__fput+0x451/0x8c0 fs/file_table.c:500 task_work_run+0x1d9/0x270 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:67 [inline] exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:269 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f ------------[ cut here ]------------ kernel BUG at mm/filemap.c:860! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 9116 Comm: syz.3.999 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:__filemap_add_folio+0x11bc/0x1350 mm/filemap.c:859 Code: ee c4 ff 4c 89 e7 48 c7 c6 20 b5 f7 8b e8 9c 1f 26 ff 90 0f 0b e8 64 ee c4 ff 4c 89 e7 48 c7 c6 a0 a9 f7 8b e8 85 1f 26 ff 90 <0f> 0b e8 4d ee c4 ff 4c 89 e7 48 c7 c6 20 b5 f7 8b e8 6e 1f 26 ff RSP: 0018:ffffc90006caf5c0 EFLAGS: 00010246 RAX: b630f77e2f622b00 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000007 RSI: ffffffff8e25d240 RDI: 00000000ffffffff RBP: ffffc90006caf740 R08: ffffffff905435f7 R09: 1ffffffff20a86be R10: dffffc0000000000 R11: fffffbfff20a86bf R12: ffffea00016ce480 R13: dffffc0000000000 R14: ffffea00016ce488 R15: 0000000000000004 FS: 000055555a35d500(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f43487e9e80 CR3: 000000007b622000 CR4: 00000000003526f0 Call Trace: filemap_add_folio+0x264/0x530 mm/filemap.c:967 ra_alloc_folio mm/readahead.c:456 [inline] page_cache_ra_order+0x6b5/0xeb0 mm/readahead.c:515 do_sync_mmap_readahead+0x6ad/0x8e0 mm/filemap.c:3406 filemap_fault+0x6e2/0x1320 mm/filemap.c:3555 __do_fault+0x3e7/0x590 mm/memory.c:5417 do_shared_fault mm/memory.c:5916 [inline] do_fault mm/memory.c:5990 [inline] do_pte_missing+0x601/0x33f0 mm/memory.c:4465 handle_pte_fault mm/memory.c:6370 [inline] __handle_mm_fault mm/memory.c:6508 [inline] handle_mm_fault+0x1bd7/0x3170 mm/memory.c:6677 do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0033:0x7f611956b658 Code: fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 c5 RSP: 002b:00007fff25a726b8 EFLAGS: 00010246 RAX: 0000200000000000 RBX: 0000000000000004 RCX: 0031656c69662f2e RDX: 0000000000000008 RSI: 0031656c69662f2e RDI: 0000200000000000 RBP: fffffffffffffffe R08: 0000001b30c20000 R09: 0000000000000001 R10: 7ffffffffffffff7 R11: 0000000000000009 R12: 00007fff25a727e0 R13: 00007f611981618c R14: 000000000003afc7 R15: 00007fff25a727c0 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__filemap_add_folio+0x11bc/0x1350 mm/filemap.c:859 Code: ee c4 ff 4c 89 e7 48 c7 c6 20 b5 f7 8b e8 9c 1f 26 ff 90 0f 0b e8 64 ee c4 ff 4c 89 e7 48 c7 c6 a0 a9 f7 8b e8 85 1f 26 ff 90 <0f> 0b e8 4d ee c4 ff 4c 89 e7 48 c7 c6 20 b5 f7 8b e8 6e 1f 26 ff RSP: 0018:ffffc90006caf5c0 EFLAGS: 00010246 RAX: b630f77e2f622b00 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000007 RSI: ffffffff8e25d240 RDI: 00000000ffffffff RBP: ffffc90006caf740 R08: ffffffff905435f7 R09: 1ffffffff20a86be R10: dffffc0000000000 R11: fffffbfff20a86bf R12: ffffea00016ce480 R13: dffffc0000000000 R14: ffffea00016ce488 R15: 0000000000000004 FS: 000055555a35d500(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f43487e9e80 CR3: 000000007b622000 CR4: 00000000003526f0