[v5.15] WARNING in hugetlb_split
22 views
Skip to first unread message
syzbot
Jun 27, 2025, 7:04:33 AM6/27/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3dea0e7f549e Linux 5.15.186
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=153eaf0c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=918afca6cf85eccf
dashboard link: https://syzkaller.appspot.com/bug?extid=c7a84558d87a6d4b5e4a
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b4e974189c3a/disk-3dea0e7f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/922e99f38be2/vmlinux-3dea0e7f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/59456f23f37e/bzImage-3dea0e7f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c7a845...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12773 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 0 PID: 12773 at include/linux/fs.h:532 hugetlb_split+0x237/0x2a0 mm/hugetlb.c:4182
Modules linked in:
CPU: 0 PID: 12773 Comm: syz.0.3609 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
RIP: 0010:hugetlb_split+0x237/0x2a0 mm/hugetlb.c:4182
Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 65 35 bf ff 0f 0b e9 62 fe ff ff e8 59 35 bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 c4 df 68 8d 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc900031bf840 EFLAGS: 00010283
RAX: ffffffff81b88db7 RBX: 0000200000c00000 RCX: 0000000000080000
RDX: ffffc90003a31000 RSI: 0000000000000066 RDI: 0000000000000067
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed1002d0d558
R10: ffffed1002d0d558 R11: 1ffff11002d0d557 R12: ffff888017bfb9e8
R13: dffffc0000000000 R14: ffff888017bfb948 R15: ffff88805edf55c0
FS: 00007fd8e5cb96c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9d026cc2d8 CR3: 000000007e414000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__vma_adjust+0x6a9/0x1c20 mm/mmap.c:842
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x34b/0x410 mm/mmap.c:-1
madvise_behavior mm/madvise.c:154 [inline]
madvise_vma mm/madvise.c:1006 [inline]
do_madvise+0x1e4c/0x2b60 mm/madvise.c:1207
__do_sys_madvise mm/madvise.c:1233 [inline]
__se_sys_madvise mm/madvise.c:1231 [inline]
__x64_sys_madvise+0xa2/0xb0 mm/madvise.c:1231
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fd8e7e51929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd8e5cb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fd8e8078fa0 RCX: 00007fd8e7e51929
RDX: 000000000000000e RSI: 0000000000400000 RDI: 0000200000c00000
RBP: 00007fd8e7ed3b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd8e8078fa0 R15: 00007fff19832488
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3dea0e7f549e Linux 5.15.186
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=153eaf0c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=918afca6cf85eccf
dashboard link: https://syzkaller.appspot.com/bug?extid=c7a84558d87a6d4b5e4a
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b4e974189c3a/disk-3dea0e7f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/922e99f38be2/vmlinux-3dea0e7f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/59456f23f37e/bzImage-3dea0e7f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c7a845...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12773 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 0 PID: 12773 at include/linux/fs.h:532 hugetlb_split+0x237/0x2a0 mm/hugetlb.c:4182
Modules linked in:
CPU: 0 PID: 12773 Comm: syz.0.3609 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
RIP: 0010:hugetlb_split+0x237/0x2a0 mm/hugetlb.c:4182
Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 65 35 bf ff 0f 0b e9 62 fe ff ff e8 59 35 bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 c4 df 68 8d 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc900031bf840 EFLAGS: 00010283
RAX: ffffffff81b88db7 RBX: 0000200000c00000 RCX: 0000000000080000
RDX: ffffc90003a31000 RSI: 0000000000000066 RDI: 0000000000000067
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed1002d0d558
R10: ffffed1002d0d558 R11: 1ffff11002d0d557 R12: ffff888017bfb9e8
R13: dffffc0000000000 R14: ffff888017bfb948 R15: ffff88805edf55c0
FS: 00007fd8e5cb96c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9d026cc2d8 CR3: 000000007e414000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__vma_adjust+0x6a9/0x1c20 mm/mmap.c:842
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x34b/0x410 mm/mmap.c:-1
madvise_behavior mm/madvise.c:154 [inline]
madvise_vma mm/madvise.c:1006 [inline]
do_madvise+0x1e4c/0x2b60 mm/madvise.c:1207
