program: r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) (async) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000100)=0x10000) (async) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) (async) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000400000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90) (async, rerun: 64) r7 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) (rerun: 64) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000680)={r8, r8, 0x3, 0x0, @val=@kprobe_multi=@syms={0x0, 0x3, &(0x7f0000000700)=[&(0x7f0000000580)=',#\'\x1d*\x00', &(0x7f0000000640)='\x8c', &(0x7f00000006c0)='/proc/diskstats\x00'], 0x0, 0x5}}, 0x30) ioctl$COMEDI_SUBDINFO(r8, 0x80486402, &(0x7f0000000340)) (async, rerun: 32) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) (async, rerun: 32) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r10, 0x3ba0, &(0x7f00000005c0)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x180887}) r11 = dup3(r0, r9, 0x0) (async) r12 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r12, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r11, 0x0, 0x10000, 0x0, 0x9, 0xb9a02, 0x2fcb42}) (async) r13 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ae162}) (async) ioctl$IOMMU_IOAS_ALLOC(r13, 0x3b81, &(0x7f0000000180)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r11, 0x3b86, &(0x7f00000003c0)={0x18, r14}) (async, rerun: 32) r15 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) (rerun: 32) write$binfmt_script(r15, &(0x7f0000000740)={'#! ', './file0', [{0x20, '\xc4\xd6XU\x99\xf8\x9bNg'}], 0xa, "70b188e62a56f0f18ebcd5a4d1f18779103d068d2602f88f20d700a90ac524220c6d4104fdcf629b2a2ac1e48572a6359b902d1415d97f03847966c0abd3de931a853b44c806a787342ac3e273f0f2efaf619687e8e1ed3f2782b0e23c09411702be2d3b6128d738d795deeda8ae16ef1b"}, 0x86) [ 75.505494][ T5332] Bluetooth: hci0: command tx timeout [ 75.587437][ T5351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1f pfn:0x43f11 [ 75.591368][ T5351] memcg:ffff88801c2b8d00 [ 75.593299][ T5351] flags: 0x4fff00000000001(locked|node=1|zone=1|lastcpupid=0x7ff) [ 75.616099][ T5351] raw: 04fff00000000001 0000000000000000 dead000000000122 0000000000000000 [ 75.619928][ T5351] raw: 000000000000001f 0000000000000000 00000001ffffffff ffff88801c2b8d00 [ 75.623574][ T5351] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 75.637854][ T5351] page_owner tracks the page as allocated [ 75.640943][ T5351] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5351, tgid 5351 (syz.0.0), ts 75587414677, free_ts 75586225785 [ 75.653131][ T5351] post_alloc_hook+0x240/0x2a0 [ 75.657840][ T5351] get_page_from_freelist+0x21e4/0x22c0 [ 75.660190][ T5351] __alloc_frozen_pages_noprof+0x181/0x370 [ 75.663107][ T5351] alloc_pages_mpol+0x232/0x4a0 [ 75.666744][ T5351] alloc_pages_noprof+0xa9/0x190 [ 75.668611][ T5351] folio_alloc_noprof+0x1e/0x30 [ 75.670751][ T5351] filemap_alloc_folio_noprof+0xdf/0x470 [ 75.673835][ T5351] page_cache_ra_order+0x4de/0xd40 [ 75.677267][ T5351] do_sync_mmap_readahead+0x25e/0x7a0 [ 75.679821][ T5351] filemap_fault+0x62c/0x1200 [ 75.682333][ T5351] __do_fault+0x138/0x390 [ 75.685577][ T5351] __handle_mm_fault+0x1847/0x5440 [ 75.688019][ T5351] handle_mm_fault+0x40a/0x8e0 [ 75.690240][ T5351] do_user_addr_fault+0xa81/0x1390 [ 75.692578][ T5351] exc_page_fault+0x76/0xf0 [ 75.694223][ T5351] asm_exc_page_fault+0x26/0x30 [ 75.697602][ T5351] page last free pid 5352 tgid 5351 stack trace: [ 75.700764][ T5351] free_unref_folios+0xdbd/0x1520 [ 75.703085][ T5351] folios_put_refs+0x559/0x640 [ 75.708249][ T5351] truncate_inode_pages_range+0x346/0xda0 [ 75.711659][ T5351] set_blocksize+0x32a/0x500 [ 75.713930][ T5351] blkdev_bszset+0x1ac/0x220 [ 75.716783][ T5351] blkdev_ioctl+0x430/0x6d0 [ 75.718696][ T5351] __se_sys_ioctl+0xfc/0x170 [ 75.720600][ T5351] do_syscall_64+0xfa/0x3b0 [ 75.722698][ T5351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.726492][ T5351] ------------[ cut here ]------------ [ 75.728754][ T5351] kernel BUG at mm/filemap.c:868! [ 75.731080][ T5351] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 75.733946][ T5351] CPU: 0 UID: 0 PID: 5351 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00014-g0e39a731820a #0 PREEMPT(full) [ 75.739100][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.744461][ T5351] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 75.747256][ T5351] Code: d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 4b 12 30 ff 90 0f 0b e8 23 d1 c7 ff 4c 89 e7 48 c7 c6 a0 44 94 8b e8 34 12 30 ff 90 <0f> 0b e8 0c d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 1d 12 30 ff [ 75.756092][ T5351] RSP: 0018:ffffc9000d4776a0 EFLAGS: 00010246 [ 75.758880][ T5351] RAX: 7dab2a92d391b100 RBX: 0000000000000000 RCX: 0000000000000000 [ 75.762482][ T5351] RDX: 0000000000000007 RSI: ffffffff8d9b9e61 RDI: 00000000ffffffff [ 75.766320][ T5351] RBP: ffffc9000d477810 R08: ffffffff8fa39e37 R09: 1ffffffff1f473c6 [ 75.770260][ T5351] R10: dffffc0000000000 R11: fffffbfff1f473c7 R12: ffffea00010fc440 [ 75.773720][ T5351] R13: dffffc0000000000 R14: ffffea00010fc448 R15: 0000000000000004 [ 75.777198][ T5351] FS: 000055556bc5f500(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 75.781140][ T5351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.784273][ T5351] CR2: 00005594687bb168 CR3: 0000000042a76000 CR4: 0000000000352ef0 [ 75.788131][ T5351] Call Trace: [ 75.789745][ T5351] [ 75.791181][ T5351] ? percpu_ref_put+0x19/0x180 [ 75.793567][ T5351] ? __pfx___filemap_add_folio+0x10/0x10 [ 75.796020][ T5351] filemap_add_folio+0xd5/0x270 [ 75.798269][ T5351] page_cache_ra_order+0x643/0xd40 [ 75.800593][ T5351] do_sync_mmap_readahead+0x25e/0x7a0 [ 75.803397][ T5351] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 75.806518][ T5351] ? count_memcg_event_mm+0x1d/0x250 [ 75.808846][ T5351] ? count_memcg_event_mm+0x1d/0x250 [ 75.811250][ T5351] filemap_fault+0x62c/0x1200 [ 75.813316][ T5351] ? __pagetable_ctor+0x253/0x340 [ 75.815500][ T5351] ? __pfx_filemap_fault+0x10/0x10 [ 75.817714][ T5351] ? rcu_is_watching+0x15/0xb0 [ 75.820176][ T5351] ? __raw_spin_lock_init+0x45/0x100 [ 75.823130][ T5351] __do_fault+0x138/0x390 [ 75.825693][ T5351] __handle_mm_fault+0x1847/0x5440 [ 75.828445][ T5351] ? __lock_acquire+0xab9/0xd20 [ 75.831144][ T5351] ? __pfx___handle_mm_fault+0x10/0x10 [ 75.834025][ T5351] ? lock_vma_under_rcu+0xdf/0x3d0 [ 75.836728][ T5351] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 75.839265][ T5351] ? rcu_is_watching+0x15/0xb0 [ 75.841597][ T5351] handle_mm_fault+0x40a/0x8e0 [ 75.843693][ T5351] do_user_addr_fault+0xa81/0x1390 [ 75.845979][ T5351] ? rcu_is_watching+0x15/0xb0 [ 75.848077][ T5351] ? trace_page_fault_user+0x84/0x1e0 [ 75.850379][ T5351] exc_page_fault+0x76/0xf0 [ 75.852432][ T5351] asm_exc_page_fault+0x26/0x30 [ 75.854468][ T5351] RIP: 0033:0x7f4dfa655003 [ 75.856514][ T5351] Code: 48 85 c0 74 1b 48 83 f8 01 0f 85 3b 03 00 00 0f b7 44 24 18 66 c1 c0 08 0f b7 c0 48 89 44 24 18 48 8b 44 24 10 0f b7 54 24 18 <66> 89 10 e9 82 fe ff ff 48 83 3c 24 08 0f 85 a1 02 00 00 48 8b 44 [ 75.865380][ T5351] RSP: 002b:00007ffe28db8620 EFLAGS: 00010246 [ 75.867914][ T5351] RAX: 000020000057eff8 RBX: 0000000000000002 RCX: 0000000000000000 [ 75.871409][ T5351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055556bc5f3c8 [ 75.874804][ T5351] RBP: 00007ffe28db8728 R08: 0000000000000000 R09: 0000000000000000 [ 75.878179][ T5351] R10: 0000000000000000 R11: 0000000000000000 R12: 00007f4dfa9b5fac [ 75.882518][ T5351] R13: 00007f4dfa9b5fa0 R14: fffffffffffffffe R15: 0000000000000003 [ 75.886508][ T5351] [ 75.887834][ T5351] Modules linked in: [ 75.891460][ T5351] ---[ end trace 0000000000000000 ]--- [ 75.901436][ T5351] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 75.904157][ T5351] Code: d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 4b 12 30 ff 90 0f 0b e8 23 d1 c7 ff 4c 89 e7 48 c7 c6 a0 44 94 8b e8 34 12 30 ff 90 <0f> 0b e8 0c d1 c7 ff 4c 89 e7 48 c7 c6 c0 4d 94 8b e8 1d 12 30 ff [ 75.913112][ T5351] RSP: 0018:ffffc9000d4776a0 EFLAGS: 00010246 [ 75.916927][ T5351] RAX: 7dab2a92d391b100 RBX: 0000000000000000 RCX: 0000000000000000 [ 75.921763][ T5351] RDX: 0000000000000007 RSI: ffffffff8d9b9e61 RDI: 00000000ffffffff [ 75.925979][ T5351] RBP: ffffc9000d477810 R08: ffffffff8fa39e37 R09: 1ffffffff1f473c6 [ 75.929418][ T5351] R10: dffffc0000000000 R11: fffffbfff1f473c7 R12: ffffea00010fc440 [ 75.933002][ T5351] R13: dffffc0000000000 R14: ffffea00010fc448 R15: 0000000000000004 [ 75.937834][ T5351] FS: 000055556bc5f500(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000 [ 75.942113][ T5351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.945634][ T5351] CR2: 00005594687bb168 CR3: 0000000042a76000 CR4: 0000000000352ef0 [ 75.949411][ T5351] Kernel panic - not syncing: Fatal exception [ 75.952678][ T5351] Kernel Offset: disabled [ 75.955348][ T5351] Rebooting in 86400 seconds..