program: mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, &(0x7f0000000100)=0x9) (async) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, &(0x7f0000000100)=0x9) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00002) (async) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00002) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000)={'#! ', './file0'}, 0xb) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) dup(r3) (async) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000100)=0x10000) (async) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000100)=0x10000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) dup(r1) (async) r5 = dup(r1) write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40edce82cd"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) [ 73.117522][ T4669] Bluetooth: hci0: command tx timeout [ 73.196704][ T5320] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x53104 [ 73.205485][ T5320] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 73.215948][ T5320] memcg:ffff8880304f8d00 [ 73.220691][ T5320] flags: 0x4fff00000000041(locked|head|node=1|zone=1|lastcpupid=0x7ff) [ 73.224246][ T5320] raw: 04fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 73.228452][ T5320] raw: 000000000000001c 0000000000000000 00000001ffffffff ffff8880304f8d00 [ 73.232068][ T5320] head: 04fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 73.235663][ T5320] head: 000000000000001c 0000000000000000 00000001ffffffff ffff8880304f8d00 [ 73.242233][ T5320] head: 04fff00000000202 ffffea00014c4101 00000000ffffffff 00000000ffffffff [ 73.245769][ T5320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 73.250066][ T5320] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 73.254386][ T5320] page_owner tracks the page as allocated [ 73.257014][ T5320] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5320, tgid 5320 (syz.0.0), ts 73196683722, free_ts 73196471151 [ 73.268552][ T5320] post_alloc_hook+0x240/0x2a0 [ 73.270841][ T5320] get_page_from_freelist+0x21e4/0x22c0 [ 73.273171][ T5320] __alloc_frozen_pages_noprof+0x181/0x370 [ 73.275834][ T5320] alloc_pages_mpol+0x232/0x4a0 [ 73.279071][ T5320] alloc_pages_noprof+0xa9/0x190 [ 73.281440][ T5320] folio_alloc_noprof+0x1e/0x30 [ 73.283802][ T5320] filemap_alloc_folio_noprof+0xdf/0x470 [ 73.287310][ T5320] page_cache_ra_order+0x5e5/0xc70 [ 73.290895][ T5320] do_sync_mmap_readahead+0x4b5/0x5f0 [ 73.293338][ T5320] filemap_fault+0x62a/0x1200 [ 73.295463][ T5320] __do_fault+0x138/0x390 [ 73.298680][ T5320] __handle_mm_fault+0x198b/0x5620 [ 73.300905][ T5320] handle_mm_fault+0x40a/0x8e0 [ 73.303133][ T5320] do_user_addr_fault+0xa81/0x1390 [ 73.305474][ T5320] exc_page_fault+0x76/0xf0 [ 73.308857][ T5320] asm_exc_page_fault+0x26/0x30 [ 73.311309][ T5320] page last free pid 5321 tgid 5320 stack trace: [ 73.314097][ T5320] free_unref_folios+0xc66/0x14d0 [ 73.316316][ T5320] folios_put_refs+0x559/0x640 [ 73.319585][ T5320] truncate_inode_pages_range+0x346/0xda0 [ 73.321969][ T5320] set_blocksize+0x32a/0x500 [ 73.324083][ T5320] blkdev_bszset+0x1ac/0x220 [ 73.326438][ T5320] blkdev_ioctl+0x430/0x6d0 [ 73.329505][ T5320] __se_sys_ioctl+0xf9/0x170 [ 73.331549][ T5320] do_syscall_64+0xfa/0x3b0 [ 73.333472][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.336954][ T5320] ------------[ cut here ]------------ [ 73.339836][ T5320] kernel BUG at mm/filemap.c:868! [ 73.343472][ T5320] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 73.346319][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 73.351860][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.357543][ T5320] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 73.360299][ T5320] Code: fd c8 ff 4c 89 e7 48 c7 c6 e0 37 94 8b e8 fb a3 10 00 90 0f 0b e8 63 fd c8 ff 4c 89 e7 48 c7 c6 c0 2e 94 8b e8 e4 a3 10 00 90 <0f> 0b e8 4c fd c8 ff 4c 89 e7 48 c7 c6 e0 37 94 8b e8 cd a3 10 00 [ 73.369704][ T5320] RSP: 0018:ffffc9000d317680 EFLAGS: 00010246 [ 73.372829][ T5320] RAX: b080812a1d5b4a00 RBX: 0000000000000002 RCX: 0000000000000000 [ 73.376713][ T5320] RDX: 0000000000000007 RSI: ffffffff8d982307 RDI: 00000000ffffffff [ 73.380140][ T5320] RBP: ffffc9000d3177e8 R08: ffffffff8fa10bf7 R09: 1ffffffff1f4217e [ 73.383535][ T5320] R10: dffffc0000000000 R11: fffffbfff1f4217f R12: ffffea00014c4100 [ 73.387366][ T5320] R13: dffffc0000000000 R14: ffffea00014c4108 R15: 0000000000000004 [ 73.391383][ T5320] FS: 0000555568b6e500(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 73.395208][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.398135][ T5320] CR2: 000020000057eff8 CR3: 00000000441f9000 CR4: 0000000000352ef0 [ 73.401933][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.405838][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.409335][ T5320] Call Trace: [ 73.410718][ T5320] [ 73.412033][ T5320] ? percpu_ref_put+0x19/0x180 [ 73.414315][ T5320] ? __pfx___filemap_add_folio+0x10/0x10 [ 73.417076][ T5320] ? percpu_ref_put+0xf9/0x180 [ 73.419538][ T5320] filemap_add_folio+0xd5/0x270 [ 73.421799][ T5320] page_cache_ra_order+0x74c/0xc70 [ 73.424135][ T5320] do_sync_mmap_readahead+0x4b5/0x5f0 [ 73.426444][ T5320] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 73.429091][ T5320] ? count_memcg_event_mm+0x1d/0x250 [ 73.431630][ T5320] ? count_memcg_event_mm+0x1d/0x250 [ 73.434407][ T5320] filemap_fault+0x62a/0x1200 [ 73.436991][ T5320] ? __pagetable_ctor+0x253/0x340 [ 73.439366][ T5320] ? __pfx_filemap_fault+0x10/0x10 [ 73.441661][ T5320] ? rcu_is_watching+0x15/0xb0 [ 73.443832][ T5320] ? __raw_spin_lock_init+0x45/0x100 [ 73.446112][ T5320] __do_fault+0x138/0x390 [ 73.447972][ T5320] __handle_mm_fault+0x198b/0x5620 [ 73.450330][ T5320] ? __lock_acquire+0xab9/0xd20 [ 73.452924][ T5320] ? __pfx___handle_mm_fault+0x10/0x10 [ 73.455787][ T5320] ? lock_vma_under_rcu+0xf8/0x710 [ 73.458164][ T5320] ? lock_vma_under_rcu+0xf8/0x710 [ 73.460410][ T5320] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 73.462871][ T5320] ? rcu_is_watching+0x15/0xb0 [ 73.465026][ T5320] handle_mm_fault+0x40a/0x8e0 [ 73.467235][ T5320] do_user_addr_fault+0xa81/0x1390 [ 73.469870][ T5320] ? rcu_is_watching+0x15/0xb0 [ 73.472533][ T5320] ? trace_page_fault_user+0x84/0x1e0 [ 73.475191][ T5320] exc_page_fault+0x76/0xf0 [ 73.477209][ T5320] asm_exc_page_fault+0x26/0x30 [ 73.479296][ T5320] RIP: 0033:0x7f9e37654e53 [ 73.481240][ T5320] Code: 48 85 c0 74 1b 48 83 f8 01 0f 85 3b 03 00 00 0f b7 44 24 18 66 c1 c0 08 0f b7 c0 48 89 44 24 18 48 8b 44 24 10 0f b7 54 24 18 <66> 89 10 e9 82 fe ff ff 48 83 3c 24 08 0f 85 a1 02 00 00 48 8b 44 [ 73.489320][ T5320] RSP: 002b:00007ffda4db7970 EFLAGS: 00010246 [ 73.492511][ T5320] RAX: 000020000057eff8 RBX: 0000000000000002 RCX: 0000000000000000 [ 73.496966][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555568b6e3c8 [ 73.500753][ T5320] RBP: 00007ffda4db7a78 R08: 0000000000000000 R09: 0000000000000000 [ 73.503989][ T5320] R10: 0000000000000000 R11: 0000000000000000 R12: 00007f9e379b608c [ 73.507302][ T5320] R13: 00007f9e379b6080 R14: fffffffffffffffe R15: 00007ffda4db7ac0 [ 73.510906][ T5320] [ 73.512228][ T5320] Modules linked in: [ 73.515145][ T5320] ---[ end trace 0000000000000000 ]--- [ 73.524085][ T5320] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 73.526872][ T5320] Code: fd c8 ff 4c 89 e7 48 c7 c6 e0 37 94 8b e8 fb a3 10 00 90 0f 0b e8 63 fd c8 ff 4c 89 e7 48 c7 c6 c0 2e 94 8b e8 e4 a3 10 00 90 <0f> 0b e8 4c fd c8 ff 4c 89 e7 48 c7 c6 e0 37 94 8b e8 cd a3 10 00 [ 73.536003][ T5320] RSP: 0018:ffffc9000d317680 EFLAGS: 00010246 [ 73.539314][ T5320] RAX: b080812a1d5b4a00 RBX: 0000000000000002 RCX: 0000000000000000 [ 73.542502][ T5320] RDX: 0000000000000007 RSI: ffffffff8d982307 RDI: 00000000ffffffff [ 73.546523][ T5320] RBP: ffffc9000d3177e8 R08: ffffffff8fa10bf7 R09: 1ffffffff1f4217e [ 73.551117][ T5320] R10: dffffc0000000000 R11: fffffbfff1f4217f R12: ffffea00014c4100 [ 73.554314][ T5320] R13: dffffc0000000000 R14: ffffea00014c4108 R15: 0000000000000004 [ 73.558390][ T5320] FS: 0000555568b6e500(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 73.562196][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.566057][ T5320] CR2: 000020000057eff8 CR3: 00000000441f9000 CR4: 0000000000352ef0 [ 73.570719][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.574015][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.578113][ T5320] Kernel panic - not syncing: Fatal exception [ 73.581533][ T5320] Kernel Offset: disabled [ 73.583605][ T5320] Rebooting in 86400 seconds..