[v6.6] WARNING: lock held when returning to user space in loop_set_block_size
2 views
Skip to first unread message
syzbot
Aug 28, 2025, 6:58:31 PM (7 days ago) Aug 28
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: cc1a1c5b404a Linux 6.6.103
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16a3bef0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=412020841cf033b0
dashboard link: https://syzkaller.appspot.com/bug?extid=53ce52a8070d96c8f320
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c06862a545/disk-cc1a1c5b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38ddabb6fc8b/vmlinux-cc1a1c5b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b130b7d031b5/bzImage-cc1a1c5b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+53ce52...@syzkaller.appspotmail.com
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
syz.2.159/6258 is leaving the kernel with locks still held!
1 lock held by syz.2.159/6258:
#0: ffff8880216bfb60 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_block_size+0x7c/0x480 drivers/block/loop.c:1490
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: cc1a1c5b404a Linux 6.6.103
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16a3bef0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=412020841cf033b0
dashboard link: https://syzkaller.appspot.com/bug?extid=53ce52a8070d96c8f320
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c06862a545/disk-cc1a1c5b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38ddabb6fc8b/vmlinux-cc1a1c5b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b130b7d031b5/bzImage-cc1a1c5b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+53ce52...@syzkaller.appspotmail.com
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
syz.2.159/6258 is leaving the kernel with locks still held!
1 lock held by syz.2.159/6258:
#0: ffff8880216bfb60 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_block_size+0x7c/0x480 drivers/block/loop.c:1490
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 30, 2025, 2:36:35 PM (5 days ago) Aug 30
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: cc1a1c5b404a Linux 6.6.103
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=109d81f0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104d8e34580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c06862a545/disk-cc1a1c5b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38ddabb6fc8b/vmlinux-cc1a1c5b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b130b7d031b5/bzImage-cc1a1c5b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/441ee0ab0c2b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+53ce52...@syzkaller.appspotmail.com
syz.0.17[5945]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
loop0: detected capacity change from 0 to 2048
loop0: p1 < > p3
loop0: p3 size 134217728 extends beyond EOD, truncated
1 lock held by syz.0.17/5945:
#0: ffff888140b49b60 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_block_size+0x7c/0x480 drivers/block/loop.c:1490
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: cc1a1c5b404a Linux 6.6.103
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=412020841cf033b0
dashboard link: https://syzkaller.appspot.com/bug?extid=53ce52a8070d96c8f320
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=142b2a62580000
dashboard link: https://syzkaller.appspot.com/bug?extid=53ce52a8070d96c8f320
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104d8e34580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c06862a545/disk-cc1a1c5b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38ddabb6fc8b/vmlinux-cc1a1c5b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b130b7d031b5/bzImage-cc1a1c5b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+53ce52...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 2048
loop0: p1 < > p3
loop0: p3 size 134217728 extends beyond EOD, truncated
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
syz.0.17/5945 is leaving the kernel with locks still held!
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
1 lock held by syz.0.17/5945:
#0: ffff888140b49b60 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_block_size+0x7c/0x480 drivers/block/loop.c:1490
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages