Extracting prog: 5m10.33143564s
Minimizing prog: 20m48.078187432s
Simplifying prog options: 0s
Extracting C: 34.243773479s
Simplifying C: 8m29.230034901s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-openat$nullb-ioctl$FS_IOC_SETFLAGS-setsockopt$sock_attach_bpf-ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-openat$nullb-ioctl$FS_IOC_SETFLAGS-setsockopt$sock_attach_bpf-ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, 0x0)

program crashed: kernel BUG in __filemap_add_folio
single: successfully extracted reproducer
found reproducer with 10 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-openat$nullb-ioctl$FS_IOC_SETFLAGS-setsockopt$sock_attach_bpf
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-openat$nullb
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-ioctl$COMEDI_INSN-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000031f40)={0xa000005, 0x0, 0x0, 0x4, 0x6})
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-dup-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-openat$nullb-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-recvmmsg-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r0, 0x2000)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
program crashed: kernel BUG in __filemap_add_folio
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-openat$nullb-ioctl$FS_IOC_SETFLAGS
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40081271, &(0x7f0000000980)=0x4000)

program crashed: kernel BUG in __filemap_add_folio
validation run: crashed=true
reproducing took 39m1.689499948s
repro crashed as (corrupted=false):
 handle_mm_fault+0x36d/0xa20 mm/memory.c:6583
 do_user_addr_fault+0x5a3/0x12f0 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
------------[ cut here ]------------
kernel BUG at mm/filemap.c:858!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6460 Comm: syz.3.317 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__filemap_add_folio+0xf7f/0x1220 mm/filemap.c:858
Code: bc c5 ff 48 c7 c6 60 31 9d 8b 4c 89 ef e8 69 0e 12 00 90 0f 0b e8 21 bc c5 ff 48 c7 c6 c0 31 9d 8b 4c 89 ef e8 52 0e 12 00 90 <0f> 0b e8 0a bc c5 ff 90 0f 0b 90 e9 9b fe ff ff e8 fc bb c5 ff 90
RSP: 0018:ffffc90006767808 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000112cc0 RCX: 0000000000000000
RDX: ffff88802f1b8000 RSI: ffffffff825393c8 RDI: ffff88802f1b8484
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001524500 R14: 0000000000000000 R15: 1ffff92000cecf2b
FS:  000055558c88f500(0000) GS:ffff8880d65b6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000080 CR3: 00000000505ed000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 filemap_add_folio+0x1d8/0x690 mm/filemap.c:966
 ra_alloc_folio mm/readahead.c:453 [inline]
 page_cache_ra_order+0x614/0xfe0 mm/readahead.c:512
 do_sync_mmap_readahead mm/filemap.c:3400 [inline]
 filemap_fault+0x1b56/0x37c0 mm/filemap.c:3549
 __do_fault+0x10d/0x550 mm/memory.c:5323
 do_shared_fault mm/memory.c:5822 [inline]
 do_fault+0x2db/0x1990 mm/memory.c:5896
 do_pte_missing mm/memory.c:4404 [inline]
 handle_pte_fault mm/memory.c:6276 [inline]
 __handle_mm_fault+0x1807/0x2b50 mm/memory.c:6414
 handle_mm_fault+0x36d/0xa20 mm/memory.c:6583
 do_user_addr_fault+0x5a3/0x12f0 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f1ab5b6c648
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007ffd2ff12428 EFLAGS: 00010202
RAX: 0000200000000080 RBX: 0000000000000004 RCX: 0030626c6c756e2f
RDX: 000000000000000c RSI: 6c756e2f7665642f RDI: 0000200000000080
RBP: fffffffffffffffe R08: 0000001b2e120000 R09: 0000000000000001
R10: 7ffffffffffffff3 R11: 0000000000000009 R12: 0000000000000000
R13: 00007f1ab5e15fac R14: 0000000000011e85 R15: 00007f1ab5e15fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__filemap_add_folio+0xf7f/0x1220 mm/filemap.c:858
Code: bc c5 ff 48 c7 c6 60 31 9d 8b 4c 89 ef e8 69 0e 12 00 90 0f 0b e8 21 bc c5 ff 48 c7 c6 c0 31 9d 8b 4c 89 ef e8 52 0e 12 00 90 <0f> 0b e8 0a bc c5 ff 90 0f 0b 90 e9 9b fe ff ff e8 fc bb c5 ff 90
RSP: 0018:ffffc90006767808 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000112cc0 RCX: 0000000000000000
RDX: ffff88802f1b8000 RSI: ffffffff825393c8 RDI: ffff88802f1b8484
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001524500 R14: 0000000000000000 R15: 1ffff92000cecf2b
FS:  000055558c88f500(0000) GS:ffff8880d67b6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67ad5e6ad8 CR3: 00000000505ed000 CR4: 0000000000352ef0

final repro crashed as (corrupted=false):
 handle_mm_fault+0x36d/0xa20 mm/memory.c:6583
 do_user_addr_fault+0x5a3/0x12f0 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
------------[ cut here ]------------
kernel BUG at mm/filemap.c:858!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6460 Comm: syz.3.317 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__filemap_add_folio+0xf7f/0x1220 mm/filemap.c:858
Code: bc c5 ff 48 c7 c6 60 31 9d 8b 4c 89 ef e8 69 0e 12 00 90 0f 0b e8 21 bc c5 ff 48 c7 c6 c0 31 9d 8b 4c 89 ef e8 52 0e 12 00 90 <0f> 0b e8 0a bc c5 ff 90 0f 0b 90 e9 9b fe ff ff e8 fc bb c5 ff 90
RSP: 0018:ffffc90006767808 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000112cc0 RCX: 0000000000000000
RDX: ffff88802f1b8000 RSI: ffffffff825393c8 RDI: ffff88802f1b8484
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001524500 R14: 0000000000000000 R15: 1ffff92000cecf2b
FS:  000055558c88f500(0000) GS:ffff8880d65b6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000080 CR3: 00000000505ed000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 filemap_add_folio+0x1d8/0x690 mm/filemap.c:966
 ra_alloc_folio mm/readahead.c:453 [inline]
 page_cache_ra_order+0x614/0xfe0 mm/readahead.c:512
 do_sync_mmap_readahead mm/filemap.c:3400 [inline]
 filemap_fault+0x1b56/0x37c0 mm/filemap.c:3549
 __do_fault+0x10d/0x550 mm/memory.c:5323
 do_shared_fault mm/memory.c:5822 [inline]
 do_fault+0x2db/0x1990 mm/memory.c:5896
 do_pte_missing mm/memory.c:4404 [inline]
 handle_pte_fault mm/memory.c:6276 [inline]
 __handle_mm_fault+0x1807/0x2b50 mm/memory.c:6414
 handle_mm_fault+0x36d/0xa20 mm/memory.c:6583
 do_user_addr_fault+0x5a3/0x12f0 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f1ab5b6c648
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007ffd2ff12428 EFLAGS: 00010202
RAX: 0000200000000080 RBX: 0000000000000004 RCX: 0030626c6c756e2f
RDX: 000000000000000c RSI: 6c756e2f7665642f RDI: 0000200000000080
RBP: fffffffffffffffe R08: 0000001b2e120000 R09: 0000000000000001
R10: 7ffffffffffffff3 R11: 0000000000000009 R12: 0000000000000000
R13: 00007f1ab5e15fac R14: 0000000000011e85 R15: 00007f1ab5e15fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__filemap_add_folio+0xf7f/0x1220 mm/filemap.c:858
Code: bc c5 ff 48 c7 c6 60 31 9d 8b 4c 89 ef e8 69 0e 12 00 90 0f 0b e8 21 bc c5 ff 48 c7 c6 c0 31 9d 8b 4c 89 ef e8 52 0e 12 00 90 <0f> 0b e8 0a bc c5 ff 90 0f 0b 90 e9 9b fe ff ff e8 fc bb c5 ff 90
RSP: 0018:ffffc90006767808 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000112cc0 RCX: 0000000000000000
RDX: ffff88802f1b8000 RSI: ffffffff825393c8 RDI: ffff88802f1b8484
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffea0001524500 R14: 0000000000000000 R15: 1ffff92000cecf2b
FS:  000055558c88f500(0000) GS:ffff8880d67b6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67ad5e6ad8 CR3: 00000000505ed000 CR4: 0000000000352ef0