program: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0x10000) (async) syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d31342c636f6465706167653d63703836362c00b98ca84a82894a44d230d85781d07b941c527aeeede9ffdeae490b216650602e9c2958dafbc442834d0c8d457de56e510ec8bdd0461f18ca158d9b4874283995508025489486ff72fe3e8375536e15ce54fbb90c0ffc51888e49e205952f538430ec33160206e38a404836"], 0x1, 0x265, &(0x7f0000000540)="$eJzs3c1OE1EYxvHnnBYs0uBYMSYuURJXBnBj3JiYXoQro9KaEBtMFBN1ZVwbL8C9t+BFuDLegK5ceQHdjTkfpUOZdlpgWlr+v6Tj1J6P93BmmPMOlArAhfWo+fvbvb/uYaSKKpIeSFZSTapKuq4btbf7B3sHnXYrr4Hl+G/F13APo1DTHCu7u9/Oa8LV8zWixD2rqp79P5QjTdP0z2RVDNOyePzZn8NKl+LZ6V+vTT2ycnycdQCly53OQ6a70tU7rU0tHADAuRSv/zZeOOpx/W6ttBkv+wt1/e/OOoBpWzr61HTVu/775Xxq3Pxe8S/18z2fwrnXbS9LPEnXPkW0AysSMzKrVIzFrrzY67Tv7r7qtKw+6WGUKbbut61w6PYURLsRBrY6ZvwnH7vvwS65Mezkx18/4x6LmR/mp3liEn1V63D9V02NmyY/U8nATIX4t4a36EeZhFJDZumq7+Rm/3aBikdZG1jCZu4nLMc2j2SiSVGcvlZjoFYY3faoWqHjnFo7BX2tD9bqH83Da5bNfDGPzYb+6buamfW/dV/tTY1zZroyvmQ8MkaOp+pLJmMEZicaBk7ns57rvtbevP/w8lmn037NzpzuGJ2LMNhZsJ1Zf4PCNPQnPdzoxYXj1l0m5H+ZfGXLr3rdJhmxTk+LGs+0uD0kN2j47eWJMrjVnJ8uHu9xSM6la25z6450e/weEzUWaYVqmvqlp9z/BwAAAAAAAAAAAAAAAAAAmDclv4vAht8sz7co7yUGAAAAAAAAAAAAAAAAAAAAAKBsp/78355K2vtb4Hz+LzAn/gcAAP//cCaC0Q==") (async) mount$cgroup(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000180), 0x200801, &(0x7f0000000f40)={[{@name={'name', 0x3d, 'J\x1f\xb5\x8c\xabA\x19\xdd\xd2\x17?=\xf7z\x0f\x94\xfa\x8d\aeN\xb56\xc4\xd1X^?\t:Q\x92<\xb5\xf2\x95j\xb1d2\xf2\x196\"\xda\x10f\xaaC7Kx\x99\xbe\x89HZ\xb6\\r\xe5\x94\x0eB\xea|\x14{\x94\xfe\x80\x1e\xad7d\xac\xa9|t\xe9J#\x04?f(\xdc\a\x1b\x94\xf4p\x7f\xab\x84ve&W\xffK\x1a!\xe0\x8b\xf3\x98\xd3\xf1Z\xa0W\xdbg\r\x1fT\xb4\x82}\x15)8\xc2\x9a|\xc7\x1a\xc1'}}]}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) [ 67.805275][ T4672] Bluetooth: hci0: command tx timeout [ 67.846467][ T5321] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x53354 [ 67.877149][ T5321] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.881652][ T5321] memcg:ffff8880304f8d00 [ 67.884578][ T5321] flags: 0x4fff00000000041(locked|head|node=1|zone=1|lastcpupid=0x7ff) [ 67.888633][ T5321] raw: 04fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 67.898857][ T5321] raw: 000000000000001c 0000000000000000 00000001ffffffff ffff8880304f8d00 [ 67.909066][ T5321] head: 04fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 67.919779][ T5321] head: 000000000000001c 0000000000000000 00000001ffffffff ffff8880304f8d00 [ 67.930665][ T5321] head: 04fff00000000202 ffffea00014cd501 00000000ffffffff 00000000ffffffff [ 67.938744][ T5321] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 67.944201][ T5321] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 67.948825][ T5321] page_owner tracks the page as allocated [ 67.951286][ T5321] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5321, tgid 5321 (syz.0.0), ts 67846446217, free_ts 67846237361 [ 67.963311][ T5321] post_alloc_hook+0x240/0x2a0 [ 67.965450][ T5321] get_page_from_freelist+0x21e4/0x22c0 [ 67.967930][ T5321] __alloc_frozen_pages_noprof+0x181/0x370 [ 67.970544][ T5321] alloc_pages_mpol+0x232/0x4a0 [ 67.973242][ T5321] alloc_pages_noprof+0xa9/0x190 [ 67.975743][ T5321] folio_alloc_noprof+0x1e/0x30 [ 67.977936][ T5321] filemap_alloc_folio_noprof+0xdf/0x470 [ 67.980485][ T5321] page_cache_ra_order+0x5e5/0xc70 [ 67.983493][ T5321] do_sync_mmap_readahead+0x4b5/0x5f0 [ 67.986064][ T5321] filemap_fault+0x62a/0x1200 [ 67.988153][ T5321] __do_fault+0x138/0x390 [ 67.989961][ T5321] __handle_mm_fault+0x198b/0x5620 [ 67.993102][ T5321] handle_mm_fault+0x40a/0x8e0 [ 67.995262][ T5321] do_user_addr_fault+0xa81/0x1390 [ 67.997503][ T5321] exc_page_fault+0x76/0xf0 [ 67.999547][ T5321] asm_exc_page_fault+0x26/0x30 [ 68.001786][ T5321] page last free pid 5322 tgid 5321 stack trace: [ 68.005992][ T5321] free_unref_folios+0xc66/0x14d0 [ 68.008347][ T5321] folios_put_refs+0x559/0x640 [ 68.010439][ T5321] truncate_inode_pages_range+0x346/0xda0 [ 68.013908][ T5321] set_blocksize+0x32a/0x500 [ 68.016620][ T5321] blkdev_bszset+0x1ac/0x220 [ 68.018894][ T5321] blkdev_ioctl+0x430/0x6d0 [ 68.021001][ T5321] __se_sys_ioctl+0xf9/0x170 [ 68.024566][ T5321] do_syscall_64+0xfa/0x3b0 [ 68.026638][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.030135][ T5321] ------------[ cut here ]------------ [ 68.032823][ T5321] kernel BUG at mm/filemap.c:868! [ 68.036758][ T5321] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 68.039733][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00346-gafa9a6f4f574 #0 PREEMPT(full) [ 68.045020][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.050346][ T5321] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 68.053684][ T5321] Code: fe c8 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 fb a3 10 00 90 0f 0b e8 03 fe c8 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 e4 a3 10 00 90 <0f> 0b e8 ec fd c8 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cd a3 10 00 [ 68.064348][ T5321] RSP: 0018:ffffc9000fd3f680 EFLAGS: 00010246 [ 68.067101][ T5321] RAX: 8c0dd0e9d7fec500 RBX: 0000000000000002 RCX: 0000000000000000 [ 68.070210][ T5321] RDX: 0000000000000007 RSI: ffffffff8d982066 RDI: 00000000ffffffff [ 68.073767][ T5321] RBP: ffffc9000fd3f7e8 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e [ 68.077559][ T5321] R10: dffffc0000000000 R11: fffffbfff1f4209f R12: ffffea00014cd500 [ 68.081413][ T5321] R13: dffffc0000000000 R14: ffffea00014cd508 R15: 0000000000000004 [ 68.085508][ T5321] FS: 000055557958a500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 68.089511][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.092556][ T5321] CR2: 0000200000000240 CR3: 000000004316d000 CR4: 0000000000352ef0 [ 68.096200][ T5321] Call Trace: [ 68.097877][ T5321] [ 68.099286][ T5321] ? percpu_ref_put+0x19/0x180 [ 68.101397][ T5321] ? __pfx___filemap_add_folio+0x10/0x10 [ 68.103991][ T5321] ? percpu_ref_put+0xf9/0x180 [ 68.106122][ T5321] filemap_add_folio+0xd5/0x270 [ 68.108479][ T5321] page_cache_ra_order+0x74c/0xc70 [ 68.111041][ T5321] do_sync_mmap_readahead+0x4b5/0x5f0 [ 68.113460][ T5321] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 