Re: [syzbot] [io-uring?] WARNING in __vmap_pages_range_noflush
From: syzbot
Date: Fri Aug 08 2025 - 08:34:21 EST
> On 8/8/25 2:17 AM, syzbot wrote:
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: 6e64f4580381 Merge tag 'input-for-v6.17-rc0' of git://git...
>> git tree: upstream
>> console+strace: https://syzkaller.appspot.com/x/log.txt?x=166ceea2580000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=5549e3e577d8650d
>> dashboard link: https://syzkaller.appspot.com/bug?extid=23727438116feb13df15
>> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10202ea2580000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140a9042580000
>
> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git>
want either no args or 2 args (repo, branch), got 5
>
> diff --git a/io_uring/memmap.c b/io_uring/memmap.c
> index 725dc0bec24c..2e99dffddfc5 100644
> --- a/io_uring/memmap.c
> +++ b/io_uring/memmap.c
> @@ -156,7 +156,7 @@ static int io_region_allocate_pages(struct io_ring_ctx *ctx,
> unsigned long mmap_offset)
> {
> gfp_t gfp = GFP_KERNEL_ACCOUNT | __GFP_ZERO | __GFP_NOWARN;
> - unsigned long size = mr->nr_pages << PAGE_SHIFT;
> + size_t size = (size_t) mr->nr_pages << PAGE_SHIFT;
> unsigned long nr_allocated;
> struct page **pages;
> void *p;
>
> --
> Jens Axboe