[moderation/CI] Re: fuse: use iomap for buffered reads + readahead

[moderation/CI] Re: fuse: use iomap for buffered reads + readahead

[syzbot ci]

syzbot ci has tested the following series

[v3] fuse: use iomap for buffered reads + readahead
https://lore.kernel.org/all/20250916234425.1274735-1-joannelkoong@gmail.com
* [PATCH v3 01/15] iomap: move bio read logic into helper function
* [PATCH v3 02/15] iomap: move read/readahead bio submission logic into helper function
* [PATCH v3 03/15] iomap: store read/readahead bio generically
* [PATCH v3 04/15] iomap: iterate over entire folio in iomap_readpage_iter()
* [PATCH v3 05/15] iomap: rename iomap_readpage_iter() to iomap_read_folio_iter()
* [PATCH v3 06/15] iomap: rename iomap_readpage_ctx struct to iomap_read_folio_ctx
* [PATCH v3 07/15] iomap: track read/readahead folio ownership internally
* [PATCH v3 08/15] iomap: add public start/finish folio read helpers
* [PATCH v3 09/15] iomap: add caller-provided callbacks for read and readahead
* [PATCH v3 10/15] iomap: add bias for async read requests
* [PATCH v3 11/15] iomap: move buffered io bio logic into new file
* [PATCH v3 12/15] iomap: make iomap_read_folio() a void return
* [PATCH v3 13/15] fuse: use iomap for read_folio
* [PATCH v3 14/15] fuse: use iomap for readahead
* [PATCH v3 15/15] fuse: remove fc->blkbits workaround for partial writes

and found the following issues:
* WARNING in iomap_iter_advance
* WARNING in iomap_readahead
* kernel BUG in folio_end_read

Full report is available here:
https://ci.syzbot.org/series/6845596a-1ec9-4396-b9c4-48bddc606bef

***

WARNING in iomap_iter_advance

tree:      torvalds
URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
base:      f83ec76bf285bea5727f478a68b894f5543ca76e
arch:      amd64
compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
C repro:   https://ci.syzbot.org/findings/73807f10-d659-4291-84af-f982be7cabad/c_repro
syz repro: https://ci.syzbot.org/findings/73807f10-d659-4291-84af-f982be7cabad/syz_repro

loop0: detected capacity change from 0 to 16
erofs (device loop0): mounted with root inode @ nid 36.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5996 at fs/iomap/iter.c:22 iomap_iter_advance+0x2c1/0x2f0 fs/iomap/iter.c:22
Modules linked in:
CPU: 1 UID: 0 PID: 5996 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:iomap_iter_advance+0x2c1/0x2f0 fs/iomap/iter.c:22
Code: 74 08 4c 89 ef e8 2f f1 ce ff 49 89 5d 00 31 c0 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d e9 46 0c 29 09 cc e8 80 7d 6b ff 90 <0f> 0b 90 b8 fb ff ff ff eb dc 44 89 f9 80 e1 07 fe c1 38 c1 0f 8c
RSP: 0018:ffffc90002a6f118 EFLAGS: 00010293
RAX: ffffffff82543fe0 RBX: 0000000000001000 RCX: ffff88801ec80000
RDX: 0000000000000000 RSI: 0000000000000f8c RDI: 0000000000001000
RBP: 0000000000000074 R08: ffffea00043daf87 R09: 1ffffd400087b5f0
R10: dffffc0000000000 R11: fffff9400087b5f1 R12: 0000000000001000
R13: 0000000000000f8c R14: ffffc90002a6f340 R15: 0000000000000f8c
FS:  000055556dfe9500(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31563fff CR3: 00000000262da000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 iomap_read_folio_iter+0x614/0xb70 fs/iomap/buffered-io.c:424
 iomap_read_folio+0x2e7/0x570 fs/iomap/buffered-io.c:472
 iomap_bio_read_folio include/linux/iomap.h:589 [inline]
 erofs_read_folio+0x13c/0x2e0 fs/erofs/data.c:374
 filemap_read_folio+0x117/0x380 mm/filemap.c:2413
 do_read_cache_folio+0x350/0x590 mm/filemap.c:3957
 read_mapping_folio include/linux/pagemap.h:991 [inline]
 erofs_bread+0x46f/0x7f0 fs/erofs/data.c:40
 erofs_find_target_block fs/erofs/namei.c:103 [inline]
 erofs_namei+0x36b/0x1030 fs/erofs/namei.c:177
 erofs_lookup+0x148/0x340 fs/erofs/namei.c:206
 lookup_open fs/namei.c:3686 [inline]
 open_last_lookups fs/namei.c:3807 [inline]
 path_openat+0x1101/0x3830 fs/namei.c:4043
 do_filp_open+0x1fa/0x410 fs/namei.c:4073
 do_sys_openat2+0x121/0x1c0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f86ddb8eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff12610128 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f86dddd5fa0 RCX: 00007f86ddb8eba9
RDX: 0000000000043142 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007f86ddc11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f86dddd5fa0 R14: 00007f86dddd5fa0 R15: 0000000000000004
 </TASK>


