From: syzbot <syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, bgeffon@google.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
peterx@redhat.com, syzkaller-bugs@googlegroups.com,
torvalds@linux-foundation.org
Subject: WARNING: bad unlock balance in __get_user_pages_remote
Date: Tue, 07 Apr 2020 13:16:11 -0700 [thread overview]
Message-ID: <00000000000005c65d05a2b90e70@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 7e634208 Merge tag 'acpi-5.7-rc1-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=169498ede00000
kernel config: https://syzkaller.appspot.com/x/.config?x=12205d036cec317f
dashboard link: https://syzkaller.appspot.com/bug?extid=a8c70b7f3579fc0587dc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a41543e00000
The bug was bisected to:
commit 71335f37c5e8ec9225285206f7f875057b9737ad
Author: Peter Xu <peterx@redhat.com>
Date: Thu Apr 2 04:08:53 2020 +0000
mm/gup: allow to react to fatal signals
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17dba9b3e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=143ba9b3e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=103ba9b3e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com
Fixes: 71335f37c5e8 ("mm/gup: allow to react to fatal signals")
=====================================
WARNING: bad unlock balance detected!
5.6.0-syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/8429 is trying to release lock (&mm->mmap_sem) at:
[<ffffffff819fbf60>] __get_user_pages_locked mm/gup.c:1366 [inline]
[<ffffffff819fbf60>] __get_user_pages_remote mm/gup.c:1831 [inline]
[<ffffffff819fbf60>] __get_user_pages_remote+0x540/0x740 mm/gup.c:1806
but there are no more locks to release!
other info that might help us debug this:
no locks held by syz-executor.0/8429.
stack backtrace:
CPU: 0 PID: 8429 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
__lock_release kernel/locking/lockdep.c:4633 [inline]
lock_release+0x586/0x800 kernel/locking/lockdep.c:4941
up_read+0x79/0x750 kernel/locking/rwsem.c:1573
__get_user_pages_locked mm/gup.c:1366 [inline]
__get_user_pages_remote mm/gup.c:1831 [inline]
__get_user_pages_remote+0x540/0x740 mm/gup.c:1806
pin_user_pages_remote+0x67/0xa0 mm/gup.c:2897
process_vm_rw_single_vec mm/process_vm_access.c:108 [inline]
process_vm_rw_core.isra.0+0x423/0x940 mm/process_vm_access.c:218
process_vm_rw+0x21f/0x240 mm/process_vm_access.c:286
__do_sys_process_vm_writev mm/process_vm_access.c:308 [inline]
__se_sys_process_vm_writev mm/process_vm_access.c:303 [inline]
__x64_sys_process_vm_writev+0xdf/0x1b0 mm/process_vm_access.c:303
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c879
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa1008bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
RAX: ffffffffffffffda RBX: 00007fa1008bb6d4 RCX: 000000000045c879
RDX: 0000000000000001 RSI: 0000000020c22000 RDI: 0000000000000009
RBP: 000000000076bf00 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000085d R14: 00000000004cb1ee R15: 000000000076bf0c
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff888094028338, owner = 0x3, curr 0xffff888093cbc500, list empty
WARNING: CPU: 0 PID: 8429 at kernel/locking/rwsem.c:1435 __up_read kernel/locking/rwsem.c:1435 [inline]
WARNING: CPU: 0 PID: 8429 at kernel/locking/rwsem.c:1435 up_read+0x5f9/0x750 kernel/locking/rwsem.c:1574
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2020-04-07 20:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 20:16 syzbot [this message]
2020-04-07 20:16 ` WARNING: bad unlock balance in __get_user_pages_remote syzbot
2020-04-07 20:47 ` Peter Xu
2020-04-07 21:08 ` syzbot
2020-04-07 21:08 ` syzbot
2020-04-08 1:37 ` syzbot
2020-04-08 1:37 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000005c65d05a2b90e70@google.com \
--to=syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=bgeffon@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterx@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.