__do_sys_madvise mm/madvise.c:1233 [inline]
__se_sys_madvise mm/madvise.c:1231 [inline]
__x64_sys_madvise+0xa2/0xb0 mm/madvise.c:1231
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fd8e7e51929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd8e5cb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fd8e8078fa0 RCX: 00007fd8e7e51929
RDX: 000000000000000e RSI: 0000000000400000 RDI: 0000200000c00000
RBP: 00007fd8e7ed3b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd8e8078fa0 R15: 00007fff19832488
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 27, 2025, 7:34:30 AM6/27/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1761af0c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8ab0a96d60bbe8f
dashboard link: https://syzkaller.appspot.com/bug?extid=d142850f8168610346d5
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/e00cc723dfa5/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4cbcf3fe062f/Image-7e69c33e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 12596 Comm: syz.4.3638 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
lr : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
sp : ffff800021297610
x29: ffff800021297610 x28: dfff800000000000 x27: ffff700004252ee0
x26: ffff0000c3d416c0 x25: ffff800015080000 x24: 1ffff00002a100b0
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000020000000 x19: ffff0000c3d416c0 x18: 0000000000000000
x17: ffff8000087f179c x16: ffff8000082d0f50 x15: ffff8000087ffbc4
x14: 00000000ffff8000 x13: 00000000c61d5b5d x12: 0000000000080000
x11: 00000000000020bd x10: ffff800026ee9000 x9 : ffff800008887be4
x8 : 00000000000020be x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff800008887a64
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
__vma_adjust+0x438/0x16b0 mm/mmap.c:736
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x324/0x448 mm/mmap.c:-1
do_mas_align_munmap+0x2c8/0xeec mm/mmap.c:2476
do_mas_munmap+0x15c/0x194 mm/mmap.c:2646
__do_sys_mremap mm/mremap.c:988 [inline]
__se_sys_mremap mm/mremap.c:889 [inline]
__arm64_sys_mremap+0x658/0xe54 mm/mremap.c:889
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 306
hardirqs last enabled at (305): [<ffff800011a112b4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (305): [<ffff800011a112b4>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (306): [<ffff800011925d68>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (264): [<ffff800008030900>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (262): [<ffff8000080308cc>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 12596 Comm: syz.4.3638 Tainted: G W 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
lr : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
sp : ffff800021297610
x29: ffff800021297610 x28: dfff800000000000 x27: ffff700004252ee0
x26: ffff0000c3d416c0 x25: ffff800015080000 x24: 1ffff00002a100b0
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000020200000 x19: ffff0000c3d416c0 x18: 0000000000000000
x17: ffff8000087f179c x16: ffff8000082d0f50 x15: ffff8000087ffbc4
x14: 00000000ffff8000 x13: 00000000c61d5b5d x12: 0000000000080000
x11: 000000000001a556 x10: ffff800026ee9000 x9 : ffff800008887be4
x8 : 000000000001a557 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff800008887a64
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
__vma_adjust+0x444/0x16b0 mm/mmap.c:737
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x324/0x448 mm/mmap.c:-1
do_mas_align_munmap+0x2c8/0xeec mm/mmap.c:2476
do_mas_munmap+0x15c/0x194 mm/mmap.c:2646
__do_sys_mremap mm/mremap.c:988 [inline]
__se_sys_mremap mm/mremap.c:889 [inline]
__arm64_sys_mremap+0x658/0xe54 mm/mremap.c:889
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 446
hardirqs last enabled at (445): [<ffff800011927e44>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (445): [<ffff800011927e44>] exit_to_kernel_mode+0xcc/0xfc arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (446): [<ffff800011925d68>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (440): [<ffff8000081a9670>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (440): [<ffff8000081a9670>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (309): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 12596 Comm: syz.4.3638 Tainted: G W 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
lr : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
sp : ffff800021297610
x29: ffff800021297610 x28: dfff800000000000 x27: ffff700004252ee0
x26: ffff0000caa82870 x25: ffff800015080000 x24: 1ffff00002a100b0
