From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D0A8C7115D for ; Fri, 20 Jun 2025 09:40:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3E5646B008C; Fri, 20 Jun 2025 05:40:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 39D1F6B0093; Fri, 20 Jun 2025 05:40:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D3086B0095; Fri, 20 Jun 2025 05:40:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1DA966B008C for ; Fri, 20 Jun 2025 05:40:32 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A02E71A03D5 for ; Fri, 20 Jun 2025 09:40:31 +0000 (UTC) X-FDA: 83575283862.05.D4119E6 Received: from mail-il1-f207.google.com (mail-il1-f207.google.com [209.85.166.207]) by imf16.hostedemail.com (Postfix) with ESMTP id EC856180007 for ; Fri, 20 Jun 2025 09:40:29 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf16.hostedemail.com: domain of 3jSxVaAkbAIQ067sittmzixxql.owwotm20mzkwv1mv1.kwu@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.207 as permitted sender) smtp.mailfrom=3jSxVaAkbAIQ067sittmzixxql.owwotm20mzkwv1mv1.kwu@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750412430; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=gAjNxy6TghG6L3EGpwR7lEojQyZ2mW/MhP24+gdEsHw=; b=n5cL5pOPKZpHsgmTdxZ0mcSZMHsEt9jKB/HjTPxMSLF0x3TrYeJWmGviawcIrsSfNaV6y3 JqgryubWHrJGHkxtNLnfePdcjQKCICGXZK5+Mzzs61LoULTOOYJMoCjr5ARp4HLGQCjEnL alYTwI0r3hVvRD/NjywxXVQB3msQ0mk= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf16.hostedemail.com: domain of 3jSxVaAkbAIQ067sittmzixxql.owwotm20mzkwv1mv1.kwu@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.207 as permitted sender) smtp.mailfrom=3jSxVaAkbAIQ067sittmzixxql.owwotm20mzkwv1mv1.kwu@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750412430; a=rsa-sha256; cv=none; b=pyxdaY/7xy6i4ZrgPlQrHUeWn5PSwvWkrjNdHQJhOrEWv07ZJb8K6JZiG8X+DfWOgYu5gO th3XV0R2869htYG8b/SFWZyehO37hVHRoCsvrIjoQM3bQtJgoO2VTIdcFo4LO1YT9sQKAA VfdY11bS00Bz0StrkYB5CV+LgousS3k= Received: by mail-il1-f207.google.com with SMTP id e9e14a558f8ab-3ddd045bb28so14676875ab.1 for ; Fri, 20 Jun 2025 02:40:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750412429; x=1751017229; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=gAjNxy6TghG6L3EGpwR7lEojQyZ2mW/MhP24+gdEsHw=; b=cBLRrHapsTgZMGkhds1zNfWy8fP1ILW4t1TyQNbG+Nnp1O/OfWVq52gj2FQbDuqJQ0 KS89hsy0RmajeM+60ZeNBfc1QCredvY736Dp9fvCh5Om6QgyKA+DniOXXATm/kSTt/b3 zFAwENxRnOygXBqqgKhnmk6YgpUHJKzE8CK5DxjJkmjpa3MaFAbBNuPgzoEaE29k/VX2 DwU8LWqpg0CwTLtXvnR3mf/DHSbbsWv9W4nfbaB0GVQ73uEJhx1dZgDsCIT+rXlUPeZ3 yrsgYqEPUMh6+ElW392oEBo6HqMIDCQ8Cog2Mjm2EyAViHxdoiOCZAhPvbHRhbsjK2E+ 38Ig== X-Forwarded-Encrypted: i=1; AJvYcCWOtqP+W4XzPv17r3+eArMaIfLX23V0ktMhtmAxaOwzdaPmGrsShk7dlFqf+iLqz8JPtKvuidEVyg==@kvack.org X-Gm-Message-State: AOJu0Yz9Lpg0usDxW963fkGWUG/r573norxdPxeLB4PEnnusnN7dd8zj