From: syzbot <syzbot+bd6aaf99e8443d8a9034@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, david@kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
muchun.song@linux.dev, osalvador@suse.de,
syzkaller-bugs@googlegroups.com
Subject: [syzbot] [mm?] possible deadlock in hugetlb_vma_lock_write
Date: Tue, 12 May 2026 02:07:27 -0700 [thread overview]
Message-ID: <6a02edcf.170a0220.7f9b3.000c.GAE@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 917719c412c4 Merge tag 'selinux-pr-20260507' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=113365ce580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cb5b551cf65fa040
dashboard link: https://syzkaller.appspot.com/bug?extid=bd6aaf99e8443d8a9034
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/93356f2543ac/disk-917719c4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/980600fe3802/vmlinux-917719c4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/42cfd976bcb9/bzImage-917719c4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bd6aaf99e8443d8a9034@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Tainted: G L
------------------------------------------------------
syz.1.2584/12855 is trying to acquire lock:
ffff88807c1c10e0 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_vma_lock_write mm/hugetlb.c:317 [inline]
ffff88807c1c10e0 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_vma_lock_write+0x109/0x140 mm/hugetlb.c:308
but task is already holding lock:
ffff888036bb27f8 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
ffff888036bb27f8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1f5/0x470 mm/util.c:579
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #8 (&mm->mmap_lock){++++}-{4:4}:
__might_fault+0xde/0x140 mm/memory.c:7324
_inline_copy_from_user include/linux/uaccess.h:169 [inline]
_copy_from_user+0x29/0xd0 lib/usercopy.c:18
copy_from_user include/linux/uaccess.h:223 [inline]
csum_and_copy_from_user include/net/checksum.h:31 [inline]
copy_from_user_iter_csum net/core/skbuff.c:7402 [inline]
iterate_ubuf include/linux/iov_iter.h:30 [inline]
iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
csum_and_copy_from_iter_full+0x21a/0x1fd0 net/core/skbuff.c:7414
ip_generic_getfrag+0x172/0x270 net/ipv4/ip_output.c:942
raw6_getfrag+0x235/0x2a0 net/ipv6/raw.c:739
__ip6_append_data+0x4058/0x4bf0 net/ipv6/ip6_output.c:1736
ip6_append_data net/ipv6/ip6_output.c:1891 [inline]
ip6_append_data+0x10b/0x410 net/ipv6/ip6_output.c:1860
rawv6_sendmsg+0x169c/0x4420 net/ipv6/raw.c:913
inet_sendmsg+0x11c/0x140 net/ipv4/af_inet.c:866
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x98d/0xb70 net/socket.c:2698
___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
__sys_sendmsg+0x170/0x220 net/socket.c:2784
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #7 (sk_lock-AF_INET6){+.+.}-{0:0}:
lock_sock_nested+0x41/0xf0 net/core/sock.c:3783
lock_sock include/net/sock.h:1713 [inline]
inet_shutdown+0x67/0x410 net/ipv4/af_inet.c:915
nbd_mark_nsock_dead+0xae/0x5c0 drivers/block/nbd.c:318
sock_shutdown+0x16b/0x200 drivers/block/nbd.c:411
nbd_clear_sock drivers/block/nbd.c:1427 [inline]
nbd_config_put+0x1eb/0x750 drivers/block/nbd.c:1451
nbd_genl_connect+0xaf8/0x1a40 drivers/block/nbd.c:2248
genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x585/0x850 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698
___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
__sys_sendmsg+0x170/0x220 net/socket.c:2784
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #6 (&nsock->tx_lock){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:646 [inline]
__mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
nbd_handle_cmd drivers/block/nbd.c:1143 [inline]
