* [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted
@ 2025-08-01 17:38 syzbot
2025-08-04 8:18 ` David Hildenbrand
2025-08-04 9:40 ` Hillf Danton
0 siblings, 2 replies; 5+ messages in thread
From: syzbot @ 2025-08-01 17:38 UTC (permalink / raw)
To: akpm, almaz.alexandrovich, apopple, byungchul, david, gourry,
joshua.hahnjy, linux-kernel, linux-mm, matthew.brost, ntfs3,
rakie.kim, syzkaller-bugs, ying.huang, ziy
Hello,
syzbot found the following issue on:
HEAD commit: 260f6f4fda93 Merge tag 'drm-next-2025-07-30' of https://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15c31834580000
kernel config: https://syzkaller.appspot.com/x/.config?x=bb7581d3fb1bb0d7
dashboard link: https://syzkaller.appspot.com/bug?extid=2a0d2af125c01db73079
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=149062a2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1fce1d4d56ce/disk-260f6f4f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/01688cdba884/vmlinux-260f6f4f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eba9b2f77e6a/bzImage-260f6f4f.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/95ad5335ac08/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a0d2af125c01db73079@syzkaller.appspotmail.com
do_group_exit+0x21c/0x2d0 kernel/exit.c:1105
__do_sys_exit_group kernel/exit.c:1116 [inline]
__se_sys_exit_group kernel/exit.c:1114 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1114
x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
------------[ cut here ]------------
kernel BUG at mm/internal.h:491!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 7687 Comm: syz.0.738 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)}
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:set_page_refcounted+0x142/0x1e0 mm/internal.h:491
Code: 48 89 d8 48 25 ff 0f 00 00 74 21 e8 18 4e a4 ff e9 2c ff ff ff e8 0e 4e a4 ff 48 89 df 48 c7 c6 a0 47 17 8b e8 4f 05 e9 ff 90 <0f> 0b 48 89 df be 08 00 00 00 e8 3f 27 03 00 48 89 d8 48 c1 e8 03
RSP: 0018:ffffc900065f7670 EFLAGS: 00010246
RAX: 0ebb44fe4874cf00 RBX: ffffea00011839ff RCX: 0ebb44fe4874cf00
RDX: 0000000000000001 RSI: ffffffff8d1dbecc RDI: ffff88802f581dc0
RBP: 00000000000000ff R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffffd4000230746
R13: 0000000000000000 R14: ffffea0001183a33 R15: dffffc0000000000
FS: 00007f4368d266c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feecfc73000 CR3: 0000000034c06000 CR4: 00000000003526f0
Call Trace:
<TASK>
alloc_pages_noprof+0xe4/0x1e0 mm/mempolicy.c:2513
folio_alloc_noprof+0x22/0xc0 mm/mempolicy.c:2520
filemap_alloc_folio_noprof+0xdf/0x510 mm/filemap.c:1007
do_read_cache_folio+0x1c0/0x560 mm/filemap.c:3885
do_read_cache_page mm/filemap.c:3989 [inline]
read_cache_page+0x5d/0x170 mm/filemap.c:3998
read_mapping_page include/linux/pagemap.h:993 [inline]
inode_read_data+0xa7/0x480 fs/ntfs3/inode.c:1054
ntfs_fill_super+0x39c8/0x40b0 fs/ntfs3/super.c:1533
get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1692
vfs_get_tree+0x8f/0x2b0 fs/super.c:1815
do_new_mount+0x2a2/0x9e0 fs/namespace.c:3805
do_mount fs/namespace.c:4133 [inline]
__do_sys_mount fs/namespace.c:4344 [inline]
__se_sys_mount+0x317/0x410 fs/namespace.c:4321
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4369ac030a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4368d25e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4368d25ef0 RCX: 00007f4369ac030a
RDX: 0000200000000080 RSI: 000020000001f740 RDI: 00007f4368d25eb0
RBP: 0000200000000080 R08: 00007f4368d25ef0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000020000001f740
R13: 00007f4368d25eb0 R14: 000000000001f771 R15: 0000200000000100
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:set_page_refcounted+0x142/0x1e0 mm/internal.h:491
Code: 48 89 d8 48 25 ff 0f 00 00 74 21 e8 18 4e a4 ff e9 2c ff ff ff e8 0e 4e a4 ff 48 89 df 48 c7 c6 a0 47 17 8b e8 4f 05 e9 ff 90 <0f> 0b 48 89 df be 08 00 00 00 e8 3f 27 03 00 48 89 d8 48 c1 e8 03
RSP: 0018:ffffc900065f7670 EFLAGS: 00010246
RAX: 0ebb44fe4874cf00 RBX: ffffea00011839ff RCX: 0ebb44fe4874cf00
RDX: 0000000000000001 RSI: ffffffff8d1dbecc RDI: ffff88802f581dc0
RBP: 00000000000000ff R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffffd4000230746
R13: 0000000000000000 R14: ffffea0001183a33 R15: dffffc0000000000
FS: 00007f4368d266c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feecfc73000 CR3: 0000000034c06000 CR4: 00000000003526f0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted
2025-08-01 17:38 [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted syzbot
@ 2025-08-04 8:18 ` David Hildenbrand
2025-08-04 9:40 ` Hillf Danton
1 sibling, 0 replies; 5+ messages in thread
From: David Hildenbrand @ 2025-08-04 8:18 UTC (permalink / raw)
To: syzbot, akpm, almaz.alexandrovich, apopple, byungchul, gourry,
joshua.hahnjy, linux-kernel, linux-mm, matthew.brost, ntfs3,
rakie.kim, syzkaller-bugs, ying.huang, ziy
On 01.08.25 19:38, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 260f6f4fda93 Merge tag 'drm-next-2025-07-30' of https://gi..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15c31834580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bb7581d3fb1bb0d7
> dashboard link: https://syzkaller.appspot.com/bug?extid=2a0d2af125c01db73079
> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=149062a2580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/1fce1d4d56ce/disk-260f6f4f.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/01688cdba884/vmlinux-260f6f4f.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/eba9b2f77e6a/bzImage-260f6f4f.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/95ad5335ac08/mount_0.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2a0d2af125c01db73079@syzkaller.appspotmail.com
>
> do_group_exit+0x21c/0x2d0 kernel/exit.c:1105
> __do_sys_exit_group kernel/exit.c:1116 [inline]
> __se_sys_exit_group kernel/exit.c:1114 [inline]
> __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1114
> x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> ------------[ cut here ]------------
> kernel BUG at mm/internal.h:491!
