page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 00000000000001b0 x27: 0000000020050000 x26: 00e800014ee52f43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0080 x22: fffffdffc43c0048 x21: 0000000000000000 x20: 00000000000001b0 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 268 hardirqs last enabled at (267): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (267): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (268): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (100): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (100): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (57): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1025 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:512 entire_mapcount:0 nr_pages_mapped:512 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000401ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000401ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 00000200000001ff 00000000ffffffff head: ffffffff000001ff 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020202000 x26: 00e800014f004b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0108 x22: fffffdffc43c0100 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 1306 hardirqs last enabled at (1305): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (1305): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (1306): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (1260): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (1260): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (729): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1025 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:512 entire_mapcount:0 nr_pages_mapped:512 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000401ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000401ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 00000200000001ff 00000000ffffffff head: ffffffff000001ff 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020202000 x26: 00e800014f004b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0180 x22: fffffdffc43c0148 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 2356 hardirqs last enabled at (2355): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (2355): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (2356): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (2310): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (2310): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (1783): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1027 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:514 entire_mapcount:0 nr_pages_mapped:514 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000403ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000403ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020200000201 00000000ffffffff head: ffffffff00000201 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020205000 x26: 00e800014f007b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c01c8 x22: fffffdffc43c01c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 2484 hardirqs last enabled at (2483): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (2483): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (2484): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (2434): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (2434): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (2359): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1027 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:514 entire_mapcount:0 nr_pages_mapped:514 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000403ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000403ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020200000201 00000000ffffffff head: ffffffff00000201 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020205000 x26: 00e800014f007b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0200 x22: fffffdffc43c01c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 3654 hardirqs last enabled at (3653): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (3653): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (3654): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (3608): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (3608): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (3061): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1028 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:515 entire_mapcount:0 nr_pages_mapped:515 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000404ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000404ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020300000202 00000000ffffffff head: ffffffff00000202 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002020b000 x26: 00e800014f00db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0348 x22: fffffdffc43c0340 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 3792 hardirqs last enabled at (3791): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (3791): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (3792): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (3742): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (3742): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (3657): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1028 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:515 entire_mapcount:0 nr_pages_mapped:515 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000404ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000404ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020300000202 00000000ffffffff head: ffffffff00000202 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002020b000 x26: 00e800014f00db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0380 x22: fffffdffc43c0348 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 4834 hardirqs last enabled at (4833): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (4833): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (4834): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (4788): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (4788): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (4251): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1029 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:516 entire_mapcount:0 nr_pages_mapped:516 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000405ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000405ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020400000203 00000000ffffffff head: ffffffff00000203 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002020e000 x26: 00e800014f010b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0408 x22: fffffdffc43c0400 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 5990 hardirqs last enabled at (5989): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (5989): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (5990): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (5944): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (5944): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (5401): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1029 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:516 entire_mapcount:0 nr_pages_mapped:516 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000405ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000405ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020400000203 00000000ffffffff head: ffffffff00000203 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002020e000 x26: 00e800014f010b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0440 x22: fffffdffc43c0408 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 6158 hardirqs last enabled at (6157): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (6157): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (6158): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (6108): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (6108): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (5993): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1030 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:517 entire_mapcount:0 nr_pages_mapped:517 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000406ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000406ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020500000204 00000000ffffffff head: ffffffff00000204 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020210000 x26: 00e800014f012b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0488 x22: fffffdffc43c0480 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7192 hardirqs last enabled at (7191): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (7191): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (7192): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (7146): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (7146): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (6609): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1030 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:517 entire_mapcount:0 nr_pages_mapped:517 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000406ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000406ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020500000204 00000000ffffffff head: ffffffff00000204 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020210000 x26: 00e800014f012b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c04c0 x22: fffffdffc43c0488 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007340 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : ffff800080563af4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7330 hardirqs last enabled at (7329): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (7329): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (7330): [] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574 softirqs last enabled at (7280): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (7280): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7195): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: slab-out-of-bounds in __ptep_get arch/arm64/include/asm/pgtable.h:414 [inline] BUG: KASAN: slab-out-of-bounds in ptep_get arch/arm64/include/asm/pgtable.h:1749 [inline] BUG: KASAN: slab-out-of-bounds in filemap_map_folio_range mm/filemap.c:3666 [inline] BUG: KASAN: slab-out-of-bounds in filemap_map_pages+0xa94/0x155c mm/filemap.c:3783 Read of size 8 at addr ffff0000f6fa30b0 by task syz.3.402/15044 CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x238 mm/kasan/report.c:378 print_report+0x68/0x84 mm/kasan/report.c:482 kasan_report+0xb0/0x110 mm/kasan/report.c:595 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __ptep_get arch/arm64/include/asm/pgtable.h:414 [inline] ptep_get arch/arm64/include/asm/pgtable.h:1749 [inline] filemap_map_folio_range mm/filemap.c:3666 [inline] filemap_map_pages+0xa94/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 Allocated by task 14888: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562 unpoison_slab_object mm/kasan/common.c:330 [inline] __kasan_slab_alloc+0x70/0x88 mm/kasan/common.c:356 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4180 [inline] slab_alloc_node mm/slub.c:4229 [inline] kmem_cache_alloc_noprof+0x238/0x3e8 mm/slub.c:4236 __kernfs_new_node+0xe4/0x5c4 fs/kernfs/dir.c:637 kernfs_new_node+0xe8/0x1f4 fs/kernfs/dir.c:713 __kernfs_create_file+0x60/0x2d4 fs/kernfs/file.c:1039 sysfs_add_file_mode_ns+0x1d8/0x294 fs/sysfs/file.c:319 create_files fs/sysfs/group.c:76 [inline] internal_create_group+0x5c0/0xe28 fs/sysfs/group.c:183 internal_create_groups fs/sysfs/group.c:223 [inline] sysfs_create_groups+0x60/0x134 fs/sysfs/group.c:249 device_add_groups drivers/base/core.c:2836 [inline] device_add_attrs+0xd8/0x6e8 drivers/base/core.c:2900 device_add+0x490/0xa60 drivers/base/core.c:3643 netdev_register_kobject+0x15c/0x2e0 net/core/net-sysfs.c:2356 register_netdevice+0xb58/0x1248 net/core/dev.c:11189 wg_newlink+0x32c/0x58c drivers/net/wireguard/device.c:370 rtnl_newlink_create+0x28c/0x9ac net/core/rtnetlink.c:3825 __rtnl_newlink net/core/rtnetlink.c:3942 [inline] rtnl_newlink+0x1194/0x15dc net/core/rtnetlink.c:4057 rtnetlink_rcv_msg+0x664/0x97c net/core/rtnetlink.c:6946 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6973 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg net/socket.c:729 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2231 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 The buggy address belongs to the object at ffff0000f6fa3000 which belongs to the cache kernfs_node_cache of size 176 The buggy address is located 0 bytes to the right of allocated 176-byte region [ffff0000f6fa3000, ffff0000f6fa30b0) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x136fa3 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) page_type: f5(slab) raw: 05ffc00000000000 ffff0000c18b9000 fffffdffc34a00c0 dead000000000002 raw: 0000000000000000 0000000000110011 00000000f5000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000f6fa2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000f6fa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000f6fa3080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 ^ ffff0000f6fa3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000f6fa3180: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 ================================================================== page: refcount:1031 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:518 entire_mapcount:0 nr_pages_mapped:518 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000407ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000407ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020600000205 00000000ffffffff head: ffffffff00000205 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020213000 x26: 00e800014f015b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0548 x22: fffffdffc43c0540 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000001f850 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1031 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:518 entire_mapcount:0 nr_pages_mapped:518 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000407ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000407ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020600000205 00000000ffffffff head: ffffffff00000205 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020213000 x26: 00e800014f015b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0600 x22: fffffdffc43c05c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000207e0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1034 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:521 entire_mapcount:0 nr_pages_mapped:521 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000040affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000040affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020900000208 00000000ffffffff head: ffffffff00000208 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020217000 x26: 00e800014f019b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0648 x22: fffffdffc43c0640 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000021810 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1034 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:521 entire_mapcount:0 nr_pages_mapped:521 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000040affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000040affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000020900000208 00000000ffffffff head: ffffffff00000208 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020217000 x26: 00e800014f019b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0800 x22: fffffdffc43c07c8 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000022c88 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1041 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:528 entire_mapcount:0 nr_pages_mapped:528 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000411ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000411ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002100000020f 00000000ffffffff head: ffffffff0000020f 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020220000 x26: 00e800014f022b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0888 x22: fffffdffc43c0880 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000023fe8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1041 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:528 entire_mapcount:0 nr_pages_mapped:528 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000411ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000411ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002100000020f 00000000ffffffff head: ffffffff0000020f 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020220000 x26: 00e800014f022b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0900 x22: fffffdffc43c08c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000024fa0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1043 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:530 entire_mapcount:0 nr_pages_mapped:530 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000413ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000413ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021200000211 00000000ffffffff head: ffffffff00000211 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020223000 x26: 00e800014f025b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0948 x22: fffffdffc43c0940 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000025d58 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1043 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:530 entire_mapcount:0 nr_pages_mapped:530 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000413ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000413ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021200000211 00000000ffffffff head: ffffffff00000211 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020223000 x26: 00e800014f025b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0980 x22: fffffdffc43c0948 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000026c98 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1044 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:531 entire_mapcount:0 nr_pages_mapped:531 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000414ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000414ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021300000212 00000000ffffffff head: ffffffff00000212 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020227000 x26: 00e800014f029b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0a48 x22: fffffdffc43c0a40 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000027d50 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1044 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:531 entire_mapcount:0 nr_pages_mapped:531 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000414ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000414ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021300000212 00000000ffffffff head: ffffffff00000212 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020227000 x26: 00e800014f029b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0b00 x22: fffffdffc43c0ac8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000028ec8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1047 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:534 entire_mapcount:0 nr_pages_mapped:534 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000417ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000417ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021600000215 00000000ffffffff head: ffffffff00000215 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002022c000 x26: 00e800014f02eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0b88 x22: fffffdffc43c0b80 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000029dd0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1047 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:534 entire_mapcount:0 nr_pages_mapped:534 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000417ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000417ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021600000215 00000000ffffffff head: ffffffff00000215 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002022c000 x26: 00e800014f02eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0bc0 x22: fffffdffc43c0b88 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002aaa8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1048 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:535 entire_mapcount:0 nr_pages_mapped:535 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000418ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000418ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021700000216 00000000ffffffff head: ffffffff00000216 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002022e000 x26: 00e800014f030b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0c08 x22: fffffdffc43c0c00 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002b7e8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1048 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:535 entire_mapcount:0 nr_pages_mapped:535 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000418ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000418ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021700000216 00000000ffffffff head: ffffffff00000216 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002022e000 x26: 00e800014f030b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0c40 x22: fffffdffc43c0c08 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002c760 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1049 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:536 entire_mapcount:0 nr_pages_mapped:536 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000419ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000419ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021800000217 00000000ffffffff head: ffffffff00000217 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020231000 x26: 00e800014f033b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0cc8 x22: fffffdffc43c0cc0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002da68 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1049 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:536 entire_mapcount:0 nr_pages_mapped:536 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000419ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000419ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021800000217 00000000ffffffff head: ffffffff00000217 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020231000 x26: 00e800014f033b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0d80 x22: fffffdffc43c0d48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002ed80 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1052 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:539 entire_mapcount:0 nr_pages_mapped:539 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000041cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000041cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021b0000021a 00000000ffffffff head: ffffffff0000021a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020235000 x26: 00e800014f037b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0dc8 x22: fffffdffc43c0dc0 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000002fdb0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1052 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:539 entire_mapcount:0 nr_pages_mapped:539 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000041cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000041cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000021b0000021a 00000000ffffffff head: ffffffff0000021a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020235000 x26: 00e800014f037b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c0f80 x22: fffffdffc43c0f48 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000030eb8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1059 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:546 entire_mapcount:0 nr_pages_mapped:546 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000423ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000423ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022200000221 00000000ffffffff head: ffffffff00000221 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002023e000 x26: 00e800014f040b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1008 x22: fffffdffc43c1000 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000031fa8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1059 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:546 entire_mapcount:0 nr_pages_mapped:546 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000423ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000423ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022200000221 00000000ffffffff head: ffffffff00000221 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002023e000 x26: 00e800014f040b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1080 x22: fffffdffc43c1048 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000032fc8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1061 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:548 entire_mapcount:0 nr_pages_mapped:548 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000425ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000425ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022400000223 00000000ffffffff head: ffffffff00000223 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020241000 x26: 00e800014f043b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c10c8 x22: fffffdffc43c10c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000034130 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1061 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:548 entire_mapcount:0 nr_pages_mapped:548 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000425ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000425ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022400000223 