[moderation] [kernel?] WARNING: lock held when returning to user space in rcu_lock_acquire (2)
0 views
Skip to first unread message
syzbot
9:04 PM (1 hour ago) 9:04 PM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5cbb61bf4168 arm64/fpsimd: ptrace: zero target's fpsimd_st..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=13ec2d06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=edb87a9bd35c08882ae1
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [linux-...@vger.kernel.org lu...@kernel.org pet...@infradead.org tg...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/04156ec16593/disk-5cbb61bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bfa041e2c79/vmlinux-5cbb61bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a92d82d8a79e/Image-5cbb61bf.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edb87a...@syzkaller.appspotmail.com
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
dhcpcd-run-hook/4651 is leaving the kernel with locks still held!
1 lock held by dhcpcd-run-hook/4651:
#0: ffff800088ac66e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:299
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332, CPU#0: dhcpcd-run-hook/4651
Modules linked in:
CPU: 0 UID: 0 PID: 4651 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 634000c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332
lr : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332
sp : ffff8000959f7b20
x29: ffff8000959f7ba0 x28: dfff800000000000 x27: dfff800000000000
x26: 0000000000000000 x25: 1ffff0001111bd74 x24: 0000000000000000
x23: ffff700012b3ef98 x22: ffff800125887000 x21: ffff0001ae11c3c0
x20: ffff0000dddc2184 x19: ffff0000dddc1d00 x18: 0000000000000000
x17: ffff800125887000 x16: ffff80008e8d0000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
x11: 00000000000004f7 x10: 0000000000ff0100 x9 : a9d4b3ead1abcb00
x8 : a9d4b3ead1abcb00 x7 : 7865746e6f632079 x6 : ffff8000804886d0
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f13b0
x2 : 0000000000000001 x1 : ffff0000dddc1d00 x0 : 0000000000000000
Call trace:
rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332 (P)
__schedule+0x314/0x2d24 kernel/sched/core.c:7043
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0xa4/0x140 kernel/sched/core.c:7282
__exit_to_user_mode_loop kernel/entry/common.c:54 [inline]
exit_to_user_mode_loop+0x60/0x17c kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:224 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:86 [inline]
el0_interrupt+0x190/0x2ac arch/arm64/kernel/entry-common.c:818
__el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:823
el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:828
el0t_64_irq+0x198/0x19c arch/arm64/kernel/entry.S:595
irq event stamp: 144
hardirqs last enabled at (143): [<ffff800080bc28a4>] memcg1_commit_charge+0xc0/0x12c mm/memcontrol-v1.c:603
hardirqs last disabled at (144): [<ffff800086720fd4>] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:85 [inline]
hardirqs last disabled at (144): [<ffff800086720fd4>] el0_da+0x78/0x23c arch/arm64/kernel/entry-common.c:540
softirqs last enabled at (24): [<ffff800080139e6c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (22): [<ffff800080139e38>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:323
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4651, name: dhcpcd-run-hook
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 0 UID: 0 PID: 4651 Comm: dhcpcd-run-hook Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
__dump_stack+0x30/0x40 lib/dump_stack.c:94
dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
__might_resched+0x350/0x4ac kernel/sched/core.c:9162
__might_sleep+0x84/0xdc kernel/sched/core.c:9091
might_alloc include/linux/sched/mm.h:323 [inline]
prepare_alloc_pages+0x178/0x4b0 mm/page_alloc.c:4995
__alloc_frozen_pages_noprof+0x134/0x31c mm/page_alloc.c:5215
alloc_pages_mpol+0x1ec/0x464 mm/mempolicy.c:2490
folio_alloc_mpol_noprof+0x4c/0x248 mm/mempolicy.c:2509
vma_alloc_folio_noprof+0xfc/0x1d8 mm/mempolicy.c:2544
folio_prealloc+0x5c/0x1b0 mm/memory.c:1193
wp_page_copy mm/memory.c:3859 [inline]
do_wp_page+0xf9c/0x3fe8 mm/memory.c:4320
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6549 [inline]
handle_mm_fault+0x10d0/0x2450 mm/memory.c:6718
do_page_fault+0x768/0xb64 arch/arm64/mm/fault.c:704
do_mem_abort+0x70/0x190 arch/arm64/mm/fault.c:980
el0_da+0x68/0x23c arch/arm64/kernel/entry-common.c:539
el0t_64_sync_handler+0x10c/0x148 arch/arm64/kernel/entry-common.c:745
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5cbb61bf4168 arm64/fpsimd: ptrace: zero target's fpsimd_st..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=13ec2d06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=edb87a9bd35c08882ae1
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [linux-...@vger.kernel.org lu...@kernel.org pet...@infradead.org tg...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/04156ec16593/disk-5cbb61bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bfa041e2c79/vmlinux-5cbb61bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a92d82d8a79e/Image-5cbb61bf.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edb87a...@syzkaller.appspotmail.com
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
dhcpcd-run-hook/4651 is leaving the kernel with locks still held!
