./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3077026866 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor3077026866", ["./syz-executor3077026866"], 0x7ffcd4299830 /* 10 vars */) = 0 brk(NULL) = 0x55557f05b000 brk(0x55557f05bd00) = 0x55557f05bd00 arch_prctl(ARCH_SET_FS, 0x55557f05b380) = 0 set_tid_address(0x55557f05b650) = 5851 set_robust_list(0x55557f05b660, 24) = 0 rseq(0x55557f05bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3077026866", 4096) = 28 getrandom("\x00\x9a\x72\xac\x9a\x67\x60\x7a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557f05bd00 brk(0x55557f07cd00) = 0x55557f07cd00 brk(0x55557f07d000) = 0x55557f07d000 mprotect(0x7f5618567000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f05b650) = 5852 ./strace-static-x86_64: Process 5852 attached [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] set_robust_list(0x55557f05b660, 24) = 0 ./strace-static-x86_64: Process 5853 attached [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... clone resumed>, child_tidptr=0x55557f05b650) = 5853 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5853] set_robust_list(0x55557f05b660, 24) = 0 ./strace-static-x86_64: Process 5855 attached ./strace-static-x86_64: Process 5854 attached [pid 5853] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] set_robust_list(0x55557f05b660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55557f05b650) = 5855 ./strace-static-x86_64: Process 5856 attached [pid 5851] <... clone resumed>, child_tidptr=0x55557f05b650) = 5854 [pid 5855] set_robust_list(0x55557f05b660, 24 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... clone resumed>, child_tidptr=0x55557f05b650) = 5856 [pid 5856] set_robust_list(0x55557f05b660, 24 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5857 attached [pid 5856] <... prctl resumed>) = 0 [pid 5855] <... prctl resumed>) = 0 [pid 5856] setpgid(0, 0 [pid 5855] setpgid(0, 0 [pid 5856] <... setpgid resumed>) = 0 [pid 5855] <... setpgid resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5858 attached [pid 5857] set_robust_list(0x55557f05b660, 24 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... clone resumed>, child_tidptr=0x55557f05b650) = 5857 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5858] set_robust_list(0x55557f05b660, 24) = 0 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] <... openat resumed>) = 3 [pid 5855] <... openat resumed>) = 3 [pid 5854] <... clone resumed>, child_tidptr=0x55557f05b650) = 5858 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5856] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 5859 attached [pid 5858] <... prctl resumed>) = 0 [pid 5856] close(3 [pid 5855] write(3, "1000", 4 [pid 5859] set_robust_list(0x55557f05b660, 24 [pid 5858] setpgid(0, 0 [pid 5857] <... clone resumed>, child_tidptr=0x55557f05b650) = 5859 [pid 5856] <... close resumed>) = 0 [pid 5855] <... write resumed>) = 4 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5856] write(1, "executing program\n", 18 [pid 5855] close(3executing program executing program [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5856] <... write resumed>) = 18 [pid 5855] <... close resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000 [pid 5855] write(1, "executing program\n", 18 [pid 5859] <... prctl resumed>) = 0 [pid 5858] <... setpgid resumed>) = 0 [pid 5855] <... write resumed>) = 18 [pid 5859] setpgid(0, 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5856] <... openat resumed>) = 3 [pid 5859] <... setpgid resumed>) = 0 [pid 5856] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5855] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000 [pid 5858] <... openat resumed>) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5855] <... openat resumed>) = 3 [pid 5858] close(3) = 0 [pid 5855] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5858] write(1, "executing