exit_mmap+0x4b6/0xd40 mm/mmap.c:3300
 __mmput+0x115/0x3c0 kernel/fork.c:1343
 exec_mmap+0x66d/0x700 fs/exec.c:1051
 begin_new_exec+0x119a/0x1ce0 fs/exec.c:1310
 load_elf_binary+0x961/0x2590 fs/binfmt_elf.c:996
 search_binary_handler fs/exec.c:1783 [inline]
 exec_binprm fs/exec.c:1825 [inline]
 bprm_execve+0xaf7/0x1790 fs/exec.c:1877
 do_execveat_common+0x552/0x6f0 fs/exec.c:1984
 do_execve fs/exec.c:2058 [inline]
 __do_sys_execve fs/exec.c:2134 [inline]
 __se_sys_execve fs/exec.c:2129 [inline]
 __x64_sys_execve+0x92/0xb0 fs/exec.c:2129
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
------------[ cut here ]------------
kernel BUG at mm/filemap.c:153!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 PID: 5059 Comm: syz-executor234 Not tainted 6.8.0-rc7-syzkaller-00250-g137e0ec05aeb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
RIP: 0010:filemap_unaccount_folio+0x6d0/0xc30 mm/filemap.c:153
Code: 25 ff 0f 00 00 0f 84 f0 00 00 00 e8 1a 5c cc ff e9 ac f9 ff ff e8 10 5c cc ff 4c 89 ef 48 c7 c6 a0 47 b3 8b e8 d1 1d 11 00 90 <0f> 0b e8 f9 5b cc ff 4c 89 ef 48 c7 c6 20 4d b3 8b e8 ba 1d 11 00
RSP: 0018:ffffc90004257798 EFLAGS: 00010046
RAX: 51f07b0c46ee8000 RBX: 0000000000000000 RCX: ffffc90004257603
RDX: 0000000000000002 RSI: ffffffff8baac7e0 RDI: ffffffff8bfd99e0
RBP: 0000000000000000 R08: ffffffff8f8440ef R09: 1ffffffff1f0881d
R10: dffffc0000000000 R11: fffffbfff1f0881e R12: 0000000000000001
R13: ffffea0001fc8600 R14: 1ffffd40003f90c0 R15: ffffea0001fc8608
FS:  000055555668c380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 000000007a744000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __filemap_remove_folio+0xcd/0xa70 mm/filemap.c:222
 filemap_remove_folio+0x109/0x2e0 mm/filemap.c:255
 truncate_inode_folio+0x5d/0x70 mm/truncate.c:195
 shmem_undo_range+0x439/0x1da0 mm/shmem.c:1001
 shmem_truncate_range mm/shmem.c:1114 [inline]
 shmem_evict_inode+0x29b/0xa60 mm/shmem.c:1242
 evict+0x2a8/0x630 fs/inode.c:665
 __dentry_kill+0x20d/0x630 fs/dcache.c:603
 dput+0x19f/0x2b0 fs/dcache.c:845
 __fput+0x678/0x8a0 fs/file_table.c:384
 __do_sys_close fs/open.c:1554 [inline]
 __se_sys_close fs/open.c:1539 [inline]
 __x64_sys_close+0x7e/0x110 fs/open.c:1539
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fcb3b616ad0
Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d d1 85 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
RSP: 002b:00007ffe1769d898 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fcb3b616ad0
RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000000000004
RBP: 00007ffe1769d8b0 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000028011 R11: 0000000000000202 R12: 00007fcb3b68a5f0
R13: 00007ffe1769da98 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:filemap_unaccount_folio+0x6d0/0xc30 mm/filemap.c:153
Code: 25 ff 0f 00 00 0f 84 f0 00 00 00 e8 1a 5c cc ff e9 ac f9 ff ff e8 10 5c cc ff 4c 89 ef 48 c7 c6 a0 47 b3 8b e8 d1 1d 11 00 90 <0f> 0b e8 f9 5b cc ff 4c 89 ef 48 c7 c6 20 4d b3 8b e8 ba 1d 11 00
RSP: 0018:ffffc90004257798 EFLAGS: 00010046
RAX: 51f07b0c46ee8000 RBX: 0000000000000000 RCX: ffffc90004257603
RDX: 0000000000000002 RSI: ffffffff8baac7e0 RDI: ffffffff8bfd99e0
RBP: 0000000000000000 R08: ffffffff8f8440ef R09: 1ffffffff1f0881d
R10: dffffc0000000000 R11: fffffbfff1f0881e R12: 0000000000000001
R13: ffffea0001fc8600 R14: 1ffffd40003f90c0 R15: ffffea0001fc8608
FS:  000055555668c380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 000000007a744000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400