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000020600000 x19: ffff0000caa82870 x18: 0000000000000000
x17: ffff8000087f179c x16: ffff8000082d0f50 x15: ffff8000087ffbc4
x14: 00000000ffff8000 x13: 00000000797bfc50 x12: 0000000000080000
x11: 0000000000034d92 x10: ffff800026ee9000 x9 : ffff800008887be4
x8 : 0000000000034d93 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff800008887a64
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
__vma_adjust+0x438/0x16b0 mm/mmap.c:736
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x324/0x448 mm/mmap.c:-1
do_mas_align_munmap+0x5dc/0xeec mm/mmap.c:2497
do_mas_munmap+0x15c/0x194 mm/mmap.c:2646
__do_sys_mremap mm/mremap.c:988 [inline]
__se_sys_mremap mm/mremap.c:889 [inline]
__arm64_sys_mremap+0x658/0xe54 mm/mremap.c:889
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 864
hardirqs last enabled at (863): [<ffff800011a112b4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (863): [<ffff800011a112b4>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (864): [<ffff800011925d68>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (774): [<ffff8000081a9670>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (774): [<ffff8000081a9670>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (451): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
WARNING: CPU: 0 PID: 12596 at include/linux/fs.h:503 hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 12596 Comm: syz.4.3638 Tainted: G W 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
lr : i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
sp : ffff800021297610
x29: ffff800021297610 x28: dfff800000000000 x27: ffff700004252ee0
x26: ffff0000caa82870 x25: ffff800015080000 x24: 1ffff00002a100b0
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000021000000 x19: ffff0000caa82870 x18: 0000000000000000
x17: ffff8000087f179c x16: ffff8000082d0f50 x15: ffff8000087ffbc4
x14: 00000000ffff8000 x13: 00000000797bfc50 x12: 0000000000080000
x11: 000000000004b4ba x10: ffff800026ee9000 x9 : ffff800008887be4
x8 : 000000000004b4bb x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff800008887a64
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
hugetlb_split+0x234/0x29c mm/hugetlb.c:4917
__vma_adjust+0x444/0x16b0 mm/mmap.c:737
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x324/0x448 mm/mmap.c:-1
do_mas_align_munmap+0x5dc/0xeec mm/mmap.c:2497
do_mas_munmap+0x15c/0x194 mm/mmap.c:2646
__do_sys_mremap mm/mremap.c:988 [inline]
__se_sys_mremap mm/mremap.c:889 [inline]
__arm64_sys_mremap+0x658/0xe54 mm/mremap.c:889
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1068
hardirqs last enabled at (1067): [<ffff800011927e44>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (1067): [<ffff800011927e44>] exit_to_kernel_mode+0xcc/0xfc arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (1068): [<ffff800011925d68>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1062): [<ffff8000081a9670>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (1062): [<ffff8000081a9670>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (867): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
syzbot
Jul 1, 2025, 8:08:31 PM7/1/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3dea0e7f549e Linux 5.15.186
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1783f88c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68f6f35276e57732
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d85770580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ce2ebc580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/90580e8155e1/disk-3dea0e7f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa25a3db336a/vmlinux-3dea0e7f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0b05b2d29242/Image-3dea0e7f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c7a845...@syzkaller.appspotmail.com
mmap: syz.0.16 (4178) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4178 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 1 PID: 4178 at include/linux/fs.h:532 hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
Modules linked in:
CPU: 1 PID: 4178 Comm: syz.0.16 Not tainted 5.15.186-syzkaller #0
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
lr : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
sp : ffff80001f7078c0
x29: ffff80001f7078c0 x28: ffff0000c8036088 x27: 0000000000000000
x26: dfff800000000000 x25: ffff800014160000 x24: 1ffff0000282c06a
x17: ffff80000877412c x16: ffff8000082bf708 x15: ffff80001139a000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80000880717c