00000000ffffffff head: ffffffff00000223 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020241000 x26: 00e800014f043b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1100 x22: fffffdffc43c10c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000034ea0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1062 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:549 entire_mapcount:0 nr_pages_mapped:549 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000426ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000426ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022500000224 00000000ffffffff head: ffffffff00000224 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020247000 x26: 00e800014f049b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1248 x22: fffffdffc43c1240 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000035e38 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1062 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:549 entire_mapcount:0 nr_pages_mapped:549 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000426ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000426ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022500000224 00000000ffffffff head: ffffffff00000224 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020247000 x26: 00e800014f049b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1280 x22: fffffdffc43c1248 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000037068 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1063 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:550 entire_mapcount:0 nr_pages_mapped:550 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000427ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000427ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022600000225 00000000ffffffff head: ffffffff00000225 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002024a000 x26: 00e800014f04cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1308 x22: fffffdffc43c1300 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000038310 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1063 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:550 entire_mapcount:0 nr_pages_mapped:550 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000427ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000427ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022600000225 00000000ffffffff head: ffffffff00000225 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002024a000 x26: 00e800014f04cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1340 x22: fffffdffc43c1308 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000391d0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1064 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:551 entire_mapcount:0 nr_pages_mapped:551 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000428ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000428ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022700000226 00000000ffffffff head: ffffffff00000226 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002024c000 x26: 00e800014f04eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1388 x22: fffffdffc43c1380 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003a150 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1064 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:551 entire_mapcount:0 nr_pages_mapped:551 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000428ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000428ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022700000226 00000000ffffffff head: ffffffff00000226 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002024c000 x26: 00e800014f04eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c13c0 x22: fffffdffc43c1388 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003af48 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1065 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:552 entire_mapcount:0 nr_pages_mapped:552 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000429ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000429ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022800000227 00000000ffffffff head: ffffffff00000227 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002024f000 x26: 00e800014f051b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1448 x22: fffffdffc43c1440 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003ba88 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1065 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:552 entire_mapcount:0 nr_pages_mapped:552 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000429ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000429ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022800000227 00000000ffffffff head: ffffffff00000227 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002024f000 x26: 00e800014f051b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1500 x22: fffffdffc43c14c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003c9f0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1068 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:555 entire_mapcount:0 nr_pages_mapped:555 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000042cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000042cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022b0000022a 00000000ffffffff head: ffffffff0000022a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020253000 x26: 00e800014f055b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1548 x22: fffffdffc43c1540 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003dc48 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1068 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:555 entire_mapcount:0 nr_pages_mapped:555 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000042cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000042cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000022b0000022a 00000000ffffffff head: ffffffff0000022a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020253000 x26: 00e800014f055b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1700 x22: fffffdffc43c16c8 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003ee50 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1075 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:562 entire_mapcount:0 nr_pages_mapped:562 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000433ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000433ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023200000231 00000000ffffffff head: ffffffff00000231 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002025c000 x26: 00e800014f05eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1788 x22: fffffdffc43c1780 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000003ff60 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1075 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:562 entire_mapcount:0 nr_pages_mapped:562 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000433ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000433ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023200000231 00000000ffffffff head: ffffffff00000231 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002025c000 x26: 00e800014f05eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1800 x22: fffffdffc43c17c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000040fc0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1077 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:564 entire_mapcount:0 nr_pages_mapped:564 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000435ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000435ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023400000233 00000000ffffffff head: ffffffff00000233 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002025f000 x26: 00e800014f061b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1848 x22: fffffdffc43c1840 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000042030 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1077 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:564 entire_mapcount:0 nr_pages_mapped:564 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000435ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000435ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023400000233 00000000ffffffff head: ffffffff00000233 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002025f000 x26: 00e800014f061b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1880 x22: fffffdffc43c1848 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000042fe8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1078 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:565 entire_mapcount:0 nr_pages_mapped:565 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000436ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000436ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023500000234 00000000ffffffff head: ffffffff00000234 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020265000 x26: 00e800014f067b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c19c8 x22: fffffdffc43c19c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000444a8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1078 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:565 entire_mapcount:0 nr_pages_mapped:565 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000436ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000436ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023500000234 00000000ffffffff head: ffffffff00000234 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020265000 x26: 00e800014f067b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1a00 x22: fffffdffc43c19c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000045560 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1079 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:566 entire_mapcount:0 nr_pages_mapped:566 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000437ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000437ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023600000235 00000000ffffffff head: ffffffff00000235 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020268000 x26: 00e800014f06ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1a88 x22: fffffdffc43c1a80 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000046460 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1079 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:566 entire_mapcount:0 nr_pages_mapped:566 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000437ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000437ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023600000235 00000000ffffffff head: ffffffff00000235 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020268000 x26: 00e800014f06ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1ac0 x22: fffffdffc43c1a88 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000047290 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1080 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:567 entire_mapcount:0 nr_pages_mapped:567 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000438ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000438ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023700000236 00000000ffffffff head: ffffffff00000236 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002026a000 x26: 00e800014f06cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1b08 x22: fffffdffc43c1b00 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000481c0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1080 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:567 entire_mapcount:0 nr_pages_mapped:567 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000438ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000438ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023700000236 00000000ffffffff head: ffffffff00000236 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002026a000 x26: 00e800014f06cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1b40 x22: fffffdffc43c1b08 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000049440 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1081 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:568 entire_mapcount:0 nr_pages_mapped:568 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000439ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000439ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023800000237 00000000ffffffff head: ffffffff00000237 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002026d000 x26: 00e800014f06fb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1bc8 x22: fffffdffc43c1bc0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004a568 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1081 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:568 entire_mapcount:0 nr_pages_mapped:568 