Re: [syzbot] [io-uring?] WARNING in __vmap_pages_range_noflush
From: Jens Axboe
Date: Fri Aug 08 2025 - 08:38:15 EST
On 8/8/25 6:34 AM, syzbot wrote:
>> On 8/8/25 2:17 AM, syzbot wrote:
>>> Hello,
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: 6e64f4580381 Merge tag 'input-for-v6.17-rc0' of git://git...
>>> git tree: upstream
>>> console+strace: https://syzkaller.appspot.com/x/log.txt?x=166ceea2580000
>>> kernel config: https://syzkaller.appspot.com/x/.config?x=5549e3e577d8650d
>>> dashboard link: https://syzkaller.appspot.com/bug?extid=23727438116feb13df15
>>> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10202ea2580000
>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140a9042580000
>>
>> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git>
>
> want either no args or 2 args (repo, branch), got 5
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
diff --git a/io_uring/memmap.c b/io_uring/memmap.c
index 725dc0bec24c..2e99dffddfc5 100644
--- a/io_uring/memmap.c
+++ b/io_uring/memmap.c
@@ -156,7 +156,7 @@ static int io_region_allocate_pages(struct io_ring_ctx *ctx,
unsigned long mmap_offset)
{
gfp_t gfp = GFP_KERNEL_ACCOUNT | __GFP_ZERO | __GFP_NOWARN;
- unsigned long size = mr->nr_pages << PAGE_SHIFT;
+ size_t size = (size_t) mr->nr_pages << PAGE_SHIFT;
unsigned long nr_allocated;
struct page **pages;
void *p;
--
Jens Axboe