Re: [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com, wangjinchao600@gmail.com
Subject: Re: [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio
Date: Tue, 16 Dec 2025 04:28:02 -0800	[thread overview]
Message-ID: <69415052.a70a0220.33cd7b.013c.GAE@google.com> (raw)
In-Reply-To: <aUFLJriRifOpmubw@ndev>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __filemap_add_folio

 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7df/0x1170 mm/page_alloc.c:2943
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0x79c/0x15f0 kernel/rcu/tree.c:2857
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 run_ksoftirqd kernel/softirq.c:1063 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:1055
 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
------------[ cut here ]------------
kernel BUG at mm/filemap.c:858!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 6821 Comm: syz.1.76 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__filemap_add_folio+0xf29/0x11b0 mm/filemap.c:858
Code: 9b c6 ff 48 c7 c6 c0 e9 99 8b 4c 89 ef e8 0f 74 11 00 90 0f 0b e8 47 9b c6 ff 48 c7 c6 20 ea 99 8b 4c 89 ef e8 f8 73 11 00 90 <0f> 0b e8 30 9b c6 ff 90 0f 0b 90 e9 1c fc ff ff e8 22 9b c6 ff 48
RSP: 0018:ffffc900033af840 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880737fc980 RSI: ffffffff81f7ebf8 RDI: ffff8880737fce04
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908689d7 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001ce4980 R14: 0000000000000000 R15: 0000000000000000
FS:  000055557770b500(0000) GS:ffff888124a48000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9aef15c000 CR3: 000000002ee4c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 filemap_add_folio+0x19a/0x610 mm/filemap.c:966
 ra_alloc_folio mm/readahead.c:453 [inline]
 page_cache_ra_order+0x637/0xed0 mm/readahead.c:512
 do_sync_mmap_readahead mm/filemap.c:3400 [inline]
 filemap_fault+0x16ac/0x29d0 mm/filemap.c:3549
 __do_fault+0x10d/0x490 mm/memory.c:5320
 do_shared_fault mm/memory.c:5819 [inline]
 do_fault+0x302/0x1ad0 mm/memory.c:5893
 do_pte_missing mm/memory.c:4401 [inline]
 handle_pte_fault mm/memory.c:6273 [inline]
 __handle_mm_fault+0x1919/0x2bb0 mm/memory.c:6411
 handle_mm_fault+0x3fe/0xad0 mm/memory.c:6580
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x64/0xc0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f8af1a55171
Code: 48 8b 54 24 08 48 85 d2 74 17 8b 44 24 18 0f c8 89 c0 48 89 44 24 18 48 83 fa 01 0f 85 b3 01 00 00 48 8b 44 24 10 8b 54 24 18 <89> 10 e9 15 fd ff ff 48 8b 44 24 10 8b 10 48 8b 44 24 08 48 85 c0
RSP: 002b:00007ffc7d678bf0 EFLAGS: 00010246
RAX: 0000200000000980 RBX: 0000000000000004 RCX: 0000000000000000
RDX: 0000000000004000 RSI: 0000000000000000 RDI: 000055557770b3c8
RBP: 00007ffc7d678cf8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000002 R12: 00007f8af1dd5fac
R13: 00007f8af1dd5fa0 R14: fffffffffffffffe R15: 00007ffc7d678d40
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__filemap_add_folio+0xf29/0x11b0 mm/filemap.c:858
Code: 9b c6 ff 48 c7 c6 c0 e9 99 8b 4c 89 ef e8 0f 74 11 00 90 0f 0b e8 47 9b c6 ff 48 c7 c6 20 ea 99 8b 4c 89 ef e8 f8 73 11 00 90 <0f> 0b e8 30 9b c6 ff 90 0f 0b 90 e9 1c fc ff ff e8 22 9b c6 ff 48
RSP: 0018:ffffc900033af840 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880737fc980 RSI: ffffffff81f7ebf8 RDI: ffff8880737fce04
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908689d7 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001ce4980 R14: 0000000000000000 R15: 0000000000000000
FS:  000055557770b500(0000) GS:ffff888124a48000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f772b5d7dac CR3: 000000002ee4c000 CR4: 00000000003526f0


Tested on:

commit:         40fbbd64 Merge tag 'pull-fixes' of git://git.kernel.or..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10715dc2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=495547a782e37c4f
dashboard link: https://syzkaller.appspot.com/bug?extid=4d3cc33ef7a77041efa6
compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

next prev parent reply	other threads:[~2025-12-16 12:28 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-15 14:19 [PATCH] mm/readahead: read min folio constraints under invalidate lock Jinchao Wang
2025-12-15 14:22 ` Matthew Wilcox
2025-12-16  1:37   ` Jinchao Wang
2025-12-16  2:42     ` Matthew Wilcox
2025-12-16  3:12       ` Jinchao Wang
2025-12-16  3:53         ` Matthew Wilcox
2025-12-18  4:03           ` Jinchao Wang
2025-12-16 12:05 ` Jinchao Wang
2025-12-16 12:28   ` syzbot [this message]
     [not found] <CAD3jPMoXJuoiMRoGkVH9gtmDV6m6+S8u8uZS3by9ECJ1ahjBHw@mail.gmail.com>
2026-03-24 20:07 ` [syzbot] [fs?] [mm?] kernel BUG in __filemap_add_folio syzbot
     [not found] <CAHxc4buC59r-8V89TqXQPT-PnfSed4YU17Okc8jnX5hek22bwA@mail.gmail.com>
2025-11-04  9:40 ` syzbot
2025-12-10 11:55   ` Dileep Sankhla
2025-12-10 12:22     ` syzbot
     [not found] <CAHxc4btH53u7Y3DRFmaiF3-pqumZi1swOgEi0r2_4=bTnKfjSw@mail.gmail.com>
2025-10-11 12:14 ` syzbot
  -- strict thread matches above, loose matches on Subject: below --
2025-04-25  1:19 syzbot
2025-11-30 15:03 ` shaurya
2025-11-30 15:51   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69415052.a70a0220.33cd7b.013c.GAE@google.com \
    --to=syzbot+4d3cc33ef7a77041efa6@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=wangjinchao600@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox