program:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x6000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r3 = dup(r2)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000040)=0x10000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r3, 0x2c93a000)
madvise(&(0x7f0000201000/0x2000)=nil, 0x2000, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

[   86.683818][ T5288] Bluetooth: hci0: command tx timeout
[   87.113728][ T5326] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888043ecaaf0 pfn:0x43eca
[   87.123559][ T5326] memcg:ffff88801243f300
[   87.130626][ T5326] flags: 0x4fff00000000001(locked|node=1|zone=1|lastcpupid=0x7ff)
[   87.150388][ T5326] raw: 04fff00000000001 0000000000000000 dead000000000122 0000000000000000
[   87.179273][ T5326] raw: ffff888043ecaaf0 0000000000000000 00000001ffffffff ffff88801243f300
[   87.183820][ T5326] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping))
[   87.200731][ T5326] page_owner tracks the page as allocated
[   87.214090][ T5326] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5326, tgid 5324 (syz.0.0), ts 87113644940, free_ts 83981060076
[   87.254916][ T5326]  post_alloc_hook+0x231/0x280
[   87.281254][ T5326]  get_page_from_freelist+0x24ba/0x2540
[   87.285937][ T5326]  __alloc_frozen_pages_noprof+0x18d/0x380
[   87.305417][ T5326]  alloc_pages_mpol+0x235/0x490
[   87.321039][ T5326]  alloc_pages_noprof+0xac/0x2a0
[   87.325304][ T5326]  folio_alloc_noprof+0x1e/0x30
[   87.332590][ T5326]  filemap_alloc_folio_noprof+0x111/0x470
[   87.345764][ T5326]  page_cache_ra_order+0x548/0xe80
[   87.350141][ T5326]  do_sync_mmap_readahead+0x6ad/0x8e0
[   87.355526][ T5326]  filemap_fault+0x703/0x1300
[   87.358612][ T5326]  __do_fault+0x138/0x2a0
[   87.363737][ T5326]  do_pte_missing+0x2093/0x33f0
[   87.368113][ T5326]  handle_mm_fault+0x1bd7/0x3170
[   87.377458][ T5326]  __get_user_pages+0x1683/0x2720
[   87.387317][ T5326]  populate_vma_page_range+0x2be/0x3c0
[   87.393844][ T5326]  __mm_populate+0x25f/0x390
[   87.398121][ T5326] page last free pid 10 tgid 10 stack trace:
[   87.405793][ T5326]  __free_frozen_pages+0xbc7/0xd30
[   87.411381][ T5326]  __slab_free+0x274/0x2c0
[   87.414766][ T5326]  qlist_free_all+0x99/0x100
[   87.419348][ T5326]  kasan_quarantine_reduce+0x148/0x160
[   87.423908][ T5326]  __kasan_slab_alloc+0x22/0x80
[   87.428238][ T5326]  __kmalloc_cache_noprof+0x2ba/0x660
[   87.434635][ T5326]  nsim_fib_event+0xf36/0xa390
[   87.439694][ T5326]  nsim_fib_event_work+0x254/0x3d0
[   87.444648][ T5326]  process_scheduled_works+0xb5d/0x1860
[   87.459624][ T5326]  worker_thread+0xa53/0xfc0
[   87.462871][ T5326]  kthread+0x388/0x470
[   87.472609][ T5326]  ret_from_fork+0x514/0xb70
[   87.477616][ T5326]  ret_from_fork_asm+0x1a/0x30
[   87.482472][ T5326] ------------[ cut here ]------------
[   87.484654][ T5326] kernel BUG at mm/filemap.c:860!
[   87.492850][ T5326] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   87.496220][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.499475][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.503297][ T5326] RIP: 0010:__filemap_add_folio+0x11bc/0x1330
[   87.505818][ T5326] Code: a2 c1 ff 4c 89 e7 48 c7 c6 80 cc d7 8b e8 4c f6 23 ff 90 0f 0b e8 54 a2 c1 ff 4c 89 e7 48 c7 c6 e0 c0 d7 8b e8 35 f6 23 ff 90 <0f> 0b e8 3d a2 c1 ff 4c 89 e7 48 c7 c6 80 cc d7 8b e8 1e f6 23 ff
[   87.513577][ T5326] RSP: 0018:ffffc9000e00f1e0 EFLAGS: 00010246
[   87.516082][ T5326] RAX: b1740ae3eae0bd00 RBX: 0000000000000000 RCX: 0000000000000000
[   87.518957][ T5326] RDX: 0000000000000007 RSI: ffffffff8dfa8d7d RDI: 00000000ffffffff
[   87.521948][ T5326] RBP: ffffc9000e00f360 R08: ffffffff9030ccf7 R09: 1ffffffff206199e
[   87.525276][ T5326] R10: dffffc0000000000 R11: fffffbfff206199f R12: ffffea00010fb280
[   87.528430][ T5326] R13: dffffc0000000000 R14: ffffea00010fb288 R15: 0000000000000004
[   87.531528][ T5326] FS:  00007ff093cc86c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[   87.534759][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.537451][ T5326] CR2: 00007f3685f56720 CR3: 0000000012599000 CR4: 0000000000352ef0
[   87.540543][ T5326] Call Trace:
