BUG: unable to handle page fault for address: ffffffff870f07fc
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD e184067 P4D e184067 PUD e185063 PMD 70001a1
Oops: Oops: 0003 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 9420 Comm: syz.3.751 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:135 [inline]
RIP: 0010:cpumask_check include/linux/cpumask.h:142 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:587 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1143 [inline]
RIP: 0010:trace_reschedule_entry.constprop.0+0x24/0x200 arch/x86/include/asm/trace/irq_vectors.h:87
Code: 90 90 90 90 90 90 53 e8 2a 87 54 00 66 90 e8 23 87 54 00 e8 1e 87 54 00 65 8b 1d 0b c8 3f 12 bf 07 00 00 00 89 de e8 4b 82 54 <00> 83 fb 07 0f 87 94 01 00 00 e8 fd 86 54 00 89 db be 08 00 00 00
RSP: 0018:ffffc90003e97830 EFLAGS: 00010046
RAX: 0000000080010000 RBX: 0000000000000001 RCX: ffffffff8166b835
RDX: ffff88802baf5a00 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f45be5b26c0(0000) GS:ffff888124ab8000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff870f07fc CR3: 000000006dcd2000 CR4: 0000000000350ef0
Call Trace:
<TASK>
__sysvec_reschedule_ipi arch/x86/kernel/smp.c:251 [inline]
instr_sysvec_reschedule_ipi arch/x86/kernel/smp.c:248 [inline]
sysvec_reschedule_ipi+0x68/0xc0 arch/x86/kernel/smp.c:248
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:const_folio_flags+0xe/0x100 include/linux/page-flags.h:347
Code: 68 2a 00 e9 99 fe ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 48 89 fd 53 89 f3 e8 92 e2 c5 ff <48> 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80
RSP: 0018:ffffc90003e97908 EFLAGS: 00000283
RAX: 00000000000223bc RBX: 0000000000000000 RCX: ffffc9000c5c2000
RDX: 0000000000080000 RSI: ffffffff81f55cae RDI: ffffea0001563440
RBP: ffffea0001563440 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88807a744de0 R15: 0000000000000a00
folio_test_referenced include/linux/page-flags.h:549 [inline]
lru_gen_inc_refs mm/swap.c:391 [inline]
folio_mark_accessed+0x302/0xc00 mm/swap.c:454
do_read_cache_folio+0xcd/0x5c0 mm/filemap.c:3894
do_read_cache_page mm/filemap.c:3951 [inline]
read_cache_page+0x5b/0x160 mm/filemap.c:3960
read_mapping_page include/linux/pagemap.h:989 [inline]
inode_read_data+0xa0/0x470 fs/ntfs3/inode.c:1037
ntfs_fill_super+0x2f8d/0x4260 fs/ntfs3/super.c:1481
get_tree_bdev_flags+0x38c/0x620 fs/super.c:1636
vfs_get_tree+0x8e/0x340 fs/super.c:1759
do_new_mount fs/namespace.c:3881 [inline]
path_mount+0x14d4/0x1f30 fs/namespace.c:4208
do_mount fs/namespace.c:4221 [inline]
__do_sys_mount fs/namespace.c:4432 [inline]
__se_sys_mount fs/namespace.c:4409 [inline]
__x64_sys_mount+0x28d/0x310 fs/namespace.c:4409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f45bd79010a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f45be5b1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f45be5b1ef0 RCX: 00007f45bd79010a
RDX: 0000200000000040 RSI: 0000200000000980 RDI: 00007f45be5b1eb0
RBP: 0000200000000040 R08: 00007f45be5b1ef0 R09: 0000000000800000
R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000980
R13: 00007f45be5b1eb0 R14: 000000000001f837 R15: 0000200000000640
</TASK>
Modules linked in:
CR2: ffffffff870f07fc
---[ end trace 0000000000000000 ]---
RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:135 [inline]
RIP: 0010:cpumask_check include/linux/cpumask.h:142 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:587 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1143 [inline]
RIP: 0010:trace_reschedule_entry.constprop.0+0x24/0x200 arch/x86/include/asm/trace/irq_vectors.h:87
Code: 90 90 90 90 90 90 53 e8 2a 87 54 00 66 90 e8 23 87 54 00 e8 1e 87 54 00 65 8b 1d 0b c8 3f 12 bf 07 00 00 00 89 de e8 4b 82 54 <00> 83 fb 07 0f 87 94 01 00 00 e8 fd 86 54 00 89 db be 08 00 00 00
RSP: 0018:ffffc90003e97830 EFLAGS: 00010046
RAX: 0000000080010000 RBX: 0000000000000001 RCX: ffffffff8166b835
RDX: ffff88802baf5a00 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f45be5b26c0(0000) GS:ffff888124ab8000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff870f07fc CR3: 000000006dcd2000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 2a 00 sub (%rax),%al
2: e9 99 fe ff ff jmp 0xfffffea0
7: 0f 1f 40 00 nopl 0x0(%rax)
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 41 54 push %r12
1d: 55 push %rbp
1e: 48 89 fd mov %rdi,%rbp
21: 53 push %rbx
22: 89 f3 mov %esi,%ebx
24: e8 92 e2 c5 ff call 0xffc5e2bb
* 29: 48 8d 7d 08 lea 0x8(%rbp),%rdi <-- trapping instruction
2d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
34: fc ff df
37: 48 89 fa mov %rdi,%rdx
3a: 48 c1 ea 03 shr $0x3,%rdx
3e: 80 .byte 0x80