syzbot

------------[ cut here ]------------
kernel BUG at ./include/linux/pagemap.h:1379!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 12589 Comm: syz.1.1409 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__readahead_folio include/linux/pagemap.h:1379 [inline]
RIP: 0010:readahead_folio include/linux/pagemap.h:1405 [inline]
RIP: 0010:mpage_readahead+0x637/0x650 fs/mpage.c:367
Code: c6 60 d9 99 8b e8 09 12 c1 ff 90 0f 0b e8 51 e5 7c ff 4c 89 ef 48 c7 c6 c0 d9 99 8b e8 f2 11 c1 ff 90 0f 0b e8 3a e5 7c ff 90 <0f> 0b e8 32 e5 7c ff 90 0f 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00
RSP: 0000:ffffc9001137f180 EFLAGS: 00010287
RAX: ffffffff82434086 RBX: 0000000000000001 RCX: 0000000000080000
RDX: ffffc9000e0e2000 RSI: 00000000000051b0 RDI: 00000000000051b1
RBP: ffffc9001137f370 R08: ffffea0001de4d07 R09: 1ffffd40003bc9a0
R10: dffffc0000000000 R11: fffff940003bc9a1 R12: dffffc0000000000
R13: ffffc9001137f728 R14: 0000000000000004 R15: ffffc9001137f740
FS:  00007f70e61fc6c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2a978c CR3: 000000002c43a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 read_pages+0x17a/0x580 mm/readahead.c:160
 page_cache_ra_unbounded+0x346/0x7b0 mm/readahead.c:264
 filemap_get_pages+0x43c/0x1ea0 mm/filemap.c:2602
 filemap_splice_read+0x4fc/0xbc0 mm/filemap.c:2990
 do_splice_read fs/splice.c:979 [inline]
 splice_direct_to_actor+0x4a6/0xcc0 fs/splice.c:1083
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x181/0x270 fs/splice.c:1227
 do_sendfile+0x4da/0x7e0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64+0x13e/0x190 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f70e538ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f70e61fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f70e55b5fa0 RCX: 00007f70e538ebe9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f70e5411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000201e00 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f70e55b6038 R14: 00007f70e55b5fa0 R15: 00007ffd5c34d6a8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__readahead_folio include/linux/pagemap.h:1379 [inline]
RIP: 0010:readahead_folio include/linux/pagemap.h:1405 [inline]
RIP: 0010:mpage_readahead+0x637/0x650 fs/mpage.c:367
Code: c6 60 d9 99 8b e8 09 12 c1 ff 90 0f 0b e8 51 e5 7c ff 4c 89 ef 48 c7 c6 c0 d9 99 8b e8 f2 11 c1 ff 90 0f 0b e8 3a e5 7c ff 90 <0f> 0b e8 32 e5 7c ff 90 0f 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00
RSP: 0000:ffffc9001137f180 EFLAGS: 00010287
RAX: ffffffff82434086 RBX: 0000000000000001 RCX: 0000000000080000
RDX: ffffc9000e0e2000 RSI: 00000000000051b0 RDI: 00000000000051b1
RBP: ffffc9001137f370 R08: ffffea0001de4d07 R09: 1ffffd40003bc9a0
R10: dffffc0000000000 R11: fffff940003bc9a1 R12: dffffc0000000000
R13: ffffc9001137f728 R14: 0000000000000004 R15: ffffc9001137f740
FS:  00007f70e61fc6c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff18b516e9c CR3: 000000002c43a000 CR4: 00000000003526f0