[   87.541709][ T5326]  <TASK>
[   87.542909][ T5326]  ? percpu_ref_put+0x19/0x180
[   87.544851][ T5326]  ? __pfx___filemap_add_folio+0x10/0x10
[   87.547095][ T5326]  ? percpu_ref_put+0x19/0x180
[   87.548941][ T5326]  ? percpu_ref_put+0xf9/0x180
[   87.550868][ T5326]  filemap_add_folio+0x264/0x530
[   87.552831][ T5326]  page_cache_ra_order+0x6a9/0xe80
[   87.554919][ T5326]  do_sync_mmap_readahead+0x6ad/0x8e0
[   87.557073][ T5326]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[   87.559366][ T5326]  ? count_memcg_event_mm+0x1d/0x250
[   87.561533][ T5326]  ? count_memcg_event_mm+0x1d/0x250
[   87.563660][ T5326]  filemap_fault+0x703/0x1300
[   87.565637][ T5326]  ? __pfx_filemap_fault+0x10/0x10
[   87.567616][ T5326]  ? __pfx_filemap_map_pages+0x10/0x10
[   87.570049][ T5326]  __do_fault+0x138/0x2a0
[   87.571836][ T5326]  ? do_pte_missing+0x125b/0x33f0
[   87.573787][ T5326]  do_pte_missing+0x2093/0x33f0
[   87.575804][ T5326]  ? mtree_range_walk+0x6f9/0x8b0
[   87.577890][ T5326]  handle_mm_fault+0x1bd7/0x3170
[   87.579903][ T5326]  ? mt_find+0x186/0x630
[   87.581608][ T5326]  ? handle_mm_fault+0xee/0x3170
[   87.583586][ T5326]  ? __pfx_handle_mm_fault+0x10/0x10
[   87.585637][ T5326]  __get_user_pages+0x1683/0x2720
[   87.587594][ T5326]  populate_vma_page_range+0x2be/0x3c0
[   87.589675][ T5326]  ? __pfx_populate_vma_page_range+0x10/0x10
[   87.591875][ T5326]  ? down_read+0x270/0x2e0
[   87.593506][ T5326]  ? __mm_populate+0x173/0x390
[   87.595196][ T5326]  __mm_populate+0x25f/0x390
[   87.596779][ T5326]  ? __pfx___mm_populate+0x10/0x10
[   87.598611][ T5326]  vm_mmap_pgoff+0x3aa/0x4f0
[   87.600144][ T5326]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   87.602154][ T5326]  ? __fget_files+0x2a/0x420
[   87.603984][ T5326]  ? __fget_files+0x3a0/0x420
[   87.605864][ T5326]  ? __fget_files+0x2a/0x420
[   87.607692][ T5326]  ksys_mmap_pgoff+0x51e/0x760
[   87.609661][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.612077][ T5326]  do_syscall_64+0x15f/0xf80
[   87.613899][ T5326]  ? trace_irq_disable+0x3b/0x140
[   87.615878][ T5326]  ? clear_bhb_loop+0x40/0x90
[   87.617819][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.620092][ T5326] RIP: 0033:0x7ff092d9cdd9
[   87.621838][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.629331][ T5326] RSP: 002b:00007ff093cc7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   87.632417][ T5326] RAX: ffffffffffffffda RBX: 00007ff093016090 RCX: 00007ff092d9cdd9
[   87.635557][ T5326] RDX: 0000000001000002 RSI: 0000000000b36000 RDI: 0000200000000000
[   87.638629][ T5326] RBP: 00007ff092e32d69 R08: 0000000000000006 R09: 000000002c93a000
[   87.641711][ T5326] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
[   87.644755][ T5326] R13: 00007ff093016128 R14: 00007ff093016090 R15: 00007ffc62f6c018
[   87.647910][ T5326]  </TASK>
[   87.649121][ T5326] Modules linked in:
[   87.651552][ T5326] ---[ end trace 0000000000000000 ]---
[   87.741468][ T5326] RIP: 0010:__filemap_add_folio+0x11bc/0x1330
[   87.744028][ T5326] Code: a2 c1 ff 4c 89 e7 48 c7 c6 80 cc d7 8b e8 4c f6 23 ff 90 0f 0b e8 54 a2 c1 ff 4c 89 e7 48 c7 c6 e0 c0 d7 8b e8 35 f6 23 ff 90 <0f> 0b e8 3d a2 c1 ff 4c 89 e7 48 c7 c6 80 cc d7 8b e8 1e f6 23 ff
[   87.751511][ T5326] RSP: 0018:ffffc9000e00f1e0 EFLAGS: 00010246
[   87.754010][ T5326] RAX: b1740ae3eae0bd00 RBX: 0000000000000000 RCX: 0000000000000000
[   87.756957][ T5326] RDX: 0000000000000007 RSI: ffffffff8dfa8d7d RDI: 00000000ffffffff
[   87.766284][ T5326] RBP: ffffc9000e00f360 R08: ffffffff9030ccf7 R09: 1ffffffff206199e
[   87.776483][ T5326] R10: dffffc0000000000 R11: fffffbfff206199f R12: ffffea00010fb280
[   87.780194][ T5326] R13: dffffc0000000000 R14: ffffea00010fb288 R15: 0000000000000004
[   87.787091][ T5326] FS:  00007ff093cc86c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[   87.797480][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.800245][ T5326] CR2: 00007ff093ce99a0 CR3: 0000000012599000 CR4: 0000000000352ef0
[   87.803674][ T5326] Kernel panic - not syncing: Fatal exception
[   87.806351][ T5326] Kernel Offset: disabled
[   87.808031][ T5326] Rebooting in 86400 seconds..