syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1341]
Subsystems
🐞 Fixed [7118]
🐞 Invalid [18803]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING: lock held when returning to user space in lock_vma_under_rcu

Status: moderation: reported on 2026/03/18 12:51
Subsystems: mm
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+a9cd727808f8f83b24f9@syzkaller.appspotmail.com
Fix commit: userfaultfd: fix lock leak in mfill_get_vma()
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 73d, last: 73d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
f26cd8fe-b03a-4c14-af69-64a245c83b99 assessment-security DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ WARNING: lock held when returning to user space in lock_vma_under_rcu 2026/05/16 20:56 2026/05/16 20:56 2026/05/16 21:33 de5aae85e5f28e2fa1c7deefcc24fe286abe5140
Discussions (1)
Title Replies (including bot) Last reply
[PATCH] userfaultfd: fix lock leak in mfill_get_vma() 1 (1) 2026/03/16 17:38

Sample crash report:
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Tainted: G             L     
------------------------------------------------
syz.4.5868/25813 is leaving the kernel with locks still held!
2 locks held by syz.4.5868/25813:
 #0: ffff88806504b308 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 mm/mmap_lock.c:310
 #1: ffff88807c9501f0 (&ctx->map_changing_lock){++++}-{4:4}, at: mfill_get_vma+0x162/0x660 mm/userfaultfd.c:226

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/14 12:47 linux-next b84a0ebe421c ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING: lock held when returning to user space in lock_vma_under_rcu
* Struck through repros no longer work on HEAD.