***

WARNING in iomap_readahead

tree:      torvalds
URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
base:      f83ec76bf285bea5727f478a68b894f5543ca76e
arch:      amd64
compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
C repro:   https://ci.syzbot.org/findings/6ee3f719-e6ab-468c-92dc-e197c12d8171/c_repro
syz repro: https://ci.syzbot.org/findings/6ee3f719-e6ab-468c-92dc-e197c12d8171/syz_repro

XFS: noikeep mount option is deprecated.
XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
XFS (loop0): Ending clean mount
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5993 at fs/iomap/buffered-io.c:497 iomap_readahead_iter fs/iomap/buffered-io.c:497 [inline]
WARNING: CPU: 1 PID: 5993 at fs/iomap/buffered-io.c:497 iomap_readahead+0x5ed/0xa40 fs/iomap/buffered-io.c:541
Modules linked in:
CPU: 1 UID: 0 PID: 5993 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:iomap_readahead_iter fs/iomap/buffered-io.c:497 [inline]
RIP: 0010:iomap_readahead+0x5ed/0xa40 fs/iomap/buffered-io.c:541
Code: a5 ff eb 35 e8 14 55 6b ff 48 8b 5c 24 20 48 8b 44 24 28 42 80 3c 28 00 74 08 48 89 df e8 8b c8 ce ff 48 c7 03 00 00 00 00 90 <0f> 0b 90 bb ea ff ff ff eb 53 e8 e4 54 6b ff 48 8b 44 24 28 42 80
RSP: 0018:ffffc90003096260 EFLAGS: 00010246
RAX: 1ffff92000612c8d RBX: ffffc90003096468 RCX: ffff888024038000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc90003096430 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 0000000000000001
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
FS:  00005555761de500(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30f63fff CR3: 000000010defc000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 iomap_bio_readahead include/linux/iomap.h:600 [inline]
 xfs_vm_readahead+0x9f/0xe0 fs/xfs/xfs_aops.c:753
 read_pages+0x17a/0x580 mm/readahead.c:160
 page_cache_ra_order+0x8ca/0xd40 mm/readahead.c:512
 filemap_get_pages+0x43c/0x1ea0 mm/filemap.c:2603
 filemap_read+0x3f6/0x11a0 mm/filemap.c:2712
 xfs_file_buffered_read+0x1a2/0x350 fs/xfs/xfs_file.c:292
 xfs_file_read_iter+0x280/0x510 fs/xfs/xfs_file.c:317
 __kernel_read+0x4cf/0x960 fs/read_write.c:530
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x85e/0x16f0 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x428/0x8e0 security/integrity/ima/ima_api.c:293
 process_measurement+0x1121/0x1a40 security/integrity/ima/ima_main.c:405
 ima_file_check+0xd7/0x120 security/integrity/ima/ima_main.c:633
 security_file_post_open+0xbb/0x290 security/security.c:3160
 do_open fs/namei.c:3889 [inline]
 path_openat+0x2f26/0x3830 fs/namei.c:4046
 do_filp_open+0x1fa/0x410 fs/namei.c:4073
 do_sys_openat2+0x121/0x1c0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe33b38eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff93f3bee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fe33b5d5fa0 RCX: 00007fe33b38eba9
RDX: 0000000000183042 RSI: 0000200000000740 RDI: ffffffffffffff9c
RBP: 00007fe33b411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe33b5d5fa0 R14: 00007fe33b5d5fa0 R15: 0000000000000004
 </TASK>


