Edward Adam Davis
2025-03-04 13:19 ` syzbot
2025-03-04 14:33 ` Edward Adam Davis
2025-03-04 15:09 ` syzbot
2025-03-05 0:55 ` Edward Adam Davis
2025-03-05 1:17 ` syzbot
2025-03-05 12:08 ` Edward Adam Davis
2025-03-05 12:39 ` syzbot
2025-03-05 13:45 ` Edward Adam Davis
2025-03-05 14:09 ` syzbot
2025-03-05 14:15 ` Edward Adam Davis
2025-03-05 15:22 ` syzbot
2025-03-06 12:52 ` Edward Adam Davis
2025-03-06 12:54 ` syzbot
2025-03-06 12:57 ` Edward Adam Davis
2025-03-06 13:24 ` syzbot
2025-03-09 3:30 ` Edward Adam Davis
2025-03-09 3:53 ` syzbot
2025-03-16 3:32 ` Edward Adam Davis
2025-03-16 4:29 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67c663ca.050a0220.eb84a.0048.GAE@google.com \
--to=syzbot+8f9f411152c9539f4e59@syzkaller.appspotmail.com \
--cc=eadavis@qq.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.