VM_BUG_ON_PAGE(page_ref_count(page), page);
We seem to have page with a non-zero refcount in the buddy.
The Oops below has a VM_BUG_ON_PAGE before it
[ 531.894112][ [ 531.894112][ T7687] page: refcount:255 mapcount:-255 mapping:0000000000000000 index:0x0 pfn:0x460e7
[ 531.894153][ T7687] head: order:0 mapcount:420858112 entire_mapcount:1009385984 nr_pages_mapped:6946817 pincount:-7831513
[ 531.894176][ T7687] flags: 0x80000000000000ff(locked|waiters|referenced|uptodate|dirty|lru|writeback|head|node=32|zone=0)
[ 531.894219][ T7687] raw: 80000000000000ff 0000000000000000 ad00000000012200 00000000000000de
[ 531.894240][ T7687] raw: 0000000000000000 0000000000000000 000000ffffffff00 0000000000000000
[ 531.894261][ T7687] head: 80000000000000ff 0000000000000000 ad00000000012200 00000000000000de
[ 531.894282][ T7687] head: 0000000000000000 0000000000000000 000000ffffffff00 0000000000000000
[ 531.894306][ T7687] head: 8000000002082800 ffea000118504800 ffea00011915c8ff ff8880273c2a01ff
[ 531.894327][ T7687] head: 0000000c0089feff 0000000000000000 0000010000000000 ff88801aae000000
[ 531.894341][ T7687] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page))
[ 531.894363][ T7687] page_owner tracks the page as allocated
[ 531.894372][ T7687] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 7405, tgid 7405 (udevd), ts 508249020508, free_ts 508221042792
[ 531.894410][ T7687] post_alloc_hook+0x240/0x2a0
[ 531.894458][ T7687] get_page_from_freelist+0x2119/0x21b0
[ 531.894479][ T7687] __alloc_frozen_pages_noprof+0x181/0x370
[ 531.894502][ T7687] alloc_pages_mpol+0xd1/0x380
[ 531.894531][ T7687] vma_alloc_folio_noprof+0xe4/0x280
[ 531.894560][ T7687] folio_prealloc+0x30/0x180
[ 531.894594][ T7687] do_wp_page+0x11ee/0x4910
[ 531.894623][ T7687] handle_mm_fault+0x97c/0x3400
[ 531.894652][ T7687] do_user_addr_fault+0xa81/0x1390
[ 531.894676][ T7687] exc_page_fault+0x76/0xf0
[ 531.894700][ T7687] asm_exc_page_fault+0x26/0x30
[ 531.894722][ T7687] page last free pid 7403 tgid 7403 stack trace:
[ 531.894735][ T7687] free_unref_folios+0xc8b/0x14e0
[ 531.894775][ T7687] folios_put_refs+0x569/0x670
[ 531.894811][ T7687] free_pages_and_swap_cache+0x277/0x520
[ 531.894832][ T7687] tlb_flush_mmu+0x3a0/0x680
[ 531.894851][ T7687] tlb_finish_mmu+0xc3/0x1d0
[ 531.894872][ T7687] exit_mmap+0x44c/0xb50
[ 531.894902][ T7687] __mmput+0xcb/0x3d0
[ 531.894924][ T7687] exit_mm+0x1da/0x2c0
[ 531.894954][ T7687] do_exit+0x648/0x2300
[ 531.894986][ T7687] do_group_exit+0x21c/0x2d0
[ 531.895018][ T7687] __x64_sys_exit_group+0x3f/0x40
[ 531.895050][ T7687] x64_sys_call+0x21f7/0x2200
[ 531.895086][ T7687] do_syscall_64+0xfa/0x3b0
[ 531.895114][ T7687] entry_SYSCALL_64_after_hwframe+0x77/0x7f
Looks quite messy "page_owner tracks the page as allocated" seems to imply that the page is indeed still
allocated.
> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> CPU: 1 UID: 0 PID: 7687 Comm: syz.0.738 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)}
> Tainted: [W]=WARN
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
> RIP: 0010:set_page_refcounted+0x142/0x1e0 mm/internal.h:491
> Code: 48 89 d8 48 25 ff 0f 00 00 74 21 e8 18 4e a4 ff e9 2c ff ff ff e8 0e 4e a4 ff 48 89 df 48 c7 c6 a0 47 17 8b e8 4f 05 e9 ff 90 <0f> 0b 48 89 df be 08 00 00 00 e8 3f 27 03 00 48 89 d8 48 c1 e8 03
> RSP: 0018:ffffc900065f7670 EFLAGS: 00010246
> RAX: 0ebb44fe4874cf00 RBX: ffffea00011839ff RCX: 0ebb44fe4874cf00
> RDX: 0000000000000001 RSI: ffffffff8d1dbecc RDI: ffff88802f581dc0
> RBP: 00000000000000ff R08: 0000000000000000 R09: 0000000000000000
> R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffffd4000230746
> R13: 0000000000000000 R14: ffffea0001183a33 R15: dffffc0000000000
> FS: 00007f4368d266c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007feecfc73000 CR3: 0000000034c06000 CR4: 00000000003526f0
> Call Trace:
> <TASK>
> alloc_pages_noprof+0xe4/0x1e0 mm/mempolicy.c:2513
> folio_alloc_noprof+0x22/0xc0 mm/mempolicy.c:2520
> filemap_alloc_folio_noprof+0xdf/0x510 mm/filemap.c:1007
> do_read_cache_folio+0x1c0/0x560 mm/filemap.c:3885
> do_read_cache_page mm/filemap.c:3989 [inline]
> read_cache_page+0x5d/0x170 mm/filemap.c:3998
> read_mapping_page include/linux/pagemap.h:993 [inline]
> inode_read_data+0xa7/0x480 fs/ntfs3/inode.c:1054
> ntfs_fill_super+0x39c8/0x40b0 fs/ntfs3/super.c:1533
> get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1692
> vfs_get_tree+0x8f/0x2b0 fs/super.c:1815
> do_new_mount+0x2a2/0x9e0 fs/namespace.c:3805
> do_mount fs/namespace.c:4133 [inline]
> __do_sys_mount fs/namespace.c:4344 [inline]
> __se_sys_mount+0x317/0x410 fs/namespace.c:4321
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f4369ac030a
> Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007f4368d25e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 00007f4368d25ef0 RCX: 00007f4369ac030a
> RDX: 0000200000000080 RSI: 000020000001f740 RDI: 00007f4368d25eb0
> RBP: 0000200000000080 R08: 00007f4368d25ef0 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 000020000001f740
> R13: 00007f4368d25eb0 R14: 000000000001f771 R15: 0000200000000100
> </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:set_page_refcounted+0x142/0x1e0 mm/internal.h:491
> Code: 48 89 d8 48 25 ff 0f 00 00 74 21 e8 18 4e a4 ff e9 2c ff ff ff e8 0e 4e a4 ff 48 89 df 48 c7 c6 a0 47 17 8b e8 4f 05 e9 ff 90 <0f> 0b 48 89 df be 08 00 00 00 e8 3f 27 03 00 48 89 d8 48 c1 e8 03
> RSP: 0018:ffffc900065f7670 EFLAGS: 00010246
> RAX: 0ebb44fe4874cf00 RBX: ffffea00011839ff RCX: 0ebb44fe4874cf00
> RDX: 0000000000000001 RSI: ffffffff8d1dbecc RDI: ffff88802f581dc0
> RBP: 00000000000000ff R08: 0000000000000000 R09: 0000000000000000
> R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffffd4000230746
> R13: 0000000000000000 R14: ffffea0001183a33 R15: dffffc0000000000
> FS: 00007f4368d266c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007feecfc73000 CR3: 0000000034c06000 CR4: 00000000003526f0
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted
2025-08-01 17:38 [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted syzbot
2025-08-04 8:18 ` David Hildenbrand
@ 2025-08-04 9:40 ` Hillf Danton
2025-08-04 19:49 ` syzbot
1 sibling, 1 reply; 5+ messages in thread
From: Hillf Danton @ 2025-08-04 9:40 UTC (permalink / raw)
To: syzbot; +Cc: linux-kernel, syzkaller-bugs
On 01.08.25 19:38, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 260f6f4fda93 Merge tag 'drm-next-2025-07-30' of https://gi..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15c31834580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bb7581d3fb1bb0d7
> dashboard link: https://syzkaller.appspot.com/bug?extid=2a0d2af125c01db73079
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=149062a2580000
#syz test upstream master
--- x/mm/page_alloc.c
+++ y/mm/page_alloc.c
@@ -2974,6 +2974,8 @@ void free_unref_folios(struct folio_batc
unsigned int order = (unsigned long)folio->private;
int migratetype;
+ if (!free_pages_prepare(&folio->page, order))
+ continue;
folio->private = NULL;
migratetype = get_pfnblock_migratetype(&folio->page, pfn);
--
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted
2025-08-04 9:40 ` Hillf Danton
@ 2025-08-04 19:49 ` syzbot
2025-08-05 1:38 ` Hillf Danton
0 siblings, 1 reply; 5+ messages in thread
