program: sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cache=mmap']) write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, '9p\x00'}, {0x20, '%'}, {}, {0x20, '%'}], 0xa, "97d2ac556eecbfdd06963fe6c1ce1ea7e8affcb87c5cfedaca99d009d82d408e72cbed6cbb7f8b9d38a29b2990660d1821ce8403959a815a9c502fc1f872f749eec20d0e0123a8725792b714a5367908b694c92c7b2add9ccdad885f108577279e33e0a891d2b7b387d99686c2ca4f4810d82809538013fa1f8bb3f4fbe060511dd50374dd3ab948869c21aaa581da2e1f544e15d12cc539de6c9f62da3f936df6fd6554412d2b2b62f8835f09a105a69de28d281b552939a57e73b738015b430f9e3253bea4e30bf48fad9cf247f5e0d3ff4171a94f36024f87a385892df92aca3960c7a3d0"}, 0xfa) chmod(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000080)={0x0, 0x4, 0x7}) r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0) pwritev2(r4, &(0x7f0000000200)=[{&(0x7f0000000340)="01", 0x1}], 0x1, 0x8, 0x6, 0x0) write$FUSE_POLL(r4, &(0x7f0000000380)={0x18, 0xfffffffffffffff5, 0x0, {0x1}}, 0x18) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) (async) pipe2$9p(&(0x7f00000001c0), 0x0) (async) write$P9_RVERSION(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) (async) dup(r2) (async) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cache=mmap']) (async) write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, '9p\x00'}, {0x20, '%'}, {}, {0x20, '%'}], 0xa, "97d2ac556eecbfdd06963fe6c1ce1ea7e8affcb87c5cfedaca99d009d82d408e72cbed6cbb7f8b9d38a29b2990660d1821ce8403959a815a9c502fc1f872f749eec20d0e0123a8725792b714a5367908b694c92c7b2add9ccdad885f108577279e33e0a891d2b7b387d99686c2ca4f4810d82809538013fa1f8bb3f4fbe060511dd50374dd3ab948869c21aaa581da2e1f544e15d12cc539de6c9f62da3f936df6fd6554412d2b2b62f8835f09a105a69de28d281b552939a57e73b738015b430f9e3253bea4e30bf48fad9cf247f5e0d3ff4171a94f36024f87a385892df92aca3960c7a3d0"}, 0xfa) (async) chmod(&(0x7f0000000140)='./file0\x00', 0x0) (async) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000080)={0x0, 0x4, 0x7}) (async) creat(&(0x7f0000000300)='./file0\x00', 0x0) (async) pwritev2(r4, &(0x7f0000000200)=[{&(0x7f0000000340)="01", 0x1}], 0x1, 0x8, 0x6, 0x0) (async) write$FUSE_POLL(r4, &(0x7f0000000380)={0x18, 0xfffffffffffffff5, 0x0, {0x1}}, 0x18) (async) [ 85.118730][ T5343] Bluetooth: hci0: command tx timeout [ 85.215626][ T5369] page: refcount:1 mapcount:0 mapping:ffff888043ab0220 index:0x0 pfn:0x4c9e0 [ 85.219297][ T5369] memcg:ffff88801c6a0d00 [ 85.221230][ T5369] aops:v9fs_addr_operations ino:2 dentry name(?):"/" [ 85.227817][ T5369] flags: 0x4fff20000000020(lru|node=1|zone=1|lastcpupid=0x7ff) [ 85.230850][ T5369] raw: 04fff20000000020 ffff888030ad89e0 ffff888030ad89e0 ffff888043ab0220 [ 85.235225][ T5369] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88801c6a0d00 [ 85.238721][ T5369] page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) [ 85.241902][ T5369] page_owner tracks the page as allocated [ 85.247952][ T5369] page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE|__GFP_COMP), pid 5368, tgid 5367 (syz.0.0), ts 85197239182, free_ts 0 [ 85.256200][ T5369] post_alloc_hook+0x240/0x2a0 [ 85.258274][ T5369] get_page_from_freelist+0x21e4/0x22c0 [ 85.260587][ T5369] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.263022][ T5369] alloc_pages_mpol+0x232/0x4a0 [ 85.265425][ T5369] alloc_pages_noprof+0xa9/0x190 [ 85.268114][ T5369] folio_alloc_noprof+0x1e/0x30 [ 85.270437][ T5369] filemap_alloc_folio_noprof+0xdf/0x470 [ 85.273749][ T5369] __filemap_get_folio+0x3f2/0xaf0 [ 85.277017][ T5369] netfs_perform_write+0x43d/0x1ae0 [ 85.279138][ T5369] netfs_file_write_iter+0x17d/0x4a0 [ 85.281377][ T5369] do_iter_readv_writev+0x619/0x8b0 [ 85.283319][ T5369] vfs_writev+0x31a/0x960 [ 85.285534][ T5369] __se_sys_pwritev2+0x179/0x290 [ 85.287937][ T5369] do_syscall_64+0xfa/0x3b0 [ 85.289980][ T5369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.292567][ T5369] page_owner free stack trace missing [ 85.296776][ T5369] ------------[ cut here ]------------ [ 85.299157][ T5369] kernel BUG at mm/filemap.c:1498! [ 85.301432][ T5369] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.304075][ T5369] CPU: 0 UID: 0 PID: 5369 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.307811][ T5369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.312466][ T5369] RIP: 0010:folio_unlock+0x13d/0x160 [ 85.314693][ T5369] Code: aa c7 ff 48 89 df 48 c7 c6 00 50 b4 8b e8 5b e9 2f ff 90 0f 0b e8 13 aa c7 ff 48 89 df 48 c7 c6 20 46 b4 8b e8 44 e9 2f ff 90 <0f> 0b e8 fc a9 c7 ff 48 89 df 48 c7 c6 00 50 b4 8b e8 2d e9 2f ff [ 85.322806][ T5369] RSP: 0018:ffffc9000d2a7888 EFLAGS: 00010246 [ 85.325388][ T5369] RAX: 139653c4abe9e300 RBX: ffffea0001327800 RCX: 0000000000000000 [ 85.328741][ T5369] RDX: 0000000000000007 RSI: ffffffff8dbbcff1 RDI: 00000000ffffffff [ 85.332111][ T5369] RBP: ffffc9000d2a7c48 R08: ffffffff8fc3c937 R09: 1ffffffff1f87926 [ 85.335627][ T5369] R10: dffffc0000000000 R11: fffffbfff1f87927 R12: 1ffffd4000264f01 [ 85.339108][ T5369] R13: 04fff20000000020 R14: ffffea0001327808 R15: dffffc0000000000 [ 85.342461][ T5369] FS: 00007fb9ecfcb6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.346123][ T5369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.348706][ T5369] CR2: 00007fb9ecfa9fc8 CR3: 0000000043d71000 CR4: 0000000000352ef0 [ 85.351951][ T5369] Call Trace: [ 85.353388][ T5369] [ 85.354660][ T5369] netfs_perform_write+0x14fc/0x1ae0 [ 85.356852][ T5369] ? __lock_acquire+0xab9/0xd20 [ 85.359133][ T5369] ? __pfx_netfs_perform_write+0x10/0x10 [ 85.361593][ T5369] ? file_update_time+0x2da/0x490 [ 85.363708][ T5369] ? netfs_buffered_write_iter_locked+0x126/0x2a0 [ 85.366442][ T5369] ? netfs_file_write_iter+0x167/0x4a0 [ 85.368719][ T5369] netfs_file_write_iter+0x17d/0x4a0 [ 85.370885][ T5369] vfs_write+0x5c9/0xb30 [ 85.372625][ T5369] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 85.374944][ T5369] ? __pfx_vfs_write+0x10/0x10 [ 85.377034][ T5369] ? __fget_files+0x2a/0x420 [ 85.379003][ T5369] ksys_write+0x145/0x250 [ 85.380852][ T5369] ? __pfx_ksys_write+0x10/0x10 [ 85.382859][ T5369] ? rcu_is_watching+0x15/0xb0 [ 85.384880][ T5369] ? do_syscall_64+0xbe/0x3b0 [ 85.386848][ T5369] do_syscall_64+0xfa/0x3b0 [ 85.388732][ T5369] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.390895][ T5369] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.393356][ T5369] ? clear_bhb_loop+0x60/0xb0 [ 85.395300][ T5369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.397808][ T5369] RIP: 0033:0x7fb9ec18eec9 [ 85.399667][ T5369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.407588][ T5369] RSP: 002b:00007fb9ecfcb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.411114][ T5369] RAX: ffffffffffffffda RBX: 00007fb9ec3e6090 RCX: 00007fb9ec18eec9 [ 85.414456][ T5369] RDX: 0000000000000018 RSI: 0000200000000380 RDI: 0000000000000007 [ 85.417717][ T5369] RBP: 00007fb9ec211f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.421056][ T5369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.424388][ T5369] R13: 00007fb9ec3e6128 R14: 00007fb9ec3e6090 R15: 00007ffce91788f8 [ 85.427711][ T5369] [ 85.429059][ T5369] Modules linked in: [ 85.431132][ T5369] ---[ end trace 0000000000000000 ]--- [ 85.438454][ T5369] RIP: 0010:folio_unlock+0x13d/0x160 [ 85.440806][ T5369] Code: aa c7 ff 48 89 df 48 c7 c6 00 50 b4 8b e8 5b e9 2f ff 90 0f 0b e8 13 aa c7 ff 48 89 df 48 c7 c6 20 46 b4 8b e8 44 e9 2f ff 90 <0f> 0b e8 fc a9 c7 ff 48 89 df 48 c7 c6 00 50 b4 8b e8 2d e9 2f ff [ 85.449223][ T5369] RSP: 0018:ffffc9000d2a7888 EFLAGS: 00010246 [ 85.451845][ T5369] RAX: 139653c4abe9e300 RBX: ffffea0001327800 RCX: 0000000000000000 [ 85.455651][ T5369] RDX: 0000000000000007 RSI: ffffffff8dbbcff1 RDI: 00000000ffffffff [ 85.458927][ T5369] RBP: ffffc9000d2a7c48 R08: ffffffff8fc3c937 R09: 1ffffffff1f87926 [ 85.462222][ T5369] R10: dffffc0000000000 R11: fffffbfff1f87927 R12: 1ffffd4000264f01 [ 85.466131][ T5369] R13: 04fff20000000020 R14: ffffea0001327808 R15: dffffc0000000000 [ 85.469539][ T5369] FS: 00007fb9ecfcb6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.473568][ T5369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.479484][ T5369] CR2: 00007fb9ecfa9fc8 CR3: 0000000043d71000 CR4: 0000000000352ef0 [ 85.483041][ T5369] Kernel panic - not syncing: Fatal exception [ 85.485862][ T5369] Kernel Offset: disabled [ 85.487723][ T5369] Rebooting in 86400 seconds..