nbd_queue_rq+0x428/0x1080 drivers/block/nbd.c:1207
blk_mq_dispatch_rq_list+0x422/0x1e70 block/blk-mq.c:2148
__blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline]
blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline]
__blk_mq_sched_dispatch_requests+0xcea/0x1620 block/blk-mq-sched.c:307
blk_mq_sched_dispatch_requests+0xd7/0x1c0 block/blk-mq-sched.c:329
blk_mq_run_hw_queue+0x23c/0x670 block/blk-mq.c:2386
blk_mq_dispatch_list+0x51d/0x1360 block/blk-mq.c:2949
blk_mq_flush_plug_list block/blk-mq.c:2997 [inline]
blk_mq_flush_plug_list+0x130/0x600 block/blk-mq.c:2969
__blk_flush_plug+0x2c4/0x4b0 block/blk-core.c:1230
blk_finish_plug block/blk-core.c:1257 [inline]
__submit_bio+0x584/0x6c0 block/blk-core.c:649
__submit_bio_noacct_mq block/blk-core.c:722 [inline]
submit_bio_noacct_nocheck+0x543/0xbf0 block/blk-core.c:753
submit_bio_noacct+0xd18/0x2000 block/blk-core.c:884
blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline]
submit_bh_wbc+0x681/0x890 fs/buffer.c:2737
submit_bh fs/buffer.c:2742 [inline]
block_read_full_folio+0x264/0x8e0 fs/buffer.c:2344
filemap_read_folio+0xfc/0x3b0 mm/filemap.c:2502
do_read_cache_folio+0x2d7/0x6b0 mm/filemap.c:4107
read_mapping_folio include/linux/pagemap.h:1017 [inline]
read_part_sector+0xd1/0x370 block/partitions/core.c:724
adfspart_check_ICS+0x91/0x7d0 block/partitions/acorn.c:356
check_partition block/partitions/core.c:143 [inline]
blk_add_partitions block/partitions/core.c:591 [inline]
bdev_disk_changed+0x7a3/0x1250 block/partitions/core.c:695
blkdev_get_whole+0x187/0x290 block/bdev.c:756
bdev_open+0x2c7/0xe40 block/bdev.c:965
blkdev_open+0x34e/0x4f0 block/fops.c:697
do_dentry_open+0x6d8/0x1660 fs/open.c:947
vfs_open+0x82/0x3f0 fs/open.c:1079
do_open fs/namei.c:4699 [inline]
path_openat+0x208c/0x31a0 fs/namei.c:4858
do_file_open+0x20e/0x430 fs/namei.c:4887
do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
do_sys_open fs/open.c:1370 [inline]
__do_sys_openat fs/open.c:1386 [inline]
__se_sys_openat fs/open.c:1381 [inline]
__x64_sys_openat+0x12d/0x210 fs/open.c:1381
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #5 (&cmd->lock){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:646 [inline]
__mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
nbd_queue_rq+0xba/0x1080 drivers/block/nbd.c:1199
blk_mq_dispatch_rq_list+0x422/0x1e70 block/blk-mq.c:2148
__blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline]
blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline]
__blk_mq_sched_dispatch_requests+0xcea/0x1620 block/blk-mq-sched.c:307
blk_mq_sched_dispatch_requests+0xd7/0x1c0 block/blk-mq-sched.c:329
blk_mq_run_hw_queue+0x23c/0x670 block/blk-mq.c:2386
blk_mq_dispatch_list+0x51d/0x1360 block/blk-mq.c:2949
blk_mq_flush_plug_list block/blk-mq.c:2997 [inline]
blk_mq_flush_plug_list+0x130/0x600 block/blk-mq.c:2969
__blk_flush_plug+0x2c4/0x4b0 block/blk-core.c:1230
blk_finish_plug block/blk-core.c:1257 [inline]
__submit_bio+0x584/0x6c0 block/blk-core.c:649
__submit_bio_noacct_mq block/blk-core.c:722 [inline]
submit_bio_noacct_nocheck+0x543/0xbf0 block/blk-core.c:753
submit_bio_noacct+0xd18/0x2000 block/blk-core.c:884
blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline]
submit_bh_wbc+0x681/0x890 fs/buffer.c:2737
submit_bh fs/buffer.c:2742 [inline]
block_read_full_folio+0x264/0x8e0 fs/buffer.c:2344
filemap_read_folio+0xfc/0x3b0 mm/filemap.c:2502
do_read_cache_folio+0x2d7/0x6b0 mm/filemap.c:4107
read_mapping_folio include/linux/pagemap.h:1017 [inline]
read_part_sector+0xd1/0x370 block/partitions/core.c:724
adfspart_check_ICS+0x91/0x7d0 block/partitions/acorn.c:356
check_partition block/partitions/core.c:143 [inline]
blk_add_partitions block/partitions/core.c:591 [inline]
bdev_disk_changed+0x7a3/0x1250 block/partitions/core.c:695
blkdev_get_whole+0x187/0x290 block/bdev.c:756
bdev_open+0x2c7/0xe40 block/bdev.c:965
blkdev_open+0x34e/0x4f0 block/fops.c:697
do_dentry_open+0x6d8/0x1660 fs/open.c:947
vfs_open+0x82/0x3f0 fs/open.c:1079
do_open fs/namei.c:4699 [inline]
path_openat+0x208c/0x31a0 fs/namei.c:4858
do_file_open+0x20e/0x430 fs/namei.c:4887
do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
do_sys_open fs/open.c:1370 [inline]
__do_sys_openat fs/open.c:1386 [inline]
__se_sys_openat fs/open.c:1381 [inline]
__x64_sys_openat+0x12d/0x210 fs/open.c:1381
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #4 (set->srcu){.+.+}-{0:0}:
srcu_lock_sync include/linux/srcu.h:199 [inline]
__synchronize_srcu+0xa2/0x300 kernel/rcu/srcutree.c:1481
blk_mq_wait_quiesce_done block/blk-mq.c:284 [inline]
blk_mq_wait_quiesce_done block/blk-mq.c:281 [inline]
blk_mq_quiesce_queue block/blk-mq.c:304 [inline]
blk_mq_quiesce_queue+0x149/0x1c0 block/blk-mq.c:299
elevator_switch+0x17b/0x7e0 block/elevator.c:576
elevator_change+0x352/0x530 block/elevator.c:681
elevator_set_default+0x29e/0x360 block/elevator.c:754
blk_register_queue+0x48e/0x630 block/blk-sysfs.c:987
__add_disk+0x73f/0xe40 block/genhd.c:528
add_disk_fwnode+0x118/0x5c0 block/genhd.c:597
add_disk include/linux/blkdev.h:794 [inline]
nbd_dev_add+0x77a/0xb10 drivers/block/nbd.c:1984
nbd_init+0x291/0x2b0 drivers/block/nbd.c:2692
do_one_initcall+0x121/0x750 init/main.c:1392
do_initcall_level init/main.c:1454 [inline]
do_initcalls init/main.c:1470 [inline]
do_basic_setup init/main.c:1490 [inline]
kernel_init_freeable+0x6ea/0x7b0 init/main.c:1703
kernel_init+0x1f/0x1e0 init/main.c:1593
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
-> #3 (&q->elevator_lock){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:646 [inline]
__mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
elevator_change+0x1bc/0x530 block/elevator.c:679
elevator_set_none+0x92/0xf0 block/elevator.c:769
blk_mq_elv_switch_none block/blk-mq.c:5131 [inline]
__blk_mq_update_nr_hw_queues block/blk-mq.c:5176 [inline]
blk_mq_update_nr_hw_queues+0x4c1/0x15f0 block/blk-mq.c:5241
nbd_start_device+0x1a6/0xbd0 drivers/block/nbd.c:1489
nbd_genl_connect+0xff2/0x1a40 drivers/block/nbd.c:2239
genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x585/0x850 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698
___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
__sys_sendmsg+0x170/0x220 net/socket.c:2784
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (&q->q_usage_counter(io)#50){++++}-{0:0}:
blk_alloc_queue+0x610/0x790 block/blk-core.c:461
blk_mq_alloc_queue+0x174/0x290 block/blk-mq.c:4450
__blk_mq_alloc_disk+0x29/0x120 block/blk-mq.c:4497
nbd_dev_add+0x492/0xb10 drivers/block/nbd.c:1954
nbd_init+0x291/0x2b0 drivers/block/nbd.c:2692
do_one_initcall+0x121/0x750 init/main.c:1392
do_initcall_level init/main.c:1454 [inline]
do_initcalls init/main.c:1470 [inline]
do_basic_setup init/main.c:1490 [inline]
kernel_init_freeable+0x6ea/0x7b0 init/main.c:1703
kernel_init+0x1f/0x1e0 init/main.c:1593
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
-> #1 (fs_reclaim){+.+.}-{0:0}:
__fs_reclaim_acquire mm/page_alloc.c:4325 [inline]
fs_reclaim_acquire+0xc4/0x100 mm/page_alloc.c:4339
might_alloc include/linux/sched/mm.h:317 [inline]
prepare_alloc_pages+0x166/0x5f0 mm/page_alloc.c:4995
__alloc_frozen_pages_noprof+0x19a/0x2bc0 mm/page_alloc.c:5215
alloc_pages_mpol+0x1fb/0x540 mm/mempolicy.c:2490
alloc_pages_noprof+0x1a/0x160 mm/mempolicy.c:2581
pagetable_alloc_noprof include/linux/mm.h:3651 [inline]
__pud_alloc_one_noprof include/asm-generic/pgalloc.h:181 [inline]
pud_alloc_one_noprof include/asm-generic/pgalloc.h:206 [inline]
__pud_alloc+0x3b/0x690 mm/memory.c:6780
pud_alloc include/linux/mm.h:3561 [inline]
huge_pte_alloc+0x55a/0x730 mm/hugetlb.c:7011
hugetlb_fault+0x369/0x1410 mm/hugetlb.c:5995
handle_mm_fault+0x5f1/0xa20 mm/memory.c:6716
faultin_page mm/gup.c:1126 [inline]
__get_user_pages+0x1178/0x32a0 mm/gup.c:1428
populate_vma_page_range+0x267/0x3f0 mm/gup.c:1860
__mm_populate+0x107/0x3a0 mm/gup.c:1963
mm_populate include/linux/mm.h:4137 [inline]
vm_mmap_pgoff+0x37f/0x470 mm/util.c:586
ksys_mmap_pgoff+0x285/0x610 mm/mmap.c:606
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&resv_map->rw_sema){++++}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
down_write+0x8b/0x1f0 kernel/locking/rwsem.c:1625
hugetlb_vma_lock_write mm/hugetlb.c:317 [inline]
hugetlb_vma_lock_write+0x109/0x140 mm/hugetlb.c:308
__hugetlb_zap_begin+0x1e9/0x2b0 mm/hugetlb.c:5319
hugetlb_zap_begin include/linux/hugetlb.h:256 [inline]
unmap_vmas+0x3dc/0x5f0 mm/memory.c:2161
unmap_region+0x1bc/0x3b0 mm/vma.c:488
vms_clear_ptes mm/vma.c:1303 [inline]
vms_clean_up_area mm/vma.c:1315 [inline]
__mmap_setup mm/vma.c:2476 [inline]
__mmap_region+0x1b06/0x2da0 mm/vma.c:2753
mmap_region+0x527/0x620 mm/vma.c:2857
do_mmap+0xc63/0x12f0 mm/mmap.c:560
vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
ksys_mmap_pgoff+0x285/0x610 mm/mmap.c:606
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&resv_map->rw_sema --> sk_lock-AF_INET6 --> &mm->mmap_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&mm->mmap_lock);
lock(sk_lock-AF_INET6);
lock(&mm->mmap_lock);
lock(&resv_map->rw_sema);
*** DEADLOCK ***
1 lock held by syz.1.2584/12855:
#0: ffff888036bb27f8 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
#0: ffff888036bb27f8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1f5/0x470 mm/util.c:579
stack backtrace:
CPU: 1 UID: 0 PID: 12855 Comm: syz.1.2584 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
print_circular_bug.cold+0x178/0x1c7 kernel/locking/lockdep.c:2043
check_noncircular+0x146/0x160 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
down_write+0x8b/0x1f0 kernel/locking/rwsem.c:1625
hugetlb_vma_lock_write mm/hugetlb.c:317 [inline]
hugetlb_vma_lock_write+0x109/0x140 mm/hugetlb.c:308
__hugetlb_zap_begin+0x1e9/0x2b0 mm/hugetlb.c:5319
hugetlb_zap_begin include/linux/hugetlb.h:256 [inline]
unmap_vmas+0x3dc/0x5f0 mm/memory.c:2161
unmap_region+0x1bc/0x3b0 mm/vma.c:488
vms_clear_ptes mm/vma.c:1303 [inline]
vms_clean_up_area mm/vma.c:1315 [inline]
__mmap_setup mm/vma.c:2476 [inline]
__mmap_region+0x1b06/0x2da0 mm/vma.c:2753
mmap_region+0x527/0x620 mm/vma.c:2857
do_mmap+0xc63/0x12f0 mm/mmap.c:560
vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
ksys_mmap_pgoff+0x285/0x610 mm/mmap.c:606
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4b06f9cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4b07db0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f4b07216090 RCX: 00007f4b06f9cdd9
RDX: 0000000000000002 RSI: 0000000000ff5000 RDI: 0000200000000000
RBP: 00007f4b07032d69 R08: ffffffffffffffff R09: 0000000000000000
R10: 000000000004c831 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4b07216128 R14: 00007f4b07216090 R15: 00007ffd8208af48
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
reply other threads:[~2026-05-12 9:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a02edcf.170a0220.7f9b3.000c.GAE@google.com \
--to=syzbot+bd6aaf99e8443d8a9034@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=muchun.song@linux.dev \
--cc=osalvador@suse.de \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.