From: syzbot @ 2025-08-04 19:49 UTC (permalink / raw)
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 27.825502][ T1] l2tp_netlink: L2TP netlink interface
[ 27.825920][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 27.825937][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 27.826620][ T1] NET: Registered PF_PHONET protocol family
[ 27.827330][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 27.828378][ T1] sctp: Hash tables configured (bind 16/30)
[ 27.845592][ T1] NET: Registered PF_RDS protocol family
[ 27.857773][ T1] Registered RDS/infiniband transport
[ 27.860770][ T1] Registered RDS/tcp transport
[ 27.860799][ T1] tipc: Activated (version 2.0.0)
[ 27.862127][ T1] NET: Registered PF_TIPC protocol family
[ 28.127730][ T1] tipc: Started in single node mode
[ 28.130531][ T1] NET: Registered PF_SMC protocol family
[ 28.131342][ T1] 9pnet: Installing 9P2000 support
[ 28.134047][ T1] NET: Registered PF_CAIF protocol family
[ 28.146328][ T1] NET: Registered PF_IEEE802154 protocol family
[ 28.147148][ T1] Key type dns_resolver registered
[ 28.147397][ T1] Key type ceph registered
[ 28.148909][ T1] libceph: loaded (mon/osd proto 15/24)
[ 28.151956][ T1] batman_adv: B.A.T.M.A.N. advanced 2025.3 (compatibility version 15) loaded
[ 28.152357][ T1] openvswitch: Open vSwitch switching datapath
[ 28.158678][ T1] NET: Registered PF_VSOCK protocol family
[ 28.159384][ T1] mpls_gso: MPLS GSO support
[ 28.468182][ T1] IPI shorthand broadcast: enabled
[ 30.357628][ T4187] kworker/u8:7 (4187) used greatest stack depth: 25160 bytes left
[ 31.509877][ T1] sched_clock: Marking stable (30902438698, 602418618)->(31510037087, -5179771)
[ 31.530861][ T1] registered taskstats version 1
[ 31.556152][ T1] Loading compiled-in X.509 certificates
[ 31.602333][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 46cd9d46b5c7fa66669dfc53ee62f72ced050d22'
[ 32.275192][ T1] zswap: loaded using pool 842/zsmalloc
[ 32.281063][ T1] Demotion targets for Node 0: null
[ 32.281080][ T1] Demotion targets for Node 1: null
[ 32.281096][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 32.285682][ T1] Key type .fscrypt registered
[ 32.285704][ T1] Key type fscrypt-provisioning registered
[ 32.296150][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 32.353465][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 32.354863][ T1] Key type big_key registered
[ 32.355022][ T1] Key type encrypted registered
[ 32.355295][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 32.355365][ T1] Loading compiled-in module X.509 certificates
[ 32.404555][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 46cd9d46b5c7fa66669dfc53ee62f72ced050d22'
[ 32.404611][ T1] ima: Allocated hash algorithm: sha256
[ 32.405041][ T1] ima: No architecture policies found
[ 32.405732][ T1] evm: Initialising EVM extended attributes:
[ 32.405739][ T1] evm: security.selinux (disabled)
[ 32.405746][ T1] evm: security.SMACK64
[ 32.405751][ T1] evm: security.SMACK64EXEC
[ 32.405757][ T1] evm: security.SMACK64TRANSMUTE
[ 32.405763][ T1] evm: security.SMACK64MMAP
[ 32.405768][ T1] evm: security.apparmor (disabled)
[ 32.405774][ T1] evm: security.ima
[ 32.405780][ T1] evm: security.capability
[ 32.405785][ T1] evm: HMAC attrs: 0x1
[ 32.410288][ T1] PM: Magic number: 5:461:697
[ 32.410412][ T1] video4linux radio12: hash matches
[ 32.410476][ T1] usb usb58-port5: hash matches
[ 32.410614][ T1] usb usb26-port1: hash matches
[ 32.411199][ T1] netconsole: network logging started
[ 32.412165][ T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[ 32.435157][ T1] rdma_rxe: loaded
[ 32.440081][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 32.446570][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 32.450487][ T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[ 32.454686][ T31] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[ 32.454728][ T31] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 32.459994][ T1] clk: Disabling unused clocks
[ 32.460415][ T1] ALSA device list:
[ 32.460429][ T1] #0: Dummy 1
[ 32.460444][ T1] #1: Loopback 1
[ 32.460456][ T1] #2: Virtual MIDI Card 1
[ 32.610149][ T1] check access for rdinit=/init failed: -2, ignoring
[ 32.610176][ T1] md: Waiting for all devices to be available before autodetect
[ 32.610183][ T1] md: If you don't use raid, use raid=noautodetect
[ 32.610197][ T1] md: Autodetecting RAID arrays.
[ 32.610316][ T1] md: autorun ...
[ 32.610324][ T1] md: ... autorun DONE.
