page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x136947
memcg:ffff0000c5bac300
flags: 0x5ffc00000000001(locked|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000001 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff ffff0000c5bac300
page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping))
------------[ cut here ]------------
kernel BUG at mm/filemap.c:860!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6062 Comm: syz.3.278 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __filemap_add_folio+0xdec/0x1158 mm/filemap.c:859
lr : __filemap_add_folio+0xdec/0x1158 mm/filemap.c:859
sp : ffff800092f16be0
x29: ffff800092f16d30 x28: 1fffffbff87b4a39 x27: dfff800000000000
x26: 0000000000000000 x25: ffff800092f16ca0 x24: ffff0000c154f050
x23: 0000000000000004 x22: ffff7000125e2d90 x21: fffffdffc3da51c0
x20: 0000000000000000 x19: 05ffc00000000001 x18: 0000000055eeb29a
x17: 6e697070616d203c x16: 20296f696c6f6628 x15: 726564726f5f6f69
x14: 6c6f66284f494c4f x13: 0000000000000001 x12: 0000000000000000
x11: 000000000000136b x10: 0000000000080000 x9 : c241a5fe9a20a300
x8 : c241a5fe9a20a300 x7 : ffff8000804886d0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080486c0c
x2 : 0000000100000000 x1 : ffff0000d4e18000 x0 : 0000000000000001
Call trace:
 __filemap_add_folio+0xdec/0x1158 mm/filemap.c:859 (P)
 filemap_add_folio+0x4dc/0x7f4 mm/filemap.c:967
 ra_alloc_folio mm/readahead.c:456 [inline]
 page_cache_ra_order+0x56c/0xe28 mm/readahead.c:515
 do_sync_mmap_readahead+0x36c/0xa10 mm/filemap.c:-1
 filemap_fault+0x640/0x1420 mm/filemap.c:3555
 __do_fault+0xf4/0x4a0 mm/memory.c:5458
 do_read_fault mm/memory.c:5893 [inline]
 do_fault mm/memory.c:6027 [inline]
 do_pte_missing+0x18f4/0x287c mm/memory.c:4550
 handle_pte_fault mm/memory.c:6411 [inline]
 __handle_mm_fault mm/memory.c:6549 [inline]
 handle_mm_fault+0x1568/0x2450 mm/memory.c:6718
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x678/0x20f0 mm/gup.c:1428
 __get_user_pages_locked mm/gup.c:1692 [inline]
 __gup_longterm_locked+0x9e8/0xfe4 mm/gup.c:2476
 gup_fast_fallback+0x1e40/0x20e0 mm/gup.c:3209
 get_user_pages_fast+0x6c/0xa8 mm/gup.c:3287
 madvise_inject_error mm/madvise.c:1462 [inline]
 madvise_do_behavior+0x160/0x7c4 mm/madvise.c:1919
 do_madvise+0x1ac/0x278 mm/madvise.c:2022
 __do_sys_madvise mm/madvise.c:2031 [inline]
 __se_sys_madvise mm/madvise.c:2029 [inline]
 __arm64_sys_madvise+0xa4/0xc0 mm/madvise.c:2029
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Code: d002fbe1 91070021 aa1503e0 97deba94 (d4210000) 
---[ end trace 0000000000000000 ]---