program\n", 18executing program ) = 18 [pid 5858] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000) = 3 [pid 5858] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] write(1, "executing program\n", 18executing program ) = 18 [pid 5859] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000) = 3 [pid 5859] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5856] <... mmap resumed>) = 0x200000000000 [pid 5855] <... mmap resumed>) = 0x200000000000 [pid 5858] <... mmap resumed>) = 0x200000000000 [pid 5859] <... mmap resumed>) = 0x200000000000 [pid 5859] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5858] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5856] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5855] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5858] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ [pid 5854] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5854] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5854] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x55557f05b660, 24 [pid 5854] <... clone resumed>, child_tidptr=0x55557f05b650) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0 [pid 5859] <... ioctl resumed>) = 0 [pid 5860] <... setpgid resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 executing program [pid 5860] close(3 [pid 5859] exit_group(0 [pid 5860] <... close resumed>) = 0 [pid 5860] write(1, "executing program\n", 18) = 18 [pid 5860] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000) = 3 [pid 5860] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5859] <... exit_group resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5857] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5857] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 88.911685][ T5855] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x2dd pfn:0x71476 [ 88.911862][ T5856] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xb3b pfn:0x712da [ 88.923270][ T5855] memcg:ffff8881404a8000 [ 88.930464][ T5856] memcg:ffff8881404a8000 [ 88.939729][ T5856] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 88.950220][ T5856] raw: 00fff00000000001 0000000000000000 dead000000000122 0000000000000000 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached , child_tidptr=0x55557f05b650) = 5861 [ 88.959630][ T5856] raw: 0000000000000b3b 0000000000000000 00000001ffffffff ffff8881404a8000 [ 88.961433][ T5855] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 88.979630][ T5856] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 88.980134][ T5855] raw: 00fff00000000001 0000000000000000 dead000000000122 0000000000000000 [ 89.003235][ T5855] raw: 00000000000002dd 0000000000000000 00000001ffffffff ffff8881404a8000 [pid 5861] set_robust_list(0x55557f05b660, 24) = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [ 89.012246][ T5856] page_owner tracks the page as allocated [ 89.014862][ T5855] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 89.031117][ T5856] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5856, tgid 5856 (syz-executor307), ts 88911840046, free_ts 88911121685 [ 89.032540][ T5855] page_owner tracks the page as allocated [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] <... mmap resumed>) = 0x200000000000 [pid 5861] <... openat resumed>) = 3 [pid 5860] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5861] write(3, "1000", 4 [pid 5860] <... ioctl resumed>) = 0 [ 89.061586][ T5855] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5855, tgid 5855 (syz-executor307), ts 88911605552, free_ts 88865357063 [ 89.069532][ T5856] post_alloc_hook+0x240/0x2a0 [ 89.085170][ T5855] post_alloc_hook+0x240/0x2a0 [ 89.088310][ T5856] get_page_from_freelist+0x21e4/0x22c0 [ 89.092924][ T5855] get_page_from_freelist+0x21e4/0x22c0 [ 89.098297][ T5856] __alloc_frozen_pages_noprof+0x181/0x370 [pid 5861] <... write resumed>) = 4 [pid 5860] exit_group(0 [pid 5861] close(3 [pid 5860] <... exit_group resumed>) = ? [pid 5861] <... close resumed>) = 0 [pid 5861] write(1, "executing program\n", 18 [pid 5860] +++ exited with 0 +++ executing program [pid 5861] <... write resumed>) = 18 [pid 5854] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5854] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5861] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000 [pid 5854] <... clone resumed>, child_tidptr=0x55557f05b650) = 5862 [ 89.106529][ T5855] __alloc_frozen_pages_noprof+0x181/0x370 [ 89.109887][ T5856] alloc_pages_mpol+0x232/0x4a0 [ 89.117491][ T5855] alloc_pages_mpol+0x232/0x4a0 [ 89.120465][ T5856] alloc_pages_noprof+0xa9/0x190 [ 89.125436][ T5855] alloc_pages_noprof+0xa9/0x190 [ 89.136857][ T5855] folio_alloc_noprof+0x1e/0x30 [ 89.141777][ T5855] filemap_alloc_folio_noprof+0xdf/0x470 [ 89.148296][ T5856] folio_alloc_noprof+0x1e/0x30 [ 89.153443][ T5856] filemap_alloc_folio_noprof+0xdf/0x470 ./strace-static-x86_64: Process 5862 attached [pid 5861] <... openat resumed>) = 3 [pid 5862] set_robust_list(0x55557f05b660, 24 [pid 5861] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 89.156098][ T5855] page_cache_ra_order+0x4de/0xd40 [ 89.160619][ T5856] page_cache_ra_order+0x4de/0xd40 [ 89.167133][ T5855] do_sync_mmap_readahead+0x25e/0x7a0 [ 89.170196][ T5856] do_sync_mmap_readahead+0x25e/0x7a0 [ 89.175449][ T5855] filemap_fault+0x755/0x13d0 [ 89.184215][ T5856] filemap_fault+0x755/0x13d0 [ 89.187274][ T5855] __do_fault+0x138/0x390 [ 89.190022][ T5856] __do_fault+0x138/0x390 [ 89.195203][ T5855] __handle_mm_fault+0x3611/0x5440 [ 89.203783][ T5856] __handle_mm_fault+0x3611/0x5440 [pid 5862] setpgid(0, 0 [pid 5861] <... mmap resumed>) = 0x200000000000 [pid 5862] <... setpgid resumed>) = 0 [pid 5861] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5861] <... ioctl resumed>) = 0 [pid 5862] <... openat resumed>) = 3 [pid 5861] exit_group(0 [pid 5862] write(3, "1000", 4 [pid 5861] <... exit_group resumed>) = ? [ 89.206032][ T5855] handle_mm_fault+0x40a/0x8e0 [ 89.213154][ T5856] handle_mm_fault+0x40a/0x8e0 [ 89.217356][ T5855] do_user_addr_fault+0x764/0x1390 [ 89.218932][ T5856] do_user_addr_fault+0x764/0x1390 [ 89.224722][ T5855] exc_page_fault+0x76/0xf0 [ 89.229799][ T5856] exc_page_fault+0x76/0xf0 [ 89.236330][ T5855] asm_exc_page_fault+0x26/0x30 [ 89.239185][ T5856] asm_exc_page_fault+0x26/0x30 [ 89.244159][ T5855] page last free pid 5858 tgid 5858 stack trace: [ 89.248066][ T5856] page last free pid 5859 tgid 5859 stack trace: [pid 5862] <... write resumed>) = 4 [pid 5862] close(3 [pid 5861] +++ exited with 0 +++ [pid 5857] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5857] restart_syscall(<... resuming interrupted clone ...> [pid 5862] <... close resumed>) = 0 [pid 5857] <... restart_syscall resumed>) = 0 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f05b650) = 5863 ./strace-static-x86_64: Process 5863 attached [pid 5862] write(1, "executing program\n", 18executing program [pid 5863] set_robust_list(0x55557f05b660, 24 [pid 5862] <... write resumed>) = 18 [pid 5863] <... set_robust_list resumed>) = 0 [ 89.256746][ T5855] free_unref_folios+0xdbd/0x1520 [ 89.267719][ T5855] folios_put_refs+0x559/0x640 [ 89.270119][ T5856] free_unref_folios+0xdbd/0x1520 [ 89.276296][ T5855] free_pages_and_swap_cache+0x277/0x520 [ 89.277948][ T5856] folios_put_refs+0x559/0x640 [ 89.288406][ T5856] truncate_inode_pages_range+0x346/0xda0 [ 89.289401][ T5855] tlb_flush_mmu+0x3a0/0x680 [ 89.294828][ T5856] set_blocksize+0x32a/0x500 [ 89.301204][ T5855] tlb_finish_mmu+0xc3/0x1d0 [ 89.304576][ T5856] blkdev_bszset+0x1ac/0x220 [pid 5862] openat(AT_FDCWD, "/dev/rnullb0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME, 000 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5862] <... openat resumed>) = 3 [pid 5863] <... prctl resumed>) = 0 [pid 