[syzbot] [mm?] [cgroups?] WARNING: bad unlock balance in lruvec_stat_mod

public inbox for linux-mm@kvack.org
 help / color / mirror / Atom feed

* [syzbot] [mm?] [cgroups?] WARNING: bad unlock balance in lruvec_stat_mod_folio
@ 2026-04-07 17:53 syzbot
  0 siblings, 0 replies; only message in thread
From: syzbot @ 2026-04-07 17:53 UTC (permalink / raw)
  To: akpm, cgroups, hannes, linux-kernel, linux-mm, mhocko,
	muchun.song, roman.gushchin, shakeel.butt, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    cc13002a9f98 Add linux-next specific files for 20260402
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10d8946a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4e6c8be618ab359
dashboard link: https://syzkaller.appspot.com/bug?extid=1a3353a77896e73a8f53
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e804756158fe/disk-cc13002a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be49b7dca580/vmlinux-cc13002a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5cb3fb091ba3/bzImage-cc13002a.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1a3353a77896e73a8f53@syzkaller.appspotmail.com

cgroup: Unknown subsys name 'cpuset'
cgroup: Unknown subsys name 'rlimit'
=====================================
WARNING: bad unlock balance detected!
syzkaller #0 Not tainted
-------------------------------------
syz-executor/5830 is trying to release lock (rcu_read_lock) at:
[<ffffffff8237872e>] rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
[<ffffffff8237872e>] rcu_read_lock include/linux/rcupdate.h:850 [inline]
[<ffffffff8237872e>] lruvec_stat_mod_folio+0x6e/0x3e0 mm/memcontrol.c:974
but there are no more locks to release!

other info that might help us debug this:
3 locks held by syz-executor/5830:
 #0: ffff88802cb7f588 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7f1/0x1c80 security/integrity/ima/ima_main.c:319
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: do_page_cache_ra mm/readahead.c:333 [inline]
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_order+0xad4/0xe80 mm/readahead.c:538
 #2: ffff888077946f50 (&xa->xa_lock#10){..-.}-{3:3}, at: spin_lock_irq include/linux/spinlock.h:372 [inline]
 #2: ffff888077946f50 (&xa->xa_lock#10){..-.}-{3:3}, at: __filemap_add_folio+0x9fe/0x1330 mm/filemap.c:876

stack backtrace:
CPU: 1 UID: 0 PID: 5830 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_unlock_imbalance_bug+0xdc/0xf0 kernel/locking/lockdep.c:5298
 __lock_release kernel/locking/lockdep.c:5537 [inline]
 lock_release+0x248/0x3c0 kernel/locking/lockdep.c:5889
 rcu_lock_release include/linux/rcupdate.h:322 [inline]
 rcu_read_unlock include/linux/rcupdate.h:881 [inline]
 lruvec_stat_mod_folio+0x28b/0x3e0 mm/memcontrol.c:985
 __filemap_add_folio+0xceb/0x1330 mm/filemap.c:924
 filemap_add_folio+0x264/0x530 mm/filemap.c:967
 page_cache_ra_unbounded+0x494/0xa10 mm/readahead.c:282
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0xae4/0xe80 mm/readahead.c:538
 filemap_readahead mm/filemap.c:2664 [inline]
 filemap_get_pages+0x897/0x1ef0 mm/filemap.c:2710
 filemap_read+0x447/0x1230 mm/filemap.c:2806
 __kernel_read+0x504/0x9b0 fs/read_write.c:532
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:222 [inline]
 ima_calc_file_hash+0x446/0x860 security/integrity/ima/ima_crypto.c:280
 ima_collect_measurement+0x51d/0x9c0 security/integrity/ima/ima_api.c:300
 process_measurement+0x12cd/0x1c80 security/integrity/ima/ima_main.c:425
 ima_file_check+0xe1/0x130 security/integrity/ima/ima_main.c:685
 security_file_post_open+0xb3/0x260 security/security.c:2653
 do_open fs/namei.c:4701 [inline]
 path_openat+0x2e4d/0x3860 fs/namei.c:4858
 do_file_open+0x23e/0x4a0 fs/namei.c:4887
 file_open_name+0x162/0x1c0 fs/open.c:1322
 __do_sys_swapon mm/swapfile.c:3471 [inline]
 __se_sys_swapon+0x84a/0x2090 mm/swapfile.c:3436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efed519c7d7
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc370182b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007efed519c7d7
RDX: 0000000000000000 RSI: 0000000000008000 RDI: 00007efed5232e5b
RBP: 00007efed5232e5b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00007efed53e63e0
R13: 00007efed524dd26 R14: 0000000000200000 R15: 00007efed53e63a0
 </TASK>
------------[ cut here ]------------
rrln < 0 || rrln > RCU_NEST_PMAX
WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x79/0xe0 kernel/rcu/tree_plugin.h:443, CPU#1: syz-executor/5830
Modules linked in:
CPU: 1 UID: 0 PID: 5830 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__rcu_read_unlock+0x79/0xe0 kernel/rcu/tree_plugin.h:443
Code: 75 66 41 83 3e 00 75 27 43 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f e9 59 12 11 0a cc 90 <0f> 0b 90 eb eb e8 6d 00 00 00 eb d2 89 d9 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc90003b863f0 EFLAGS: 00010086
RAX: 00000000ffffffff RBX: ffff88803567a344 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8e37db44 RDI: ffff888035679e80
RBP: ffffc90003b86588 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1d06db0 R12: 1ffff11006acf468
R13: dffffc0000000000 R14: 00000003fffffffc R15: dffffc0000000000
FS:  00005555886db540(0000) GS:ffff888125304000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f36450057b8 CR3: 00000000762a4000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __filemap_add_folio+0xceb/0x1330 mm/filemap.c:924
 filemap_add_folio+0x264/0x530 mm/filemap.c:967
 page_cache_ra_unbounded+0x494/0xa10 mm/readahead.c:282
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0xae4/0xe80 mm/readahead.c:538
 filemap_readahead mm/filemap.c:2664 [inline]
 filemap_get_pages+0x897/0x1ef0 mm/filemap.c:2710
 filemap_read+0x447/0x1230 mm/filemap.c:2806
 __kernel_read+0x504/0x9b0 fs/read_write.c:532
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:222 [inline]
 ima_calc_file_hash+0x446/0x860 security/integrity/ima/ima_crypto.c:280
 ima_collect_measurement+0x51d/0x9c0 security/integrity/ima/ima_api.c:300
 process_measurement+0x12cd/0x1c80 security/integrity/ima/ima_main.c:425
 ima_file_check+0xe1/0x130 security/integrity/ima/ima_main.c:685
 security_file_post_open+0xb3/0x260 security/security.c:2653
 do_open fs/namei.c:4701 [inline]
 path_openat+0x2e4d/0x3860 fs/namei.c:4858
 do_file_open+0x23e/0x4a0 fs/namei.c:4887
 file_open_name+0x162/0x1c0 fs/open.c:1322
 __do_sys_swapon mm/swapfile.c:3471 [inline]
 __se_sys_swapon+0x84a/0x2090 mm/swapfile.c:3436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efed519c7d7
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc370182b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007efed519c7d7
RDX: 0000000000000000 RSI: 0000000000008000 RDI: 00007efed5232e5b
RBP: 00007efed5232e5b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00007efed53e63e0
R13: 00007efed524dd26 R14: 0000000000200000 R15: 00007efed53e63a0
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-04-07 17:53 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-07 17:53 [syzbot] [mm?] [cgroups?] WARNING: bad unlock balance in lruvec_stat_mod_folio syzbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox