program:
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000340)={@val={0x0, 0x86dd}, @val={0x3, 0x0, 0xa, 0x0, 0x45}, @mpls={[], @ipv6=@udp={0x2, 0x6, "3d885d", 0x1f, 0x11, 0x0, @empty, @mcast2, {[], {0x4e22, 0x4e21, 0x1f, 0x0, @wg=@data={0x4, 0x1, 0x81b, "38655b7b3431bc"}}}}}}, 0x55)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$FUSE_LK(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, {{0x4, 0x4, 0x0, 0xffffffffffffffff}}}, 0x28)
pwritev2(r5, &(0x7f0000000200)=[{&(0x7f0000000340)="01", 0x1}], 0x1, 0x8, 0x6, 0x0)
write$FUSE_POLL(r5, &(0x7f0000000380)={0x18, 0xfffffffffffffff5, 0x0, {0x1}}, 0x18)

[   87.933269][ T5339] Bluetooth: hci0: command tx timeout
[   88.037994][ T5360] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET)
[   88.134153][ T5360] page: refcount:2 mapcount:0 mapping:ffff888051970220 index:0x0 pfn:0x4c9a3
[   88.138444][ T5360] memcg:ffff88801c2a8d00
[   88.140276][ T5360] aops:v9fs_addr_operations ino:2 dentry name(?):"/"
[   88.143176][ T5360] flags: 0x4fff20000000020(lru|node=1|zone=1|lastcpupid=0x7ff)
[   88.148478][ T5360] raw: 04fff20000000020 ffff888030ad09e0 ffff888030ad09e0 ffff888051970220
[   88.153143][ T5360] raw: 0000000000000000 0000000000000000 00000002ffffffff ffff88801c2a8d00
[   88.158137][ T5360] page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio))
[   88.161387][ T5360] page_owner tracks the page as allocated
[   88.166282][ T5360] page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE|__GFP_COMP), pid 5360, tgid 5359 (syz.0.0), ts 88128808455, free_ts 88112212566
[   88.174907][ T5360]  post_alloc_hook+0x240/0x2a0
[   88.177191][ T5360]  get_page_from_freelist+0x21e4/0x22c0
[   88.180479][ T5360]  __alloc_frozen_pages_noprof+0x181/0x370
[   88.182944][ T5360]  alloc_pages_mpol+0x232/0x4a0
[   88.185996][ T5360]  alloc_pages_noprof+0xa9/0x190
[   88.188142][ T5360]  folio_alloc_noprof+0x1e/0x30
[   88.190265][ T5360]  filemap_alloc_folio_noprof+0xdf/0x470
[   88.192793][ T5360]  __filemap_get_folio+0x3f2/0xaf0
[   88.195498][ T5360]  netfs_perform_write+0x43d/0x1ae0
[   88.197693][ T5360]  netfs_file_write_iter+0x17d/0x4a0
[   88.200154][ T5360]  vfs_write+0x5c6/0xb30
[   88.202010][ T5360]  ksys_write+0x145/0x250
[   88.204858][ T5360]  do_syscall_64+0xfa/0x3b0
[   88.206690][ T5360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.209058][ T5360] page last free pid 5365 tgid 5365 stack trace:
[   88.211937][ T5360]  free_unref_folios+0xdbd/0x1520
[   88.214431][ T5360]  folios_put_refs+0x559/0x640
[   88.216526][ T5360]  free_pages_and_swap_cache+0x4be/0x520
[   88.219040][ T5360]  tlb_flush_mmu+0x3a0/0x680
[   88.221084][ T5360]  tlb_finish_mmu+0xc3/0x1d0
[   88.224888][ T5360]  exit_mmap+0x44c/0xb50
[   88.226772][ T5360]  __mmput+0x118/0x430
[   88.228548][ T5360]  exit_mm+0x1da/0x2c0
[   88.230320][ T5360]  do_exit+0x648/0x2300
[   88.232223][ T5360]  do_group_exit+0x21c/0x2d0
[   88.236054][ T5360]  __x64_sys_exit_group+0x3f/0x40
[   88.238343][ T5360]  x64_sys_call+0x21f7/0x2200
[   88.240556][ T5360]  do_syscall_64+0xfa/0x3b0
[   88.242557][ T5360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.246930][ T5360] ------------[ cut here ]------------
[   88.249288][ T5360] kernel BUG at mm/filemap.c:1498!
[   88.251585][ T5360] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   88.254240][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.258086][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.262684][ T5360] RIP: 0010:folio_unlock+0x13d/0x160
[   88.265043][ T5360] Code: aa c7 ff 48 89 df 48 c7 c6 80 4d 94 8b e8 6b e8 2f ff 90 0f 0b e8 73 aa c7 ff 48 89 df 48 c7 c6 a0 43 94 8b e8 54 e8 2f ff 90 <0f> 0b e8 5c aa c7 ff 48 89 df 48 c7 c6 80 4d 94 8b e8 3d e8 2f ff
[   88.277123][ T5360] RSP: 0018:ffffc9000d30f6e8 EFLAGS: 00010246
[   88.279768][ T5360] RAX: f0859d6ecb13dd00 RBX: ffffea00013268c0 RCX: 0000000000000000
[   88.283246][ T5360] RDX: 0000000000000007 RSI: ffffffff8d9bc3c7 RDI: 00000000ffffffff
[   88.286665][ T5360] RBP: ffffc9000d30faa8 R08: ffffffff8fa3c037 R09: 1ffffffff1f47806
[   88.290057][ T5360] R10: dffffc0000000000 R11: fffffbfff1f47807 R12: 1ffffd4000264d19
[   88.293506][ T5360] R13: 04fff20000000020 R14: ffffea00013268c8 R15: dffffc0000000000
[   88.296971][ T5360] FS:  00007f8f451d76c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000
[   88.300630][ T5360] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.303356][ T5360] CR2: 00007f8f44598558 CR3: 0000000043e5f000 CR4: 0000000000352ef0
[   88.306707][ T5360] Call Trace:
[   88.308209][ T5360]  <TASK>
[   88.309510][ T5360]  netfs_perform_write+0x14fc/0x1ae0
[   88.312098][ T5360]  ? __lock_acquire+0xab9/0xd20
[   88.314829][ T5360]  ? __pfx_netfs_perform_write+0x10/0x10
[   88.317622][ T5360]  ? file_update_time+0x2da/0x490
[   88.319785][ T5360]  ? netfs_buffered_write_iter_locked+0x126/0x2a0
[   88.322465][ T5360]  ? netfs_file_write_iter+0x167/0x4a0
[   88.324704][ T5360]  netfs_file_write_iter+0x17d/0x4a0
[   88.326923][ T5360]  do_iter_readv_writev+0x61c/0x8b0
[   88.329123][ T5360]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   88.331598][ T5360]  ? rcu_read_lock_any_held+0xb3/0x120
[   88.333918][ T5360]  vfs_writev+0x31a/0x960
[   88.335706][ T5360]  ? __lock_acquire+0xab9/0xd20
[   88.337851][ T5360]  ? __pfx_vfs_writev+0x10/0x10
[   88.339928][ T5360]  ? __fget_files+0x2a/0x420
[   88.341938][ T5360]  ? __fget_files+0x3a0/0x420
[   88.343926][ T5360]  ? __fget_files+0x2a/0x420
[   88.345953][ T5360]  __se_sys_pwritev2+0x179/0x290
[   88.348183][ T5360]  ? __pfx___se_sys_pwritev2+0x10/0x10
[   88.350481][ T5360]  ? rcu_is_watching+0x15/0xb0
[   88.352537][ T5360]  ? do_syscall_64+0xbe/0x3b0
[   88.354536][ T5360]  ? __x64_sys_pwritev2+0x20/0xc0
[   88.356637][ T5360]  do_syscall_64+0xfa/0x3b0
[   88.358513][ T5360]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.360706][ T5360]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.363246][ T5360]  ? clear_bhb_loop+0x60/0xb0
[   88.365196][ T5360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.367659][ T5360] RIP: 0033:0x7f8f4438ebe9
[   88.369543][ T5360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.377655][ T5360] RSP: 002b:00007f8f451d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   88.381134][ T5360] RAX: ffffffffffffffda RBX: 00007f8f445c5fa0 RCX: 00007f8f4438ebe9
[   88.384505][ T5360] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000009
[   88.387788][ T5360] RBP: 00007f8f44411e19 R08: 0000000000000006 R09: 0000000000000000
[   88.391085][ T5360] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   88.394437][ T5360] R13: 00007f8f445c6038 R14: 00007f8f445c5fa0 R15: 00007ffdc9552ef8
[   88.397723][ T5360]  </TASK>
[   88.399069][ T5360] Modules linked in:
[   88.401545][ T5360] ---[ end trace 0000000000000000 ]---
[   88.409466][ T5360] RIP: 0010:folio_unlock+0x13d/0x160
[   88.411811][ T5360] Code: aa c7 ff 48 89 df 48 c7 c6 80 4d 94 8b e8 6b e8 2f ff 90 0f 0b e8 73 aa c7 ff 48 89 df 48 c7 c6 a0 43 94 8b e8 54 e8 2f ff 90 <0f> 0b e8 5c aa c7 ff 48 89 df 48 c7 c6 80 4d 94 8b e8 3d e8 2f ff
[   88.419690][ T5360] RSP: 0018:ffffc9000d30f6e8 EFLAGS: 00010246
[   88.422290][ T5360] RAX: f0859d6ecb13dd00 RBX: ffffea00013268c0 RCX: 0000000000000000
[   88.426571][ T5360] RDX: 0000000000000007 RSI: ffffffff8d9bc3c7 RDI: 00000000ffffffff
[   88.430222][ T5360] RBP: ffffc9000d30faa8 R08: ffffffff8fa3c037 R09: 1ffffffff1f47806
[   88.434029][ T5360] R10: dffffc0000000000 R11: fffffbfff1f47807 R12: 1ffffd4000264d19
[   88.437517][ T5360] R13: 04fff20000000020 R14: ffffea00013268c8 R15: dffffc0000000000
[   88.441694][ T5360] FS:  00007f8f451d76c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000
[   88.447426][ T5360] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.450336][ T5360] CR2: 00007f8f44598558 CR3: 0000000043e5f000 CR4: 0000000000352ef0
[   88.454231][ T5360] Kernel panic - not syncing: Fatal exception
[   88.457319][ T5360] Kernel Offset: disabled
[   88.459248][ T5360] Rebooting in 86400 seconds..