From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E12DC83F09 for ; Wed, 9 Jul 2025 10:27:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 02E876B00A2; Wed, 9 Jul 2025 06:27:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 005A76B00B4; Wed, 9 Jul 2025 06:27:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E5E4D6B00B6; Wed, 9 Jul 2025 06:27:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id CDE4C6B00A2 for ; Wed, 9 Jul 2025 06:27:02 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 21A221D31EE for ; Wed, 9 Jul 2025 10:27:02 +0000 (UTC) X-FDA: 83644348284.30.6BF67E7 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf04.hostedemail.com (Postfix) with ESMTP id A24E340006 for ; Wed, 9 Jul 2025 10:26:59 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JptUHZOL; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=3d+d2ryM; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JptUHZOL; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=3d+d2ryM; spf=pass (imf04.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752056820; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LZ3pnkYscZOxZWdp3KwAjQJi8H8WXPZg1IhjBrviGRQ=; b=1miBEnMtlrcVv/KO/zLMHYj3KOI6RtNu4x+k8Fr7dZI0sD5gT5+RK+HcCettJgn/g7E/gZ 39mFP3PC1PwGFhxDYlmhnhNUmDeGo202Jbxm0NrnjcPFYz1TgdWqzOjE1+xqnApYDCF+C/ TwHh2sPxyByBvwyt3Q89Ifhq2m+B6Hc= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JptUHZOL; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=3d+d2ryM; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JptUHZOL; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=3d+d2ryM; spf=pass (imf04.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752056820; a=rsa-sha256; cv=none; b=GWINIF2Ztj606Pzq6eSmrFkLWaAqNshHEEpZD++yrvlJsTtrBwx6ZkRlIBlAyUPFWQExhr DbZnKerlrNrvFlV0svvnJHnFgDutuGYYWCATXXT3/ghRqxbpE7KTmNVUcmtVEShQD39Jo4 xo229cPZ2HE6OKWUYP1M5Y/7oyAmKCk= Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 16F7521170; Wed, 9 Jul 2025 10:26:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1752056818; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=LZ3pnkYscZOxZWdp3KwAjQJi8H8WXPZg1IhjBrviGRQ=; b=JptUHZOLgTNnmRCAVBniME3JbVVnnT0MnENkFcf1cEin6ZFEAN4N66YdZKIWpKQHF9T+Ci X3PE1dF/0TPlooXN6IGz2TGtfQ8so2s9nf/b3OoCy5O9qSFHB0+6XzRlqx6TjSJrbQA2E5 WSOiI10Cf4QNmWHUb2Bw0PdcdHgVOY8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1752056818; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=LZ3pnkYscZOxZWdp3KwAjQJi8H8WXPZg1IhjBrviGRQ=; b=3d+d2ryMLT8vyBQi5jRP5kkygMk6l/L4Fra22fvVu9IiBBsbC6y8ShBiJypp1fMuVZ0Ufc klVP3NyXRUD+uXAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1752056818; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=LZ3pnkYscZOxZWdp3KwAjQJi8H8WXPZg1IhjBrviGRQ=; b=JptUHZOLgTNnmRCAVBniME3JbVVnnT0MnENkFcf1cEin6ZFEAN4N66YdZKIWpKQHF9T+Ci