On Mon, Feb 09, 2026 at 01:34:33PM +0100, Maciej Patelczyk wrote:
> There is a unbalanced lock/unlock to gpusvm notifier lock:
> [ 931.045868] =====================================
> [ 931.046509] WARNING: bad unlock balance detected!
> [ 931.047149] 6.19.0-rc6+xe-**************** #9 Tainted: G U
> [ 931.048150] -------------------------------------
> [ 931.048790] kworker/u5:0/51 is trying to release lock
> (&gpusvm->notifier_lock) at:
> [ 931.049801] [<ffffffffa090c0d8>] drm_gpusvm_scan_mm+0x188/0x460
> [drm_gpusvm_helper]
> [ 931.050802] but there are no more locks to release!
> [ 931.051463]
>
> The drm_gpusvm_notifier_unlock() sits under err_free label and the
> first jump to err_free is just before calling the
> drm_gpusvm_notifier_lock() causing unbalanced unlock.
>
> Fixes: f1d08a586482 ("drm/gpusvm: Introduce a function to scan the current
> migration state")
> Signed-off-by: Maciej Patelczyk <[email protected]>
> Cc: Thomas Hellström <[email protected]>
Reviewed-by: Matthew Brost <[email protected]>
> ---
> drivers/gpu/drm/drm_gpusvm.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c
> index 871fcccd128a..c25f50cad6fe 100644
> --- a/drivers/gpu/drm/drm_gpusvm.c
> +++ b/drivers/gpu/drm/drm_gpusvm.c
> @@ -819,7 +819,7 @@ enum drm_gpusvm_scan_result drm_gpusvm_scan_mm(struct
> drm_gpusvm_range *range,
>
> if (!(pfns[i] & HMM_PFN_VALID)) {
> state = DRM_GPUSVM_SCAN_UNPOPULATED;
> - goto err_free;
> + break;
> }
>
> page = hmm_pfn_to_page(pfns[i]);
> @@ -856,9 +856,9 @@ enum drm_gpusvm_scan_result drm_gpusvm_scan_mm(struct
> drm_gpusvm_range *range,
> i += 1ul << drm_gpusvm_hmm_pfn_to_order(pfns[i], i, npages);
> }
>
> -err_free:
> drm_gpusvm_notifier_unlock(range->gpusvm);
>
> +err_free:
> kvfree(pfns);
> return state;
> }
> --
> 2.43.0
>
