| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [mm?] WARNING: lock held when returning to user space in __pte_offset_map | 0 (1) | 2026/04/25 09:32 |
syzbot |
sign-in | mailing list | source | docs | 🏰 |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [mm?] WARNING: lock held when returning to user space in __pte_offset_map | 0 (1) | 2026/04/25 09:32 |
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
udevd/4966 is leaving the kernel with locks still held!
1 lock held by udevd/4966:
#0: ffffffff8dfc8140 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfc8140 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8dfc8140 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 mm/pgtable-generic.c:290
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xcac/0xf40 kernel/rcu/tree_plugin.h:332, CPU#1: udevd/4966
Modules linked in:
CPU: 1 UID: 0 PID: 4966 Comm: udevd Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:rcu_note_context_switch+0xcac/0xf40 kernel/rcu/tree_plugin.h:332
Code: 00 41 c6 45 00 00 48 8b 3d c1 52 de 0d 48 81 c4 b8 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 bb 5f ff ff 48 8d 3d 84 13 e2 0d <67> 48 0f b9 3a e9 1b f4 ff ff 90 0f 0b 90 45 84 e4 0f 84 ea f3 ff
RSP: 0000:ffffc90003b07b90 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff8880381b5c40 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff8ba74c40 RDI: ffffffff8f8c4110
RBP: dffffc0000000000 R08: ffffffff8f88d2f7 R09: 1ffffffff1f11a5e
R10: dffffc0000000000 R11: fffffbfff1f11a5f R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880b893c800 R15: ffff8880381b6104
FS: 00007f175e59e880(0000) GS:ffff88812627c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055db9d6aca58 CR3: 0000000038f02000 CR4: 00000000003526f0
Call Trace:
<TASK>
__schedule+0x291/0x54c0 kernel/sched/core.c:7043
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7282
__exit_to_user_mode_loop kernel/entry/common.c:54 [inline]
exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:252 [inline]
irqentry_exit_to_user_mode include/linux/irq-entry-common.h:323 [inline]
irqentry_exit+0x263/0x730 kernel/entry/common.c:162
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0033:0x7f175e69dc3b
Code: 83 c5 6e 4c 39 fa 0f 85 1c f6 ff ff e9 f6 f9 ff ff 66 0f 1f 44 00 00 48 8d 3d 42 95 0f 00 e8 5c c6 ff ff 48 8d 05 85 8e 13 00 <4b> 83 4c 35 08 01 48 39 c5 0f 84 49 ff ff ff 49 83 4d 08 04 e9 3f
RSP: 002b:00007ffd6c468110 EFLAGS: 00010293
RAX: 00007f175e7d6ac0 RBX: 0000000000000020 RCX: 0000000000000010
RDX: 000055db9d6b51d0 RSI: 00007f175e7d6b40 RDI: 000055db9d6aca20
RBP: 00007f175e7d6ac0 R08: 00007f175e7d6ac0 R09: 0000000000000020
R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000000011
R13: 000055db9d6aca20 R14: 0000000000000030 R15: 00007f175e7d6b20
</TASK>
----------------
Code disassembly (best guess):
0: 00 41 c6 add %al,-0x3a(%rcx)
3: 45 00 00 add %r8b,(%r8)
6: 48 8b 3d c1 52 de 0d mov 0xdde52c1(%rip),%rdi # 0xdde52ce
d: 48 81 c4 b8 00 00 00 add $0xb8,%rsp
14: 5b pop %rbx
15: 41 5c pop %r12
17: 41 5d pop %r13
19: 41 5e pop %r14
1b: 41 5f pop %r15
1d: 5d pop %rbp
1e: e9 bb 5f ff ff jmp 0xffff5fde
23: 48 8d 3d 84 13 e2 0d lea 0xde21384(%rip),%rdi # 0xde213ae
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: e9 1b f4 ff ff jmp 0xfffff44f
34: 90 nop
35: 0f 0b ud2
37: 90 nop
38: 45 84 e4 test %r12b,%r12b
3b: 0f .byte 0xf
3c: 84 ea test %ch,%dl
3e: f3 repz
3f: ff .byte 0xff
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/04/29 14:37 | upstream | dca922e019dd | 7ca9e4d8 | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/24 16:46 | upstream | dd6c438c3e64 | 1c2b9291 | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/29 05:07 | upstream | dca922e019dd | 95008c03 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | WARNING: lock held when returning to user space in __pte_offset_map | ||
| 2026/04/21 09:54 | upstream | b4e07588e743 | 3f2e655b | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | WARNING: lock held when returning to user space in __pte_offset_map | ||
| 2026/04/27 13:04 | upstream | 254f49634ee1 | 0f700595 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | WARNING: lock held when returning to user space in __pte_offset_map | ||
| 2026/04/26 16:18 | upstream | 897d54018cc9 | 9c2d0995 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | WARNING: lock held when returning to user space in __pte_offset_map | ||
| 2026/04/24 00:51 | upstream | 2e6803928193 | 629ff21a | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | WARNING: lock held when returning to user space in __pte_offset_map | ||
| 2026/05/03 12:22 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 25bd55f46032 | a0d91488 | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/05/01 19:02 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 25bd55f46032 | 753c55b9 | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/27 10:00 | linux-next | 7080e32d3f09 | 0f700595 | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/23 01:47 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 6596a02b2078 | b10da5ec | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/21 23:33 | linux-next | bee6ea30c487 | 0b6ab7ec | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | WARNING: lock held when returning to user space in __pte_offset_map | |||
| 2026/04/21 09:28 | linux-next | 97e797263a5e | 3f2e655b | .config | console log | report | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | WARNING: lock held when returning to user space in __pte_offset_map |