X3PE1dF/0TPlooXN6IGz2TGtfQ8so2s9nf/b3OoCy5O9qSFHB0+6XzRlqx6TjSJrbQA2E5 WSOiI10Cf4QNmWHUb2Bw0PdcdHgVOY8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1752056818; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=LZ3pnkYscZOxZWdp3KwAjQJi8H8WXPZg1IhjBrviGRQ=; b=3d+d2ryMLT8vyBQi5jRP5kkygMk6l/L4Fra22fvVu9IiBBsbC6y8ShBiJypp1fMuVZ0Ufc klVP3NyXRUD+uXAA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id F028213757; Wed, 9 Jul 2025 10:26:57 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id cXbAOfFDbmgfIAAAD6G6ig (envelope-from ); Wed, 09 Jul 2025 10:26:57 +0000 Message-ID: <54d2b3a2-9314-413b-993f-19e369910fd8@suse.cz> Date: Wed, 9 Jul 2025 12:26:57 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [mm?] WARNING: lock held when returning to user space in lock_next_vma Content-Language: en-US To: Suren Baghdasaryan , syzbot Cc: Liam.Howlett@oracle.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, shakeel.butt@linux.dev, syzkaller-bugs@googlegroups.com References: <686d5adb.050a0220.1ffab7.0019.GAE@google.com> From: Vlastimil Babka Autocrypt: addr=vbabka@suse.cz; keydata= xsFNBFZdmxYBEADsw/SiUSjB0dM+vSh95UkgcHjzEVBlby/Fg+g42O7LAEkCYXi/vvq31JTB KxRWDHX0R2tgpFDXHnzZcQywawu8eSq0LxzxFNYMvtB7sV1pxYwej2qx9B75qW2plBs+7+YB 87tMFA+u+L4Z5xAzIimfLD5EKC56kJ1CsXlM8S/LHcmdD9Ctkn3trYDNnat0eoAcfPIP2OZ+ 9oe9IF/R28zmh0ifLXyJQQz5ofdj4bPf8ecEW0rhcqHfTD8k4yK0xxt3xW+6Exqp9n9bydiy tcSAw/TahjW6yrA+6JhSBv1v2tIm+itQc073zjSX8OFL51qQVzRFr7H2UQG33lw2QrvHRXqD Ot7ViKam7v0Ho9wEWiQOOZlHItOOXFphWb2yq3nzrKe45oWoSgkxKb97MVsQ+q2SYjJRBBH4 8qKhphADYxkIP6yut/eaj9ImvRUZZRi0DTc8xfnvHGTjKbJzC2xpFcY0DQbZzuwsIZ8OPJCc LM4S7mT25NE5kUTG/TKQCk922vRdGVMoLA7dIQrgXnRXtyT61sg8PG4wcfOnuWf8577aXP1x 6mzw3/jh3F+oSBHb/GcLC7mvWreJifUL2gEdssGfXhGWBo6zLS3qhgtwjay0Jl+kza1lo+Cv BB2T79D4WGdDuVa4eOrQ02TxqGN7G0Biz5ZLRSFzQSQwLn8fbwARAQABzSBWbGFzdGltaWwg QmFia2EgPHZiYWJrYUBzdXNlLmN6PsLBlAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIe AQIXgBYhBKlA1DSZLC6OmRA9UCJPp+fMgqZkBQJnyBr8BQka0IFQAAoJECJPp+fMgqZkqmMQ AIbGN95ptUMUvo6aAdhxaOCHXp1DfIBuIOK/zpx8ylY4pOwu3GRe4dQ8u4XS9gaZ96Gj4bC+ jwWcSmn+TjtKW3rH1dRKopvC07tSJIGGVyw7ieV/5cbFffA8NL0ILowzVg8w1ipnz1VTkWDr 2zcfslxJsJ6vhXw5/npcY0ldeC1E8f6UUoa4eyoskd70vO0wOAoGd02ZkJoox3F5ODM0kjHu Y97VLOa3GG66lh+ZEelVZEujHfKceCw9G3PMvEzyLFbXvSOigZQMdKzQ8D/OChwqig8wFBmV QCPS4yDdmZP3oeDHRjJ9jvMUKoYODiNKsl2F+xXwyRM2qoKRqFlhCn4usVd1+wmv9iLV8nPs 2Db1ZIa49fJet3Sk3PN4bV1rAPuWvtbuTBN39Q/6MgkLTYHb84HyFKw14Rqe5YorrBLbF3rl M51Dpf6Egu1yTJDHCTEwePWug4XI11FT8lK0LNnHNpbhTCYRjX73iWOnFraJNcURld1jL1nV r/LRD+/e2gNtSTPK0Qkon6HcOBZnxRoqtazTU6YQRmGlT0v+rukj/cn5sToYibWLn+RoV1CE Qj6tApOiHBkpEsCzHGu+iDQ1WT0Idtdynst738f/uCeCMkdRu4WMZjteQaqvARFwCy3P/jpK