***

kernel BUG in folio_end_read

tree:      torvalds
URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
base:      f83ec76bf285bea5727f478a68b894f5543ca76e
arch:      amd64
compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
C repro:   https://ci.syzbot.org/findings/caca928c-4ba3-49fe-b564-cbb9aeab1706/c_repro
syz repro: https://ci.syzbot.org/findings/caca928c-4ba3-49fe-b564-cbb9aeab1706/syz_repro

 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364
 do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
------------[ cut here ]------------
kernel BUG at mm/filemap.c:1525!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5995 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:folio_end_read+0x22e/0x230 mm/filemap.c:1525
Code: 24 c9 ff 48 89 df 48 c7 c6 20 3e 94 8b e8 5a 63 31 ff 90 0f 0b e8 62 24 c9 ff 48 89 df 48 c7 c6 80 36 94 8b e8 43 63 31 ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
RSP: 0018:ffffc9000336eec8 EFLAGS: 00010246
RAX: 3b63e53e8591b500 RBX: ffffea0000c47280 RCX: 0000000000000000
RDX: 0000000000000007 RSI: ffffffff8d9ba482 RDI: 00000000ffffffff
RBP: 0000000000000001 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 1ffffd4000188e51
R13: 1ffffd4000188e50 R14: ffffea0000c47288 R15: 0000000000000008
FS:  00005555827bc500(0000) GS:ffff8880b8615000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30d63fff CR3: 0000000027336000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 iomap_read_remove_bias fs/iomap/buffered-io.c:383 [inline]
 iomap_read_folio_iter+0x9af/0xb70 fs/iomap/buffered-io.c:448
 iomap_readahead_iter fs/iomap/buffered-io.c:500 [inline]
 iomap_readahead+0x632/0xa40 fs/iomap/buffered-io.c:541
 iomap_bio_readahead include/linux/iomap.h:600 [inline]
 xfs_vm_readahead+0x9f/0xe0 fs/xfs/xfs_aops.c:753
 read_pages+0x17a/0x580 mm/readahead.c:160
 page_cache_ra_order+0x8ca/0xd40 mm/readahead.c:512
 filemap_readahead mm/filemap.c:2572 [inline]
 filemap_get_pages+0xb22/0x1ea0 mm/filemap.c:2617
 filemap_splice_read+0x581/0xc60 mm/filemap.c:2991
 xfs_file_splice_read+0x2c4/0x600 fs/xfs/xfs_file.c:345
 do_splice_read fs/splice.c:982 [inline]
 splice_direct_to_actor+0x4a9/0xcc0 fs/splice.c:1086
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x181/0x270 fs/splice.c:1230
 do_sendfile+0x4da/0x7e0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64+0x13e/0x190 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f897438eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffec28881f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f89745d5fa0 RCX: 00007f897438eba9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
RBP: 00007f8974411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000e0000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f89745d5fa0 R14: 00007f89745d5fa0 R15: 0000000000000004
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_end_read+0x22e/0x230 mm/filemap.c:1525
Code: 24 c9 ff 48 89 df 48 c7 c6 20 3e 94 8b e8 5a 63 31 ff 90 0f 0b e8 62 24 c9 ff 48 89 df 48 c7 c6 80 36 94 8b e8 43 63 31 ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
RSP: 0018:ffffc9000336eec8 EFLAGS: 00010246
RAX: 3b63e53e8591b500 RBX: ffffea0000c47280 RCX: 0000000000000000
RDX: 0000000000000007 RSI: ffffffff8d9ba482 RDI: 00000000ffffffff
RBP: 0000000000000001 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 1ffffd4000188e51
R13: 1ffffd4000188e50 R14: ffffea0000c47288 R15: 0000000000000008
FS:  00005555827bc500(0000) GS:ffff8880b8615000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30d63fff CR3: 0000000027336000 CR4: 00000000000006f0


***

If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
  Tested-by: syzbot@syzkaller.appspotmail.com

---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@googlegroups.com.