[ 32.673022][ T5160] dec_stack_record_count: refcount went to 0 for 125436371 handle
[ 32.673441][ T1] dec_stack_record_count: refcount went to 0 for 468 handle
[ 32.676518][ T1] dec_stack_record_count: refcount went to 0 for 96207031 handle
[ 32.677071][ T1] ------------[ cut here ]------------
[ 32.677084][ T1] WARNING: CPU: 0 PID: 1 at lib/stackdepot.c:510 depot_fetch_stack+0x97/0xa0
[ 32.677108][ T1] Modules linked in:
[ 32.677128][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.16.0-syzkaller-11579-g35a813e010b9-dirty #0 PREEMPT_{RT,(full)}
[ 32.677150][ T1] Tainted: [W]=WARN
[ 32.677155][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 32.677165][ T1] RIP: 0010:depot_fetch_stack+0x97/0xa0
[ 32.677180][ T1] Code: c7 c7 d7 a3 04 8d 89 ee 44 89 f2 89 d9 e8 e1 ca 95 fc 90 0f 0b 90 90 31 c0 5b 41 5e 5d e9 c1 7c 08 06 cc 90 0f 0b 90 eb ee 90 <0f> 0b 90 eb e8 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 32.677192][ T1] RSP: 0000:ffffc90000067480 EFLAGS: 00010246
[ 32.677205][ T1] RAX: ffff88814371c000 RBX: 0000000000002de0 RCX: 00000000000000b6
[ 32.677215][ T1] RDX: 0000000000000000 RSI: ffffffff8d1e65a6 RDI: ffffffff8b61eb00
[ 32.677226][ T1] RBP: 00000000000000b6 R08: 0000000000000000 R09: 0000000000000000
[ 32.677235][ T1] R10: dffffc0000000000 R11: ffffed10035a9b81 R12: 0000000000000000
[ 32.677245][ T1] R13: 0000000000000000 R14: 00000000000001d4 R15: 000000079bacacab
[ 32.677255][ T1] FS: 0000000000000000(0000) GS:ffff888126af6000(0000) knlGS:0000000000000000
[ 32.677267][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.677277][ T1] CR2: ffff88823ffff000 CR3: 000000000d5a6000 CR4: 00000000003526f0
[ 32.677290][ T1] Call Trace:
[ 32.677296][ T1] <TASK>
[ 32.677305][ T1] __reset_page_owner+0xd0/0x1f0
[ 32.677328][ T1] free_unref_folios+0x1ebb/0x2280
[ 32.677365][ T1] folios_put_refs+0x569/0x670
[ 32.677396][ T1] ? __pfx_folios_put_refs+0x10/0x10
[ 32.677427][ T1] truncate_inode_pages_range+0x338/0xb90
[ 32.677450][ T1] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 32.677485][ T1] ? has_bh_in_lru+0x307/0x340
[ 32.677507][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
[ 32.677530][ T1] ? smp_call_function_many_cond+0xda5/0x12d0
[ 32.677572][ T1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 32.677593][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
[ 32.677620][ T1] blkdev_flush_mapping+0x10b/0x280
[ 32.677641][ T1] ? bdev_release+0x41a/0x660
[ 32.677662][ T1] bdev_release+0x422/0x660
[ 32.677687][ T1] ? __pfx_blkdev_release+0x10/0x10
[ 32.677709][ T1] blkdev_release+0x15/0x20
[ 32.677729][ T1] __fput+0x458/0xa80
[ 32.677761][ T1] task_work_run+0x1d1/0x260
[ 32.677795][ T1] ? __pfx_task_work_run+0x10/0x10
[ 32.677825][ T1] mount_root_generic+0x1b0/0x350
[ 32.677851][ T1] ? __pfx_mount_root_generic+0x10/0x10
[ 32.677869][ T1] ? getname_kernel+0x20e/0x2f0
[ 32.677893][ T1] ? kernel_init+0x1d/0x1d0
[ 32.677914][ T1] prepare_namespace+0x71/0xa0
[ 32.677929][ T1] kernel_init_freeable+0x373/0x4b0
[ 32.677948][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 32.677963][ T1] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 32.677991][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.678012][ T1] kernel_init+0x1d/0x1d0
[ 32.678031][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.678050][ T1] ret_from_fork+0x3fc/0x770
[ 32.678092][ T1] ? __pfx_ret_from_fork+0x10/0x10
[ 32.678114][ T1] ? __switch_to_asm+0x39/0x70
[ 32.678137][ T1] ? __switch_to_asm+0x33/0x70
[ 32.678158][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.678180][ T1] ret_from_fork_asm+0x1a/0x30
[ 32.678214][ T1] </TASK>
[ 32.678226][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 32.678238][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.16.0-syzkaller-11579-g35a813e010b9-dirty #0 PREEMPT_{RT,(full)}
[ 32.678259][ T1] Tainted: [W]=WARN
[ 32.678264][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 32.678273][ T1] Call Trace:
[ 32.678279][ T1] <TASK>
[ 32.678284][ T1] dump_stack_lvl+0x99/0x250
[ 32.678305][ T1] ? __asan_memcpy+0x40/0x70
[ 32.678322][ T1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 32.678342][ T1] ? __pfx__printk+0x10/0x10
[ 32.678367][ T1] vpanic+0x281/0x750
[ 32.678388][ T1] ? __pfx__printk+0x10/0x10
[ 32.678402][ T1] ? __pfx_vpanic+0x10/0x10
[ 32.678422][ T1] ? is_bpf_text_address+0x26/0x2b0
[ 32.678450][ T1] panic+0xb9/0xc0
[ 32.678470][ T1] ? __pfx_panic+0x10/0x10
[ 32.678502][ T1] __warn+0x31b/0x4b0
[ 32.678521][ T1] ? depot_fetch_stack+0x97/0xa0
[ 32.678536][ T1] ? depot_fetch_stack+0x97/0xa0
[ 32.678550][ T1] report_bug+0x2be/0x4f0
[ 32.678564][ T1] ? depot_fetch_stack+0x97/0xa0
[ 32.678578][ T1] ? depot_fetch_stack+0x97/0xa0
[ 32.678591][ T1] ? depot_fetch_stack+0x99/0xa0
[ 32.678604][ T1] handle_bug+0x84/0x160
[ 32.678624][ T1] exc_invalid_op+0x1a/0x50
[ 32.678642][ T1] asm_exc_invalid_op+0x1a/0x20
[ 32.678658][ T1] RIP: 0010:depot_fetch_stack+0x97/0xa0
[ 32.678672][ T1] Code: c7 c7 d7 a3 04 8d 89 ee 44 89 f2 89 d9 e8 e1 ca 95 fc 90 0f 0b 90 90 31 c0 5b 41 5e 5d e9 c1 7c 08 06 cc 90 0f 0b 90 eb ee 90 <0f> 0b 90 eb e8 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 32.678684][ T1] RSP: 0000:ffffc90000067480 EFLAGS: 00010246
[ 32.678696][ T1] RAX: ffff88814371c000 RBX: 0000000000002de0 RCX: 00000000000000b6
[ 32.678707][ T1] RDX: 0000000000000000 RSI: ffffffff8d1e65a6 RDI: ffffffff8b61eb00
[ 32.678717][ T1] RBP: 00000000000000b6 R08: 0000000000000000 R09: 0000000000000000
[ 32.678726][ T1] R10: dffffc0000000000 R11: ffffed10035a9b81 R12: 0000000000000000
[ 32.678736][ T1] R13: 0000000000000000 R14: 00000000000001d4 R15: 000000079bacacab
[ 32.678760][ T1] __reset_page_owner+0xd0/0x1f0
[ 32.678781][ T1] free_unref_folios+0x1ebb/0x2280
[ 32.678829][ T1] folios_put_refs+0x569/0x670
[ 32.678859][ T1] ? __pfx_folios_put_refs+0x10/0x10
[ 32.678890][ T1] truncate_inode_pages_range+0x338/0xb90
[ 32.678913][ T1] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 32.678948][ T1] ? has_bh_in_lru+0x307/0x340
[ 32.678970][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
[ 32.678992][ T1] ? smp_call_function_many_cond+0xda5/0x12d0
[ 32.679033][ T1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 32.679054][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
[ 32.679086][ T1] blkdev_flush_mapping+0x10b/0x280
[ 32.679106][ T1] ? bdev_release+0x41a/0x660
[ 32.679127][ T1] bdev_release+0x422/0x660
[ 32.679152][ T1] ? __pfx_blkdev_release+0x10/0x10
[ 32.679174][ T1] blkdev_release+0x15/0x20
[ 32.679194][ T1] __fput+0x458/0xa80
[ 32.679225][ T1] task_work_run+0x1d1/0x260
[ 32.679250][ T1] ? __pfx_task_work_run+0x10/0x10
[ 32.679282][ T1] mount_root_generic+0x1b0/0x350
[ 32.679306][ T1] ? __pfx_mount_root_generic+0x10/0x10
[ 32.679327][ T1] ? getname_kernel+0x20e/0x2f0
[ 32.679351][ T1] ? kernel_init+0x1d/0x1d0
[ 32.679371][ T1] prepare_namespace+0x71/0xa0
[ 32.679386][ T1] kernel_init_freeable+0x373/0x4b0
[ 32.679405][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 32.679421][ T1] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 32.679448][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.679470][ T1] kernel_init+0x1d/0x1d0
[ 32.679489][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.679508][ T1] ret_from_fork+0x3fc/0x770
[ 32.679528][ T1] ? __pfx_ret_from_fork+0x10/0x10
[ 32.679550][ T1] ? __switch_to_asm+0x39/0x70
[ 32.679572][ T1] ? __switch_to_asm+0x33/0x70
[ 32.679593][ T1] ? __pfx_kernel_init+0x10/0x10
[ 32.679615][ T1] ret_from_fork_asm+0x1a/0x30
[ 32.679649][ T1] </TASK>
[ 32.680257][ T1] Kernel Offset: disabled
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3629070628=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at 0c075d67fc
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=0c075d67fcfde8d048cca2f751a82db97ebc3754 -X github.com/google/syzkaller/prog.gitRevisionDate=20250731-125440" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"0c075d67fcfde8d048cca2f751a82db97ebc3754\"
/usr/bin/ld: /tmp/ccXqOJPu.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=17ebfaa2580000
Tested on:
commit: 35a813e0 Merge tag 'printk-for-6.17' of git://git.kern..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=7d9fab85f5904d64
dashboard link: https://syzkaller.appspot.com/bug?extid=2a0d2af125c01db73079
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
patch: https://syzkaller.appspot.com/x/patch.diff?x=110302f0580000
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted
2025-08-04 19:49 ` syzbot
@ 2025-08-05 1:38 ` Hillf Danton
0 siblings, 0 replies; 5+ messages in thread
From: Hillf Danton @ 2025-08-05 1:38 UTC (permalink / raw)
To: syzbot; +Cc: Aleksandr Nogikh, linux-kernel, syzkaller-bugs
> Date: Mon, 04 Aug 2025 12:49:02 -0700
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> l2tp_ip: L2TP IP encapsulation support (L2TPv3)
> [ 27.825502][ T1] l2tp_netlink: L2TP netlink interface
