Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp1423873lqt; Wed, 20 Mar 2024 03:46:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWqN7yTRPA8Pi2b9CyplXhkt7bgJTIuOz7kKPi+6C3cEzKmeyg4v5XgEeiOn0zrt2pb+Io28MxRD15o+ZuVG87C7wRSLd+8+f2JlNMr0w== X-Google-Smtp-Source: AGHT+IEPTwThTyudTPxFXSwJsQYqs7UO5ev8HgIexPjV0lWmloDbAOgYRk8IH1UbpTOZypLJx4lg X-Received: by 2002:a05:6402:500e:b0:566:4dc1:522c with SMTP id p14-20020a056402500e00b005664dc1522cmr4167140eda.15.1710931585982; Wed, 20 Mar 2024 03:46:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710931585; cv=pass; d=google.com; s=arc-20160816; b=080XkvzRt8KItAQ2ltgHQiiewptVgUD4VPwDe93rvGtJZcFiqWQH3bBhb1RWo8v9GT mpwtkWGe0Nzw/usJ3pQ4ydHklXmtZiu/9Zp0Zje/8qm1CvSONXf1L/oFJwy7nsGWmr4Z 9eyTl3fjpneDUw1T6GZ/bADXo+B7PL+7qjrmO72qMHVewONkxQWWv7/+7RHnyeN83Vh5 QaaJk3vE+hppjZ0k496hnQX747jTy1dzthFoPzq+oHASl+xJR1efefp+6sDL1Xtb04ro fkjxtxckN6AQnEhMa5Yd/42JR4LHUI4kSOcLg3RW4WUNX+/OGSYioTq9e63UAnvNrHbV fAYw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=4+c4Duv2cIg2RdcUh8bl/m8nPVa9Bgn7HY5sd3k2mN8=; fh=4hQ3cer/9Crk8YcUDtJj4OXOwDhttCvt0f0yBiUMzi8=; b=W/K/NOwWV3P/pofPWzoOLLmtkVhjnBi1V1Np9kwzY9dNaflWkNjAAPc+ALD0qVyUwq 0oLj1l140hs7DPWR9UZb85bGRS7RITz7JIOe0f+f+GzClDylbhevnupt53ElarEgyTjl 8fKSgltj5yHe04Y28Lg+b+8bWtQjsY2GCuqkcapALgcA1dz34OAUalok/BSWh+fckZ1V yGSC2jdok+EW9E4PZwu2cHVObyso7OeeZ0O2Cmr6snaxbzoegccuGDZP9N9/wpC+CA80 ibpH16XdJgzMtac/8NOrHA9qlAxKmarOXIMqqUPgPU2lfUSTFHYIZjyaKMQSEAApDI6D RvZQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-108803-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-108803-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id n19-20020aa7c453000000b0056a2b0e731bsi2899088edr.369.2024.03.20.03.46.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 03:46:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-108803-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-108803-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-108803-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B2AB31F23B67 for ; Wed, 20 Mar 2024 10:46:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C5A9E38F96; Wed, 20 Mar 2024 10:46:18 +0000 (UTC) Received: from mail114-241.sinamail.sina.com.cn (mail114-241.sinamail.sina.com.cn [218.30.114.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A766A1DDD6 for ; Wed, 20 Mar 2024 10:46:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.114.241 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710931578; cv=none; b=NjoTjshnLjgVNUzkn1y2RkATvIrAhmEGzqMKo4ueiJ+h1LAHJ/2v+0Nkx/QvC7TQ9V2mwnyRZ0+AGoy43gf3nZhVy/3t2MvcxcnrNtfHtjckaC2YDrn78PQR9YUo+gwq8FHh4CvIq7rgIzelm9IF9ui5bspgMqKorhu8nqGd6pg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710931578; c=relaxed/simple; bh=XFP69njHEvwpCrVuHfK2Gpp2Du/R2uLGkLuOeWklu0k=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=T61TvYG2ZONl9gdmWvTu3scxkNhv4IpNR1QIHhSKDwd+oKPw6SaQcBMiTiTjoPO+OIdlw9kJHQMV78GzU5NAc5bZzcj3XkREmu9GcL0pMo1GOTJ5TcVVoZ1kf8AFiqywPNoHT9Ww8sDreh6kHFuQTIGcXJYc+OQ0yCpDG6Iipvs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=218.30.114.241 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.24.11.154]) by sina.com (172.16.235.24) with ESMTP id 65FABE6700001FFC; Wed, 20 Mar 2024 18:46:02 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 57787345089132 X-SMAIL-UIID: 6106B5FB6AB142D794C797D03C17790D-20240320-184602-1 From: Hillf Danton To: syzbot Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] possible deadlock in move_pages Date: Wed, 20 Mar 2024 18:45:54 +0800 Message-Id: <20240320104554.2181-1-hdanton@sina.com> In-Reply-To: <000000000000e97f090614006d76@google.com> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Tue, 19 Mar 2024 02:52:16 -0700 > syzbot found the following issue on: > > HEAD commit: e5eb28f6d1af Merge tag 'mm-nonmm-stable-2024-03-14-09-36' .. > git tree: upstream > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=173b7ac9180000 #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e5eb28f6d1af --- x/mm/userfaultfd.c +++ y/mm/userfaultfd.c @@ -1442,9 +1442,9 @@ static int uffd_move_lock(struct mm_stru * See comment in lock_vma() as to why not using * vma_start_read() here. */ - down_read(&(*dst_vmap)->vm_lock->lock); + down_read_nested(&(*dst_vmap)->vm_lock->lock, 1); if (*dst_vmap != *src_vmap) - down_read(&(*src_vmap)->vm_lock->lock); + down_read_nested(&(*src_vmap)->vm_lock->lock, 2); } mmap_read_unlock(mm); return err; --