uvzMtves5HvZw33ZwOtMCgbpce00DaET4y/UzsBNBFsZNTUBCACfQfpSsWJZyi+SHoRdVyX5 J6rI7okc4+b571a7RXD5UhS9dlVRVVAtrU9ANSLqPTQKGVxHrqD39XSw8hxK61pw8p90pg4G /N3iuWEvyt+t0SxDDkClnGsDyRhlUyEWYFEoBrrCizbmahOUwqkJbNMfzj5Y7n7OIJOxNRkB IBOjPdF26dMP69BwePQao1M8Acrrex9sAHYjQGyVmReRjVEtv9iG4DoTsnIR3amKVk6si4Ea X/mrapJqSCcBUVYUFH8M7bsm4CSxier5ofy8jTEa/CfvkqpKThTMCQPNZKY7hke5qEq1CBk2 wxhX48ZrJEFf1v3NuV3OimgsF2odzieNABEBAAHCwXwEGAEKACYCGwwWIQSpQNQ0mSwujpkQ PVAiT6fnzIKmZAUCZ8gcVAUJFhTonwAKCRAiT6fnzIKmZLY8D/9uo3Ut9yi2YCuASWxr7QQZ lJCViArjymbxYB5NdOeC50/0gnhK4pgdHlE2MdwF6o34x7TPFGpjNFvycZqccSQPJ/gibwNA zx3q9vJT4Vw+YbiyS53iSBLXMweeVV1Jd9IjAoL+EqB0cbxoFXvnjkvP1foiiF5r73jCd4PR rD+GoX5BZ7AZmFYmuJYBm28STM2NA6LhT0X+2su16f/HtummENKcMwom0hNu3MBNPUOrujtW khQrWcJNAAsy4yMoJ2Lw51T/5X5Hc7jQ9da9fyqu+phqlVtn70qpPvgWy4HRhr25fCAEXZDp xG4RNmTm+pqorHOqhBkI7wA7P/nyPo7ZEc3L+ZkQ37u0nlOyrjbNUniPGxPxv1imVq8IyycG AN5FaFxtiELK22gvudghLJaDiRBhn8/AhXc642/Z/yIpizE2xG4KU4AXzb6C+o7LX/WmmsWP Ly6jamSg6tvrdo4/e87lUedEqCtrp2o1xpn5zongf6cQkaLZKQcBQnPmgHO5OG8+50u88D9I rywqgzTUhHFKKF6/9L/lYtrNcHU8Z6Y4Ju/MLUiNYkmtrGIMnkjKCiRqlRrZE/v5YFHbayRD dJKXobXTtCBYpLJM4ZYRpGZXne/FAtWNe4KbNJJqxMvrTOrnIatPj8NhBVI0RSJRsbilh6TE m6M14QORSWTLRg== In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A24E340006 X-Stat-Signature: 8c3fdey44h5ghr4h8hcxsp7c3ax18x3g X-Rspam-User: X-Rspamd-Server: rspam07 X-HE-Tag: 1752056819-985919 X-HE-Meta: U2FsdGVkX1/zLdT0GoTmyxXL0t1XaMgZeqLLvJGgKDHYJFcaFM2NSg90bznFX6Ekx6TwtAEbkSPvNJ8j3QYd7NWY3B2zZhlKa2nP2uu3/Pb8DCdFYtxIGfl1oV5uJHj8sGFYJiXGBEk1FiRoGDj+bWmQC7vmp4E0gOXg6F49dM7mY2yNf3ReT8bW/RbOyOMFX+4fm7R3C1Hi+lcvAUeC6Jg29MOJXEyLC/g4M8/S2T9A4wLCLde9vI51ZX5fjLYKVfzfXFy3lVNlj4+XAdRqwHBai8EfpUZ6jb9RTPKPMXSYgi0oM1a6+cEwDav9/G4H44D1nvtoycnhkKXmDLnU+bs80c2pPW2oQG2MzONXDIscWwvvVxzaDO4Ph/+NuysKti0i8M5UR4aFVaGzPJmiTVyBtNJRQx7XaZOQRYbFdhlZ08LosdWlsPfoLUuW5alBGBa7Y4XxO0xTnlIQbELLoWXmGbvz5E3/TcjVTVZJNU/1Y6gyS6OfGNH8PrL3i9Zwagfy1wX9/6/DNUj6PL8kYYGoE3WrZ/SFd7xfyqCiqrRPZO+/wHAiU83LrJy02nCpWdkWLpwv91PKx1OXht1vpotRUXYupM3Qe1DKCKKWjDOq7Jqi4lJlVOdgACe22AX3wlDOy5NBDGMSxN+4NPHIq1Vc/82lv1Ep50xLrqMt4GNPDZdIrrl7XK2yQjH47HsgWdZfc1VwAELLW+sBWaNHSDAaA/0L+9QS/e/nv0npMGye/7IHGKcmgCaVcZ/mSDprneuNdD/JgmLq4H/GtgCPT0Fk+fO58icIsaD80pe6+OBKWL1BG7u/geRvYcPCaUcvMkV89qLKihsG8qyUBeTdVqjRZsHFxeEupP1fLy8RETdBwPBkOfRgWwFrO83Mw/faacAqZeWAkdsOmzjICdcieTYehYCWLqWRyCts6y4Li/d74hkmPq/KfcY/L3N18WrooTjZrsQs+QdSNLPQilI Y5Dv0oOj