syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1364]
Subsystems
🐞 Fixed [7042]
🐞 Invalid [18442]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING: bad unlock balance in lruvec_stat_mod_folio

Status: upstream: reported on 2026/04/07 17:53
Subsystems: mm cgroups
[Documentation on labels]
Reported-by: syzbot+1a3353a77896e73a8f53@syzkaller.appspotmail.com
First crash: 5d02h, last: 5d02h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] [cgroups?] WARNING: bad unlock balance in lruvec_stat_mod_folio 1 (2) 2026/04/07 17:54

Sample crash report:
cgroup: Unknown subsys name 'cpuset'
cgroup: Unknown subsys name 'rlimit'
=====================================
WARNING: bad unlock balance detected!
syzkaller #0 Not tainted
-------------------------------------
syz-executor/5830 is trying to release lock (rcu_read_lock) at:
[<ffffffff8237872e>] rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
[<ffffffff8237872e>] rcu_read_lock include/linux/rcupdate.h:850 [inline]
[<ffffffff8237872e>] lruvec_stat_mod_folio+0x6e/0x3e0 mm/memcontrol.c:974
but there are no more locks to release!

other info that might help us debug this:
3 locks held by syz-executor/5830:
 #0: ffff88802cb7f588 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7f1/0x1c80 security/integrity/ima/ima_main.c:319
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: do_page_cache_ra mm/readahead.c:333 [inline]
 #1: ffff888077946ff0 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_order+0xad4/0xe80 mm/readahead.c:538
 #2: ffff888077946f50 (&xa->xa_lock#10){..-.}-{3:3}, at: spin_lock_irq include/linux/spinlock.h:372 [inline]
 #2: ffff888077946f50 (&xa->xa_lock#10){..-.}-{3:3}, at: __filemap_add_folio+0x9fe/0x1330 mm/filemap.c:876

stack backtrace:
CPU: 1 UID: 0 PID: 5830 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_unlock_imbalance_bug+0xdc/0xf0 kernel/locking/lockdep.c:5298
 __lock_release kernel/locking/lockdep.c:5537 [inline]
 lock_release+0x248/0x3c0 kernel/locking/lockdep.c:5889
 rcu_lock_release include/linux/rcupdate.h:322 [inline]
 rcu_read_unlock include/linux/rcupdate.h:881 [inline]
 lruvec_stat_mod_folio+0x28b/0x3e0 mm/memcontrol.c:985
 __filemap_add_folio+0xceb/0x1330 mm/filemap.c:924
 filemap_add_folio+0x264/0x530 mm/filemap.c:967
 page_cache_ra_unbounded+0x494/0xa10 mm/readahead.c:282
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0xae4/0xe80 mm/readahead.c:538
 filemap_readahead mm/filemap.c:2664 [inline]
 filemap_get_pages+0x897/0x1ef0 mm/filemap.c:2710
 filemap_read+0x447/0x1230 mm/filemap.c:2806
 __kernel_read+0x504/0x9b0 fs/read_write.c:532
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:222 [inline]
 ima_calc_file_hash+0x446/0x860 security/integrity/ima/ima_crypto.c:280
 ima_collect_measurement+0x51d/0x9c0 security/integrity/ima/ima_api.c:300
 process_measurement+0x12cd/0x1c80 security/integrity/ima/ima_main.c:425
 ima_file_check+0xe1/0x130 security/integrity/ima/ima_main.c:685
 security_file_post_open+0xb3/0x260 security/security.c:2653
 do_open fs/namei.c:4701 [inline]
 path_openat+0x2e4d/0x3860 fs/namei.c:4858
 do_file_open+0x23e/0x4a0 fs/namei.c:4887
 file_open_name+0x162/0x1c0 fs/open.c:1322
 __do_sys_swapon mm/swapfile.c:3471 [inline]
 __se_sys_swapon+0x84a/0x2090 mm/swapfile.c:3436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efed519c7d7
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc370182b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007efed519c7d7
RDX: 0000000000000000 RSI: 0000000000008000 RDI: 00007efed5232e5b
RBP: 00007efed5232e5b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00007efed53e63e0
R13: 00007efed524dd26 R14: 0000000000200000 R15: 00007efed53e63a0
 </TASK>
------------[ cut here ]------------
rrln < 0 || rrln > RCU_NEST_PMAX
WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x79/0xe0 kernel/rcu/tree_plugin.h:443, CPU#1: syz-executor/5830
Modules linked in:
CPU: 1 UID: 0 PID: 5830 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__rcu_read_unlock+0x79/0xe0 kernel/rcu/tree_plugin.h:443
Code: 75 66 41 83 3e 00 75 27 43 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f e9 59 12 11 0a cc 90 <0f> 0b 90 eb eb e8 6d 00 00 00 eb d2 89 d9 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc90003b863f0 EFLAGS: 00010086
RAX: 00000000ffffffff RBX: ffff88803567a344 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8e37db44 RDI: ffff888035679e80
RBP: ffffc90003b86588 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1d06db0 R12: 1ffff11006acf468
R13: dffffc0000000000 R14: 00000003fffffffc R15: dffffc0000000000
FS:  00005555886db540(0000) GS:ffff888125304000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f36450057b8 CR3: 00000000762a4000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __filemap_add_folio+0xceb/0x1330 mm/filemap.c:924
 filemap_add_folio+0x264/0x530 mm/filemap.c:967
 page_cache_ra_unbounded+0x494/0xa10 mm/readahead.c:282
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0xae4/0xe80 mm/readahead.c:538
 filemap_readahead mm/filemap.c:2664 [inline]
 filemap_get_pages+0x897/0x1ef0 mm/filemap.c:2710
 filemap_read+0x447/0x1230 mm/filemap.c:2806
 __kernel_read+0x504/0x9b0 fs/read_write.c:532
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:222 [inline]
 ima_calc_file_hash+0x446/0x860 security/integrity/ima/ima_crypto.c:280
 ima_collect_measurement+0x51d/0x9c0 security/integrity/ima/ima_api.c:300
 process_measurement+0x12cd/0x1c80 security/integrity/ima/ima_main.c:425
 ima_file_check+0xe1/0x130 security/integrity/ima/ima_main.c:685
 security_file_post_open+0xb3/0x260 security/security.c:2653
 do_open fs/namei.c:4701 [inline]
 path_openat+0x2e4d/0x3860 fs/namei.c:4858
 do_file_open+0x23e/0x4a0 fs/namei.c:4887
 file_open_name+0x162/0x1c0 fs/open.c:1322
 __do_sys_swapon mm/swapfile.c:3471 [inline]
 __se_sys_swapon+0x84a/0x2090 mm/swapfile.c:3436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efed519c7d7
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc370182b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007efed519c7d7
RDX: 0000000000000000 RSI: 0000000000008000 RDI: 00007efed5232e5b
RBP: 00007efed5232e5b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00007efed53e63e0
R13: 00007efed524dd26 R14: 0000000000200000 R15: 00007efed53e63a0
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/03 17:51 linux-next cc13002a9f98 4440e7c2 .config console log report [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING: bad unlock balance in lruvec_stat_mod_folio
* Struck through repros no longer work on HEAD.