Re: [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com>
To: dileepsankhla.ds@gmail.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio
Date: Tue, 04 Nov 2025 01:40:03 -0800	[thread overview]
Message-ID: <6909c9f3.050a0220.98a6.00aa.GAE@google.com> (raw)
In-Reply-To: <CAHxc4buC59r-8V89TqXQPT-PnfSed4YU17Okc8jnX5hek22bwA@mail.gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in mpage_readahead

------------[ cut here ]------------
kernel BUG at ./include/linux/pagemap.h:1398!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 15896 Comm: syz.2.4490 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:__readahead_folio include/linux/pagemap.h:1398 [inline]
RIP: 0010:readahead_folio include/linux/pagemap.h:1424 [inline]
RIP: 0010:mpage_readahead+0x399/0x590 fs/mpage.c:367
Code: 24 84 c0 74 08 3c 03 0f 8e 61 01 00 00 44 8b 7b 20 89 ef 44 89 fe e8 f6 a2 72 ff 41 39 ef 0f 83 9f fd ff ff e8 68 a8 72 ff 90 <0f> 0b e8 60 a8 72 ff 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1
RSP: 0018:ffffc90010c6f640 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffc90010c6faf8 RCX: ffffffff8248e65a
RDX: ffff888029b1c880 RSI: ffffffff8248e668 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000004 R09: 0000000000000004
R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc90010c6fb1c R14: fffff5200218df63 R15: 0000000000000001
FS:  000055555fc7a500(0000) GS:ffff8881246b5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2dc63fff CR3: 0000000029c5c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 read_pages+0x1c4/0xc70 mm/readahead.c:160
 page_cache_ra_unbounded+0x5d2/0x7d0 mm/readahead.c:264
 do_page_cache_ra mm/readahead.c:327 [inline]
 page_cache_ra_order+0xa28/0xd60 mm/readahead.c:532
 do_sync_mmap_readahead mm/filemap.c:3304 [inline]
 filemap_fault+0x152e/0x2930 mm/filemap.c:3445
 __do_fault+0x10d/0x490 mm/memory.c:5152
 do_shared_fault mm/memory.c:5637 [inline]
 do_fault mm/memory.c:5711 [inline]
 do_pte_missing+0x1a6/0x3ba0 mm/memory.c:4234
 handle_pte_fault mm/memory.c:6052 [inline]
 __handle_mm_fault+0x152a/0x2a50 mm/memory.c:6195
 handle_mm_fault+0x589/0xd10 mm/memory.c:6364
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x5c/0xb0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7ffbdbb58088
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007fff9dac8778 EFLAGS: 00010202
RAX: 0000200000000080 RBX: 0000000000000004 RCX: 0030626c6c756e2f
RDX: 000000000000000c RSI: 6c756e2f7665642f RDI: 0000200000000080
RBP: 00007ffbdbdd7da0 R08: 0000001b2eb20000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007ffbdbdd5fac
R13: 00007ffbdbdd5fa0 R14: fffffffffffffffe R15: 00007fff9dac8890
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__readahead_folio include/linux/pagemap.h:1398 [inline]
RIP: 0010:readahead_folio include/linux/pagemap.h:1424 [inline]
RIP: 0010:mpage_readahead+0x399/0x590 fs/mpage.c:367
Code: 24 84 c0 74 08 3c 03 0f 8e 61 01 00 00 44 8b 7b 20 89 ef 44 89 fe e8 f6 a2 72 ff 41 39 ef 0f 83 9f fd ff ff e8 68 a8 72 ff 90 <0f> 0b e8 60 a8 72 ff 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1
RSP: 0018:ffffc90010c6f640 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffc90010c6faf8 RCX: ffffffff8248e65a
RDX: ffff888029b1c880 RSI: ffffffff8248e668 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000004 R09: 0000000000000004
R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc90010c6fb1c R14: fffff5200218df63 R15: 0000000000000001
FS:  000055555fc7a500(0000) GS:ffff8881246b5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555704e95c8 CR3: 0000000029c5c000 CR4: 00000000003526f0


Tested on:

commit:         9dd1835e Merge tag 'dma-mapping-6.17-2025-09-09' of gi..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10cdc114580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c53bac41b8ca5327
dashboard link: https://syzkaller.appspot.com/bug?extid=4d3cc33ef7a77041efa6
compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=103ee342580000

next      parent reply	other threads:[~2025-11-04  9:40 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAHxc4buC59r-8V89TqXQPT-PnfSed4YU17Okc8jnX5hek22bwA@mail.gmail.com>
2025-11-04  9:40 ` syzbot [this message]
2025-12-10 11:55   ` [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio Dileep Sankhla
2025-12-10 12:22     ` syzbot
     [not found] <CAD3jPMoXJuoiMRoGkVH9gtmDV6m6+S8u8uZS3by9ECJ1ahjBHw@mail.gmail.com>
2026-03-24 20:07 ` syzbot
2025-12-16 12:05 [PATCH] mm/readahead: read min folio constraints under invalidate lock Jinchao Wang
2025-12-16 12:28 ` [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio syzbot
     [not found] <CAHxc4btH53u7Y3DRFmaiF3-pqumZi1swOgEi0r2_4=bTnKfjSw@mail.gmail.com>
2025-10-11 12:14 ` syzbot
  -- strict thread matches above, loose matches on Subject: below --
2025-04-25  1:19 syzbot
2025-11-30 15:03 ` shaurya
2025-11-30 15:51   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6909c9f3.050a0220.98a6.00aa.GAE@google.com \
    --to=syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com \
    --cc=dileepsankhla.ds@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.