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000439ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000439ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023800000237 00000000ffffffff head: ffffffff00000237 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002026d000 x26: 00e800014f06fb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1c80 x22: fffffdffc43c1c48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004b4d0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1084 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:571 entire_mapcount:0 nr_pages_mapped:571 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000043cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000043cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023b0000023a 00000000ffffffff head: ffffffff0000023a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020271000 x26: 00e800014f073b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1cc8 x22: fffffdffc43c1cc0 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004c2c8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1084 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:571 entire_mapcount:0 nr_pages_mapped:571 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000043cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000043cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000023b0000023a 00000000ffffffff head: ffffffff0000023a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020271000 x26: 00e800014f073b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1e80 x22: fffffdffc43c1e48 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004ce80 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1091 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:578 entire_mapcount:0 nr_pages_mapped:578 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000443ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000443ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024200000241 00000000ffffffff head: ffffffff00000241 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002027a000 x26: 00e800014f07cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1f08 x22: fffffdffc43c1f00 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004df58 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1091 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:578 entire_mapcount:0 nr_pages_mapped:578 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000443ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000443ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024200000241 00000000ffffffff head: ffffffff00000241 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002027a000 x26: 00e800014f07cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1f80 x22: fffffdffc43c1f48 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000004f158 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1093 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:580 entire_mapcount:0 nr_pages_mapped:580 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000445ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000445ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024400000243 00000000ffffffff head: ffffffff00000243 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002027d000 x26: 00e800014f07fb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c1fc8 x22: fffffdffc43c1fc0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000500c8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1093 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:580 entire_mapcount:0 nr_pages_mapped:580 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000445ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000445ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024400000243 00000000ffffffff head: ffffffff00000243 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002027d000 x26: 00e800014f07fb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2000 x22: fffffdffc43c1fc8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000511c8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1094 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:581 entire_mapcount:0 nr_pages_mapped:581 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000446ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000446ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024500000244 00000000ffffffff head: ffffffff00000244 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020283000 x26: 00e800014f085b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2148 x22: fffffdffc43c2140 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000052308 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1094 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:581 entire_mapcount:0 nr_pages_mapped:581 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000446ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000446ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024500000244 00000000ffffffff head: ffffffff00000244 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020283000 x26: 00e800014f085b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2180 x22: fffffdffc43c2148 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000053508 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1095 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:582 entire_mapcount:0 nr_pages_mapped:582 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000447ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000447ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024600000245 00000000ffffffff head: ffffffff00000245 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020286000 x26: 00e800014f088b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2208 x22: fffffdffc43c2200 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000054890 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1095 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:582 entire_mapcount:0 nr_pages_mapped:582 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000447ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000447ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024600000245 00000000ffffffff head: ffffffff00000245 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020286000 x26: 00e800014f088b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2240 x22: fffffdffc43c2208 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000055850 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1096 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:583 entire_mapcount:0 nr_pages_mapped:583 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000448ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000448ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024700000246 00000000ffffffff head: ffffffff00000246 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020288000 x26: 00e800014f08ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2288 x22: fffffdffc43c2280 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000056810 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1096 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:583 entire_mapcount:0 nr_pages_mapped:583 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000448ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000448ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024700000246 00000000ffffffff head: ffffffff00000246 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020288000 x26: 00e800014f08ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c22c0 x22: fffffdffc43c2288 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000057568 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1097 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:584 entire_mapcount:0 nr_pages_mapped:584 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000449ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000449ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024800000247 00000000ffffffff head: ffffffff00000247 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002028b000 x26: 00e800014f08db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2348 x22: fffffdffc43c2340 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000584d0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1097 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:584 entire_mapcount:0 nr_pages_mapped:584 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000449ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000449ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024800000247 00000000ffffffff head: ffffffff00000247 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 000000002028b000 x26: 00e800014f08db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2400 x22: fffffdffc43c23c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000595d8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1100 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:587 entire_mapcount:0 nr_pages_mapped:587 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000044cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000044cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024b0000024a 00000000ffffffff head: ffffffff0000024a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 000000002028f000 x26: 00e800014f091b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2448 x22: fffffdffc43c2440 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005a890 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1100 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:587 entire_mapcount:0 nr_pages_mapped:587 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000044cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000044cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000024b0000024a 00000000ffffffff head: ffffffff0000024a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 000000002028f000 x26: 00e800014f091b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2600 x22: fffffdffc43c25c8 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005b6f0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1107 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:594 entire_mapcount:0 nr_pages_mapped:594 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000453ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000453ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025200000251 00000000ffffffff head: ffffffff00000251 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020298000 x26: 00e800014f09ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2688 x22: fffffdffc43c2680 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005c960 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1107 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:594 entire_mapcount:0 nr_pages_mapped:594 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000453ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000453ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025200000251 00000000ffffffff head: ffffffff00000251 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020298000 x26: 00e800014f09ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2700 x22: fffffdffc43c26c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005d840 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1109 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:596 entire_mapcount:0 nr_pages_mapped:596 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000455ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000455ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025400000253 00000000ffffffff head: ffffffff00000253 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002029b000 x26: 00e800014f09db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2748 x22: fffffdffc43c2740 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005e3c8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1109 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:596 entire_mapcount:0 nr_pages_mapped:596 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000455ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000455ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025400000253 00000000ffffffff head: ffffffff00000253 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002029b000 x26: 00e800014f09db43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2780 x22: fffffdffc43c2748 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000005f210 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1110 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:597 entire_mapcount:0 nr_pages_mapped:597 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000456ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000456ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025500000254 00000000ffffffff head: ffffffff00000254 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202a0000 x26: 00e800014f0a2b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2888 x22: fffffdffc43c2880 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000060188 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1110 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:597 entire_mapcount:0 nr_pages_mapped:597 