1 lock held by dhcpcd-run-hook/4651:
#0: ffff800088ac66e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:299
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332, CPU#0: dhcpcd-run-hook/4651
Modules linked in:
CPU: 0 UID: 0 PID: 4651 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 634000c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332
lr : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332
sp : ffff8000959f7b20
x29: ffff8000959f7ba0 x28: dfff800000000000 x27: dfff800000000000
x26: 0000000000000000 x25: 1ffff0001111bd74 x24: 0000000000000000
x23: ffff700012b3ef98 x22: ffff800125887000 x21: ffff0001ae11c3c0
x20: ffff0000dddc2184 x19: ffff0000dddc1d00 x18: 0000000000000000
x17: ffff800125887000 x16: ffff80008e8d0000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
x11: 00000000000004f7 x10: 0000000000ff0100 x9 : a9d4b3ead1abcb00
x8 : a9d4b3ead1abcb00 x7 : 7865746e6f632079 x6 : ffff8000804886d0
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f13b0
x2 : 0000000000000001 x1 : ffff0000dddc1d00 x0 : 0000000000000000
Call trace:
rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332 (P)
__schedule+0x314/0x2d24 kernel/sched/core.c:7043
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0xa4/0x140 kernel/sched/core.c:7282
__exit_to_user_mode_loop kernel/entry/common.c:54 [inline]
exit_to_user_mode_loop+0x60/0x17c kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:224 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:86 [inline]
el0_interrupt+0x190/0x2ac arch/arm64/kernel/entry-common.c:818
__el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:823
el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:828
el0t_64_irq+0x198/0x19c arch/arm64/kernel/entry.S:595
irq event stamp: 144
hardirqs last enabled at (143): [<ffff800080bc28a4>] memcg1_commit_charge+0xc0/0x12c mm/memcontrol-v1.c:603
hardirqs last disabled at (144): [<ffff800086720fd4>] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:85 [inline]
hardirqs last disabled at (144): [<ffff800086720fd4>] el0_da+0x78/0x23c arch/arm64/kernel/entry-common.c:540
softirqs last enabled at (24): [<ffff800080139e6c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (22): [<ffff800080139e38>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:323
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4651, name: dhcpcd-run-hook
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 0 UID: 0 PID: 4651 Comm: dhcpcd-run-hook Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
__dump_stack+0x30/0x40 lib/dump_stack.c:94
dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
__might_resched+0x350/0x4ac kernel/sched/core.c:9162
__might_sleep+0x84/0xdc kernel/sched/core.c:9091
might_alloc include/linux/sched/mm.h:323 [inline]
prepare_alloc_pages+0x178/0x4b0 mm/page_alloc.c:4995
__alloc_frozen_pages_noprof+0x134/0x31c mm/page_alloc.c:5215
alloc_pages_mpol+0x1ec/0x464 mm/mempolicy.c:2490
folio_alloc_mpol_noprof+0x4c/0x248 mm/mempolicy.c:2509
vma_alloc_folio_noprof+0xfc/0x1d8 mm/mempolicy.c:2544
folio_prealloc+0x5c/0x1b0 mm/memory.c:1193
wp_page_copy mm/memory.c:3859 [inline]
do_wp_page+0xf9c/0x3fe8 mm/memory.c:4320
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6549 [inline]
handle_mm_fault+0x10d0/0x2450 mm/memory.c:6718
do_page_fault+0x768/0xb64 arch/arm64/mm/fault.c:704
do_mem_abort+0x70/0x190 arch/arm64/mm/fault.c:980
el0_da+0x68/0x23c arch/arm64/kernel/entry-common.c:539
el0t_64_sync_handler+0x10c/0x148 arch/arm64/kernel/entry-common.c:745
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages