program: mount(&(0x7f0000000300), &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000001e80), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000001fc0)=0x5) (async) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000001fc0)=0x5) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) ioctl$HIDIOCGFEATURE(r2, 0xc0404807, &(0x7f0000000040)={0x2, "c3a23934392269196581eee0ff2c40b05e89e3050410a4ef1946f3e3686e73b3f24fc356b8bfa20e7121801934da93dc751bfa1a3980df499f6fd504fc0ff292"}) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000100)=0x10000) (async) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000100)=0x10000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) eventfd(0xff7ffff7) (async) r5 = eventfd(0xff7ffff7) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x4, 0x3}) (async) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x4, 0x3}) syz_emit_ethernet(0x32, &(0x7f0000000180)=ANY=[@ANYRESHEX=r4], 0x0) [ 74.152080][ T5338] Bluetooth: hci0: command tx timeout [ 74.231243][ T5357] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1f pfn:0x43d83 [ 74.235219][ T5357] memcg:ffff88801c2a8d00 [ 74.242804][ T5357] flags: 0x4fff00000000001(locked|node=1|zone=1|lastcpupid=0x7ff) [ 74.246183][ T5357] raw: 04fff00000000001 0000000000000000 dead000000000122 0000000000000000 [ 74.250543][ T5357] raw: 000000000000001f 0000000000000000 00000001ffffffff ffff88801c2a8d00 [ 74.254328][ T5357] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 74.258632][ T5357] page_owner tracks the page as allocated [ 74.263933][ T5357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5357, tgid 5357 (syz.0.0), ts 74231226691, free_ts 74231014271 [ 74.275364][ T5357] post_alloc_hook+0x240/0x2a0 [ 74.277435][ T5357] get_page_from_freelist+0x21e4/0x22c0 [ 74.280226][ T5357] __alloc_frozen_pages_noprof+0x181/0x370 [ 74.282907][ T5357] alloc_pages_mpol+0x232/0x4a0 [ 74.284995][ T5357] alloc_pages_noprof+0xa9/0x190 [ 74.287217][ T5357] folio_alloc_noprof+0x1e/0x30 [ 74.290719][ T5357] filemap_alloc_folio_noprof+0xdf/0x470 [ 74.294193][ T5357] page_cache_ra_order+0x4de/0xd40 [ 74.296148][ T5357] do_sync_mmap_readahead+0x25e/0x7a0 [ 74.298300][ T5357] filemap_fault+0x62c/0x1200 [ 74.300714][ T5357] __do_fault+0x135/0x390 [ 74.302483][ T5357] __handle_mm_fault+0x1847/0x5440 [ 74.304586][ T5357] handle_mm_fault+0x40a/0x8e0 [ 74.306477][ T5357] do_user_addr_fault+0xa81/0x1390 [ 74.309819][ T5357] exc_page_fault+0x76/0xf0 [ 74.311947][ T5357] asm_exc_page_fault+0x26/0x30 [ 74.313987][ T5357] page last free pid 5358 tgid 5357 stack trace: [ 74.316648][ T5357] free_unref_folios+0xdbd/0x1520 [ 74.319698][ T5357] folios_put_refs+0x559/0x640 [ 74.322046][ T5357] truncate_inode_pages_range+0x346/0xda0 [ 74.324308][ T5357] set_blocksize+0x32a/0x500 [ 74.326293][ T5357] blkdev_bszset+0x1ac/0x220 [ 74.328393][ T5357] blkdev_ioctl+0x430/0x6d0 [ 74.331141][ T5357] __se_sys_ioctl+0xf9/0x170 [ 74.333813][ T5357] do_syscall_64+0xfa/0x3b0 [ 74.335736][ T5357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.340024][ T5357] ------------[ cut here ]------------ [ 74.342351][ T5357] kernel BUG at mm/filemap.c:868! [ 74.344600][ T5357] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 74.347268][ T5357] CPU: 0 UID: 0 PID: 5357 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 74.352260][ T5357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.356698][ T5357] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 74.359132][ T5357] Code: d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 6b 12 30 ff 90 0f 0b e8 23 d1 c7 ff 4c 89 e7 48 c7 c6 a0 44 94 8b e8 54 12 30 ff 90 <0f> 0b e8 0c d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 3d 12 30 ff [ 74.367300][ T5357] RSP: 0018:ffffc9000d39f6a0 EFLAGS: 00010246 [ 74.369971][ T5357] RAX: ef48e5c2b85abd00 RBX: 0000000000000000 RCX: 0000000000000000 [ 74.373432][ T5357] RDX: 0000000000000007 RSI: ffffffff8d9b9e7a RDI: 00000000ffffffff [ 74.376740][ T5357] RBP: ffffc9000d39f810 R08: ffffffff8fa39e37 R09: 1ffffffff1f473c6 [ 74.379982][ T5357] R10: dffffc0000000000 R11: fffffbfff1f473c7 R12: ffffea00010f60c0 [ 74.383302][ T5357] R13: dffffc0000000000 R14: ffffea00010f60c8 R15: 0000000000000004 [ 74.386556][ T5357] FS: 0000555595172500(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 74.390300][ T5357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.393072][ T5357] CR2: 0000200000000100 CR3: 0000000043196000 CR4: 0000000000352ef0 [ 74.396481][ T5357] Call Trace: [ 74.397985][ T5357] [ 74.399252][ T5357] ? percpu_ref_put+0x19/0x180 [ 74.401346][ T5357] ? __pfx___filemap_add_folio+0x10/0x10 [ 74.403715][ T5357] filemap_add_folio+0xd5/0x270 [ 74.405856][ T5357] page_cache_ra_order+0x643/0xd40 [ 74.408069][ T5357] do_sync_mmap_readahead+0x25e/0x7a0 [ 74.410362][ T5357] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 74.412947][ T5357] ? count_memcg_event_mm+0x1d/0x250 [ 74.415205][ T5357] ? count_memcg_event_mm+0x1d/0x250 [ 74.417474][ T5357] filemap_fault+0x62c/0x1200 [ 74.419556][ T5357] ? __pfx_filemap_fault+0x10/0x10 [ 74.421752][ T5357] ? __lock_acquire+0xab9/0xd20 [ 74.423807][ T5357] __do_fault+0x135/0x390 [ 74.425668][ T5357] __handle_mm_fault+0x1847/0x5440 [ 74.427881][ T5357] ? __lock_acquire+0xab9/0xd20 [ 74.429936][ T5357] ? __pfx___handle_mm_fault+0x10/0x10 [ 74.432457][ T5357] ? lock_vma_under_rcu+0xdf/0x3d0 [ 74.434637][ T5357] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 74.436996][ T5357] ? rcu_is_watching+0x15/0xb0 [ 74.439102][ T5357] handle_mm_fault+0x40a/0x8e0 [ 74.441269][ T5357] do_user_addr_fault+0xa81/0x1390 [ 74.443524][ T5357] ? rcu_is_watching+0x15/0xb0 [ 74.445621][ T5357] ? trace_page_fault_user+0x84/0x1e0 [ 74.448021][ T5357] exc_page_fault+0x76/0xf0 [ 74.450030][ T5357] asm_exc_page_fault+0x26/0x30 [ 74.452264][ T5357] RIP: 0033:0x7f72dec550b3 [ 74.454186][ T5357] Code: 8b 44 24 08 48 85 c0 74 17 48 8b 54 24 18 48 0f ca 48 89 54 24 18 48 83 f8 01 0f 85 7a 02 00 00 48 8b 44 24 10 48 8b 54 24 18 <48> 89 10 e9 d2 fd ff ff 48 8b 44 24 10 0f b7 10 48 8b 44 24 08 48 [ 74.461870][ T5357] RSP: 002b:00007ffd1d2c3160 EFLAGS: 00010246 [ 74.464503][ T5357] RAX: 0000200000000100 RBX: 0000000000000008 RCX: 0000000000000000 [ 74.467819][ T5357] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 00005555951723c8 [ 74.470948][ T5357] RBP: 00007ffd1d2c3268 R08: 0000000000000000 R09: 0000000000000000 [ 74.474434][ T5357] R10: 0000000000000000 R11: 0000000000000002 R12: 00007f72defb5fac [ 74.477959][ T5357] R13: 00007f72defb5fa0 R14: fffffffffffffffe R15: 0000000000000003 [ 74.481117][ T5357] [ 74.482331][ T5357] Modules linked in: [ 74.484353][ T5357] ---[ end trace 0000000000000000 ]--- [ 74.489446][ T5357] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 74.492475][ T5357] Code: d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 6b 12 30 ff 90 0f 0b e8 23 d1 c7 ff 4c 89 e7 48 c7 c6 a0 44 94 8b e8 54 12 30 ff 90 <0f> 0b e8 0c d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 3d 12 30 ff [ 74.503291][ T5357] RSP: 0018:ffffc9000d39f6a0 EFLAGS: 00010246 [ 74.505903][ T5357] RAX: ef48e5c2b85abd00 RBX: 0000000000000000 RCX: 0000000000000000 [ 74.509741][ T5357] RDX: 0000000000000007 RSI: ffffffff8d9b9e7a RDI: 00000000ffffffff [ 74.512993][ T5357] RBP: ffffc9000d39f810 R08: ffffffff8fa39e37 R09: 1ffffffff1f473c6 [ 74.516278][ T5357] R10: dffffc0000000000 R11: fffffbfff1f473c7 R12: ffffea00010f60c0 [ 74.520173][ T5357] R13: dffffc0000000000 R14: ffffea00010f60c8 R15: 0000000000000004 [ 74.523377][ T5357] FS: 0000555595172500(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 74.526995][ T5357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.530013][ T5357] CR2: 0000200000000100 CR3: 0000000043196000 CR4: 0000000000352ef0 [ 74.533285][ T5357] Kernel panic - not syncing: Fatal exception [ 74.536099][ T5357] Kernel Offset: disabled [ 74.537914][ T5357] Rebooting in 86400 seconds..