Dear Linux Kernel Experts, Hello! I am a security researcher focused on testing Linux kernel vulnerabilities. Recently, while testing the v6.13-rc5 Linux kernel, we encountered a crash related to the fs/ext4 kernel module. We have successfully captured the call trace information for this crash. Unfortunately, we have not been able to reproduce the issue in our local environment, so we are unable to provide a PoC (Proof of Concept) at this time. We fully understand the complexity and importance of Linux kernel maintenance, and we would like to share this finding with you for further analysis and confirmation of the root cause. Below is a summary of the relevant information: Kernel Version: v6.13.0-rc5 Kernel Module: fs/ext4/inode.c ————————————————CallTrace———————————————— WARNING: CPU: 2 PID: 295 at fs/ext4/inode.c:3210 ext4_invalidate_folio+0x88/0x190 fs/ext4/inode.c:3210 Modules linked in: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:ext4_invalidate_folio+0x88/0x190 fs/ext4/inode.c:3210 Code: ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 f2 00 00 00 48 8b 45 00 a9 00 00 01 00 74 09 e8 b9 c1 a1 ff 90 <0f> 0b 90 e8 b0 c1 a1 ff 4c 89 ea 4c 89 e6 48 89 df 5b 5d 41 5c 41 RSP: 0018:ffff888004c2f868 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffffea00044e1400 RCX: ffffffff8ce543e7 RDX: ffff8881030e3300 RSI: 0000000000000008 RDI: ffff88811687cb28 RBP: ffff88811687cb28 R08: 0000000000000000 R09: ffffed1022d0f965 R10: ffff88811687cb2f R11: 0000000000032001 R12: 0000000000000000 R13: 0000000000001000 R14: ffff888004c2fae8 R15: ffff888004c2fb68 FS: 000055558187d480(0000) GS:ffff88811b300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00002b325d907028 CR3: 0000000007746000 CR4: 0000000000350ef0 Call Trace: <TASK> folio_invalidate mm/truncate.c:126 [inline] truncate_cleanup_folio+0x241/0x350 mm/truncate.c:146 truncate_inode_pages_range+0x1fd/0x880 mm/truncate.c:326 ext4_evict_inode+0x22d/0x1330 fs/ext4/inode.c:198 evict+0x337/0x7c0 fs/inode.c:796 iput_final fs/inode.c:1946 [inline] iput fs/inode.c:1972 [inline] iput+0x4c3/0x6a0 fs/inode.c:1958 do_unlinkat+0x4fa/0x690 fs/namei.c:4594 __do_sys_unlink fs/namei.c:4635 [inline] __se_sys_unlink fs/namei.c:4633 [inline] __x64_sys_unlink+0xbc/0x100 fs/namei.c:4633 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4ce0d7b7b Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc04bc7738 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd4ce0d7b7b RDX: 00007ffc04bc7760 RSI: 00007ffc04bc77f0 RDI: 00007ffc04bc77f0 RBP: 00007ffc04bc77f0 R08: 0000000000000000 R09: 00007ffc04bc75c0 audit: type=1326 audit(1737757667.836:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4049 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f16c19e842d code=0x0 R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc04bc88d0 R13: 00007fd4ce19667b R14: 000000000000e790 R15: 000000000000000d </TASK> ————————————————CallTrace———————————————— If you need more details or additional test results, please feel free to let us know. Thank you so much for your attention! Please don't hesitate to reach out if you have any suggestions or need further communication. Best regards, Luka