k0YbyB0ZaiyC2hqMLBtvIwUcYfnpzqrsLmj8/QcJqUasGJBc0ns6PQtASBBYiCUfw1t65IpWr3U saT0fVSOb9b3X4T7sTo8LkyElAhsHzTFenKGIowY1pA/tdn4p/JoqqHpU/Ow= X-Google-Smtp-Source: AGHT+IGja+6x2hLd1b25s+awfl342tqQsbFFuZOlmBJKZScO5T6OhxP9LsmVP+k1tVPMjrqfavR3ZZRekl7gzBOKmC+fjV1T68Zb MIME-Version: 1.0 X-Received: by 2002:a05:6e02:1646:b0:3db:86fc:d328 with SMTP id e9e14a558f8ab-3de38c2e1c2mr24035785ab.5.1750412429065; Fri, 20 Jun 2025 02:40:29 -0700 (PDT) Date: Fri, 20 Jun 2025 02:40:29 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <68552c8d.a00a0220.137b3.0040.GAE@google.com> Subject: [syzbot] [mm?] WARNING: bad unlock balance in move_page_tables From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, pfalcato@suse.de, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Queue-Id: EC856180007 X-Rspamd-Server: rspam01 X-Stat-Signature: jgjk35urrkdqihpmj967nzntq7hii5a4 X-HE-Tag: 1750412429-779012 X-HE-Meta: U2FsdGVkX1/aaqy+pCyb+FSkkJYC6lS/sZQdwB4iXqipUlgBS8leGFdQhBGc4iBh1td186yOWTeyecOLFXhEo4Bu2MZvYcf/4yJGgd11AaVED/iPhw0XzLvTk4t9WSxmXz6hrzSA+8vfhBNp7+aXsi+0wWXN9qBp74+HgCIAixyfyrMiMv3dPL0pVSQxRqoEATJFTs0pgnX2cerg16WS8e2W5HTJAiTg6DE71fLBQsUej+c6OgtNabkt1rx1tjZKgR4wjL9wapvaSn6TL6D54aJjnbLwz3FL1HOrzZnMAVBC8zCiwJXz+fEnsCQtPoVfGLIykE/rnweV6ASZzOca9YAyXVFIifXxdIBJQQk7qpY6ejtBIAGcOCEGl5/r/7OvBaV1wzcW8A5h3EJ3B1DUtqdjV/57U8QJwMpAdhFttgji6RBwimP28cXdbpAYz+3rbXI001awYmE8BGDiQjEV4+3UOW9a1aSVJJdsgNjIUV38BGYys5n6/UXZ0ZPQ/78jv663QnuuxX9rYoxgd6O7q1fb2LHyx3pa/sgH2qx+fP0y4jmqKdH9ZcwMDA/rx5eNHb5DGQJrcbWCQ3hDEaNSDTwOI08KNmpF7Df02xYO1hN0QoHOIlxttSbT7VmqUlZT6szuUeO4zw+Uxlz1zhhNlKMETjFdXvrpX+zaYYFEb4QubWlyJfbIBdtgK3uP7iBaFZKkHBC1+7wEG749LislABxcfAY9EuuI6AS8MRcZ9DwmOt2uZaYKNqsB2mnevbbETeEHINRBPKNkOCjtBGjyX8pz+exwJW2KR/3YdI3jWgvqJ1XbLlxCShcBD/sRutXXaCxKPirub3BiKv9OD9foLpDKcyuMZYpLx4yFZ/bsm34SgZojzPUy+jqkkYKRmOgSKrr7pz4Xgh27xgWVxDdULS2iOsv/wYUuaauJbK4IzyPrSFSf0xCJADhQ6pPJ/H7aUcaExn5dxfmEZi2aXPf lJ3UPm04 5dw+oMciuAmPAyLISsYCciYf8hYoGFG9PBp+tc6RK3SMxRYcDyONUaHOMIR9FW2d8kx0hTd1VlGa9m6ngxKVS0ItkPqFCILMWYz6VIE1gNi9wutNpT/lJfMSvWlP1kDB6vUYLwj+GfFHiGbv/g04yjV2m5zTjVHBfpd1XW8XAZm3ejDSS3QKIBDRgh/0xvHB3t/98/RjWW2xjumoTczaa9QT+u1nTmklBvWHnAem2fHdi7wG2kEChA99eWmVxXU8pseZgVw6P1o/QD119jnjzQNSeFPtAQsDdAthrkpZyJ/iV9xniXlwVoL+4GlGicc1KRxzL4chguhB1vm0S1wjoDGHe1FZgNDSFoc05sFllJ9qZUuK42RVT8XlftW2yqP4SjzARI0TICrwCyFivv6FCFC/F0lloyDnC0VNaYvZWo75+oBWV45CHZ+vStMoP2PcDxCSV/RTV6f1Z+/wHRTdhvvahIwG8K2ps9KPVLu3I4VXWb4rwtQonAVNPac/mjGJkpMYTvR/3xcJjTlUhZfTD39nvL/RRUQTm6Sr8Bf6wowTHsGD+KeM6brRRBHlCZQ82p+PxFBAXpJgrVtF/NsYkWHovDlGX5BnddFtM9ydRT5pMbbhOYQehORvaOWMhkhy8WSHlymyhXWxA+XLv5n/6KG5tryPsb+54Ybbc2PlSI7l+QrLiLknLzea8EmqPaZ19jUiObrkDLWNLMH/igvSvoWvMH/lT2Id08fi6yERggT09gL0k7e7oGfVuJAH/pX6BMz2P52dALLUKSDY/YYfDTQME7UxACfkectz/2kye+wFP5HJG7JSoB9nUrh/Nlwr+rNWAb9H045vZ/RIB1iVLmsXIGC/gB0/FwVdM42e3PTIQiLhQxn/N9UKJ5pUz6vfpRnbh94TDW2xtMfN0nPpYuE0DsTwmJJ5zX2L4qBwUmoIwpwLr3wJg97m1Z9Epis4YzkyUGhEG52jxnaQqXj5B0S3zsxqy