68.116198][ T5321] ? count_memcg_event_mm+0x1d/0x250 [ 68.118434][ T5321] ? count_memcg_event_mm+0x1d/0x250 [ 68.120783][ T5321] filemap_fault+0x62a/0x1200 [ 68.122871][ T5321] ? __pfx_filemap_fault+0x10/0x10 [ 68.125151][ T5321] __do_fault+0x138/0x390 [ 68.127096][ T5321] __handle_mm_fault+0x198b/0x5620 [ 68.129019][ T5321] ? __lock_acquire+0xab9/0xd20 [ 68.130995][ T5321] ? __pfx___handle_mm_fault+0x10/0x10 [ 68.133277][ T5321] ? lock_vma_under_rcu+0xf8/0x710 [ 68.135469][ T5321] ? lock_vma_under_rcu+0xf8/0x710 [ 68.137893][ T5321] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 68.140353][ T5321] ? rcu_is_watching+0x15/0xb0 [ 68.142491][ T5321] handle_mm_fault+0x40a/0x8e0 [ 68.144685][ T5321] do_user_addr_fault+0xa81/0x1390 [ 68.147015][ T5321] ? rcu_is_watching+0x15/0xb0 [ 68.148811][ T5321] ? trace_page_fault_user+0x84/0x1e0 [ 68.150758][ T5321] exc_page_fault+0x76/0xf0 [ 68.152531][ T5321] asm_exc_page_fault+0x26/0x30 [ 68.154691][ T5321] RIP: 0033:0x7f952f557db5 [ 68.157051][ T5321] Code: fe 28 6f 06 48 83 fa 40 0f 87 a7 00 00 00 62 e1 fe 28 6f 4c 16 ff 62 e1 fe 28 7f 07 62 e1 fe 28 7f 4c 17 ff c3 8b 0e 8b 34 16 <89> 0f 89 34 17 c3 0f 1f 44 00 00 83 fa 10 73 21 83 fa 08 73 36 48 [ 68.166381][ T5321] RSP: 002b:00007ffdb1057e78 EFLAGS: 00010246 [ 68.169306][ T5321] RAX: 0000200000000240 RBX: 0000000000000004 RCX: 0000000000736668 [ 68.173108][ T5321] RDX: 0000000000000000 RSI: 0000000000736668 RDI: 0000200000000240 [ 68.176454][ T5321] RBP: 0000000000000000 R08: 00007f952f3ff030 R09: 0000000000000001 [ 68.180255][ T5321] R10: 0000000000000001 R11: 0000000000000009 R12: 00007f952f7b5fac [ 68.183926][ T5321] R13: 00007f952f7b5fa0 R14: fffffffffffffffe R15: 0000000000000003 [ 68.186965][ T5321] [ 68.188085][ T5321] Modules linked in: [ 68.190069][ T5321] ---[ end trace 0000000000000000 ]--- [ 68.197402][ T5321] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 68.200121][ T5321] Code: fe c8 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 fb a3 10 00 90 0f 0b e8 03 fe c8 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 e4 a3 10 00 90 <0f> 0b e8 ec fd c8 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cd a3 10 00 [ 68.208893][ T5321] RSP: 0018:ffffc9000fd3f680 EFLAGS: 00010246 [ 68.211552][ T5321] RAX: 8c0dd0e9d7fec500 RBX: 0000000000000002 RCX: 0000000000000000 [ 68.214941][ T5321] RDX: 0000000000000007 RSI: ffffffff8d982066 RDI: 00000000ffffffff [ 68.217772][ T5321] RBP: ffffc9000fd3f7e8 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e [ 68.220782][ T5321] R10: dffffc0000000000 R11: fffffbfff1f4209f R12: ffffea00014cd500 [ 68.224795][ T5321] R13: dffffc0000000000 R14: ffffea00014cd508 R15: 0000000000000004 [ 68.228836][ T5321] FS: 000055557958a500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 68.232889][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.235344][ T5321] CR2: 0000200000000240 CR3: 000000004316d000 CR4: 0000000000352ef0 [ 68.238117][ T5321] Kernel panic - not syncing: Fatal exception [ 68.240692][ T5321] Kernel Offset: disabled [ 68.242530][ T5321] Rebooting in 86400 seconds..