From nobody Fri Dec 19 11:48:29 2025 Received: from mail-ot1-f72.google.com (mail-ot1-f72.google.com [209.85.210.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 044A926B0B7 for ; Mon, 8 Dec 2025 03:56:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765166208; cv=none; b=s0fM5U3E2eoOGex7oh+rdC6wumyJ/JmZpO761o0zbHst/AJ4Eh6o/vNrDT3QEuODLyX/KA+6V836aPLE3ihw2ogXXPQa+8daVQ9G8t04ROQmKR/82ClRJx0ZDlrQDcIGlsi8JL4Q0HDlnH8pgPcmIfiHi/y2XEMPYJOVnUjUtbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765166208; c=relaxed/simple; bh=wMlXZGr198wvN6mgSrJfW/K6GyjSz1v489PnDv4RGQE=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=WFB4dadqN4tX/qJLLQbPpDD+AYxE9JfrWBXRyU2bEi9jzQ47J8RTkPuhu0i6zPECmVSO/bgbcoDz1xp/fe5AZqkIkCSNzLJ6fuwpK7euR5gtFbYc5SrNpHfxCTgh6vQjYFu7r1GucIBs84RMM7UPFz0eJfP4F9gJPavuh8kAlCw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f72.google.com with SMTP id 46e09a7af769-7c702347c6eso4197875a34.1 for ; Sun, 07 Dec 2025 19:56:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765166206; x=1765771006; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9UmXWzmdLIxqEbigkpXmq6IyNGwTV1qvaqjbDemhkdU=; b=MwuA/cqTZAQOyQyyI4/vEmd1v8vQKt4sO9P6Me6J1e71dgWfMUsddNF5202/9GKGvO h6g5qgOZ+t6ajWZRuPqyYgKxzjHqdTuoOVeLw4ILanV5Pdb7TJtNINcqKFstPZhhf3fB qeqrRdblsGzb38nAWyrFvy6lTm+0Xa/G5E6cxrorzxelg5K14EpjLFmUNX8wnIbcg/hn r3T/JBT9+vkIBjWn4zel6RZZ4BKaLOPdERHYB9GudNhU920uA3Qq6255EpwedkbiN7tr zOl55+Y+i+qaFzexHRdfchwqSdzWVnXGeE9IAt0SEOnbkkgyMz7c3KZoxcSsKaagNJq4 W8pw== X-Gm-Message-State: AOJu0Yx6SXBnYECL9yfOayffZEDZwTMi4/aopbElpRWWJQvKmXfAv2B1 NBX23Ocnkd0Jpdt/yqP2NWIrMy4GfA38vxyy5N+6ObYc9wz3cF3Zx+c2rF8/mVBkBL4+5Gzos1Y h0xb/9oOGu429iLeWmaWSQx6xlN2KMbjqHRrjAJfrStHp5/qZFP9op1VVYL8= X-Google-Smtp-Source: AGHT+IFXUY2uYF1iSdlkPdzNYwxIxhVLi62RbJyjNpV9JP7uPgU2M4orfMN9lliqk1M9iVrfe794fl145jcWT5gHfQ/XQSm1Vm86 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:1687:b0:659:9a49:8e63 with SMTP id 006d021491bc7-6599a94b1ffmr3121546eaf.51.1765166206112; Sun, 07 Dec 2025 19:56:46 -0800 (PST) Date: Sun, 07 Dec 2025 19:56:46 -0800 In-Reply-To: <693540fe.a70a0220.38f243.004c.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69364c7e.a70a0220.38f243.007d.GAE@google.com> Subject: Forwarded: [PATCH] mm/workingset: add debug for corrupted shadow entry investigation From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] mm/workingset: add debug for corrupted shadow entry invest= igation Author: kartikey406@gmail.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git= master When pgdat is NULL in lru_gen_test_recent(), it indicates a corrupted shadow entry. Currently returning false allows execution to continue, which leads to a subsequent crash in filemap_read_folio() with a NULL function pointer dereference. Add debug output and stack dump to understand: 1. When pgdat is NULL (corrupted shadow entries) 2. The full call path leading to this situation 3. Why continuing execution after return false causes crashes This will help determine the proper place to handle corrupted shadow entries - either stop earlier in the call chain or handle the corruption differently in lru_gen_test_recent(). Related-to: syzbot+e008db2ac01e282550ee@syzkaller.appspot.com Link: https://syzkaller.appspot.com/bug?extid=3De008db2ac01e282550ee Signed-off-by: Deepanshu Kartikey --- mm/workingset.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/workingset.c b/mm/workingset.c index e9f05634747a..a848572f8c8a 100644 --- a/mm/workingset.c +++ b/mm/workingset.c @@ -270,7 +270,13 @@ static bool lru_gen_test_recent(void *shadow, struct l= ruvec **lruvec, struct pglist_data *pgdat; =20 unpack_shadow(shadow, &memcg_id, &pgdat, token, workingset); - + if (unlikely(!pgdat)) { + pr_warn("FATAL: Corrupted shadow entry - pgdat is NULL! shadow=3D%p\n", = shadow); + pr_warn("This indicates page cache corruption - cannot proceed\n"); + dump_stack(); + *lruvec =3D NULL; + return false; + } memcg =3D mem_cgroup_from_id(memcg_id); *lruvec =3D mem_cgroup_lruvec(memcg, pgdat); =20 --=20 2.43.0