cvhyYuGd wkOIBrrUZitB1hWtxFbyoPVvfKOjFOKvLiIS4cJrqu0HlQ+ywlcCTla6U42O4IDaYZLGc1+HDx1SoLiiFtGeR6WZ1cfNtqEZTtb9kBXAy7s+epLtt3GxyZqnB7xQoU1m5XmoVmcDTbTAhQom09WCOa9wHTog2Noi52bMArwjhOrnhA/Y/WGz/mrfsAW8Y5zmeDDFFNfbza4UK89lHQxqLIjwl4xXNBVYIhnsY0+S9lXzeERjWUhNP0mN+1FGCiTJ4GTdXu5tSW3lFIldIGmq9EkHnyhEF735VWTe3P+b3oH/yCpG99rO/rlz9LbG2aCXUZLVwlFVhFWTkCK5dJ13qlwD5B6HWcAHKXOhUdFQiNiRiZ/VVYft9PnCG8qRVi9XOynpcLC6V3nJ0SZY8A5Ue4ZfjndGaCTBZj+BSoxTlrGIuYdN2Ll67hstOVGl1MG+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: 050f8ad7b58d Add linux-next specific files for 20250616 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1032490c580000 kernel config: https://syzkaller.appspot.com/x/.config?x=d2efc7740224b93a dashboard link: https://syzkaller.appspot.com/bug?extid=d400c4dc8b94eed678bc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/49faa18d2f53/disk-050f8ad7.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7c6f9cd7fe5d/vmlinux-050f8ad7.xz kernel image: https://storage.googleapis.com/syzbot-assets/84a08d6403ee/bzImage-050f8ad7.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+d400c4dc8b94eed678bc@syzkaller.appspotmail.com ===================================== WARNING: bad unlock balance detected! 6.16.0-rc2-next-20250616-syzkaller #0 Not tainted ------------------------------------- syz.9.959/9941 is trying to release lock (&mapping->i_mmap_rwsem) at: [] i_mmap_unlock_write include/linux/fs.h:557 [inline] [] maybe_drop_rmap_locks mm/mremap.c:197 [inline] [] move_pgt_entry mm/mremap.c:686 [inline] [] move_page_tables+0xf51/0x2940 mm/mremap.c:1358 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz.9.959/9941: #0: ffff88807cafc260 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:374 [inline] #0: ffff88807cafc260 (&mm->mmap_lock){++++}-{4:4}, at: do_mremap mm/mremap.c:2371 [inline] #0: ffff88807cafc260 (&mm->mmap_lock){++++}-{4:4}, at: __do_sys_mremap mm/mremap.c:2453 [inline] #0: ffff88807cafc260 (&mm->mmap_lock){++++}-{4:4}, at: __se_sys_mremap+0x3c0/0xc60 mm/mremap.c:2421 stack backtrace: CPU: 1 UID: 0 PID: 9941 Comm: syz.9.959 Not tainted 6.16.0-rc2-next-20250616-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_unlock_imbalance_bug+0xdc/0xf0 kernel/locking/lockdep.c:5301 __lock_release kernel/locking/lockdep.c:5540 [inline] lock_release+0x269/0x3e0 kernel/locking/lockdep.c:5892 up_write+0x2d/0x420 kernel/locking/rwsem.c:1629 i_mmap_unlock_write include/linux/fs.h:557 [inline] maybe_drop_rmap_locks mm/mremap.c:197 [inline] move_pgt_entry mm/mremap.c:686 [inline] move_page_tables+0xf51/0x2940 mm/mremap.c:1358 copy_vma_and_data mm/mremap.c:1807 [inline] move_vma+0xd5e/0x2010 mm/mremap.c:1913 mremap_to+0x7e7/0x8b0 mm/mremap.c:2106 do_mremap