The email will later be sent to:
[brauner@kernel.org djwong@kernel.org gfs2@lists.linux.dev hch@infradead.org hch@lst.de hsiangkao@linux.alibaba.com joannelkoong@gmail.com kernel-team@meta.com linux-block@vger.kernel.org linux-doc@vger.kernel.org linux-fsdevel@vger.kernel.org linux-xfs@vger.kernel.org miklos@szeredi.hu]

If the report looks fine to you, reply with:
#syz upstream

Re: [moderation/CI] Re: fuse: use iomap for buffered reads + readahead

[Aleksandr Nogikh]

#syz upstream


On Wed, Sep 17, 2025 at 5:42 AM syzbot ci
<syzbot+cicfaeab9b9c391431@syzkaller.appspotmail.com> wrote:
>
> syzbot ci has tested the following series
>
> [v3] fuse: use iomap for buffered reads + readahead
> https://lore.kernel.org/all/20250916234425.1274735-1-joannelkoong@gmail.com
> * [PATCH v3 01/15] iomap: move bio read logic into helper function
> * [PATCH v3 02/15] iomap: move read/readahead bio submission logic into helper function
> * [PATCH v3 03/15] iomap: store read/readahead bio generically
> * [PATCH v3 04/15] iomap: iterate over entire folio in iomap_readpage_iter()
> * [PATCH v3 05/15] iomap: rename iomap_readpage_iter() to iomap_read_folio_iter()
> * [PATCH v3 06/15] iomap: rename iomap_readpage_ctx struct to iomap_read_folio_ctx
> * [PATCH v3 07/15] iomap: track read/readahead folio ownership internally
> * [PATCH v3 08/15] iomap: add public start/finish folio read helpers
> * [PATCH v3 09/15] iomap: add caller-provided callbacks for read and readahead
> * [PATCH v3 10/15] iomap: add bias for async read requests
> * [PATCH v3 11/15] iomap: move buffered io bio logic into new file
> * [PATCH v3 12/15] iomap: make iomap_read_folio() a void return
> * [PATCH v3 13/15] fuse: use iomap for read_folio
> * [PATCH v3 14/15] fuse: use iomap for readahead
> * [PATCH v3 15/15] fuse: remove fc->blkbits workaround for partial writes
>
> and found the following issues:
> * WARNING in iomap_iter_advance
> * WARNING in iomap_readahead
> * kernel BUG in folio_end_read
>
> Full report is available here:
> https://ci.syzbot.org/series/6845596a-1ec9-4396-b9c4-48bddc606bef
>
> ***
>
> WARNING in iomap_iter_advance
>
> tree:      torvalds
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
> base:      f83ec76bf285bea5727f478a68b894f5543ca76e
> arch:      amd64
> compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
> C repro:   https://ci.syzbot.org/findings/73807f10-d659-4291-84af-f982be7cabad/c_repro
> syz repro: https://ci.syzbot.org/findings/73807f10-d659-4291-84af-f982be7cabad/syz_repro
>
> loop0: detected capacity change from 0 to 16
> erofs (device loop0): mounted with root inode @ nid 36.
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5996 at fs/iomap/iter.c:22 iomap_iter_advance+0x2c1/0x2f0 fs/iomap/iter.c:22
> Modules linked in:
> CPU: 1 UID: 0 PID: 5996 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> RIP: 0010:iomap_iter_advance+0x2c1/0x2f0 fs/iomap/iter.c:22
> Code: 74 08 4c 89 ef e8 2f f1 ce ff 49 89 5d 00 31 c0 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d e9 46 0c 29 09 cc e8 80 7d 6b ff 90 <0f> 0b 90 b8 fb ff ff ff eb dc 44 89 f9 80 e1 07 fe c1 38 c1 0f 8c
> RSP: 0018:ffffc90002a6f118 EFLAGS: 00010293
> RAX: ffffffff82543fe0 RBX: 0000000000001000 RCX: ffff88801ec80000
> RDX: 0000000000000000 RSI: 0000000000000f8c RDI: 0000000000001000
> RBP: 0000000000000074 R08: ffffea00043daf87 R09: 1ffffd400087b5f0
> R10: dffffc0000000000 R11: fffff9400087b5f1 R12: 0000000000001000
