Re: [syzbot] [mm?] general protection fault in zap_huge_pmd
From: Lorenzo Stoakes (Oracle)
Date: Thu Mar 19 2026 - 04:55:05 EST
On Thu, Mar 19, 2026 at 07:45:53AM +0200, Mike Rapoport wrote:
> On Wed, Mar 18, 2026 at 05:26:32PM +0000, Lorenzo Stoakes (Oracle) wrote:
> > +cc Mike for uffd, Harry for fix that also resolves this, see below
> >
> > On Wed, Mar 18, 2026 at 08:03:22AM -0700, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit: b84a0ebe421c Add linux-next specific files for 20260313
> >
> > For some reason I have to git pull --tags to get this... commit hash locally?
> > Strange.
> >
> > > git tree: linux-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=119ddd52580000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=e7280ad1f68b2dce
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=de14f7701c22477db718
> > > compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173b44da580000
> > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1537b8da580000
> >
> > @SYZKALLER guys:
> >
> > Note: the repro is incorrectly labelling;
> >
> > // ioctl$UFFDIO_CONTINUE arguments: [
> > // fd: fd_uffd (resource)
> > // cmd: const = 0xc020aa08 (4 bytes)
> >
> > as UFFDIO_CONTINUE (0x7), it's actually UFFDIO_POISION (0x8) as you can see
> > from least-significant byte.
> >
> > It's also stating things like mmap flags wrong e.g.:
> >
> > /*flags=MAP_UNINITIALIZED|MAP_POPULATE|MAP_NORESERVE|MAP_NONBLOCK|MAP_HUGETLB|0x8c4b815a506002b2*/
> > 0x8c4b815a5465c2b2ul,
>
> As Andrey Vagin pointed off-list, you can run strace repro and see the
> syscall arguments quite nicely :-)
Yeah, but we really shouldn't need to have to :)
>
> > So Harry's fix resolves this,
>
> and that's the important bit ;-P
Yep
>
> > but we should handle this case better in zap_huge_pmd(), I will send a
> > patch for that.
And already did this ^ :)
>
> > Cheers, Lorenzo
>
> --
> Sincerely yours,
> Mike.
Cheers, Lorenzo