head: ffffffff000001af 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142450f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091400 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 60400 hardirqs last enabled at (60399): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (60400): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (57180): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (57180): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (57065): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:417 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:416 entire_mapcount:0 nr_pages_mapped:416 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 000001a1ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 000001a1ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 000001a00000019f 00000000ffffffff head: ffffffff0000019f 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142460f43 x27: 1fffffbff8812003 x26: 0010000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091800 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 60580 hardirqs last enabled at (60579): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (60580): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (60556): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (60556): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (60403): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:416 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:415 entire_mapcount:0 nr_pages_mapped:415 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 000001a0ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 000001a0ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019f0000019e 00000000ffffffff head: ffffffff0000019e 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142461f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091840 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 60930 hardirqs last enabled at (60929): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (60930): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (60906): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (60906): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (60583): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:415 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:414 entire_mapcount:0 nr_pages_mapped:414 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019fffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019fffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019e0000019d 00000000ffffffff head: ffffffff0000019d 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142462f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091880 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 61596 hardirqs last enabled at (61595): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (61596): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (61572): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (61572): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (60933): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:414 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:413 entire_mapcount:0 nr_pages_mapped:413 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019effffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019effffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019d0000019c 00000000ffffffff head: ffffffff0000019c 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142463f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc40918c0 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 62272 hardirqs last enabled at (62271): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (62272): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (62250): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (62250): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (62021): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:413 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:412 entire_mapcount:0 nr_pages_mapped:412 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019dffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019dffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019c0000019b 00000000ffffffff head: ffffffff0000019b 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142464f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091900 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 62354 hardirqs last enabled at (62353): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (62354): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (62330): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (62330): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (62275): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:412 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:411 entire_mapcount:0 nr_pages_mapped:411 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019cffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019cffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019b0000019a 00000000ffffffff head: ffffffff0000019a 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142465f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091940 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 62684 hardirqs last enabled at (62683): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (62684): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (62660): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (62660): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (62357): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:411 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:410 entire_mapcount:0 nr_pages_mapped:410 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019bffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019bffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019a00000199 00000000ffffffff head: ffffffff00000199 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142466f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091980 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 62856 hardirqs last enabled at (62855): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (62856): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (62832): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (62832): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (62687): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:410 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:409 entire_mapcount:0 nr_pages_mapped:409 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 0000019affffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 0000019affffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019900000198 00000000ffffffff head: ffffffff00000198 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142467f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc40919c0 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 63128 hardirqs last enabled at (63127): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (63127): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (63128): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (63086): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (63086): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (62979): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:409 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:408 entire_mapcount:0 nr_pages_mapped:408 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000199ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000199ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019800000197 00000000ffffffff head: ffffffff00000197 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142468f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091a00 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 63320 hardirqs last enabled at (63319): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (63320): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (63296): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (63296): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (63131): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:408 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:407 entire_mapcount:0 nr_pages_mapped:407 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000198ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000198ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019700000196 00000000ffffffff head: ffffffff00000196 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142469f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091a40 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 63648 hardirqs last enabled at (63647): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (63648): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (63624): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (63624): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (63323): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:407 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:406 entire_mapcount:0 nr_pages_mapped:406 