Extracting prog: 28.728125198s
Minimizing prog: 21m0.582259108s
Simplifying prog options: 0s
Extracting C: 27.556510865s
Simplifying C: 4m33.654190183s


extracting reproducer from 66 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-bpf$MAP_UPDATE_CONST_STR-madvise-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
single: successfully extracted reproducer
found reproducer with 25 syscalls
minimizing guilty program
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-bpf$MAP_UPDATE_CONST_STR-madvise-openat$nullb-openat$nullb
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-bpf$MAP_UPDATE_CONST_STR-madvise-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-bpf$MAP_UPDATE_CONST_STR-madvise-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-bpf$MAP_UPDATE_CONST_STR-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-sendmsg$nl_xfrm-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-bpf$MAP_UPDATE_BATCH-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2}, 0x38) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-socket$nl_route-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-syz_genetlink_get_family_id$nl80211-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_UPDATE_BATCH-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-bpf$MAP_CREATE-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x54ae}, 0x50)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-sendmsg$key-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmsg$key-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x90)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-bpf$PROG_LOAD-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-bpf$PROG_LOAD-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-socket$nl_route-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-bpf$MAP_CREATE_CONST_STR-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-sendmsg$nl_route-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc080)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-openat$nullb-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x4000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=33.704318023s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
simplifying C reproducer
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program did not crash
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program did not crash
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
testing program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
testing program (duration=33.704318023s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-mmap-openat$nullb-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x4000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
reproducing took 28m46.370276317s
repro crashed as (corrupted=false):
 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
------------[ cut here ]------------
kernel BUG at mm/filemap.c:870!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6182 Comm: syz.2.45 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__filemap_add_folio+0xf5b/0x11e0 mm/filemap.c:870
Code: 52 c7 ff 48 c7 c6 60 70 99 8b 4c 89 ef e8 bd 6b 11 00 90 0f 0b e8 e5 52 c7 ff 48 c7 c6 c0 70 99 8b 4c 89 ef e8 a6 6b 11 00 90 <0f> 0b e8 ce 52 c7 ff 90 0f 0b 90 e9 f2 fb ff ff e8 c0 52 c7 ff 48
RSP: 0018:ffffc90003e577e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88802542a480 RSI: ffffffff81f5baca RDI: ffff88802542a904
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908204d7 R11: 0000000000000003 R12: 0000000000000002
R13: ffffea0001440ac0 R14: 0000000000000000 R15: 1ffff920007caf27
FS:  000055556992d500(0000) GS:ffff8880d6a08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557972e808 CR3: 0000000051dc5000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 filemap_add_folio+0x19a/0x610 mm/filemap.c:978
 ra_alloc_folio mm/readahead.c:453 [inline]
 page_cache_ra_order+0x635/0xf20 mm/readahead.c:512
 do_sync_mmap_readahead mm/filemap.c:3340 [inline]
 filemap_fault+0x1583/0x29a0 mm/filemap.c:3489
 __do_fault+0x10d/0x490 mm/memory.c:5280
 do_shared_fault mm/memory.c:5762 [inline]
 do_fault mm/memory.c:5836 [inline]
 do_pte_missing+0x1a6/0x3ba0 mm/memory.c:4361
 handle_pte_fault mm/memory.c:6177 [inline]