> [ 27.825920][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
> [ 27.825937][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
> [ 27.826620][ T1] NET: Registered PF_PHONET protocol family
> [ 27.827330][ T1] 8021q: 802.1Q VLAN Support v1.8
> [ 27.828378][ T1] sctp: Hash tables configured (bind 16/30)
> [ 27.845592][ T1] NET: Registered PF_RDS protocol family
> [ 27.857773][ T1] Registered RDS/infiniband transport
> [ 27.860770][ T1] Registered RDS/tcp transport
> [ 27.860799][ T1] tipc: Activated (version 2.0.0)
> [ 27.862127][ T1] NET: Registered PF_TIPC protocol family
> [ 28.127730][ T1] tipc: Started in single node mode
> [ 28.130531][ T1] NET: Registered PF_SMC protocol family
> [ 28.131342][ T1] 9pnet: Installing 9P2000 support
> [ 28.134047][ T1] NET: Registered PF_CAIF protocol family
> [ 28.146328][ T1] NET: Registered PF_IEEE802154 protocol family
> [ 28.147148][ T1] Key type dns_resolver registered
> [ 28.147397][ T1] Key type ceph registered
> [ 28.148909][ T1] libceph: loaded (mon/osd proto 15/24)
> [ 28.151956][ T1] batman_adv: B.A.T.M.A.N. advanced 2025.3 (compatibility version 15) loaded
> [ 28.152357][ T1] openvswitch: Open vSwitch switching datapath
> [ 28.158678][ T1] NET: Registered PF_VSOCK protocol family
> [ 28.159384][ T1] mpls_gso: MPLS GSO support
> [ 28.468182][ T1] IPI shorthand broadcast: enabled
> [ 30.357628][ T4187] kworker/u8:7 (4187) used greatest stack depth: 25160 bytes left
> [ 31.509877][ T1] sched_clock: Marking stable (30902438698, 602418618)->(31510037087, -5179771)
> [ 31.530861][ T1] registered taskstats version 1
> [ 31.556152][ T1] Loading compiled-in X.509 certificates
> [ 31.602333][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 46cd9d46b5c7fa66669dfc53ee62f72ced050d22'
> [ 32.275192][ T1] zswap: loaded using pool 842/zsmalloc
> [ 32.281063][ T1] Demotion targets for Node 0: null
> [ 32.281080][ T1] Demotion targets for Node 1: null
> [ 32.281096][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
> [ 32.285682][ T1] Key type .fscrypt registered
> [ 32.285704][ T1] Key type fscrypt-provisioning registered
> [ 32.296150][ T1] kAFS: Red Hat AFS client v0.1 registering.
> [ 32.353465][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
> [ 32.354863][ T1] Key type big_key registered
> [ 32.355022][ T1] Key type encrypted registered
> [ 32.355295][ T1] ima: No TPM chip found, activating TPM-bypass!
> [ 32.355365][ T1] Loading compiled-in module X.509 certificates
> [ 32.404555][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 46cd9d46b5c7fa66669dfc53ee62f72ced050d22'
> [ 32.404611][ T1] ima: Allocated hash algorithm: sha256
> [ 32.405041][ T1] ima: No architecture policies found
> [ 32.405732][ T1] evm: Initialising EVM extended attributes:
> [ 32.405739][ T1] evm: security.selinux (disabled)
> [ 32.405746][ T1] evm: security.SMACK64
> [ 32.405751][ T1] evm: security.SMACK64EXEC
> [ 32.405757][ T1] evm: security.SMACK64TRANSMUTE
> [ 32.405763][ T1] evm: security.SMACK64MMAP
> [ 32.405768][ T1] evm: security.apparmor (disabled)
> [ 32.405774][ T1] evm: security.ima
> [ 32.405780][ T1] evm: security.capability
> [ 32.405785][ T1] evm: HMAC attrs: 0x1
> [ 32.410288][ T1] PM: Magic number: 5:461:697
> [ 32.410412][ T1] video4linux radio12: hash matches
> [ 32.410476][ T1] usb usb58-port5: hash matches
> [ 32.410614][ T1] usb usb26-port1: hash matches
> [ 32.411199][ T1] netconsole: network logging started
> [ 32.412165][ T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
> [ 32.435157][ T1] rdma_rxe: loaded
> [ 32.440081][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
> [ 32.446570][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> [ 32.450487][ T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
> [ 32.454686][ T31] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
> [ 32.454728][ T31] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
> [ 32.459994][ T1] clk: Disabling unused clocks
> [ 32.460415][ T1] ALSA device list:
> [ 32.460429][ T1] #0: Dummy 1
> [ 32.460444][ T1] #1: Loopback 1
> [ 32.460456][ T1] #2: Virtual MIDI Card 1
> [ 32.610149][ T1] check access for rdinit=/init failed: -2, ignoring
> [ 32.610176][ T1] md: Waiting for all devices to be available before autodetect
> [ 32.610183][ T1] md: If you don't use raid, use raid=noautodetect
> [ 32.610197][ T1] md: Autodetecting RAID arrays.
> [ 32.610316][ T1] md: autorun ...
> [ 32.610324][ T1] md: ... autorun DONE.