5862] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5863] setpgid(0, 0 [pid 5862] <... mmap resumed>) = 0x200000000000 [pid 5863] <... setpgid resumed>) = 0 [ 89.309047][ T5855] exit_mmap+0x44c/0xb50 [ 89.313966][ T5856] blkdev_ioctl+0x430/0x6d0 [ 89.319128][ T5855] __mmput+0x118/0x430 [ 89.322297][ T5856] __se_sys_ioctl+0xf9/0x170 [ 89.327109][ T5855] exit_mm+0x1da/0x2c0 [ 89.336283][ T5855] do_exit+0x648/0x2300 [ 89.340550][ T5855] do_group_exit+0x21c/0x2d0 [ 89.343225][ T5856] do_syscall_64+0xfa/0x3b0 [ 89.347113][ T5855] __x64_sys_exit_group+0x3f/0x40 [ 89.350511][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 5862] ioctl(3, BLKBSZSET, 0x200000000000 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5862] <... ioctl resumed>) = 0 [ 89.355658][ T5855] x64_sys_call+0x21f7/0x2200 [ 89.362259][ T5856] ------------[ cut here ]------------ [ 89.367759][ T5855] do_syscall_64+0xfa/0x3b0 [ 89.371057][ T5856] kernel BUG at mm/filemap.c:868! [ 89.375909][ T5855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.387317][ T5856] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 89.388412][ T5855] ------------[ cut here ]------------ [ 89.393616][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor307 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 89.399309][ T5855] kernel BUG at mm/filemap.c:868! [ 89.411016][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.411040][ T5856] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 89.432163][ T5856] Code: 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 9b c1 10 00 90 0f 0b e8 23 41 c9 ff 4c 89 e7 48 c7 c6 00 36 b4 8b e8 84 c1 10 00 90 <0f> 0b e8 0c 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 6d c1 10 00 [ 89.451782][ T5856] RSP: 0018:ffffc900040373a0 EFLAGS: 00010246 [ 89.457859][ T5856] RAX: 7706b19e9bfac300 RBX: 0000000000000000 RCX: 0000000000000000 [ 89.465841][ T5856] RDX: 0000000000000007 RSI: ffffffff8dc6a0fe RDI: 00000000ffffffff [ 89.473829][ T5856] RBP: ffffc90004037510 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6 [ 89.481810][ T5856] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: ffffea0001c4b680 [ 89.489785][ T5856] R13: dffffc0000000000 R14: ffffea0001c4b688 R15: 0000000000000004 [ 89.497772][ T5856] FS: 000055557f05b380(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000 [ 89.506707][ T5856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.513300][ T5856] CR2: 00007f561856e110 CR3: 0000000072a82000 CR4: 00000000003526f0 [ 89.521271][ T5856] Call Trace: [ 89.524556][ T5856] [ 89.527490][ T5856] ? __pfx_memcg1_commit_charge+0x10/0x10 [ 89.533209][ T5856] ? get_mem_cgroup_from_mm+0x38/0x2a0 [ 89.538670][ T5856] ? __pfx___filemap_add_folio+0x10/0x10 [ 89.544320][ T5856] filemap_add_folio+0xd5/0x270 [ 89.549188][ T5856] page_cache_ra_order+0x643/0xd40 [ 89.554316][ T5856] do_sync_mmap_readahead+0x25e/0x7a0 [ 89.559782][ T5856] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 89.565678][ T5856] ? count_memcg_event_mm+0x1d/0x250 [ 89.570983][ T5856] ? count_memcg_event_mm+0x1d/0x250 [ 89.576278][ T5856] filemap_fault+0x755/0x13d0 [ 89.580960][ T5856] ? __pfx_filemap_fault+0x10/0x10 [ 89.586072][ T5856] ? __pfx_filemap_map_pages+0x10/0x10 [ 89.591531][ T5856] ? __handle_mm_fault+0x27b7/0x5440 [ 89.596815][ T5856] __do_fault+0x138/0x390 [ 89.601144][ T5856] __handle_mm_fault+0x3611/0x5440 [ 89.606258][ T5856] ? __pfx___handle_mm_fault+0x10/0x10 [ 89.611718][ T5856] ? find_vma+0xe7/0x160 [ 89.615958][ T5856] ? __pfx_find_vma+0x10/0x10 [ 89.620649][ T5856] handle_mm_fault+0x40a/0x8e0 [ 89.625413][ T5856] do_user_addr_fault+0x764/0x1390 [ 89.630543][ T5856] exc_page_fault+0x76/0xf0 [ 89.635046][ T5856] asm_exc_page_fault+0x26/0x30 [ 89.639888][ T5856] RIP: 0010:__get_user_4+0x14/0x20 [ 89.645014][ T5856] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 89.664630][ T5856] RSP: 0018:ffffc90004037d38 EFLAGS: 