[v6.1] kernel BUG in invalidate_mapping_pagevec
4 views
Skip to first unread message
syzbot
Feb 10, 2025, 7:26:25 AM2/10/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0cbb5f65e52f Linux 6.1.128
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1732ebdf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=88cb0e1f997892a4
dashboard link: https://syzkaller.appspot.com/bug?extid=5bb663061f417f678c5b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/acd347d0a419/disk-0cbb5f65.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/08daefc52220/vmlinux-0cbb5f65.xz
kernel image: https://storage.googleapis.com/syzbot-assets/230948781702/Image-0cbb5f65.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5bb663...@syzkaller.appspotmail.com
raw: 0000000000000fce 0000000000000000 00000002ffffffff ffff0000c0940000
page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, xas.xa_index))
------------[ cut here ]------------
kernel BUG at mm/filemap.c:2135!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5662 Comm: syz.4.303 Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
lr : find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
sp : ffff800021a67000
x29: ffff800021a67100 x28: fffffc0003522400 x27: dfff800000000000
x26: ffff800021a67098 x25: dfff800000000000 x24: ffff800021a67080
x23: ffff800015cf4180 x22: 0000000000000fce x21: ffffffffffffffff
x20: 05ffd00000020017 x19: ffff800021a67260 x18: 1fffe0003679bf76
x17: 2e736178202c6f69 x16: ffff8000123313e4 x15: 0000000000000002
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000080000
x11: 0000000000011441 x10: ffff800027589000 x9 : ffff800008835654
x8 : 0000000000011442 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800021a66878 x4 : ffff800015b731c0 x3 : ffff80000ab33fec
x2 : ffff0001b3cdfcd0 x1 : 0000000100000000 x0 : 000000000000004a
Call trace:
find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
invalidate_mapping_pagevec+0xe0/0x540 mm/truncate.c:512
invalidate_mapping_pages+0x38/0x4c mm/truncate.c:566
invalidate_bdev+0xa4/0xc0 block/bdev.c:87
btrfs_get_bdev_and_sb+0x134/0x1a8 fs/btrfs/volumes.c:518
btrfs_open_one_device fs/btrfs/volumes.c:611 [inline]
open_fs_devices+0x1e0/0xd44 fs/btrfs/volumes.c:1280
btrfs_open_devices+0x118/0x188 fs/btrfs/volumes.c:1342
btrfs_mount_root+0x490/0x7f8 fs/btrfs/super.c:1807
legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
vfs_get_tree+0x90/0x274 fs/super.c:1573
fc_mount fs/namespace.c:1043 [inline]
vfs_kern_mount+0xdc/0x178 fs/namespace.c:1073
btrfs_mount+0x330/0x9c8 fs/btrfs/super.c:1895
legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
vfs_get_tree+0x90/0x274 fs/super.c:1573
do_new_mount+0x278/0x8fc fs/namespace.c:3056
path_mount+0x590/0xe5c fs/namespace.c:3386
do_mount fs/namespace.c:3399 [inline]
__do_sys_mount fs/namespace.c:3607 [inline]
__se_sys_mount fs/namespace.c:3584 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3584
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: d004eda1 91160021 aa1c03e0 94039502 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 0cbb5f65e52f Linux 6.1.128
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1732ebdf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=88cb0e1f997892a4
dashboard link: https://syzkaller.appspot.com/bug?extid=5bb663061f417f678c5b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/acd347d0a419/disk-0cbb5f65.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/08daefc52220/vmlinux-0cbb5f65.xz
kernel image: https://storage.googleapis.com/syzbot-assets/230948781702/Image-0cbb5f65.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5bb663...@syzkaller.appspotmail.com
raw: 0000000000000fce 0000000000000000 00000002ffffffff ffff0000c0940000
page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, xas.xa_index))
------------[ cut here ]------------
kernel BUG at mm/filemap.c:2135!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5662 Comm: syz.4.303 Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
lr : find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
sp : ffff800021a67000
x29: ffff800021a67100 x28: fffffc0003522400 x27: dfff800000000000
x26: ffff800021a67098 x25: dfff800000000000 x24: ffff800021a67080
x23: ffff800015cf4180 x22: 0000000000000fce x21: ffffffffffffffff
x20: 05ffd00000020017 x19: ffff800021a67260 x18: 1fffe0003679bf76
x17: 2e736178202c6f69 x16: ffff8000123313e4 x15: 0000000000000002
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000080000
x11: 0000000000011441 x10: ffff800027589000 x9 : ffff800008835654
x8 : 0000000000011442 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800021a66878 x4 : ffff800015b731c0 x3 : ffff80000ab33fec
x2 : ffff0001b3cdfcd0 x1 : 0000000100000000 x0 : 000000000000004a
Call trace:
find_lock_entries+0xa04/0xa08 mm/filemap.c:2134
invalidate_mapping_pagevec+0xe0/0x540 mm/truncate.c:512
invalidate_mapping_pages+0x38/0x4c mm/truncate.c:566
invalidate_bdev+0xa4/0xc0 block/bdev.c:87
btrfs_get_bdev_and_sb+0x134/0x1a8 fs/btrfs/volumes.c:518
btrfs_open_one_device fs/btrfs/volumes.c:611 [inline]
open_fs_devices+0x1e0/0xd44 fs/btrfs/volumes.c:1280
btrfs_open_devices+0x118/0x188 fs/btrfs/volumes.c:1342
btrfs_mount_root+0x490/0x7f8 fs/btrfs/super.c:1807
legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
vfs_get_tree+0x90/0x274 fs/super.c:1573
fc_mount fs/namespace.c:1043 [inline]
vfs_kern_mount+0xdc/0x178 fs/namespace.c:1073
btrfs_mount+0x330/0x9c8 fs/btrfs/super.c:1895
legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
vfs_get_tree+0x90/0x274 fs/super.c:1573
do_new_mount+0x278/0x8fc fs/namespace.c:3056
path_mount+0x590/0xe5c fs/namespace.c:3386
do_mount fs/namespace.c:3399 [inline]
__do_sys_mount fs/namespace.c:3607 [inline]
__se_sys_mount fs/namespace.c:3584 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3584
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: d004eda1 91160021 aa1c03e0 94039502 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 21, 2025, 8:26:15 AM5/21/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages