Re: [syzbot] [io-uring?] WARNING in __vmap_pages_range_noflush
From: Jens Axboe
Date: Fri Aug 08 2025 - 08:34:19 EST
On 8/8/25 2:17 AM, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 6e64f4580381 Merge tag 'input-for-v6.17-rc0' of git://git...
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=166ceea2580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5549e3e577d8650d
> dashboard link: https://syzkaller.appspot.com/bug?extid=23727438116feb13df15
> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10202ea2580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140a9042580000
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git>
diff --git a/io_uring/memmap.c b/io_uring/memmap.c
index 725dc0bec24c..2e99dffddfc5 100644
--- a/io_uring/memmap.c
+++ b/io_uring/memmap.c
@@ -156,7 +156,7 @@ static int io_region_allocate_pages(struct io_ring_ctx *ctx,
unsigned long mmap_offset)
{
gfp_t gfp = GFP_KERNEL_ACCOUNT | __GFP_ZERO | __GFP_NOWARN;
- unsigned long size = mr->nr_pages << PAGE_SHIFT;
+ size_t size = (size_t) mr->nr_pages << PAGE_SHIFT;
unsigned long nr_allocated;
struct page **pages;
void *p;
--
Jens Axboe