x8 : ffff0000d7649b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff0000cc219c60 x3 : ffff800008806ffc
hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
__vma_adjust+0x290/0x1890 mm/mmap.c:842
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x310/0x3f0 mm/mmap.c:-1
__do_munmap+0x2fc/0xc04 mm/mmap.c:2852
do_munmap mm/mmap.c:2906 [inline]
munmap_vma_range mm/mmap.c:602 [inline]
__mmap_region mm/mmap.c:1753 [inline]
mmap_region+0x7b0/0x1390 mm/mmap.c:2929
do_mmap+0x67c/0xdb4 mm/mmap.c:1582
__do_sys_remap_file_pages mm/mmap.c:3046 [inline]
__se_sys_remap_file_pages mm/mmap.c:2981 [inline]
__arm64_sys_remap_file_pages+0x404/0x584 mm/mmap.c:2981
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1330
hardirqs last enabled at (1329): [<ffff80001128c428>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (1329): [<ffff80001128c428>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (1330): [<ffff8000111adf74>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (846): [<ffff80000819e9e8>] softirq_handle_end kernel/softirq.c:419 [inline]
softirqs last enabled at (846): [<ffff80000819e9e8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604
softirqs last disabled at (833): [<ffff80000819efec>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] invoke_softirq kernel/softirq.c:457 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659
---[ end trace 86d1efe0e3dbff9c ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4178 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 0 PID: 4178 at include/linux/fs.h:532 hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
Modules linked in:
CPU: 0 PID: 4178 Comm: syz.0.16 Tainted: G W 5.15.186-syzkaller #0
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
lr : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
sp : ffff80001f7078c0
x29: ffff80001f7078c0 x28: ffff0000c8036088 x27: 0000000000000000
x26: dfff800000000000 x25: ffff800014160000 x24: 1ffff0000282c06a
x17: ffff80000877412c x16: ffff8000082bf708 x15: ffff80001139a000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80000880717c
x8 : ffff0000d7649b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff0000cc219c60 x3 : ffff800008806ffc
hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
__vma_adjust+0x29c/0x1890 mm/mmap.c:843
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x310/0x3f0 mm/mmap.c:-1
__do_munmap+0x2fc/0xc04 mm/mmap.c:2852
do_munmap mm/mmap.c:2906 [inline]
munmap_vma_range mm/mmap.c:602 [inline]
__mmap_region mm/mmap.c:1753 [inline]
mmap_region+0x7b0/0x1390 mm/mmap.c:2929
do_mmap+0x67c/0xdb4 mm/mmap.c:1582
__do_sys_remap_file_pages mm/mmap.c:3046 [inline]
__se_sys_remap_file_pages mm/mmap.c:2981 [inline]
__arm64_sys_remap_file_pages+0x404/0x584 mm/mmap.c:2981
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1438
hardirqs last enabled at (1437): [<ffff8000111b0c78>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (1437): [<ffff8000111b0c78>] exit_to_kernel_mode+0xe0/0x168 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (1438): [<ffff8000111adf74>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (1432): [<ffff80000819e9e8>] softirq_handle_end kernel/softirq.c:419 [inline]
softirqs last enabled at (1432): [<ffff80000819e9e8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604
softirqs last disabled at (1335): [<ffff80000819efec>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] invoke_softirq kernel/softirq.c:457 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659
---[ end trace 86d1efe0e3dbff9d ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 3dea0e7f549e Linux 5.15.186
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=68f6f35276e57732
dashboard link: https://syzkaller.appspot.com/bug?extid=c7a84558d87a6d4b5e4a
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d85770580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ce2ebc580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/90580e8155e1/disk-3dea0e7f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa25a3db336a/vmlinux-3dea0e7f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0b05b2d29242/Image-3dea0e7f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c7a845...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4178 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 1 PID: 4178 at include/linux/fs.h:532 hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
Modules linked in:
CPU: 1 PID: 4178 Comm: syz.0.16 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
