BUG: unable to handle page fault for address: ffffffff870f07fc #PF: supervisor write access in kernel mode #PF: error_code(0x0003) - permissions violation PGD e184067 P4D e184067 PUD e185063 PMD 70001a1 Oops: Oops: 0003 [#1] SMP KASAN NOPTI CPU: 1 UID: 0 PID: 9420 Comm: syz.3.751 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:135 [inline] RIP: 0010:cpumask_check include/linux/cpumask.h:142 [inline] RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:587 [inline] RIP: 0010:cpu_online include/linux/cpumask.h:1143 [inline] RIP: 0010:trace_reschedule_entry.constprop.0+0x24/0x200 arch/x86/include/asm/trace/irq_vectors.h:87 Code: 90 90 90 90 90 90 53 e8 2a 87 54 00 66 90 e8 23 87 54 00 e8 1e 87 54 00 65 8b 1d 0b c8 3f 12 bf 07 00 00 00 89 de e8 4b 82 54 <00> 83 fb 07 0f 87 94 01 00 00 e8 fd 86 54 00 89 db be 08 00 00 00 RSP: 0018:ffffc90003e97830 EFLAGS: 00010046 RAX: 0000000080010000 RBX: 0000000000000001 RCX: ffffffff8166b835 RDX: ffff88802baf5a00 RSI: 0000000000000007 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f45be5b26c0(0000) GS:ffff888124ab8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff870f07fc CR3: 000000006dcd2000 CR4: 0000000000350ef0 Call Trace: __sysvec_reschedule_ipi arch/x86/kernel/smp.c:251 [inline] instr_sysvec_reschedule_ipi arch/x86/kernel/smp.c:248 [inline] sysvec_reschedule_ipi+0x68/0xc0 arch/x86/kernel/smp.c:248 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707 RIP: 0010:const_folio_flags+0xe/0x100 include/linux/page-flags.h:347 Code: 68 2a 00 e9 99 fe ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 48 89 fd 53 89 f3 e8 92 e2 c5 ff <48> 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 RSP: 0018:ffffc90003e97908 EFLAGS: 00000283 RAX: 00000000000223bc RBX: 0000000000000000 RCX: ffffc9000c5c2000 RDX: 0000000000080000 RSI: ffffffff81f55cae RDI: ffffea0001563440 RBP: ffffea0001563440 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88807a744de0 R15: 0000000000000a00 folio_test_referenced include/linux/page-flags.h:549 [inline] lru_gen_inc_refs mm/swap.c:391 [inline] folio_mark_accessed+0x302/0xc00 mm/swap.c:454 do_read_cache_folio+0xcd/0x5c0 mm/filemap.c:3894 do_read_cache_page mm/filemap.c:3951 [inline] read_cache_page+0x5b/0x160 mm/filemap.c:3960 read_mapping_page include/linux/pagemap.h:989 [inline] inode_read_data+0xa0/0x470 fs/ntfs3/inode.c:1037 ntfs_fill_super+0x2f8d/0x4260 fs/ntfs3/super.c:1481 get_tree_bdev_flags+0x38c/0x620 fs/super.c:1636 vfs_get_tree+0x8e/0x340 fs/super.c:1759 do_new_mount fs/namespace.c:3881 [inline] path_mount+0x14d4/0x1f30 fs/namespace.c:4208 do_mount fs/namespace.c:4221 [inline] __do_sys_mount fs/namespace.c:4432 [inline] __se_sys_mount fs/namespace.c:4409 [inline] __x64_sys_mount+0x28d/0x310 fs/namespace.c:4409 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f45bd79010a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f45be5b1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f45be5b1ef0 RCX: 00007f45bd79010a RDX: 0000200000000040 RSI: 0000200000000980 RDI: 00007f45be5b1eb0 RBP: 0000200000000040 R08: 00007f45be5b1ef0 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000980 R13: 00007f45be5b1eb0 R14: 000000000001f837 R15: 0000200000000640 Modules linked in: CR2: ffffffff870f07fc ---[ end trace 0000000000000000 ]--- RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:135 [inline] RIP: 0010:cpumask_check include/linux/cpumask.h:142 [inline] RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:587 [inline] RIP: 0010:cpu_online include/linux/cpumask.h:1143 [inline] RIP: 0010:trace_reschedule_entry.constprop.0+0x24/0x200 arch/x86/include/asm/trace/irq_vectors.h:87 Code: 90 90 90 90 90 90 53 e8 2a 87 54 00 66 90 e8 23 87 54 00 e8 1e 87 54 00 65 8b 1d 0b c8 3f 12 bf 07 00 00 00 89 de e8 4b 82 54 <00> 83 fb 07 0f 87 94 01 00 00 e8 fd 86 54 00 89 db be 08 00 00 00 RSP: 0018:ffffc90003e97830 EFLAGS: 00010046 RAX: 0000000080010000 RBX: 0000000000000001 RCX: ffffffff8166b835 RDX: ffff88802baf5a00 RSI: 0000000000000007 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f45be5b26c0(0000) GS:ffff888124ab8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff870f07fc CR3: 000000006dcd2000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 2a 00 sub (%rax),%al 2: e9 99 fe ff ff jmp 0xfffffea0 7: 0f 1f 40 00 nopl 0x0(%rax) b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 41 54 push %r12 1d: 55 push %rbp 1e: 48 89 fd mov %rdi,%rbp 21: 53 push %rbx 22: 89 f3 mov %esi,%ebx 24: e8 92 e2 c5 ff call 0xffc5e2bb * 29: 48 8d 7d 08 lea 0x8(%rbp),%rdi <-- trapping instruction 2d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 34: fc ff df 37: 48 89 fa mov %rdi,%rdx 3a: 48 c1 ea 03 shr $0x3,%rdx 3e: 80 .byte 0x80