Re: [syzbot] [mm?] possible deadlock in mfill_get_vma

Next message: Mark Brown: "Re: [GIT PULL] sound fixes for 7.0-rc4"
Previous message: Bryan O'Donoghue: "[PATCH v2 10/11] arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB sensor on CSIPHY4"
In reply to: syzbot: "Re: [syzbot] [mm?] possible deadlock in mfill_get_vma"
Next in thread: syzbot: "Re: [syzbot] [mm?] possible deadlock in mfill_get_vma"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hillf Danton

Date: Sun Mar 15 2026 - 21:19:53 EST

> Date: Sun, 15 Mar 2026 11:37:28 -0700 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: b84a0ebe421c Add linux-next specific files for 20260313
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=131ab8da580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=e7280ad1f68b2dce
> dashboard link: https://syzkaller.appspot.com/bug?extid=c473aa669b5e8a6f48d2
> compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=126c98ba580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1644a2d6580000

#syz test

--- x/mm/userfaultfd.c
+++ y/mm/userfaultfd.c
@@ -217,6 +217,7 @@ static int mfill_get_vma(struct mfill_st
dst_vma = uffd_mfill_lock(ctx->mm, state->dst_start, state->len);
if (IS_ERR(dst_vma))
return PTR_ERR(dst_vma);
+ state->vma = dst_vma;

/*
* If memory mappings are changing because of non-cooperative
--