Commit 00fbff75c5ac for kernel

commit 00fbff75c5acb4755f06f08bd1071879c63940c5
Author: Sourabh Jain <sourabhjain@linux.ibm.com>
Date:   Sun Nov 2 01:07:41 2025 +0530

    crash: fix crashkernel resource shrink

    When crashkernel is configured with a high reservation, shrinking its
    value below the low crashkernel reservation causes two issues:

    1. Invalid crashkernel resource objects
    2. Kernel crash if crashkernel shrinking is done twice

    For example, with crashkernel=200M,high, the kernel reserves 200MB of high
    memory and some default low memory (say 256MB).  The reservation appears
    as:

    cat /proc/iomem | grep -i crash
    af000000-beffffff : Crash kernel
    433000000-43f7fffff : Crash kernel

    If crashkernel is then shrunk to 50MB (echo 52428800 >
    /sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved:
    af000000-beffffff : Crash kernel

    Instead, it should show 50MB:
    af000000-b21fffff : Crash kernel

    Further shrinking crashkernel to 40MB causes a kernel crash with the
    following trace (x86):

    BUG: kernel NULL pointer dereference, address: 0000000000000038
    PGD 0 P4D 0
    Oops: 0000 [#1] PREEMPT SMP NOPTI
    <snip...>
    Call Trace: <TASK>
    ? __die_body.cold+0x19/0x27
    ? page_fault_oops+0x15a/0x2f0
    ? search_module_extables+0x19/0x60
    ? search_bpf_extables+0x5f/0x80
    ? exc_page_fault+0x7e/0x180
    ? asm_exc_page_fault+0x26/0x30
    ? __release_resource+0xd/0xb0
    release_resource+0x26/0x40
    __crash_shrink_memory+0xe5/0x110
    crash_shrink_memory+0x12a/0x190
    kexec_crash_size_store+0x41/0x80
    kernfs_fop_write_iter+0x141/0x1f0
    vfs_write+0x294/0x460
    ksys_write+0x6d/0xf0
    <snip...>

    This happens because __crash_shrink_memory()/kernel/crash_core.c
    incorrectly updates the crashk_res resource object even when
    crashk_low_res should be updated.

    Fix this by ensuring the correct crashkernel resource object is updated
    when shrinking crashkernel memory.

    Link: https://lkml.kernel.org/r/20251101193741.289252-1-sourabhjain@linux.ibm.com
    Fixes: 16c6006af4d4 ("kexec: enable kexec_crash_size to support two crash kernel regions")
    Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
    Acked-by: Baoquan He <bhe@redhat.com>
    Cc: Zhen Lei <thunder.leizhen@huawei.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index 3b1c43382eec..99dac1aa972a 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -373,7 +373,7 @@ static int __crash_shrink_memory(struct resource *old_res,
 		old_res->start = 0;
 		old_res->end   = 0;
 	} else {
-		crashk_res.end = ram_res->start - 1;
+		old_res->end = ram_res->start - 1;
 	}

 	crash_free_reserved_phys_range(ram_res->start, ram_res->end);