D8Ld6li668cAUjTcYzz6CweAf8Xkrgte8HIk8jcqprbTiVU3ESKuqHSU17qy1scLcZ0BiqUXFRITziZOwk+FX9lQvJTYYwplyy2N76/DrcvOqsURiWjDoT2n07AV86I3ALat9CPJRnDyibF/FS7yJNeyB0EQRyKbi/hgAxsdnNp8OrZMouKubWXCW+fsXpo/7uLK8IgcxC3gFMf+zHU/Azpuqh8XgqxEmDwJVU4b4yD+ZVlYr+4BN8ldk5lPZof1AYYKOIQ9PhiPQciTAsdpgsvu5Dsy4tGHa51ftvzI3+rPhdrC+KWkRy6SDh5FsyYwernwuvn6rp2Uuv5iYsIh/ffCYPqJly+5y+nhwAMf9aeXkaDcNy8LD8PJG11TaI9Xc3KYwGOxu57vnU331pw7ciFKC+q0TOIL+meanX2T7RlZTV8mgrA62/vcSs0qgubAZimyFEWrlQKQptFt7CWBi4B64752qooimG7+ayI+akdATBDI0Xv0dQscnjN3eZX1qjzC+NSCKjqrn8e78fCasakM6xowsv8BZxSe20yDCxKJTNcUC614RjzsmY+PGwU4YW+GVIkdZvPr+oDTDP45qpC+5kNKpGgD28iFNsw4SoHFcDPEog3y8LRNPPQS0QDuozKDSF6zdTreY60bPdppCU4LM1g4q5kJJQ19fSAGARqR4DjHHNGEr9fOIF0/YUC1gQvxD9lTVnq+E1aUjkC/jgT0uM0xkhRs/76S2/YathLt56yq3QBJiIPOOTNxSy6hgllc3IWhqYza0UJ3YGzbaHqr4Q434/ecb6HrnX6xQMQ5PwikBkqD+CJKMQLsCuFLN5R0uaHZltLfwygbWodYEn1u9hy1RIxPGWfOITPNh98k8YF4e7uF9j85WAlGpOmyj87nCv0K4Tv7TPz8SAkMyE7/jB0+8/YA2IrNScvi31FDwclF9WxJiuE1f46rjjUQlZGVDEqbqj0oDnR6ilspJ8g1uL2KQ XwWQmyj4 v8ZFLnU/9hYLEoUabLBVFQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 7/9/25 00:19, Suren Baghdasaryan wrote: > On Tue, Jul 8, 2025 at 10:52 AM syzbot > wrote: >> >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: 26ffb3d6f02c Add linux-next specific files for 20250704 >> git tree: linux-next >> console output: https://syzkaller.appspot.com/x/log.txt?x=1719df70580000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=1e4f88512ae53408 >> dashboard link: https://syzkaller.appspot.com/bug?extid=80011ad33eec39e6ce42 >> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1124abd4580000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1099df70580000 >> >> Downloadable assets: >> disk image: https://storage.googleapis.com/syzbot-assets/fd5569903143/disk-26ffb3d6.raw.xz >> vmlinux: https://storage.googleapis.com/syzbot-assets/1b0c9505c543/vmlinux-26ffb3d6.xz >> kernel image: https://storage.googleapis.com/syzbot-assets/9d864c72bed1/bzImage-26ffb3d6.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+80011ad33eec39e6ce42@syzkaller.appspotmail.com >> >> ================================================ >> WARNING: lock held when returning to user space! >> 6.16.0-rc4-next-20250704-syzkaller #0 Not tainted >> ------------------------------------------------ >> syz.0.22/6068 is leaving the kernel with locks still held! >> 1 lock held by syz.0.22/6068: >> #0: ffff8880792a3588 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 mm/mmap_lock.c:220 > > Hmm. I must be missing an unlock_vma() somewhere but I don't see it > yet. Will try the reproducer. I don't see it either. I don't also see v6 being substantially different. Hopefully this (and the other report) was some consequence of the kmalloc() under rcu that v5 had. Maybe it can lead to sleep and when it wake ups it doesn't restore the rcu lock section? The unhandled vma_start_read_locked() return value I pointed out could play a role too (in the other report) but I guess only if syzbot would be able to saturate the refcount (I doubt?).