 __handle_mm_fault+0x1556/0x2aa0 mm/memory.c:6318
 handle_mm_fault+0x589/0xd10 mm/memory.c:6487
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x64/0xc0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f457e558a88
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007ffec1c85298 EFLAGS: 00010202
RAX: 0000200000000080 RBX: 0000000000000004 RCX: 0030626c6c756e2f
RDX: 000000000000000c RSI: 6c756e2f7665642f RDI: 0000200000000080
RBP: 0000000000000000 R08: 0000001b2df20000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007f457e7e5fac
R13: 00007f457e7e5fa0 R14: fffffffffffffffe R15: 0000000000000004
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__filemap_add_folio+0xf5b/0x11e0 mm/filemap.c:870
Code: 52 c7 ff 48 c7 c6 60 70 99 8b 4c 89 ef e8 bd 6b 11 00 90 0f 0b e8 e5 52 c7 ff 48 c7 c6 c0 70 99 8b 4c 89 ef e8 a6 6b 11 00 90 <0f> 0b e8 ce 52 c7 ff 90 0f 0b 90 e9 f2 fb ff ff e8 c0 52 c7 ff 48
RSP: 0018:ffffc90003e577e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88802542a480 RSI: ffffffff81f5baca RDI: ffff88802542a904
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908204d7 R11: 0000000000000003 R12: 0000000000000002
R13: ffffea0001440ac0 R14: 0000000000000000 R15: 1ffff920007caf27
FS:  000055556992d500(0000) GS:ffff8880d6c08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055558038d808 CR3: 0000000051dc5000 CR4: 0000000000352ef0

final repro crashed as (corrupted=false):
 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
------------[ cut here ]------------
kernel BUG at mm/filemap.c:870!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6182 Comm: syz.2.45 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__filemap_add_folio+0xf5b/0x11e0 mm/filemap.c:870
Code: 52 c7 ff 48 c7 c6 60 70 99 8b 4c 89 ef e8 bd 6b 11 00 90 0f 0b e8 e5 52 c7 ff 48 c7 c6 c0 70 99 8b 4c 89 ef e8 a6 6b 11 00 90 <0f> 0b e8 ce 52 c7 ff 90 0f 0b 90 e9 f2 fb ff ff e8 c0 52 c7 ff 48
RSP: 0018:ffffc90003e577e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88802542a480 RSI: ffffffff81f5baca RDI: ffff88802542a904
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908204d7 R11: 0000000000000003 R12: 0000000000000002
R13: ffffea0001440ac0 R14: 0000000000000000 R15: 1ffff920007caf27
FS:  000055556992d500(0000) GS:ffff8880d6a08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557972e808 CR3: 0000000051dc5000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 filemap_add_folio+0x19a/0x610 mm/filemap.c:978
 ra_alloc_folio mm/readahead.c:453 [inline]
 page_cache_ra_order+0x635/0xf20 mm/readahead.c:512
 do_sync_mmap_readahead mm/filemap.c:3340 [inline]
 filemap_fault+0x1583/0x29a0 mm/filemap.c:3489
 __do_fault+0x10d/0x490 mm/memory.c:5280
 do_shared_fault mm/memory.c:5762 [inline]
 do_fault mm/memory.c:5836 [inline]
 do_pte_missing+0x1a6/0x3ba0 mm/memory.c:4361
 handle_pte_fault mm/memory.c:6177 [inline]
 __handle_mm_fault+0x1556/0x2aa0 mm/memory.c:6318
 handle_mm_fault+0x589/0xd10 mm/memory.c:6487
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x64/0xc0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f457e558a88
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007ffec1c85298 EFLAGS: 00010202
RAX: 0000200000000080 RBX: 0000000000000004 RCX: 0030626c6c756e2f
RDX: 000000000000000c RSI: 6c756e2f7665642f RDI: 0000200000000080
RBP: 0000000000000000 R08: 0000001b2df20000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007f457e7e5fac
R13: 00007f457e7e5fa0 R14: fffffffffffffffe R15: 0000000000000004
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__filemap_add_folio+0xf5b/0x11e0 mm/filemap.c:870
Code: 52 c7 ff 48 c7 c6 60 70 99 8b 4c 89 ef e8 bd 6b 11 00 90 0f 0b e8 e5 52 c7 ff 48 c7 c6 c0 70 99 8b 4c 89 ef e8 a6 6b 11 00 90 <0f> 0b e8 ce 52 c7 ff 90 0f 0b 90 e9 f2 fb ff ff e8 c0 52 c7 ff 48
RSP: 0018:ffffc90003e577e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88802542a480 RSI: ffffffff81f5baca RDI: ffff88802542a904
RBP: 0000000000112cc0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff908204d7 R11: 0000000000000003 R12: 0000000000000002
R13: ffffea0001440ac0 R14: 0000000000000000 R15: 1ffff920007caf27
FS:  000055556992d500(0000) GS:ffff8880d6c08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055558038d808 CR3: 0000000051dc5000 CR4: 0000000000352ef0