> R13: 0000000000000f8c R14: ffffc90002a6f340 R15: 0000000000000f8c
> FS:  000055556dfe9500(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b31563fff CR3: 00000000262da000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  iomap_read_folio_iter+0x614/0xb70 fs/iomap/buffered-io.c:424
>  iomap_read_folio+0x2e7/0x570 fs/iomap/buffered-io.c:472
>  iomap_bio_read_folio include/linux/iomap.h:589 [inline]
>  erofs_read_folio+0x13c/0x2e0 fs/erofs/data.c:374
>  filemap_read_folio+0x117/0x380 mm/filemap.c:2413
>  do_read_cache_folio+0x350/0x590 mm/filemap.c:3957
>  read_mapping_folio include/linux/pagemap.h:991 [inline]
>  erofs_bread+0x46f/0x7f0 fs/erofs/data.c:40
>  erofs_find_target_block fs/erofs/namei.c:103 [inline]
>  erofs_namei+0x36b/0x1030 fs/erofs/namei.c:177
>  erofs_lookup+0x148/0x340 fs/erofs/namei.c:206
>  lookup_open fs/namei.c:3686 [inline]
>  open_last_lookups fs/namei.c:3807 [inline]
>  path_openat+0x1101/0x3830 fs/namei.c:4043
>  do_filp_open+0x1fa/0x410 fs/namei.c:4073
>  do_sys_openat2+0x121/0x1c0 fs/open.c:1435
>  do_sys_open fs/open.c:1450 [inline]
>  __do_sys_openat fs/open.c:1466 [inline]
>  __se_sys_openat fs/open.c:1461 [inline]
>  __x64_sys_openat+0x138/0x170 fs/open.c:1461
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f86ddb8eba9
> Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fff12610128 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
> RAX: ffffffffffffffda RBX: 00007f86dddd5fa0 RCX: 00007f86ddb8eba9
> RDX: 0000000000043142 RSI: 0000200000000040 RDI: ffffffffffffff9c
> RBP: 00007f86ddc11e19 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f86dddd5fa0 R14: 00007f86dddd5fa0 R15: 0000000000000004
>  </TASK>
>
>
> ***
>
> WARNING in iomap_readahead
>
> tree:      torvalds
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
> base:      f83ec76bf285bea5727f478a68b894f5543ca76e
> arch:      amd64
> compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
> C repro:   https://ci.syzbot.org/findings/6ee3f719-e6ab-468c-92dc-e197c12d8171/c_repro
> syz repro: https://ci.syzbot.org/findings/6ee3f719-e6ab-468c-92dc-e197c12d8171/syz_repro
>
> XFS: noikeep mount option is deprecated.
> XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
> XFS (loop0): Ending clean mount
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5993 at fs/iomap/buffered-io.c:497 iomap_readahead_iter fs/iomap/buffered-io.c:497 [inline]
> WARNING: CPU: 1 PID: 5993 at fs/iomap/buffered-io.c:497 iomap_readahead+0x5ed/0xa40 fs/iomap/buffered-io.c:541
> Modules linked in:
> CPU: 1 UID: 0 PID: 5993 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> RIP: 0010:iomap_readahead_iter fs/iomap/buffered-io.c:497 [inline]
> RIP: 0010:iomap_readahead+0x5ed/0xa40 fs/iomap/buffered-io.c:541
> Code: a5 ff eb 35 e8 14 55 6b ff 48 8b 5c 24 20 48 8b 44 24 28 42 80 3c 28 00 74 08 48 89 df e8 8b c8 ce ff 48 c7 03 00 00 00 00 90 <0f> 0b 90 bb ea ff ff ff eb 53 e8 e4 54 6b ff 48 8b 44 24 28 42 80
> RSP: 0018:ffffc90003096260 EFLAGS: 00010246
> RAX: 1ffff92000612c8d RBX: ffffc90003096468 RCX: ffff888024038000
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
> RBP: ffffc90003096430 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
> R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 0000000000000001
> R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
> FS:  00005555761de500(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b30f63fff CR3: 000000010defc000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  iomap_bio_readahead include/linux/iomap.h:600 [inline]
>  xfs_vm_readahead+0x9f/0xe0 fs/xfs/xfs_aops.c:753
>  read_pages+0x17a/0x580 mm/readahead.c:160
>  page_cache_ra_order+0x8ca/0xd40 mm/readahead.c:512
>  filemap_get_pages+0x43c/0x1ea0 mm/filemap.c:2603
>  filemap_read+0x3f6/0x11a0 mm/filemap.c:2712
>  xfs_file_buffered_read+0x1a2/0x350 fs/xfs/xfs_file.c:292
>  xfs_file_read_iter+0x280/0x510 fs/xfs/xfs_file.c:317
>  __kernel_read+0x4cf/0x960 fs/read_write.c:530
>  integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
>  ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
>  ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
>  ima_calc_file_hash+0x85e/0x16f0 security/integrity/ima/ima_crypto.c:568
>  ima_collect_measurement+0x428/0x8e0 security/integrity/ima/ima_api.c:293
>  process_measurement+0x1121/0x1a40 security/integrity/ima/ima_main.c:405
>  ima_file_check+0xd7/0x120 security/integrity/ima/ima_main.c:633
>  security_file_post_open+0xbb/0x290 security/security.c:3160
>  do_open fs/namei.c:3889 [inline]
>  path_openat+0x2f26/0x3830 fs/namei.c:4046
>  do_filp_open+0x1fa/0x410 fs/namei.c:4073
>  do_sys_openat2+0x121/0x1c0 fs/open.c:1435
>  do_sys_open fs/open.c:1450 [inline]
>  __do_sys_openat fs/open.c:1466 [inline]
>  __se_sys_openat fs/open.c:1461 [inline]
>  __x64_sys_openat+0x138/0x170 fs/open.c:1461
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7fe33b38eba9
> Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fff93f3bee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
> RAX: ffffffffffffffda RBX: 00007fe33b5d5fa0 RCX: 00007fe33b38eba9
> RDX: 0000000000183042 RSI: 0000200000000740 RDI: ffffffffffffff9c
> RBP: 00007fe33b411e19 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007fe33b5d5fa0 R14: 00007fe33b5d5fa0 R15: 0000000000000004
>  </TASK>
>
>
> ***
>
> kernel BUG in folio_end_read
>
> tree:      torvalds
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
> base:      f83ec76bf285bea5727f478a68b894f5543ca76e
> arch:      amd64
> compiler:  Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> config:    https://ci.syzbot.org/builds/4ec82322-3509-4b63-9881-f639f1b61f20/config
> C repro:   https://ci.syzbot.org/findings/caca928c-4ba3-49fe-b564-cbb9aeab1706/c_repro
> syz repro: https://ci.syzbot.org/findings/caca928c-4ba3-49fe-b564-cbb9aeab1706/syz_repro
>
>  handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364
>  do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387
>  handle_page_fault arch/x86/mm/fault.c:1476 [inline]
>  exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
>  asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
> ------------[ cut here ]------------
> kernel BUG at mm/filemap.c:1525!
> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> CPU: 0 UID: 0 PID: 5995 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> RIP: 0010:folio_end_read+0x22e/0x230 mm/filemap.c:1525
> Code: 24 c9 ff 48 89 df 48 c7 c6 20 3e 94 8b e8 5a 63 31 ff 90 0f 0b e8 62 24 c9 ff 48 89 df 48 c7 c6 80 36 94 8b e8 43 63 31 ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
> RSP: 0018:ffffc9000336eec8 EFLAGS: 00010246
> RAX: 3b63e53e8591b500 RBX: ffffea0000c47280 RCX: 0000000000000000
> RDX: 0000000000000007 RSI: ffffffff8d9ba482 RDI: 00000000ffffffff
> RBP: 0000000000000001 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
> R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 1ffffd4000188e51
> R13: 1ffffd4000188e50 R14: ffffea0000c47288 R15: 0000000000000008