> [ 32.673022][ T5160] dec_stack_record_count: refcount went to 0 for 125436371 handle
> [ 32.673441][ T1] dec_stack_record_count: refcount went to 0 for 468 handle
> [ 32.676518][ T1] dec_stack_record_count: refcount went to 0 for 96207031 handle
> [ 32.677071][ T1] ------------[ cut here ]------------
> [ 32.677084][ T1] WARNING: CPU: 0 PID: 1 at lib/stackdepot.c:510 depot_fetch_stack+0x97/0xa0
> [ 32.677108][ T1] Modules linked in:
> [ 32.677128][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.16.0-syzkaller-11579-g35a813e010b9-dirty #0 PREEMPT_{RT,(full)}
Testing with RT turned on makes no sense, no?
> [ 32.677150][ T1] Tainted: [W]=WARN
> [ 32.677155][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
> [ 32.677165][ T1] RIP: 0010:depot_fetch_stack+0x97/0xa0
> [ 32.677180][ T1] Code: c7 c7 d7 a3 04 8d 89 ee 44 89 f2 89 d9 e8 e1 ca 95 fc 90 0f 0b 90 90 31 c0 5b 41 5e 5d e9 c1 7c 08 06 cc 90 0f 0b 90 eb ee 90 <0f> 0b 90 eb e8 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90
> [ 32.677192][ T1] RSP: 0000:ffffc90000067480 EFLAGS: 00010246
> [ 32.677205][ T1] RAX: ffff88814371c000 RBX: 0000000000002de0 RCX: 00000000000000b6
> [ 32.677215][ T1] RDX: 0000000000000000 RSI: ffffffff8d1e65a6 RDI: ffffffff8b61eb00
> [ 32.677226][ T1] RBP: 00000000000000b6 R08: 0000000000000000 R09: 0000000000000000
> [ 32.677235][ T1] R10: dffffc0000000000 R11: ffffed10035a9b81 R12: 0000000000000000
> [ 32.677245][ T1] R13: 0000000000000000 R14: 00000000000001d4 R15: 000000079bacacab
> [ 32.677255][ T1] FS: 0000000000000000(0000) GS:ffff888126af6000(0000) knlGS:0000000000000000
> [ 32.677267][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 32.677277][ T1] CR2: ffff88823ffff000 CR3: 000000000d5a6000 CR4: 00000000003526f0
> [ 32.677290][ T1] Call Trace:
> [ 32.677296][ T1] <TASK>
> [ 32.677305][ T1] __reset_page_owner+0xd0/0x1f0
> [ 32.677328][ T1] free_unref_folios+0x1ebb/0x2280
> [ 32.677365][ T1] folios_put_refs+0x569/0x670
> [ 32.677396][ T1] ? __pfx_folios_put_refs+0x10/0x10
> [ 32.677427][ T1] truncate_inode_pages_range+0x338/0xb90
> [ 32.677450][ T1] ? __pfx_truncate_inode_pages_range+0x10/0x10
> [ 32.677485][ T1] ? has_bh_in_lru+0x307/0x340
> [ 32.677507][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
> [ 32.677530][ T1] ? smp_call_function_many_cond+0xda5/0x12d0
> [ 32.677572][ T1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
> [ 32.677593][ T1] ? __pfx_has_bh_in_lru+0x10/0x10
> [ 32.677620][ T1] blkdev_flush_mapping+0x10b/0x280
> [ 32.677641][ T1] ? bdev_release+0x41a/0x660
> [ 32.677662][ T1] bdev_release+0x422/0x660
> [ 32.677687][ T1] ? __pfx_blkdev_release+0x10/0x10
> [ 32.677709][ T1] blkdev_release+0x15/0x20
> [ 32.677729][ T1] __fput+0x458/0xa80
> [ 32.677761][ T1] task_work_run+0x1d1/0x260
> [ 32.677795][ T1] ? __pfx_task_work_run+0x10/0x10
> [ 32.677825][ T1] mount_root_generic+0x1b0/0x350
> [ 32.677851][ T1] ? __pfx_mount_root_generic+0x10/0x10
> [ 32.677869][ T1] ? getname_kernel+0x20e/0x2f0
> [ 32.677893][ T1] ? kernel_init+0x1d/0x1d0
> [ 32.677914][ T1] prepare_namespace+0x71/0xa0
> [ 32.677929][ T1] kernel_init_freeable+0x373/0x4b0
> [ 32.677948][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
> [ 32.677963][ T1] ? __pfx_rt_mutex_slowunlock+0x10/0x10
> [ 32.677991][ T1] ? __pfx_kernel_init+0x10/0x10
> [ 32.678012][ T1] kernel_init+0x1d/0x1d0
> [ 32.678031][ T1] ? __pfx_kernel_init+0x10/0x10
> [ 32.678050][ T1] ret_from_fork+0x3fc/0x770
> [ 32.678092][ T1] ? __pfx_ret_from_fork+0x10/0x10
> [ 32.678114][ T1] ? __switch_to_asm+0x39/0x70
> [ 32.678137][ T1] ? __switch_to_asm+0x33/0x70
> [ 32.678158][ T1] ? __pfx_kernel_init+0x10/0x10
> [ 32.678180][ T1] ret_from_fork_asm+0x1a/0x30
> [ 32.678214][ T1] </TASK>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-08-05 1:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-01 17:38 [syzbot] [mm?] [ntfs3?] kernel BUG in set_page_refcounted syzbot
2025-08-04 8:18 ` David Hildenbrand
2025-08-04 9:40 ` Hillf Danton
2025-08-04 19:49 ` syzbot
2025-08-05 1:38 ` Hillf Danton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).