mm/mremap.c:2396 [inline] __do_sys_mremap mm/mremap.c:2453 [inline] __se_sys_mremap+0x8f5/0xc60 mm/mremap.c:2421 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4030f8e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4031dde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007f40311b6240 RCX: 00007f4030f8e929 RDX: 0000000000200000 RSI: 0000000000600600 RDI: 0000200000000000 RBP: 00007f4031010b39 R08: 0000200000a00000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000001 R14: 00007f40311b6240 R15: 00007ffc335a19c8 ------------[ cut here ]------------ DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff88807b05b2e0, owner = 0x0, curr 0xffff88802cc51e00, list empty WARNING: kernel/locking/rwsem.c:1368 at __up_write kernel/locking/rwsem.c:1367 [inline], CPU#1: syz.9.959/9941 WARNING: kernel/locking/rwsem.c:1368 at up_write+0x3a2/0x420 kernel/locking/rwsem.c:1630, CPU#1: syz.9.959/9941 Modules linked in: CPU: 1 UID: 0 PID: 9941 Comm: syz.9.959 Not tainted 6.16.0-rc2-next-20250616-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:__up_write kernel/locking/rwsem.c:1367 [inline] RIP: 0010:up_write+0x3a2/0x420 kernel/locking/rwsem.c:1630 Code: d0 48 c7 c7 60 ee 8a 8b 48 c7 c6 80 f0 8a 8b 48 8b 14 24 4c 89 f1 4d 89 e0 4c 8b 4c 24 08 41 52 e8 23 3b e6 ff 48 83 c4 08 90 <0f> 0b 90 90 e9 6d fd ff ff 48 c7 c1 34 81 a1 8f 80 e1 07 80 c1 03 RSP: 0018:ffffc90013b0f530 EFLAGS: 00010296 RAX: 3396a5242025d900 RBX: ffff88807b05b2e0 RCX: 0000000000080000 RDX: ffffc9000e491000 RSI: 0000000000031dc6 RDI: 0000000000031dc7 RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1bfaa14 R12: 0000000000000000 R13: ffff88807b05b338 R14: ffff88807b05b2e0 R15: 1ffff1100f60b65d FS: 00007f4031dde6c0(0000) GS:ffff888125d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4031dddf98 CR3: 0000000057f30000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: i_mmap_unlock_write include/linux/fs.h:557 [inline] maybe_drop_rmap_locks mm/mremap.c:197 [inline] move_pgt_entry mm/mremap.c:686 [inline] move_page_tables+0xf51/0x2940 mm/mremap.c:1358 copy_vma_and_data mm/mremap.c:1807 [inline] move_vma+0xd5e/0x2010 mm/mremap.c:1913 mremap_to+0x7e7/0x8b0 mm/mremap.c:2106 do_mremap mm/mremap.c:2396 [inline] __do_sys_mremap mm/mremap.c:2453 [inline] __se_sys_mremap+0x8f5/0xc60 mm/mremap.c:2421 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4030f8e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4031dde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007f40311b6240 RCX: 00007f4030f8e929 RDX: 0000000000200000 RSI: 0000000000600600 RDI: 0000200000000000 RBP: 00007f4031010b39 R08: 0000200000a00000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000001 R14: 00007f40311b6240 R15: 00007ffc335a19c8 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup