On 7/10/25 19:02, Suren Baghdasaryan wrote: > On Thu, Jul 10, 2025 at 12:03 AM Suren Baghdasaryan <sur...@google.com> wrote: >> >> >> I have the patchset ready but would like to test it some more. Will >> post it tomorrow. > > Ok, I found a couple of issues using the syzbot reproducer [1] (which > is awesome BTW!): > 1. rwsem_acquire_read() inside vma_start_read() at [2] should be moved > after the last check, otherwise the lock is considered taken on > vma->vm_refcnt overflow; > 2. query_matching_vma() is missing unlock_vma() call when it does > "goto next_vma;" and re-issues query_vma_find_by_addr(). The previous > vma is left locked;
How does that happen? query_vma_find_by_addr() does get_next_vma() which does unlock_vma()?
