syzbot

 __folio_batch_release+0x71/0xe0 mm/swap.c:1042
 folio_batch_release include/linux/pagevec.h:83 [inline]
 truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:371
 evict+0x499/0x870 fs/inode.c:707
 erofs_put_super+0x7b/0x150 fs/erofs/super.c:815
 generic_shutdown_super+0x134/0x2b0 fs/super.c:693
 kill_block_super+0x44/0x90 fs/super.c:1660
 erofs_kill_sb+0x4c/0x140 fs/erofs/super.c:794
 deactivate_locked_super+0x97/0x100 fs/super.c:481
 cleanup_mnt+0x429/0x4c0 fs/namespace.c:1250
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
------------[ cut here ]------------
kernel BUG at include/linux/memcontrol.h:387!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5812 Comm: udevd Not tainted 6.6.94-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__folio_memcg include/linux/memcontrol.h:387 [inline]
RIP: 0010:folio_memcg+0x266/0x480 include/linux/memcontrol.h:440
Code: 48 25 ff 0f 00 00 0f 84 07 01 00 00 e8 33 1b cb ff e9 8c fe ff ff e8 29 1b cb ff 48 89 df 48 c7 c6 40 6c b3 8a e8 da 40 0c 00 <0f> 0b e8 13 1b cb ff 48 89 df 48 c7 c6 40 64 b3 8a e8 c4 40 0c 00
RSP: 0018:ffffc9000490f888 EFLAGS: 00010046
RAX: b5f727d631f07200 RBX: ffffea0000938c40 RCX: b5f727d631f07200
RDX: 0000000000000004 RSI: ffffffff8aaac440 RDI: ffffffff8afc6900
RBP: 1ffffd4000127189 R08: ffffffff8e49ab2f R09: 1ffffffff1c93565
R10: dffffc0000000000 R11: fffffbfff1c93566 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000800
FS:  00007efd83b44880(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c65ffff CR3: 0000000027a09000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 folio_matches_lruvec include/linux/memcontrol.h:1626 [inline]
 folio_lruvec_relock_irqsave include/linux/memcontrol.h:1648 [inline]
 folio_batch_move_lru+0x2aa/0x6b0 mm/swap.c:208
 folio_add_lru+0x434/0xd50 mm/swap.c:509
 shmem_get_folio_gfp+0xff7/0x2ac0 mm/shmem.c:2078
 shmem_get_folio mm/shmem.c:2165 [inline]
 shmem_write_begin+0xf2/0x420 mm/shmem.c:2707
 generic_perform_write+0x2fb/0x5b0 mm/filemap.c:4016
 shmem_file_write_iter+0xfb/0x120 mm/shmem.c:2884
 call_write_iter include/linux/fs.h:2018 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x43b/0x940 fs/read_write.c:584
 ksys_write+0x147/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7efd834a7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffe86909630 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007efd83b44880 RCX: 00007efd834a7407
RDX: 0000000000000020 RSI: 0000560199c408f0 RDI: 0000000000000009
RBP: 0000560199c408f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020
R13: 0000560199c3c7a0 R14: 00007efd835efea0 R15: 000056016531a9dd
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__folio_memcg include/linux/memcontrol.h:387 [inline]
RIP: 0010:folio_memcg+0x266/0x480 include/linux/memcontrol.h:440
Code: 48 25 ff 0f 00 00 0f 84 07 01 00 00 e8 33 1b cb ff e9 8c fe ff ff e8 29 1b cb ff 48 89 df 48 c7 c6 40 6c b3 8a e8 da 40 0c 00 <0f> 0b e8 13 1b cb ff 48 89 df 48 c7 c6 40 64 b3 8a e8 c4 40 0c 00
RSP: 0018:ffffc9000490f888 EFLAGS: 00010046
RAX: b5f727d631f07200 RBX: ffffea0000938c40 RCX: b5f727d631f07200
RDX: 0000000000000004 RSI: ffffffff8aaac440 RDI: ffffffff8afc6900
RBP: 1ffffd4000127189 R08: ffffffff8e49ab2f R09: 1ffffffff1c93565
R10: dffffc0000000000 R11: fffffbfff1c93566 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000800
FS:  00007efd83b44880(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c65ffff CR3: 0000000027a09000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400