lr : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
sp : ffff80001f7078c0
x29: ffff80001f7078c0 x28: ffff0000c8036088 x27: 0000000000000000
x26: dfff800000000000 x25: ffff800014160000 x24: 1ffff0000282c06a
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000020400000 x19: ffff0000c8036000 x18: 0000000000000000
x17: ffff80000877412c x16: ffff8000082bf708 x15: ffff80001139a000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80000880717c
x8 : ffff0000d7649b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff0000cc219c60 x3 : ffff800008806ffc
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
Call trace:
hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
__vma_adjust+0x290/0x1890 mm/mmap.c:842
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x310/0x3f0 mm/mmap.c:-1
__do_munmap+0x2fc/0xc04 mm/mmap.c:2852
do_munmap mm/mmap.c:2906 [inline]
munmap_vma_range mm/mmap.c:602 [inline]
__mmap_region mm/mmap.c:1753 [inline]
mmap_region+0x7b0/0x1390 mm/mmap.c:2929
do_mmap+0x67c/0xdb4 mm/mmap.c:1582
__do_sys_remap_file_pages mm/mmap.c:3046 [inline]
__se_sys_remap_file_pages mm/mmap.c:2981 [inline]
__arm64_sys_remap_file_pages+0x404/0x584 mm/mmap.c:2981
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1330
hardirqs last enabled at (1329): [<ffff80001128c428>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (1329): [<ffff80001128c428>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (1330): [<ffff8000111adf74>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (846): [<ffff80000819e9e8>] softirq_handle_end kernel/softirq.c:419 [inline]
softirqs last enabled at (846): [<ffff80000819e9e8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604
softirqs last disabled at (833): [<ffff80000819efec>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] invoke_softirq kernel/softirq.c:457 [inline]
softirqs last disabled at (833): [<ffff80000819efec>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659
---[ end trace 86d1efe0e3dbff9c ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4178 at include/linux/fs.h:532 i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
WARNING: CPU: 0 PID: 4178 at include/linux/fs.h:532 hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
Modules linked in:
CPU: 0 PID: 4178 Comm: syz.0.16 Tainted: G W 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
pc : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
lr : i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
lr : hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
sp : ffff80001f7078c0
x29: ffff80001f7078c0 x28: ffff0000c8036088 x27: 0000000000000000
x26: dfff800000000000 x25: ffff800014160000 x24: 1ffff0000282c06a
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000020800000 x19: ffff0000c8036000 x18: 0000000000000000
x17: ffff80000877412c x16: ffff8000082bf708 x15: ffff80001139a000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80000880717c
x8 : ffff0000d7649b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff0000cc219c60 x3 : ffff800008806ffc
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
i_mmap_assert_write_locked include/linux/fs.h:532 [inline]
Call trace:
hugetlb_split+0x234/0x29c mm/hugetlb.c:4182
__vma_adjust+0x29c/0x1890 mm/mmap.c:843
vma_adjust include/linux/mm.h:2556 [inline]
__split_vma+0x310/0x3f0 mm/mmap.c:-1
__do_munmap+0x2fc/0xc04 mm/mmap.c:2852
do_munmap mm/mmap.c:2906 [inline]
munmap_vma_range mm/mmap.c:602 [inline]
__mmap_region mm/mmap.c:1753 [inline]
mmap_region+0x7b0/0x1390 mm/mmap.c:2929
do_mmap+0x67c/0xdb4 mm/mmap.c:1582
__do_sys_remap_file_pages mm/mmap.c:3046 [inline]
__se_sys_remap_file_pages mm/mmap.c:2981 [inline]
__arm64_sys_remap_file_pages+0x404/0x584 mm/mmap.c:2981
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1438
hardirqs last enabled at (1437): [<ffff8000111b0c78>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (1437): [<ffff8000111b0c78>] exit_to_kernel_mode+0xe0/0x168 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (1438): [<ffff8000111adf74>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (1432): [<ffff80000819e9e8>] softirq_handle_end kernel/softirq.c:419 [inline]
softirqs last enabled at (1432): [<ffff80000819e9e8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604
softirqs last disabled at (1335): [<ffff80000819efec>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] invoke_softirq kernel/softirq.c:457 [inline]
softirqs last disabled at (1335): [<ffff80000819efec>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659
