program: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) (async) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000017, 0x38011, r0, 0x4000) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5f, 0x0) (async) preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5f, 0x0) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x1010, r3, 0x100000000) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00') sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'team_slave_0\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) syz_open_dev$sg(&(0x7f0000000100), 0x28b, 0x0) (async) r6 = syz_open_dev$sg(&(0x7f0000000100), 0x28b, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="288d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40081271, &(0x7f0000000980)=0x4000) (async) ioctl$FS_IOC_SETFLAGS(r7, 0x40081271, &(0x7f0000000980)=0x4000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0xfff}], 0x1) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) (async) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) [ 85.133201][ T5300] Bluetooth: hci0: command tx timeout [ 85.248332][ T5326] bridge0: port 3(team0) entered blocking state [ 85.251111][ T5326] bridge0: port 3(team0) entered disabled state [ 85.255393][ T5326] team0: entered allmulticast mode [ 85.257621][ T5326] team_slave_0: entered allmulticast mode [ 85.260011][ T5326] team_slave_1: entered allmulticast mode [ 85.266809][ T5326] team0: entered promiscuous mode [ 85.269182][ T5326] team_slave_0: entered promiscuous mode [ 85.271866][ T5326] team_slave_1: entered promiscuous mode [ 85.280317][ T5326] bridge0: port 3(team0) entered blocking state [ 85.283620][ T5326] bridge0: port 3(team0) entered forwarding state [ 85.306533][ T5325] vlan0: entered promiscuous mode [ 85.330321][ T5325] vlan0: entered allmulticast mode [ 85.332659][ T5325] veth0_vlan: entered allmulticast mode [ 85.345165][ T5325] team0: Port device vlan0 added [ 85.357364][ T5326] team_slave_0: left promiscuous mode [ 85.359889][ T5326] team_slave_0: left allmulticast mode [ 85.376313][ T5326] team0: Port device team_slave_0 removed [ 85.394709][ T5325] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801c1e3dc0 pfn:0x1c1e3 [ 85.403053][ T5325] memcg:ffff88801baf0d00 [ 85.405025][ T5325] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 85.408466][ T5325] raw: 00fff00000000001 0000000000000000 dead000000000122 0000000000000000 [ 85.423972][ T5325] raw: ffff88801c1e3dc0 0000000000000000 00000001ffffffff ffff88801baf0d00 [ 85.427758][ T5325] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 85.432095][ T5325] page_owner tracks the page as allocated [ 85.447198][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5325, tgid 5324 (syz.0.0), ts 85394660027, free_ts 85274962262 [ 85.458716][ T5325] post_alloc_hook+0x240/0x2a0 [ 85.460941][ T5325] get_page_from_freelist+0x2365/0x2440 [ 85.464131][ T5325] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.466856][ T5325] alloc_pages_mpol+0x232/0x4a0 [ 85.469086][ T5325] alloc_pages_noprof+0xa9/0x190 [ 85.471266][ T5325] folio_alloc_noprof+0x1e/0x30 [ 85.474265][ T5325] filemap_alloc_folio_noprof+0xdf/0x470 [ 85.476740][ T5325] page_cache_ra_order+0x55b/0xe70 [ 85.478899][ T5325] do_sync_mmap_readahead+0x25e/0x7a0 [ 85.481727][ T5325] filemap_fault+0x6b9/0x12b0 [ 85.484183][ T5325] __do_fault+0x138/0x390 [ 85.486151][ T5325] __handle_mm_fault+0x35e3/0x5400 [ 85.488360][ T5325] handle_mm_fault+0x40a/0x8e0 [ 85.490485][ T5325] do_user_addr_fault+0x764/0x1380 [ 85.493702][ T5325] exc_page_fault+0x82/0x100 [ 85.495831][ T5325] asm_exc_page_fault+0x26/0x30 [ 85.498000][ T5325] page last free pid 4706 tgid 4706 stack trace: [ 85.501750][ T5325] __free_frozen_pages+0xbc4/0xd30 [ 85.504820][ T5325] __put_partials+0x146/0x170 [ 85.506945][ T5325] put_cpu_partial+0x1f2/0x2e0 [ 85.509204][ T5325] __slab_free+0x2b9/0x390 [ 85.511362][ T5325] qlist_free_all+0x97/0x140 [ 85.514765][ T5325] kasan_quarantine_reduce+0x148/0x160 [ 85.517293][ T5325] __kasan_slab_alloc+0x22/0x80 [ 85.519563][ T5325] kmem_cache_alloc_node_noprof+0x433/0x710 [ 85.522364][ T5325] __alloc_skb+0x112/0x2d0 [ 85.524997][ T5325] alloc_skb_with_frags+0xca/0x890 [ 85.527267][ T5325] sock_alloc_send_pskb+0x84d/0x980 [ 85.529663][ T5325] unix_dgram_sendmsg+0x50e/0x18d0 [ 85.532154][ T5325] __sock_sendmsg+0x21c/0x270 [ 85.535723][ T5325] __sys_sendto+0x3bd/0x520 [ 85.538070][ T5325] __x64_sys_sendto+0xde/0x100 [ 85.540270][ T5325] do_syscall_64+0xfa/0xfa0 [ 85.559305][ T5325] ------------[ cut here ]------------ [ 85.561886][ T5325] kernel BUG at mm/filemap.c:871! [ 85.578024][ T5325] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.580895][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.584604][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.589173][ T5325] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 85.591865][ T5325] Code: 8b c6 ff 4c 89 e7 48 c7 c6 00 75 74 8b e8 cb 63 2e ff 90 0f 0b e8 53 8b c6 ff 4c 89 e7 48 c7 c6 e0 6b 74 8b e8 b4 63 2e ff 90 <0f> 0b e8 3c 8b c6 ff 4c 89 e7 48 c7 c6 00 75 74 8b e8 9d 63 2e ff [ 85.600222][ T5325] RSP: 0018:ffffc9000d39f3a0 EFLAGS: 00010246 [ 85.602836][ T5325] RAX: e12348d00a338200 RBX: 0000000000000000 RCX: 0000000000000000 [ 85.606330][ T5325] RDX: 0000000000000007 RSI: ffffffff8d71080b RDI: 00000000ffffffff [ 85.609806][ T5325] RBP: ffffc9000d39f508 R08: ffffffff8f7d0277 R09: 1ffffffff1efa04e [ 85.612948][ T5325] R10: dffffc0000000000 R11: fffffbfff1efa04f R12: ffffea00007078c0 [ 85.616126][ T5325] R13: dffffc0000000000 R14: ffffea00007078c8 R15: 0000000000000002 [ 85.619320][ T5325] FS: 00007f64bd5486c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 85.623259][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.626077][ T5325] CR2: 0000200000004000 CR3: 000000001f386000 CR4: 0000000000352ef0 [ 85.629419][ T5325] Call Trace: [ 85.630963][ T5325] [ 85.632327][ T5325] ? percpu_ref_put+0x19/0x180 [ 85.634465][ T5325] ? __pfx___filemap_add_folio+0x10/0x10 [ 85.636916][ T5325] ? percpu_ref_put+0xf9/0x180 [ 85.639090][ T5325] filemap_add_folio+0x26d/0x540 [ 85.641305][ T5325] page_cache_ra_order+0x6bc/0xe70 [ 85.643452][ T5325] do_sync_mmap_readahead+0x25e/0x7a0 [ 85.645762][ T5325] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 85.648324][ T5325] ? count_memcg_event_mm+0x1d/0x250 [ 85.650725][ T5325] ? count_memcg_event_mm+0x1d/0x250 [ 85.653130][ T5325] filemap_fault+0x6b9/0x12b0 [ 85.655212][ T5325] ? __pfx_filemap_fault+0x10/0x10 [ 85.657474][ T5325] ? __pfx_filemap_map_pages+0x10/0x10 [ 85.659848][ T5325] ? __handle_mm_fault+0x2789/0x5400 [ 85.662218][ T5325] __do_fault+0x138/0x390 [ 85.664163][ T5325] __handle_mm_fault+0x35e3/0x5400 [ 85.666427][ T5325] ? __pfx___handle_mm_fault+0x10/0x10 [ 85.668865][ T5325] ? find_vma+0xe7/0x160 [ 85.670751][ T5325] ? __pfx_find_vma+0x10/0x10 [ 85.672792][ T5325] handle_mm_fault+0x40a/0x8e0 [ 85.674931][ T5325] do_user_addr_fault+0x764/0x1380 [ 85.677246][ T5325] exc_page_fault+0x82/0x100 [ 85.679362][ T5325] asm_exc_page_fault+0x26/0x30 [ 85.681522][ T5325] RIP: 0010:__get_user_4+0x14/0x20 [ 85.683794][ T5325] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 d0 2a 04 00 90 90 90 90 90 90 90 90 90 90 [ 85.691737][ T5325] RSP: 0018:ffffc9000d39fd18 EFLAGS: 00050283 [ 85.694442][ T5325] RAX: 0000200000000980 RBX: 1ffff92001a73fa8 RCX: e12348d00a338200 [ 85.697937][ T5325] RDX: 00007ffffffff000 RSI: ffffffff8d8f755a RDI: ffffffff8bbf18e0 [ 85.701352][ T5325] RBP: ffffc9000d39fdd0 R08: 0000000000000000 R09: ffffffff820ef730 [ 85.704859][ T5325] R10: dffffc0000000000 R11: ffffed10036505a0 R12: ffff888032151f80 [ 85.708256][ T5325] R13: dffffc0000000000 R14: ffff8880406e6380 R15: 0000200000000980 [ 85.711713][ T5325] ? __might_fault+0xb0/0x130 [ 85.713904][ T5325] blkdev_bszset+0xfb/0x220 [ 85.716009][ T5325] ? __pfx_blkdev_bszset+0x10/0x10 [ 85.718302][ T5325] blkdev_ioctl+0x437/0x6d0 [ 85.720370][ T5325] ? __pfx_blkdev_ioctl+0x10/0x10 [ 85.722633][ T5325] ? __fget_files+0x3a0/0x420 [ 85.724728][ T5325] ? __fget_files+0x2a/0x420 [ 85.726726][ T5325] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.728949][ T5325] ? __pfx_blkdev_ioctl+0x10/0x10 [ 85.731225][ T5325] __se_sys_ioctl+0xfc/0x170 [ 85.733318][ T5325] do_syscall_64+0xfa/0xfa0 [ 85.735352][ T5325] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.737692][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.740346][ T5325] ? clear_bhb_loop+0x60/0xb0 [ 85.742457][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.745102][ T5325] RIP: 0033:0x7f64bc78f6c9 [ 85.747161][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.755614][ T5325] RSP: 002b:00007f64bd548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.759313][ T5325] RAX: ffffffffffffffda RBX: 00007f64bc9e5fa0 RCX: 00007f64bc78f6c9 [ 85.762851][ T5325] RDX: 0000200000000980 RSI: 0000000040081271 RDI: 000000000000000a [ 85.766342][ T5325] RBP: 00007f64bc811f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.769957][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.773485][ T5325] R13: 00007f64bc9e6038 R14: 00007f64bc9e5fa0 R15: 00007ffcac339d98 [ 85.776930][ T5325] [ 85.778271][ T5325] Modules linked in: [ 85.780521][ T5325] ---[ end trace 0000000000000000 ]--- [ 85.808199][ T5325] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 85.811016][ T5325] Code: 8b c6 ff 4c 89 e7 48 c7 c6 00 75 74 8b e8 cb 63 2e ff 90 0f 0b e8 53 8b c6 ff 4c 89 e7 48 c7 c6 e0 6b 74 8b e8 b4 63 2e ff 90 <0f> 0b e8 3c 8b c6 ff 4c 89 e7 48 c7 c6 00 75 74 8b e8 9d 63 2e ff [ 85.819896][ T5325] RSP: 0018:ffffc9000d39f3a0 EFLAGS: 00010246 [ 85.822632][ T5325] RAX: e12348d00a338200 RBX: 0000000000000000 RCX: 0000000000000000 [ 85.826574][ T5325] RDX: 0000000000000007 RSI: ffffffff8d71080b RDI: 00000000ffffffff [ 85.830077][ T5325] RBP: ffffc9000d39f508 R08: ffffffff8f7d0277 R09: 1ffffffff1efa04e [ 85.833956][ T5325] R10: dffffc0000000000 R11: fffffbfff1efa04f R12: ffffea00007078c0 [ 85.837499][ T5325] R13: dffffc0000000000 R14: ffffea00007078c8 R15: 0000000000000002 [ 85.841160][ T5325] FS: 00007f64bd5486c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 85.845505][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.848438][ T5325] CR2: 00002000000012c8 CR3: 000000001f386000 CR4: 0000000000352ef0 [ 85.852042][ T5325] Kernel panic - not syncing: Fatal exception [ 85.855021][ T5325] Kernel Offset: disabled [ 85.856930][ T5325] Rebooting in 86400 seconds..