From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9883AC83F03 for ; Wed, 9 Jul 2025 14:30:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 32F976B0132; Wed, 9 Jul 2025 10:30:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2DFEF6B0133; Wed, 9 Jul 2025 10:30:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1CEC26B0134; Wed, 9 Jul 2025 10:30:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 098C56B0132 for ; Wed, 9 Jul 2025 10:30:10 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C896614036E for ; Wed, 9 Jul 2025 14:30:09 +0000 (UTC) X-FDA: 83644960938.23.F06F8B1 Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) by imf18.hostedemail.com (Postfix) with ESMTP id D97351C0023 for ; Wed, 9 Jul 2025 14:30:07 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=QBbA0oMW; spf=pass (imf18.hostedemail.com: domain of surenb@google.com designates 209.85.160.173 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752071407; a=rsa-sha256; cv=none; b=ZoAkg4dRD47Ru+cGaxbaH56vYMZiZqjiGz9R3TLQwzBchwX6WmSaB+mDTwgHMPmWEQSYp5 rYB2kzXeStnJHE/0gEzpOFYxp51NsZhcGnBttiZPrbxrwIZx7eLXzl8gtP685EhecFHDuv SejvnLpfmtncPs2dxkjM0CHs8zEF7lw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752071407; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EsN2p04xZdCA9/Flow0v+8yCuT0IgoS2UP74R5FJw50=; b=JwRHdZvjaB1ehONMi33dlmjsliO4ekAfRhGlsaOEQ13mKpyVFacTd89TVzfpLpsgGeLhfl KQL8aUHAgQnmPsz/JWUJy8+sGA2O+evdYonLwaDl5T0A2E0aFiK8FUelJV2SjrAJ3vLyzl +UWRPofMqicZ2sTGCob+Uii/n/Sp+fk= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=QBbA0oMW; spf=pass (imf18.hostedemail.com: domain of surenb@google.com designates 209.85.160.173 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-4a7fc24ed5cso306101cf.1 for ; Wed, 09 Jul 2025 07:30:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752071407; x=1752676207; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=EsN2p04xZdCA9/Flow0v+8yCuT0IgoS2UP74R5FJw50=; b=QBbA0oMW9ZEhgXwtoqpaoGN0ShUVgQDZ69GSmLA6+xlDIngW9/WyA4oPyK2PpOmeFn tGXJBH7NoJA3yQVSF0brCrcDwRxEyJHKGoeJCdOmCX1j3zp03qrIyrkBohCn5SATF3FC rkzv7kO6ODTDDWBxfpR+YgjUywk8v8/TvSRzyVRI23UUs4TbIny3qLjKYVzljkOzPoQD v0CTLoRnakyYr1vrPWkEmw/c1hzVky9lwpd/zWJbh0NB0he2Y0YY+jVd/N3Q62zwL2vh IYw8Vsz4BwHyDDQOLLDiFlf2WSaZqDNT2p0x5zg2xukGFUWD+Nr+xMFWHz48otMdrWmC jPzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752071407; x=1752676207; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EsN2p04xZdCA9/Flow0v+8yCuT0IgoS2UP74R5FJw50=; b=thN34UnMixK4aN7pM60dWc68AezDps7SwBI2eOIQlA9p1XSqDkmIBzhpPIyQ9lRv4e O31lYKKZH8wEXEVIMwIXDLb7dcG9rq5mH4kACP2mrsgTmm2vWCjGCUegm18xwxHEJJN+ 3hyzxEOSlXuqMizsKz6ODaBQ+2tYlHseCe9n04R3rgYtUm7LmpuqXmQbKKPeSYhUa5Cn 9ojCvjrivE0dOGXoZ4JlTocpG6viTf7/APfFbHClK561Z2oRtL5GUNasjyYpQfgT/13N 4tZM/ysQ15vqwuyM5nQ2ODr9YSRm650J8zLNeLTOmvh7BGrHbTi5w7nQCW1iOScPucWM if5A== X-Forwarded-Encrypted: i=1; AJvYcCU/F2J9npqmLecgJlpizvFlYWd96ozk8kuZz7dl9O5uCdyoYcwtW2F5fMpHSF0BySl1+FH2oshypA==@kvack.org X-Gm-Message-State: AOJu0Yz0Vhvg/Q9XmvC/j5T2ynRhrk7ZajPq3zFGKAX3W8E+aAa1u4AL Z/uh+CZcXDjfobilCalW5+QBpzvtvzAfIwb5g1THW+/d/5ojw4254Q9igjTgFpr0yeHErp7x7Pw AfnxthteKtKH0bFR9fDX4M2Jmp21Wv0VjhYgMI9g4 X-Gm-Gg: ASbGnctNR1g1EuXFnDOU8KXNTCAGzRtBIaSjw9y5mCg3PHj+Kkd1FoxzFEeSZMn80aa Fq9mfSt/icwKDYlnxqmQ0lcIfTh6DVtuszqSTa7cT7XWfM8ReaL7lLZva6yvQmf7CDTYoRdxG88 ZIL5F6W3W3tiX6B/RQ/edVOn+CwBH8PH4cOIUG4LRQiwpBKNRcws1FceM0YqjT9m+ptpqk22En1 Q== X-Google-Smtp-Source: AGHT+IE0EP513U77FBBexFDPPbUpG+ODi1BvVoUwbY55dt+VaLPanHMoERER6Fj//NhcsOORwkZOF4XnQV0brwt/rPM= X-Received: by 2002:a05:622a:a7cd:b0:494:4aa0:ad5b with SMTP id d75a77b69052e-4a9dccbf056mr3528091cf.2.1752071406495; Wed, 09 Jul 2025 07:30:06 -0700 (PDT) MIME-Version: 1.0 References: <686d5adb.050a0220.1ffab7.0019.GAE@google.com> <54d2b3a2-9314-413b-993f-19e369910fd8@suse.cz> In-Reply-To: <54d2b3a2-9314-413b-993f-19e369910fd8@suse.cz> From: Suren Baghdasaryan Date: Wed, 9 Jul 2025 07:29:53 -0700 X-Gm-Features: Ac12FXyMdbuUz2QgXg2UV0MB5oPekps69T0zs05LeG-iDLiUTsXFReTy7ELCPzI Message-ID: Subject: Re: [syzbot] [mm?] WARNING: lock held when returning to user space in lock_next_vma To: Vlastimil Babka Cc: syzbot , Liam.Howlett@oracle.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, shakeel.butt@linux.dev, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: D97351C0023 X-Stat-Signature: txoa984o7kq8jymnrjqkii4m6e8bgg3f X-HE-Tag: 1752071407-331965 X-HE-Meta: U2FsdGVkX1/UCK28wS5e9aWHuAf8u95/mQ7zkWWrnLwVaqe2e3Ud39sl96HqD+iILnQ6kW7UmlX5+aLyxOy9ALLMR9fu1Yq5FJdAqjARC0KT4a7vNWf7coLbFKU2nE+E4hYYOfsa77znQ1FG0qHA9yPHs+P9e0C/omO6eXZt0BfnykB92a7oTdRLRV+VoxuDIgUw+5Q+msi7hefbCmSZsZs/jI68GPQvspZuG044mDSNKreoKuCZvbCLsk/d3KGMT/3GzXp/73vDIkKBvlUHq/T0kIpU4EWL69XT+4Txr4fqBIxJHaG/hgOm5UnRLgpei+/D/fySQiex5GRyfrbhGqOcaJgm1JI4esXjZAr2RVAI4CLZgBDuRA5BMf4ZfO2QJbYvfVsDVU26hJ0BVLK0UCuPjm8YY/5NAxCrrvWNMgNcuS69Xaf5XC9y9fjbdQ1kDbx41GY74z0886FT0EqnW7EOYd+bKr5K9MceIGJRR+uwLB+7tD66K5vtQ6LKgT/S9zDvz3ghtmocH1XetkPbmkAzJwdP1XtmHd81/h++zOOLiIKQYQlbP7bWzWhP2Ej6uR/yadto9o8nWR0lK6mLNnms+LEdNgLlg1ocgJjMEbt+v6lVv/DA0EaNSYo1ZCQH6w2ebvqB96Pud35QiU+Mzz3Pckb4YUL+1nZuYQ46xWHzeNv3OztyjU3DcrMj2s9MXNKDeOUItpUsOFnoB0x74CXHArmNX70F5fuWtseuq36wwsyFIu3woqCF0qDGox5tK4ju+H/6O+X/mfXQG2bfqCdygUYscNa9TcqFoTWGAgYWz3myETHc/rGHMdnBm04yfpoSJvU6IwUqCDc0jUg6WotJNGtU0jhM5vAlixXHA4aQpY1kHsaJ8dcBkmmchMoZCJoxWoHRJKZH72AzCBezepKq6PwNvHI/fVnJVFSE7x64mojs2FgpQOXNuiNW6wsdPSG9vAI7Ai6y2hIpdTZ ieMaNGZD mh1jPoI+MmC3UfNVSNbDEI+fV7E+xA8FmxjEsZD9C/TKVfwFyI41GoZYzWB88kKZnnFa0IYx2TOWWxX1FMEDCxnEKT4bqJ/TXSb6hViSxVQgJdm0caeUjaVZX3EUYOGraIb4SOUw2QFxdnICSe0fi9ApzxFTB7OH3vjNHI0vhM+PPkjxQFyUqfRIDgwGrv9Tyxo8JM6n66pD9Uls4c/w1j3eVVGfEIKBZzedzlR0mgTjJdGVDpmeOSTCnB0BrnntXiv4jBAfIVtJ7e7yPkZ490KPz37lzCSt+qVnyF/azyFMyszJzR6zMmOxNlmhBrX13C2nPrATW3yb+KhEBaifHkNy+hP5ytvVhVYVdLx4SeZAmAvHrA8neqzwaGAS7sevkxJXIqqudrj9Nyu8FfEbOjJT+fqQEGHlUWuS8MzbWcUsTzDU6EmtCKkT/HwKfcYiXZ1wVsp0dsAHCNho4V0mrAbRoDbfu8nLz1dGUpOSLxd0xoJD+tdd4erKZXDCJB65R7d7zeCCqmnzVRXRkx+pzrKlils5Bjr2CwtBRXiajy+sdCWgL+u0sJ0uEmyxlOehLGyn3F09jAUY5o7AXt+AHJSnxUyTwZSEtPVM3KY7mqfiXEccooqjn9SeD7bbEnOpQ8cLvTIoFNPhTZLfuq+Xj5wj87+BtjlBokTXnnos8MHhxc27Shyvfi9fW7z/6yVDfsd6rPBerNzzvRVEgsgbdtjnT2mkGIq0ImKcORSnfRyA8OiRzrPlUfLBCZVd07MNdtf34qSgCkZdtJD1VF+/8fKP4dSsFNYnWKM/HYXMviHz+0APFc4fvb2h/JT8H/C+hbQZctPxfF0l87h/JjKY1qGfSDqLS9suDMCgc/NLo2utO4/E4OM5mcmTMiA6hFOi+g5ck