00050287 [ 89.670718][ T5856] RAX: 0000200000000000 RBX: 1ffff92000806fac RCX: 7706b19e9bfac300 [ 89.678703][ T5856] RDX: 00007ffffffff000 RSI: ffffffff8de5b067 RDI: ffffffff8c04d400 [ 89.686669][ T5856] RBP: ffffc90004037df0 R08: 0000000000000000 R09: ffffffff820bcfa0 [ 89.694636][ T5856] R10: dffffc0000000000 R11: ffffed1003751f21 R12: ffff888023100880 [ 89.702602][ T5856] R13: dffffc0000000000 R14: ffff88807211ae00 R15: 0000200000000000 [ 89.710571][ T5856] ? __might_fault+0xb0/0x130 [ 89.715245][ T5856] blkdev_bszset+0xfb/0x220 [ 89.719765][ T5856] ? __pfx_blkdev_bszset+0x10/0x10 [ 89.724878][ T5856] blkdev_ioctl+0x430/0x6d0 [ 89.729378][ T5856] ? __pfx_blkdev_ioctl+0x10/0x10 [ 89.734419][ T5856] ? bpf_lsm_file_ioctl+0x9/0x20 [ 89.739354][ T5856] ? __pfx_blkdev_ioctl+0x10/0x10 [ 89.744394][ T5856] __se_sys_ioctl+0xf9/0x170 [ 89.749003][ T5856] do_syscall_64+0xfa/0x3b0 [ 89.753506][ T5856] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.758705][ T5856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.764766][ T5856] ? clear_bhb_loop+0x60/0xb0 [ 89.769464][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.775352][ T5856] RIP: 0033:0x7f56184f4b69 [ 89.779776][ T5856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.799376][ T5856] RSP: 002b:00007ffc67551ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.807786][ T5856] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f56184f4b69 [ 89.815771][ T5856] RDX: 0000200000000000 RSI: 0000000040081271 RDI: 0000000000000003 [ 89.823756][ T5856] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000 [ 89.831721][ T5856] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 89.839684][ T5856] R13: 00007ffc67551f18 R14: 00007ffc67551d20 R15: 00007ffc67551d10 [ 89.847655][ T5856] [ 89.850669][ T5856] Modules linked in: [ 89.854627][ T5855] Oops: invalid opcode: 0000 [#2] SMP KASAN PTI [ 89.855194][ T5856] ---[ end trace 0000000000000000 ]--- [pid 5863] <... openat resumed>) = 3 [ 89.860923][ T5855] CPU: 0 UID: 0 PID: 5855 Comm: syz-executor307 Tainted: G D 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 89.879916][ T5855] Tainted: [D]=DIE [ 89.883674][ T5855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.893828][ T5855] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 89.899908][ T5855] Code: 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 9b c1 10 00 90 0f 0b e8 23 41 c9 ff 4c 89 e7 48 c7 c6 00 36 b4 8b e8 84 c1 10 00 90 <0f> 0b e8 0c 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 6d c1 10 00 [ 89.919519][ T5855] RSP: 0018:ffffc90003ff73a0 EFLAGS: 00010246 [ 89.925590][ T5855] RAX: fc91fcf5c8c23700 RBX: 0000000000000000 RCX: ffffffff99f2a303 [ 89.933561][ T5855] RDX: 0000000000000000 RSI: ffffffff8c04d3e0 RDI: 00000000ffffffff [ 89.941532][ T5855] RBP: ffffc90003ff7510 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6 [ 89.949529][ T5855] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: ffffea0001c51d80 [ 89.957507][ T5855] R13: dffffc0000000000 R14: ffffea0001c51d88 R15: 0000000000000004 [ 89.965487][ T5855] FS: 000055557f05b380(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000 [ 89.974424][ T5855] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.981014][ T5855] CR2: 00007ffc67551bf8 CR3: 0000000072146000 CR4: 00000000003526f0 [ 89.988991][ T5855] Call Trace: [ 89.992271][ T5855] [ 89.995230][ T5855] ? __pfx_memcg1_commit_charge+0x10/0x10 [ 90.000955][ T5855] ? get_mem_cgroup_from_mm+0x38/0x2a0 [ 90.006425][ T5855] ? __pfx___filemap_add_folio+0x10/0x10 [ 90.012157][ T5855] filemap_add_folio+0xd5/0x270 [ 90.017015][ T5855] page_cache_ra_order+0x643/0xd40 [ 90.022141][ T5855] do_sync_mmap_readahead+0x25e/0x7a0 [ 90.027524][ T5855] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 90.033428][ T5855] ? count_memcg_event_mm+0x1d/0x250 [ 90.038724][ T5855] ? count_memcg_event_mm+0x1d/0x250 [ 90.044018][ T5855] filemap_fault+0x755/0x13d0 [ 90.048718][ T5855] ? __pfx_filemap_fault+0x10/0x10 [ 90.053836][ T5855] ? __pfx_filemap_map_pages+0x10/0x10 [ 90.059302][ T5855] ? __handle_mm_fault+0x27b7/0x5440 [ 90.064607][ T5855] __do_fault+0x138/0x390 [ 90.068975][ T5855] __handle_mm_fault+0x3611/0x5440 [ 90.074119][ T5855] ? __pfx___handle_mm_fault+0x10/0x10 [ 90.079591][ T5855] ? find_vma+0xe7/0x160 [ 90.083839][ T5855] ? __pfx_find_vma+0x10/0x10 [ 90.088528][ T5855] handle_mm_fault+0x40a/0x8e0 [ 90.093304][ T5855] do_user_addr_fault+0x764/0x1390 [ 90.098426][ T5855] exc_page_fault+0x76/0xf0 [ 90.102939][ T5855] asm_exc_page_fault+0x26/0x30 [ 90.107792][ T5855] RIP: 0010:__get_user_4+0x14/0x20 [ 90.112907][ T5855] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 90.132617][ T5855] RSP: 0018:ffffc90003ff7d38 EFLAGS: 00050287 [ 90.138702][ T5855] RAX: 0000200000000000 RBX: 1ffff920007fefac RCX: fc91fcf5c8c23700 [ 90.146679][ T5855] RDX: 00007ffffffff000 RSI: ffffffff8de5b067 RDI: ffffffff8c04d400 [ 90.154656][ T5855] RBP: ffffc90003ff7df0 R08: 0000000000000000 R09: ffffffff820bcfa0 [ 90.162628][ T5855] R10: dffffc0000000000 R11: ffffed1003751f21 R12: ffff888023100880 [ 90.170603][ T5855] R13: dffffc0000000000 R14: ffff88803116f500 R15: 0000200000000000 [ 90.178588][ T5855] ? __might_fault+0xb0/0x130 [ 90.183277][ T5855] blkdev_bszset+0xfb/0x220 [ 90.187791][ T5855] ? __pfx_blkdev_bszset+0x10/0x10 [ 90.192921][ T5855] blkdev_ioctl+0x430/0x6d0 [ 90.197436][ T5855] ? __pfx_blkdev_ioctl+0x10/0x10 [ 90.202473][ T5855] ? bpf_lsm_file_ioctl+0x9/0x20 [ 90.207409][ T5855] ? __pfx_blkdev_ioctl+0x10/0x10 [ 90.212439][ T5855] __se_sys_ioctl+0xf9/0x170 [ 90.217036][ T5855] do_syscall_64+0xfa/0x3b0 [ 90.221555][ T5855] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.226771][ T5855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.232838][ T5855] ? clear_bhb_loop+0x60/0xb0 [ 90.237520][ T5855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.243435][ T5855] RIP: 0033:0x7f56184f4b69 [ 90.247874][ T5855] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.267494][ T5855] RSP: 002b:00007ffc67551ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.275928][ T5855] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f56184f4b69 [ 90.283903][ T5855] RDX: 0000200000000000 RSI: 0000000040081271 RDI: 0000000000000003 [ 90.291878][ T5855] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000 [ 90.299847][ T5855] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 90.307826][ T5855] R13: 00007ffc67551f18 R14: 00007ffc67551d20 R15: 00007ffc67551d10 [ 90.315809][ T5855] [ 90.318837][ T5855] Modules linked in: [ 90.322907][ T5856] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 90.323021][ T5855] ---[ end trace 0000000000000000 ]--- [ 90.329062][ T5856] Code: 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 9b c1 10 00 90 0f 0b e8 23 41 c9 ff 4c 89 e7 48 c7 c6 00 36 b4 8b e8 84 c1 10 00 90 <0f> 0b e8 0c 41 c9 ff 4c 89 e7 48 c7 c6 20 3f b4 8b e8 6d c1 10 00 [ 90.329084][ T5856] RSP: 0018:ffffc900040373a0 EFLAGS: 00010246 [ 90.329104][ T5856] RAX: 7706b19e9bfac300 RBX: 0000000000000000 RCX: 0000000000000000 [ 90.329118][ T5856] RDX: 0000000000000007 RSI: ffffffff8dc6a0fe RDI: 00000000ffffffff [ 90.329131][ T5856] RBP: ffffc90004037510 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6 [ 90.329148][ T5856] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: ffffea0001c4b680 [ 90.329163][ T5856] R13: dffffc0000000000 R14: ffffea0001c4b688 R15: 0000000000000004 [ 90.329179][ T5856] FS: 000055557f05b380(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000 [ 90.329197][ T5856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.329210][ T5856] CR2: 00007f561856e110 CR3: 0000000072a82000 CR4: 00000000003526f0 [ 90.329230][ T5856] Kernel panic - not syncing: Fatal exception [ 90.329564][ T5856] Kernel Offset: disabled