---[ end trace 86d1efe0e3dbff9d ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jul 2, 2025, 10:58:29 AM7/2/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1274aebc580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c13e5b1e791632f6
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12767982580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/66227cc7a961/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/800396fbefa3/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9164f62e8709/bzImage-7e69c33e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d14285...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4404 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
WARNING: CPU: 0 PID: 4404 at include/linux/fs.h:503 hugetlb_split+0x234/0x2a0 mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 4404 Comm: syz.0.16 Not tainted 6.1.142-syzkaller #0
RIP: 0010:hugetlb_split+0x234/0x2a0 mm/hugetlb.c:4917
Code: b4 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7d e8 f8 04 b4 ff 0f 0b e9 65 fe ff ff e8 ec 04 b4 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 e4 c1 fe 8d 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc900034c79a8 EFLAGS: 00010293
RAX: ffffffff81ccd294 RBX: 0000200000000000 RCX: ffff888074bd8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100e931e2e
R10: ffffed100e931e2e R11: 1ffff1100e931e2d R12: ffff8880299a03d0
R13: dffffc0000000000 R14: ffff8880299a0360 R15: ffff88802a9d2bb8
FS: 000055556adfe500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x3a7/0x500 mm/mmap.c:-1
mprotect_fixup+0x597/0x7f0 mm/mprotect.c:623
do_mprotect_pkey+0x754/0xa40 mm/mprotect.c:792
__do_sys_mprotect mm/mprotect.c:819 [inline]
__se_sys_mprotect mm/mprotect.c:816 [inline]
__x64_sys_mprotect+0x7c/0x90 mm/mprotect.c:816
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7e8238e929
RAX: ffffffffffffffda RBX: 00007f7e825b5fa0 RCX: 00007f7e8238e929
RDX: 0000000000000001 RSI: 0000000000800000 RDI: 0000200000000000
RBP: 00007f7e82410b39 R08: 0000000000000000 R09: 0000000000000000
</TASK>
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=c13e5b1e791632f6
dashboard link: https://syzkaller.appspot.com/bug?extid=d142850f8168610346d5
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=149bd770580000
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12767982580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/66227cc7a961/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/800396fbefa3/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9164f62e8709/bzImage-7e69c33e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d14285...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4404 at include/linux/fs.h:503 hugetlb_split+0x234/0x2a0 mm/hugetlb.c:4917
Modules linked in:
CPU: 0 PID: 4404 Comm: syz.0.16 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline]
RIP: 0010:hugetlb_split+0x234/0x2a0 mm/hugetlb.c:4917
Code: b4 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7d e8 f8 04 b4 ff 0f 0b e9 65 fe ff ff e8 ec 04 b4 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 e4 c1 fe 8d 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc900034c79a8 EFLAGS: 00010293
RAX: ffffffff81ccd294 RBX: 0000200000000000 RCX: ffff888074bd8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100e931e2e
R10: ffffed100e931e2e R11: 1ffff1100e931e2d R12: ffff8880299a03d0
R13: dffffc0000000000 R14: ffff8880299a0360 R15: ffff88802a9d2bb8
FS: 000055556adfe500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2bf5ffff CR3: 000000007858c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__vma_adjust+0x46b/0x1c50 mm/mmap.c:736
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vma_adjust include/linux/mm.h:2745 [inline]
__split_vma+0x3a7/0x500 mm/mmap.c:-1
mprotect_fixup+0x597/0x7f0 mm/mprotect.c:623
do_mprotect_pkey+0x754/0xa40 mm/mprotect.c:792
__do_sys_mprotect mm/mprotect.c:819 [inline]
__se_sys_mprotect mm/mprotect.c:816 [inline]
__x64_sys_mprotect+0x7c/0x90 mm/mprotect.c:816
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7e8238e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc822ad58 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
RAX: ffffffffffffffda RBX: 00007f7e825b5fa0 RCX: 00007f7e8238e929
RDX: 0000000000000001 RSI: 0000000000800000 RDI: 0000200000000000
RBP: 00007f7e82410b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7e825b5fa0 R14: 00007f7e825b5fa0 R15: 0000000000000003
</TASK>
Reply all
Reply to author
Forward
0 new messages