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000456ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000456ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025500000254 00000000ffffffff head: ffffffff00000254 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202a0000 x26: 00e800014f0a2b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2900 x22: fffffdffc43c28c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000061008 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1112 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:599 entire_mapcount:0 nr_pages_mapped:599 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000458ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000458ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025700000256 00000000ffffffff head: ffffffff00000256 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202a4000 x26: 00e800014f0a6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2988 x22: fffffdffc43c2980 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000062190 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1112 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:599 entire_mapcount:0 nr_pages_mapped:599 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000458ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000458ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025700000256 00000000ffffffff head: ffffffff00000256 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202a4000 x26: 00e800014f0a6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c29c0 x22: fffffdffc43c2988 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000063578 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1113 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:600 entire_mapcount:0 nr_pages_mapped:600 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000459ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000459ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025800000257 00000000ffffffff head: ffffffff00000257 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202a6000 x26: 00e800014f0a8b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2a08 x22: fffffdffc43c2a00 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000064660 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1113 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:600 entire_mapcount:0 nr_pages_mapped:600 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000459ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000459ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025800000257 00000000ffffffff head: ffffffff00000257 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202a6000 x26: 00e800014f0a8b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2a40 x22: fffffdffc43c2a08 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000065858 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1114 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:601 entire_mapcount:0 nr_pages_mapped:601 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000045affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000045affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025900000258 00000000ffffffff head: ffffffff00000258 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202a9000 x26: 00e800014f0abb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2ac8 x22: fffffdffc43c2ac0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000066ac0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1114 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:601 entire_mapcount:0 nr_pages_mapped:601 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000045affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000045affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025900000258 00000000ffffffff head: ffffffff00000258 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202a9000 x26: 00e800014f0abb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2b80 x22: fffffdffc43c2b48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000067af8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1117 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:604 entire_mapcount:0 nr_pages_mapped:604 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000045dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000045dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025c0000025b 00000000ffffffff head: ffffffff0000025b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202ad000 x26: 00e800014f0afb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2bc8 x22: fffffdffc43c2bc0 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000068928 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1117 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:604 entire_mapcount:0 nr_pages_mapped:604 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000045dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000045dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000025c0000025b 00000000ffffffff head: ffffffff0000025b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202ad000 x26: 00e800014f0afb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2d80 x22: fffffdffc43c2d48 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000697a0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1124 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:611 entire_mapcount:0 nr_pages_mapped:611 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000464ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000464ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026300000262 00000000ffffffff head: ffffffff00000262 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202b6000 x26: 00e800014f0b8b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2e08 x22: fffffdffc43c2e00 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006a6b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1124 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:611 entire_mapcount:0 nr_pages_mapped:611 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000464ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000464ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026300000262 00000000ffffffff head: ffffffff00000262 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202b6000 x26: 00e800014f0b8b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2e80 x22: fffffdffc43c2e48 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006b758 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1126 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:613 entire_mapcount:0 nr_pages_mapped:613 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000466ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000466ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026500000264 00000000ffffffff head: ffffffff00000264 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202b9000 x26: 00e800014f0bbb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2ec8 x22: fffffdffc43c2ec0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006cac8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1126 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:613 entire_mapcount:0 nr_pages_mapped:613 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000466ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000466ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026500000264 00000000ffffffff head: ffffffff00000264 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202b9000 x26: 00e800014f0bbb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c2f00 x22: fffffdffc43c2ec8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006daf0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1127 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:614 entire_mapcount:0 nr_pages_mapped:614 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000467ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000467ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026600000265 00000000ffffffff head: ffffffff00000265 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202be000 x26: 00e800014f0c0b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3008 x22: fffffdffc43c3000 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006ebc8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1127 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:614 entire_mapcount:0 nr_pages_mapped:614 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000467ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000467ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026600000265 00000000ffffffff head: ffffffff00000265 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202be000 x26: 00e800014f0c0b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3080 x22: fffffdffc43c3048 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000006f9d8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1129 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:616 entire_mapcount:0 nr_pages_mapped:616 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000469ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000469ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026800000267 00000000ffffffff head: ffffffff00000267 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202c2000 x26: 00e800014f0c4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3108 x22: fffffdffc43c3100 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000070578 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1129 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:616 entire_mapcount:0 nr_pages_mapped:616 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000469ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000469ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026800000267 00000000ffffffff head: ffffffff00000267 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202c2000 x26: 00e800014f0c4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3140 x22: fffffdffc43c3108 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000071348 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1130 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:617 entire_mapcount:0 nr_pages_mapped:617 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026900000268 00000000ffffffff head: ffffffff00000268 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202c4000 x26: 00e800014f0c6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3188 x22: fffffdffc43c3180 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000072520 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1130 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:617 entire_mapcount:0 nr_pages_mapped:617 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026900000268 00000000ffffffff head: ffffffff00000268 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202c4000 x26: 00e800014f0c6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c31c0 x22: fffffdffc43c3188 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000073480 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1131 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:618 entire_mapcount:0 nr_pages_mapped:618 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026a00000269 00000000ffffffff head: ffffffff00000269 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202c7000 x26: 00e800014f0c9b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3248 x22: fffffdffc43c3240 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000743e8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1131 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:618 entire_mapcount:0 nr_pages_mapped:618 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026a00000269 00000000ffffffff head: ffffffff00000269 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202c7000 x26: 00e800014f0c9b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3300 x22: fffffdffc43c32c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000075548 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1134 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:621 entire_mapcount:0 nr_pages_mapped:621 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026d0000026c 00000000ffffffff head: ffffffff0000026c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202cb000 x26: 00e800014f0cdb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3348 x22: fffffdffc43c3340 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000767b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1134 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:621 entire_mapcount:0 nr_pages_mapped:621 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000046effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000046effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000026d0000026c 00000000ffffffff head: ffffffff0000026c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202cb000 x26: 00e800014f0cdb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3500 x22: fffffdffc43c34c8 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000077950 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1141 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:628 