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000197ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000197ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019600000195 00000000ffffffff head: ffffffff00000195 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246af43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091a80 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 63918 hardirqs last enabled at (63917): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (63917): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (63918): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (63876): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (63876): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (63771): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:406 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:405 entire_mapcount:0 nr_pages_mapped:405 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000196ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000196ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019500000194 00000000ffffffff head: ffffffff00000194 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246bf43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091ac0 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 64186 hardirqs last enabled at (64185): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (64185): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (64186): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (64144): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (64144): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (64043): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:405 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:404 entire_mapcount:0 nr_pages_mapped:404 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000195ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000195ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019400000193 00000000ffffffff head: ffffffff00000193 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246cf43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091b00 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 64390 hardirqs last enabled at (64389): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (64390): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (64368): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (64368): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (64349): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:404 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:403 entire_mapcount:0 nr_pages_mapped:403 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000194ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000194ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019300000192 00000000ffffffff head: ffffffff00000192 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246df43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091b40 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 64652 hardirqs last enabled at (64651): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (64652): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (64630): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (64630): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (64529): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:403 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:402 entire_mapcount:0 nr_pages_mapped:402 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000193ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000193ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019200000191 00000000ffffffff head: ffffffff00000191 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246ef43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091b80 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 64976 hardirqs last enabled at (64975): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (64975): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (64976): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (64934): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (64934): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (64827): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:402 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:401 entire_mapcount:0 nr_pages_mapped:401 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000192ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000192ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000019100000190 00000000ffffffff head: ffffffff00000190 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a800014246ff43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091bc0 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4c88 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 65080 hardirqs last enabled at (65079): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2356 hardirqs last disabled at (65080): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (65036): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (65036): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (64979): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:401 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:400 entire_mapcount:0 nr_pages_mapped:400 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000191ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000191ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 000001900000018f 00000000ffffffff head: ffffffff0000018f 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142470f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091c00 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 65382 hardirqs last enabled at (65381): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (65381): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (65382): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (65340): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (65340): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (65239): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:400 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x142400 head: order:9 mapcount:399 entire_mapcount:0 nr_pages_mapped:399 pincount:0 memcg:ffff0000d49cb200 anon flags: 0x5ffc00000021079(locked|uptodate|dirty|lru|arch_1|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 raw: 0000000000020000 0000000000000000 00000190ffffffff ffff0000d49cb200 head: 05ffc00000021079 fffffdffc3853a88 fffffdffc399f908 ffff0000df4ad441 head: 0000000000020000 0000000000000000 00000190ffffffff ffff0000d49cb200 head: 05ffc00000010209 fffffdffc4090001 0000018f0000018e 00000000ffffffff head: ffffffff0000018e 0000000000000030 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO(writable && folio_test_anon(folio) && !anon_exclusive) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7883 at mm/rmap.c:2452 try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 Modules linked in: CPU: 1 UID: 0 PID: 7883 Comm: syz.1.165 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 lr : try_to_migrate_one+0x1858/0x2b34 mm/rmap.c:2451 sp : ffff80009ffa6cc0 x29: ffff80009ffa6f00 x28: 00a8000142471f43 x27: 1fffffbff8812003 x26: 0000000000000001 x25: dfff800000000000 x24: fffffdffc4090018 x23: fffffdffc4091c40 x22: ffff0000d4ade268 x21: 0000000000000000 x20: fffffdffc4090000 x19: 0000000000000000 x18: 00000000ffffffff x17: 6f6e615f74736574 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff00013ff4cc4 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000080000 x10: 000000000007ffff x9 : 9406bd95b3fb7300 x8 : 9406bd95b3fb7300 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 000000000000005c Call trace: try_to_migrate_one+0x185c/0x2b34 mm/rmap.c:-1 (P) rmap_walk_anon+0x47c/0x640 mm/rmap.c:2842 rmap_walk_locked+0x128/0x1ec mm/rmap.c:2958 try_to_migrate+0x214/0x340 mm/rmap.c:2619 unmap_folio+0x138/0x180 mm/huge_memory.c:3137 __folio_split+0x6c0/0x1438 mm/huge_memory.c:3711 split_huge_page_to_list_to_order mm/huge_memory.c:3952 [inline] split_folio_to_list mm/huge_memory.c:4005 [inline] deferred_split_scan+0x890/0x1238 mm/huge_memory.c:4195 do_shrink_slab+0x650/0x11b0 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x668/0xfb8 mm/shrinker.c:628 drop_slab_node mm/vmscan.c:441 [inline] drop_slab+0x120/0x248 mm/vmscan.c:459 drop_caches_sysctl_handler+0x170/0x300 fs/drop_caches.c:68 proc_sys_call_handler+0x460/0x7e8 fs/proc/proc_sysctl.c:600 proc_sys_write+0x2c/0x3c fs/proc/proc_sysctl.c:626 do_iter_readv_writev+0x4c0/0x724 fs/read_write.c:-1 vfs_writev+0x29c/0x7cc fs/read_write.c:1057 do_writev+0x128/0x290 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 65476 hardirqs last enabled at (65475): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (65475): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (65476): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (65430): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (65430): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (65385): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- syz.1.165 (7883): drop_caches: 2 XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d