> FS:  00005555827bc500(0000) GS:ffff8880b8615000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b30d63fff CR3: 0000000027336000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  iomap_read_remove_bias fs/iomap/buffered-io.c:383 [inline]
>  iomap_read_folio_iter+0x9af/0xb70 fs/iomap/buffered-io.c:448
>  iomap_readahead_iter fs/iomap/buffered-io.c:500 [inline]
>  iomap_readahead+0x632/0xa40 fs/iomap/buffered-io.c:541
>  iomap_bio_readahead include/linux/iomap.h:600 [inline]
>  xfs_vm_readahead+0x9f/0xe0 fs/xfs/xfs_aops.c:753
>  read_pages+0x17a/0x580 mm/readahead.c:160
>  page_cache_ra_order+0x8ca/0xd40 mm/readahead.c:512
>  filemap_readahead mm/filemap.c:2572 [inline]
>  filemap_get_pages+0xb22/0x1ea0 mm/filemap.c:2617
>  filemap_splice_read+0x581/0xc60 mm/filemap.c:2991
>  xfs_file_splice_read+0x2c4/0x600 fs/xfs/xfs_file.c:345
>  do_splice_read fs/splice.c:982 [inline]
>  splice_direct_to_actor+0x4a9/0xcc0 fs/splice.c:1086
>  do_splice_direct_actor fs/splice.c:1204 [inline]
>  do_splice_direct+0x181/0x270 fs/splice.c:1230
>  do_sendfile+0x4da/0x7e0 fs/read_write.c:1370
>  __do_sys_sendfile64 fs/read_write.c:1431 [inline]
>  __se_sys_sendfile64+0x13e/0x190 fs/read_write.c:1417
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f897438eba9
> Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffec28881f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
> RAX: ffffffffffffffda RBX: 00007f89745d5fa0 RCX: 00007f897438eba9
> RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
> RBP: 00007f8974411e19 R08: 0000000000000000 R09: 0000000000000000
> R10: 00000000e0000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f89745d5fa0 R14: 00007f89745d5fa0 R15: 0000000000000004
>  </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:folio_end_read+0x22e/0x230 mm/filemap.c:1525
> Code: 24 c9 ff 48 89 df 48 c7 c6 20 3e 94 8b e8 5a 63 31 ff 90 0f 0b e8 62 24 c9 ff 48 89 df 48 c7 c6 80 36 94 8b e8 43 63 31 ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
> RSP: 0018:ffffc9000336eec8 EFLAGS: 00010246
> RAX: 3b63e53e8591b500 RBX: ffffea0000c47280 RCX: 0000000000000000
> RDX: 0000000000000007 RSI: ffffffff8d9ba482 RDI: 00000000ffffffff
> RBP: 0000000000000001 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
> R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: 1ffffd4000188e51
> R13: 1ffffd4000188e50 R14: ffffea0000c47288 R15: 0000000000000008
> FS:  00005555827bc500(0000) GS:ffff8880b8615000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b30d63fff CR3: 0000000027336000 CR4: 00000000000006f0
>
>
> ***
>
> If these findings have caused you to resend the series or submit a
> separate fix, please add the following tag to your commit message:
>   Tested-by: syzbot@syzkaller.appspotmail.com
>
> ---
> This report is generated by a bot. It may contain errors.
> syzbot ci engineers can be reached at syzkaller@googlegroups.com.
>
> The email will later be sent to:
> [brauner@kernel.org djwong@kernel.org gfs2@lists.linux.dev hch@infradead.org hch@lst.de hsiangkao@linux.alibaba.com joannelkoong@gmail.com kernel-team@meta.com linux-block@vger.kernel.org linux-doc@vger.kernel.org linux-fsdevel@vger.kernel.org linux-xfs@vger.kernel.org miklos@szeredi.hu]
>
> If the report looks fine to you, reply with:
> #syz upstream
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-moderation+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/68ca2e33.050a0220.2ff435.04b7.GAE%40google.com.