X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jul 9, 2025 at 3:26=E2=80=AFAM Vlastimil Babka wro= te: > > On 7/9/25 00:19, Suren Baghdasaryan wrote: > > On Tue, Jul 8, 2025 at 10:52=E2=80=AFAM syzbot > > wrote: > >> > >> Hello, > >> > >> syzbot found the following issue on: > >> > >> HEAD commit: 26ffb3d6f02c Add linux-next specific files for 2025070= 4 > >> git tree: linux-next > >> console output: https://syzkaller.appspot.com/x/log.txt?x=3D1719df7058= 0000 > >> kernel config: https://syzkaller.appspot.com/x/.config?x=3D1e4f88512a= e53408 > >> dashboard link: https://syzkaller.appspot.com/bug?extid=3D80011ad33eec= 39e6ce42 > >> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f= 6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 > >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D1124abd4= 580000 > >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D1099df7058= 0000 > >> > >> Downloadable assets: > >> disk image: https://storage.googleapis.com/syzbot-assets/fd5569903143/= disk-26ffb3d6.raw.xz > >> vmlinux: https://storage.googleapis.com/syzbot-assets/1b0c9505c543/vml= inux-26ffb3d6.xz > >> kernel image: https://storage.googleapis.com/syzbot-assets/9d864c72bed= 1/bzImage-26ffb3d6.xz > >> > >> IMPORTANT: if you fix the issue, please add the following tag to the c= ommit: > >> Reported-by: syzbot+80011ad33eec39e6ce42@syzkaller.appspotmail.com > >> > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> WARNING: lock held when returning to user space! > >> 6.16.0-rc4-next-20250704-syzkaller #0 Not tainted > >> ------------------------------------------------ > >> syz.0.22/6068 is leaving the kernel with locks still held! > >> 1 lock held by syz.0.22/6068: > >> #0: ffff8880792a3588 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0= xdc0 mm/mmap_lock.c:220 > > > > Hmm. I must be missing an unlock_vma() somewhere but I don't see it > > yet. Will try the reproducer. > > I don't see it either. I don't also see v6 being substantially different. > Hopefully this (and the other report) was some consequence of the kmalloc= () > under rcu that v5 had. Maybe it can lead to sleep and when it wake ups it > doesn't restore the rcu lock section? I'm not sure. The report says that vm_lock is being held, so that does not look like an rcu-related issue. I'll try the reproducer with v6 to see if something fails. > > The unhandled vma_start_read_locked() return value I pointed out could pl= ay > a role too (in the other report) but I guess only if syzbot would be able= to > saturate the refcount (I doubt?). Yes, I should handle that by falling back to mmap_lock, however I agree this would be highly unlikely.