Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (3)
From: syzbot
Date: Tue Nov 11 2025 - 01:38:10 EST
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_dirty_folio
------------[ cut here ]------------
WARNING: CPU: 1 PID: 19829 at fs/ext4/inode.c:3964 ext4_dirty_folio+0x172/0x1b0 fs/ext4/inode.c:3964
Modules linked in:
CPU: 1 UID: 0 PID: 19829 Comm: syz-executor822 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:ext4_dirty_folio+0x172/0x1b0 fs/ext4/inode.c:3964
Code: 74 7f 47 ff 4c 89 e7 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3f 2b d0 ff e8 5a 7f 47 ff 90 0f 0b 90 eb e0 e8 4f 7f 47 ff 90 <0f> 0b 90 eb a7 e8 44 7f 47 ff 48 89 df 48 c7 c6 60 a3 5e 8b e8 a5
RSP: 0018:ffffc9000d1d7368 EFLAGS: 00010293
RAX: ffffffff82782371 RBX: ffffea0001557e80 RCX: ffff888024e5dac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffffd40002aafd0 R08: ffffea0001557e87 R09: 1ffffd40002aafd0
R10: dffffc0000000000 R11: fffff940002aafd1 R12: ffff88806060ede8
R13: 1ffffd40002aafd1 R14: 0000000000000000 R15: ffffea0001557e88
FS: 0000000000000000(0000) GS:ffff88812646a000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa65112e498 CR3: 000000005edfa000 CR4: 0000000000350ef0
Call Trace:
<TASK>
zap_present_folio_ptes mm/memory.c:1629 [inline]
zap_present_ptes mm/memory.c:1709 [inline]
do_zap_pte_range mm/memory.c:1810 [inline]
zap_pte_range mm/memory.c:1854 [inline]
zap_pmd_range mm/memory.c:1946 [inline]
zap_pud_range mm/memory.c:1975 [inline]
zap_p4d_range mm/memory.c:1996 [inline]
unmap_page_range+0x17c9/0x4370 mm/memory.c:2017
unmap_single_vma mm/memory.c:2060 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2104
exit_mmap+0x240/0xb40 mm/mmap.c:1280
__mmput+0x118/0x430 kernel/fork.c:1133
exit_mm+0x1da/0x2c0 kernel/exit.c:582
do_exit+0x648/0x2300 kernel/exit.c:954
do_group_exit+0x21c/0x2d0 kernel/exit.c:1107
get_signal+0x1285/0x1340 kernel/signal.c:3034
arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa6510dab89
Code: Unable to access opcode bytes at 0x7fa6510dab5f.
RSP: 002b:00007fa65106d178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fa651163718 RCX: 00007fa6510dab89
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa651163718
RBP: 00007fa651163710 R08: 00007fa65106d6c0 R09: 00007fa65106d6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa65116371c
R13: 000000000000006e R14: 00007ffc0f4ff620 R15: 00007ffc0f4ff708
</TASK>
Tested on:
commit: 4427259c Merge tag 'riscv-for-linus-6.18-rc6' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1044b0b4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2c614fa9e6f5bdc1
dashboard link: https://syzkaller.appspot.com/bug?extid=f3185be57d7e8dda32b8
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=1771a7cd980000