entire_mapcount:0 nr_pages_mapped:628 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000475ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000475ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027400000273 00000000ffffffff head: ffffffff00000273 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202d4000 x26: 00e800014f0d6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3588 x22: fffffdffc43c3580 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000078c00 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1141 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:628 entire_mapcount:0 nr_pages_mapped:628 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000475ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000475ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027400000273 00000000ffffffff head: ffffffff00000273 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202d4000 x26: 00e800014f0d6b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3600 x22: fffffdffc43c35c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000079c00 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1143 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:630 entire_mapcount:0 nr_pages_mapped:630 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000477ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000477ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027600000275 00000000ffffffff head: ffffffff00000275 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202d7000 x26: 00e800014f0d9b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3648 x22: fffffdffc43c3640 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007abe8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1143 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:630 entire_mapcount:0 nr_pages_mapped:630 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000477ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000477ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027600000275 00000000ffffffff head: ffffffff00000275 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202d7000 x26: 00e800014f0d9b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3680 x22: fffffdffc43c3648 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007ba40 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1144 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:631 entire_mapcount:0 nr_pages_mapped:631 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000478ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000478ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027700000276 00000000ffffffff head: ffffffff00000276 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202db000 x26: 00e800014f0ddb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3748 x22: fffffdffc43c3740 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007c830 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1144 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:631 entire_mapcount:0 nr_pages_mapped:631 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000478ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000478ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027700000276 00000000ffffffff head: ffffffff00000276 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202db000 x26: 00e800014f0ddb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3800 x22: fffffdffc43c37c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007d918 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1147 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:634 entire_mapcount:0 nr_pages_mapped:634 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027a00000279 00000000ffffffff head: ffffffff00000279 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202e0000 x26: 00e800014f0e2b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3888 x22: fffffdffc43c3880 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007ea58 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1147 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:634 entire_mapcount:0 nr_pages_mapped:634 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027a00000279 00000000ffffffff head: ffffffff00000279 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202e0000 x26: 00e800014f0e2b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c38c0 x22: fffffdffc43c3888 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000007fdf8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1148 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:635 entire_mapcount:0 nr_pages_mapped:635 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027b0000027a 00000000ffffffff head: ffffffff0000027a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202e2000 x26: 00e800014f0e4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3908 x22: fffffdffc43c3900 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000080db8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1148 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:635 entire_mapcount:0 nr_pages_mapped:635 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027b0000027a 00000000ffffffff head: ffffffff0000027a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202e2000 x26: 00e800014f0e4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3940 x22: fffffdffc43c3908 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000081cc0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1149 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:636 entire_mapcount:0 nr_pages_mapped:636 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027c0000027b 00000000ffffffff head: ffffffff0000027b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202e5000 x26: 00e800014f0e7b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c39c8 x22: fffffdffc43c39c0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000082a70 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1149 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:636 entire_mapcount:0 nr_pages_mapped:636 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000047dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000047dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027c0000027b 00000000ffffffff head: ffffffff0000027b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202e5000 x26: 00e800014f0e7b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3a80 x22: fffffdffc43c3a48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000083598 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1152 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:639 entire_mapcount:0 nr_pages_mapped:639 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000480ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000480ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027f0000027e 00000000ffffffff head: ffffffff0000027e 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202e9000 x26: 00e800014f0ebb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3ac8 x22: fffffdffc43c3ac0 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000084548 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1152 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:639 entire_mapcount:0 nr_pages_mapped:639 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000480ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000480ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000027f0000027e 00000000ffffffff head: ffffffff0000027e 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 00000000202e9000 x26: 00e800014f0ebb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3c80 x22: fffffdffc43c3c48 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000085620 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1159 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:646 entire_mapcount:0 nr_pages_mapped:646 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000487ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000487ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028600000285 00000000ffffffff head: ffffffff00000285 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202f2000 x26: 00e800014f0f4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3d08 x22: fffffdffc43c3d00 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000086728 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1159 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:646 entire_mapcount:0 nr_pages_mapped:646 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000487ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000487ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028600000285 00000000ffffffff head: ffffffff00000285 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 00000000202f2000 x26: 00e800014f0f4b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3d80 x22: fffffdffc43c3d48 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000878f0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1161 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:648 entire_mapcount:0 nr_pages_mapped:648 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000489ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000489ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028800000287 00000000ffffffff head: ffffffff00000287 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202f5000 x26: 00e800014f0f7b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3dc8 x22: fffffdffc43c3dc0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000889e8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1161 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:648 entire_mapcount:0 nr_pages_mapped:648 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000489ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000489ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028800000287 00000000ffffffff head: ffffffff00000287 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202f5000 x26: 00e800014f0f7b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3e00 x22: fffffdffc43c3dc8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000089b50 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1162 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:649 entire_mapcount:0 nr_pages_mapped:649 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028900000288 00000000ffffffff head: ffffffff00000288 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202f9000 x26: 00e800014f0fbb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3ec8 x22: fffffdffc43c3ec0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008ab30 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1162 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:649 entire_mapcount:0 nr_pages_mapped:649 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048affffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048affffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028900000288 00000000ffffffff head: ffffffff00000288 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 00000000202f9000 x26: 00e800014f0fbb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c3f80 x22: fffffdffc43c3f48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008be40 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1165 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:652 entire_mapcount:0 nr_pages_mapped:652 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028c0000028b 00000000ffffffff head: ffffffff0000028b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202fe000 x26: 00e800014f100b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4008 x22: fffffdffc43c4000 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008ced0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1165 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:652 entire_mapcount:0 nr_pages_mapped:652 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028c0000028b 00000000ffffffff head: ffffffff0000028b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 00000000202fe000 x26: 00e800014f100b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4040 x22: fffffdffc43c4008 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008dcf0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1166 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:653 entire_mapcount:0 nr_pages_mapped:653 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028d0000028c 00000000ffffffff head: ffffffff0000028c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020300000 x26: 00e800014f102b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4088 x22: fffffdffc43c4080 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008eb98 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1166 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:653 entire_mapcount:0 nr_pages_mapped:653 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028d0000028c 00000000ffffffff head: ffffffff0000028c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020300000 x26: 00e800014f102b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c40c0 x22: fffffdffc43c4088 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000008fc68 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1167 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:654 entire_mapcount:0 nr_pages_mapped:654 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048fffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048fffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028e0000028d 00000000ffffffff head: ffffffff0000028d 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020303000 x26: 00e800014f105b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4148 x22: fffffdffc43c4140 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000090f18 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1167 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:654 entire_mapcount:0 nr_pages_mapped:654 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000048fffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000048fffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000028e0000028d 00000000ffffffff head: ffffffff0000028d 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020303000 x26: 00e800014f105b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4200 x22: fffffdffc43c41c8 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000091e28 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1170 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:657 entire_mapcount:0 nr_pages_mapped:657 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000492ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000492ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029100000290 00000000ffffffff head: ffffffff00000290 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020307000 x26: 00e800014f109b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4248 x22: fffffdffc43c4240 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000092ce8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1170 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:657 entire_mapcount:0 nr_pages_mapped:657 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000492ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000492ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029100000290 00000000ffffffff head: ffffffff00000290 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020307000 x26: 00e800014f109b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4400 x22: fffffdffc43c43c8 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000939d8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1177 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:664 entire_mapcount:0 nr_pages_mapped:664 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000499ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000499ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029800000297 00000000ffffffff head: ffffffff00000297 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020310000 x26: 00e800014f112b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4488 x22: fffffdffc43c4480 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000946b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1177 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:664 entire_mapcount:0 nr_pages_mapped:664 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 00000499ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 00000499ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029800000297 00000000ffffffff head: ffffffff00000297 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 0000000020310000 x26: 00e800014f112b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4500 x22: fffffdffc43c44c8 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000095758 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1179 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:666 entire_mapcount:0 nr_pages_mapped:666 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029a00000299 00000000ffffffff head: ffffffff00000299 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020313000 x26: 00e800014f115b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4548 x22: fffffdffc43c4540 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000096900 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1179 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:666 entire_mapcount:0 nr_pages_mapped:666 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049bffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049bffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029a00000299 00000000ffffffff head: ffffffff00000299 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020313000 x26: 00e800014f115b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4580 x22: fffffdffc43c4548 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000097bf0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1180 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:667 entire_mapcount:0 nr_pages_mapped:667 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029b0000029a 00000000ffffffff head: ffffffff0000029a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020319000 x26: 00e800014f11bb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c46c8 x22: fffffdffc43c46c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000098bf8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1180 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:667 entire_mapcount:0 nr_pages_mapped:667 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049cffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049cffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029b0000029a 00000000ffffffff head: ffffffff0000029a 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020319000 x26: 00e800014f11bb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4700 x22: fffffdffc43c46c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 0000000000099d38 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1181 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:668 entire_mapcount:0 nr_pages_mapped:668 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029c0000029b 00000000ffffffff head: ffffffff0000029b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002031c000 x26: 00e800014f11eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4788 x22: fffffdffc43c4780 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009af10 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1181 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:668 entire_mapcount:0 nr_pages_mapped:668 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049dffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049dffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029c0000029b 00000000ffffffff head: ffffffff0000029b 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002031c000 x26: 00e800014f11eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c47c0 x22: fffffdffc43c4788 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009c158 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1182 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:669 entire_mapcount:0 nr_pages_mapped:669 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029d0000029c 00000000ffffffff head: ffffffff0000029c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002031e000 x26: 00e800014f120b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4808 x22: fffffdffc43c4800 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009d0b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1182 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:669 entire_mapcount:0 nr_pages_mapped:669 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049effffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049effffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029d0000029c 00000000ffffffff head: ffffffff0000029c 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002031e000 x26: 00e800014f120b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4840 x22: fffffdffc43c4808 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009de20 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1183 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:670 entire_mapcount:0 nr_pages_mapped:670 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049fffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049fffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029e0000029d 00000000ffffffff head: ffffffff0000029d 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020321000 x26: 00e800014f123b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c48c8 x22: fffffdffc43c48c0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009edb0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1183 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:670 entire_mapcount:0 nr_pages_mapped:670 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 0000049fffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 0000049fffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 0000029e0000029d 00000000ffffffff head: ffffffff0000029d 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020321000 x26: 00e800014f123b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4980 x22: fffffdffc43c4948 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 000000000009ffa8 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1186 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:673 entire_mapcount:0 nr_pages_mapped:673 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004a2ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004a2ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002a1000002a0 00000000ffffffff head: ffffffff000002a0 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020325000 x26: 00e800014f127b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c49c8 x22: fffffdffc43c49c0 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a10e0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1186 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:673 entire_mapcount:0 nr_pages_mapped:673 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004a2ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004a2ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002a1000002a0 00000000ffffffff head: ffffffff000002a0 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000007 x27: 0000000020325000 x26: 00e800014f127b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4b80 x22: fffffdffc43c4b48 x21: 0000000000000000 x20: 0000000000000007 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a2190 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1193 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:680 entire_mapcount:0 nr_pages_mapped:680 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004a9ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004a9ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002a8000002a7 00000000ffffffff head: ffffffff000002a7 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002032e000 x26: 00e800014f130b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4c08 x22: fffffdffc43c4c00 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a2fc0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1193 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:680 entire_mapcount:0 nr_pages_mapped:680 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004a9ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004a9ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002a8000002a7 00000000ffffffff head: ffffffff000002a7 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000002 x27: 000000002032e000 x26: 00e800014f130b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4c80 x22: fffffdffc43c4c48 x21: 0000000000000000 x20: 0000000000000002 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a3b30 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1195 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:682 entire_mapcount:0 nr_pages_mapped:682 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004abffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004abffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002aa000002a9 00000000ffffffff head: ffffffff000002a9 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020331000 x26: 00e800014f133b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4cc8 x22: fffffdffc43c4cc0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a4b28 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1195 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:682 entire_mapcount:0 nr_pages_mapped:682 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004abffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004abffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002aa000002a9 00000000ffffffff head: ffffffff000002a9 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020331000 x26: 00e800014f133b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4d00 x22: fffffdffc43c4cc8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a5a08 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1196 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:683 entire_mapcount:0 nr_pages_mapped:683 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004acffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004acffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002ab000002aa 00000000ffffffff head: ffffffff000002aa 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020335000 x26: 00e800014f137b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4dc8 x22: fffffdffc43c4dc0 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a6a90 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1196 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:683 entire_mapcount:0 nr_pages_mapped:683 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004acffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004acffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002ab000002aa 00000000ffffffff head: ffffffff000002aa 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020335000 x26: 00e800014f137b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4e80 x22: fffffdffc43c4e48 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a7980 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1199 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:686 entire_mapcount:0 nr_pages_mapped:686 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004afffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004afffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002ae000002ad 00000000ffffffff head: ffffffff000002ad 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033a000 x26: 00e800014f13cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4f08 x22: fffffdffc43c4f00 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a88a0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1199 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:686 entire_mapcount:0 nr_pages_mapped:686 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004afffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004afffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002ae000002ad 00000000ffffffff head: ffffffff000002ad 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033a000 x26: 00e800014f13cb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4f40 x22: fffffdffc43c4f08 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000a9790 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1200 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:687 entire_mapcount:0 nr_pages_mapped:687 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b0ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b0ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002af000002ae 00000000ffffffff head: ffffffff000002ae 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033c000 x26: 00e800014f13eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4f88 x22: fffffdffc43c4f80 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000aa6b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1200 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:687 entire_mapcount:0 nr_pages_mapped:687 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b0ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b0ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002af000002ae 00000000ffffffff head: ffffffff000002ae 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033c000 x26: 00e800014f13eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c4fc0 x22: fffffdffc43c4f88 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000ab5a0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1201 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:688 entire_mapcount:0 nr_pages_mapped:688 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b1ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b1ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b0000002af 00000000ffffffff head: ffffffff000002af 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033f000 x26: 00e800014f141b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5048 x22: fffffdffc43c5040 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000ac4c0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1201 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:688 entire_mapcount:0 nr_pages_mapped:688 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b1ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b1ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b0000002af 00000000ffffffff head: ffffffff000002af 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 000000002033f000 x26: 00e800014f141b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5080 x22: fffffdffc43c5048 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000ad3b0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1202 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:689 entire_mapcount:0 nr_pages_mapped:689 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b2ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b2ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b1000002b0 00000000ffffffff head: ffffffff000002b0 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020341000 x26: 00e800014f143b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c50c8 x22: fffffdffc43c50c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000ae2d0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1202 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:689 entire_mapcount:0 nr_pages_mapped:689 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b2ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b2ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b1000002b0 00000000ffffffff head: ffffffff000002b0 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020341000 x26: 00e800014f143b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5100 x22: fffffdffc43c50c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000af1c0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1203 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:690 entire_mapcount:0 nr_pages_mapped:690 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b3ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b3ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b2000002b1 00000000ffffffff head: ffffffff000002b1 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000006 x27: 0000000020344000 x26: 00e800014f146b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5188 x22: fffffdffc43c5180 x21: 0000000000000000 x20: 0000000000000006 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b00e0 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1203 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:690 entire_mapcount:0 nr_pages_mapped:690 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b3ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b3ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b2000002b1 00000000ffffffff head: ffffffff000002b1 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000006 x27: 0000000020344000 x26: 00e800014f146b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5300 x22: fffffdffc43c52c8 x21: 0000000000000000 x20: 0000000000000006 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b0d18 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1209 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:696 entire_mapcount:0 nr_pages_mapped:696 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b9ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b9ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b8000002b7 00000000ffffffff head: ffffffff000002b7 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000004 x27: 000000002034c000 x26: 00e800014f14eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5388 x22: fffffdffc43c5380 x21: 0000000000000000 x20: 0000000000000004 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b1808 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1209 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:696 entire_mapcount:0 nr_pages_mapped:696 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004b9ffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004b9ffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002b8000002b7 00000000ffffffff head: ffffffff000002b7 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000004 x27: 000000002034c000 x26: 00e800014f14eb43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5480 x22: fffffdffc43c5448 x21: 0000000000000000 x20: 0000000000000004 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b2700 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1213 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:700 entire_mapcount:0 nr_pages_mapped:700 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004bdffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004bdffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002bc000002bb 00000000ffffffff head: ffffffff000002bb 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020355000 x26: 00e800014f157b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c55c8 x22: fffffdffc43c55c0 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b3638 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1213 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:700 entire_mapcount:0 nr_pages_mapped:700 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004bdffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004bdffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002bc000002bb 00000000ffffffff head: ffffffff000002bb 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 lr : __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000001 x27: 0000000020355000 x26: 00e800014f157b43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5600 x22: fffffdffc43c55c8 x21: 0000000000000000 x20: 0000000000000001 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b4540 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000e5 Call trace: __folio_rmap_sanity_checks+0x2ec/0x430 include/linux/rmap.h:427 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880 __mm_populate+0x208/0x330 mm/gup.c:1983 mm_populate include/linux/mm.h:3367 [inline] vm_mmap_pgoff+0x398/0x45c mm/util.c:585 ksys_mmap_pgoff+0x394/0x5b8 mm/mmap.c:604 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 10813 hardirqs last enabled at (10813): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline] hardirqs last enabled at (10813): [] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96 hardirqs last disabled at (10812): [] handle_softirqs+0x988/0xc88 kernel/softirq.c:594 softirqs last enabled at (10090): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (10090): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (7333): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- page: refcount:1214 mapcount:0 mapping:000000007f72e850 index:0x0 pfn:0x14ee00 head: order:9 mapcount:701 entire_mapcount:0 nr_pages_mapped:701 pincount:0 memcg:ffff0000c19c2580 aops:shmem_aops ino:2 dentry name(?):"memory.events.local" flags: 0x5ffc0000002017d(locked|referenced|uptodate|dirty|lru|active|head|swapbacked|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 raw: 0000000000000000 0000000000000000 000004beffffffff ffff0000c19c2580 head: 05ffc0000002017d fffffdffc3a27648 fffffdffc43ac008 ffff0000db3283a0 head: 0000000000000000 0000000000000000 000004beffffffff ffff0000c19c2580 head: 05ffc00000000209 fffffdffc43b8001 000002bd000002bc 00000000ffffffff head: ffffffff000002bc 0000000000000024 00000000ffffffff 0000000000000200 page dumped because: VM_WARN_ON_FOLIO((_Generic((page), const struct page *: (const struct folio *)_compound_head(page), struct page *: (struct folio *)_compound_head(page))) != folio) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15044 at ./include/linux/rmap.h:426 __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 Modules linked in: CPU: 1 UID: 0 PID: 15044 Comm: syz.3.402 Tainted: G B W 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 lr : __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 sp : ffff8000a0a672c0 x29: ffff8000a0a672c0 x28: 0000000000000003 x27: 0000000020358000 x26: 00e800014f15ab43 x25: dfff800000000000 x24: 000000000020ac5d x23: fffffdffc43c5688 x22: fffffdffc43c5680 x21: 0000000000000000 x20: 0000000000000003 x19: fffffdffc43b8000 x18: 1fffe000337a0688 x17: 3030303030303020 x16: ffff80008b007230 x15: 0000000000000001 x14: 1ffff0001414cd84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 14e578ac1de0e000 x8 : 14e578ac1de0e000 x7 : 00000000000b5478 x6 : ffff800080563af4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de560 x2 : 0000000000000002 x1 : 0000000000000001 x0 : 00000000000000b8 Call trace: __folio_rmap_sanity_checks+0x2c0/0x430 include/linux/rmap.h:426 (P) __folio_add_rmap mm/rmap.c:1252 [inline] __folio_add_file_rmap mm/rmap.c:1620 [inline] folio_add_file_rmap_ptes+0x84/0x8e8 mm/rmap.c:1642 set_pte_range+0x2e4/0x49c mm/memory.c:5311 filemap_map_folio_range mm/filemap.c:3673 [inline] filemap_map_pages+0xb54/0x155c mm/filemap.c:3783 do_fault_around mm/memory.c:5531 [inline] do_read_fault mm/memory.c:5564 [inline] do_fault mm/memory.c:5707 [inline] do_pte_missing mm/memory.c:4234 [inline] handle_pte_fault mm/memory.c:6052 [inline] __handle_mm_fault mm/memory.c:6195 [inline] handle_mm_fault+0x2b64/0x4d34 mm/memory.c:6364 faultin_page mm/gup.c:1144 [inline] __get_user_pages+0x1f40/0x2da0 mm/gup.c:1446 populate_vma_page_range+0x258/0x348 mm/gup.c:1880