==================================================================
 alloc_pages+0x1a0/0x260
BUG: KASAN: null-ptr-deref in filemap_fault+0xac7/0x2170
 filemap_alloc_folio+0x374/0x410
Read of size 4 at addr 0000000000000028 by task syz-fuzzer/244

 __filemap_get_folio+0x285/0x8d0
 filemap_fault+0x14c3/0x2170
 __do_fault+0x10d/0x590
 __handle_mm_fault+0x1289/0x30b0
 handle_mm_fault+0x2ce/0xb40
 do_user_addr_fault+0x5f6/0x1310
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f38072ad688
Code: Unable to access opcode bytes at 0x7f38072ad65e.
RSP: 002b:00007ffcb26d11f0 EFLAGS: 00010202
RAX: 0000001b2c720000 RBX: 0000000000000213 RCX: 0000000000158ba0
RDX: 0000000000158f51 RSI: 00007ffcb26d12b0 RDI: 0000000000000001
RBP: 00007ffcb26d124c R08: 0000000000000584 R09: 00007ffcb2723080
R10: 00007ffcb2723090 R11: 0000000000284892 R12: 0000000000000032
R13: 0000000000158dab R14: 0000000000000007 R15: 00007ffcb26d12b0
 </TASK>
CPU: 1 PID: 244 Comm: syz-fuzzer Not tainted 6.3.0-rc4-next-20230328 #1
Mem-Info:
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
active_anon:23722 inactive_anon:43573 isolated_anon:0
 active_file:44 inactive_file:29 isolated_file:3
 unevictable:0 dirty:0 writeback:0
 slab_reclaimable:7549 slab_unreclaimable:53442
 mapped:69648 shmem:112 pagetables:1174
 sec_pagetables:0 bounce:0
 kernel_misc_reclaimable:0
 free:2247 free_pcp:0 free_cma:0
 dump_stack_lvl+0x91/0xf0
Node 0 active_anon:94888kB inactive_anon:174292kB active_file:176kB inactive_file:116kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:278592kB dirty:0kB writeback:0kB shmem:448kB writeback_tmp:0kB kernel_stack:3968kB pagetables:4696kB sec_pagetables:0kB all_unreclaimable? no
 kasan_report+0xc0/0xf0
Node 0 
DMA free:6448kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
 kasan_check_range+0x39/0x1d0
lowmem_reserve[]:
 filemap_fault+0xac7/0x2170
 0
 1606
 1606
 1606
 __do_fault+0x10d/0x590

 __handle_mm_fault+0x1289/0x30b0
Node 0 
DMA32 free:2540kB boost:2048kB min:7152kB low:8796kB high:10440kB reserved_highatomic:8192KB active_anon:94888kB inactive_anon:174292kB active_file:320kB inactive_file:0kB unevictable:0kB writepending:0kB present:2080640kB managed:1655468kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]:
 0
 handle_mm_fault+0x2ce/0xb40
 0
 do_user_addr_fault+0x5f6/0x1310
 0
 exc_page_fault+0x9c/0x1a0
 0
 asm_exc_page_fault+0x26/0x30

RIP: 0033:0x454f8a
Node 0 
Code: Unable to access opcode bytes at 0x454f60.
DMA: 
RSP: 002b:000000c00003dd70 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000c00005c058 RCX: 0000000000000000
0*4kB 
RDX: 0000000000b12b70 RSI: 0000014914ed9124 RDI: 000000c0047f2f00
0*8kB 
RBP: 000000c00003ddb8 R08: 0000000000000000 R09: 0000000000000003
1*16kB 
R10: 0000014973b8b77c R11: 0000000000000001 R12: 0000014973b8b77c
R13: 0000000000000001 R14: 0000014973b8b77c R15: 00000000000056e1
(U) 
 </TASK>
==================================================================
1*32kB 
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI
(U) 
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 1 PID: 244 Comm: syz-fuzzer Tainted: G    B              6.3.0-rc4-next-20230328 #1
0*64kB 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
0*128kB 
RIP: 0010:filemap_fault+0xad8/0x2170
1*256kB 
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
(U) 
RSP: 0018:ffff88801010fbd8 EFLAGS: 00010216
0*512kB 

RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff818050f8 RDI: 0000000000000007
0*1024kB 
RBP: 0000000000000702 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
1*2048kB 
R13: ffff88800db95680 R14: 0000000000000001 R15: ffff88801010fda0
FS:  000000c000300410(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
(M) 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000454f60 CR3: 000000000efd8000 CR4: 0000000000350ee0
1*4096kB 
Call Trace:
 <TASK>
(M) 
= 6448kB
Node 0 
 __do_fault+0x10d/0x590
DMA32: 
 __handle_mm_fault+0x1289/0x30b0
286*4kB 
(UM) 87*8kB 
(M) 
23*16kB 
 handle_mm_fault+0x2ce/0xb40
(M) 
 do_user_addr_fault+0x5f6/0x1310
3*32kB 
 exc_page_fault+0x9c/0x1a0
(UM) 
 asm_exc_page_fault+0x26/0x30
2*64kB 
RIP: 0033:0x454f8a
(U) 
Code: Unable to access opcode bytes at 0x454f60.
RSP: 002b:000000c00003dd70 EFLAGS: 00010202
1*128kB 

RAX: 0000000000000000 RBX: 000000c00005c058 RCX: 0000000000000000
RDX: 0000000000b12b70 RSI: 0000014914ed9124 RDI: 000000c0047f2f00
(U) 
RBP: 000000c00003ddb8 R08: 0000000000000000 R09: 0000000000000003
R10: 0000014973b8b77c R11: 0000000000000001 R12: 0000014973b8b77c
0*256kB 
R13: 0000000000000001 R14: 0000014973b8b77c R15: 00000000000056e1
0*512kB 
 </TASK>
0*1024kB 
Modules linked in:
0*2048kB 
---[ end trace 0000000000000000 ]---
0*4096kB 
RIP: 0010:filemap_fault+0xad8/0x2170
= 2560kB
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
RSP: 0018:ffff88801010fbd8 EFLAGS: 00010216
178 total pagecache pages

RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
0 pages in swap cache
RDX: 0000000000000005 RSI: ffffffff818050f8 RDI: 0000000000000007
Free swap  = 0kB
RBP: 0000000000000702 R08: 0000000000000007 R09: 0000000000000000
Total swap = 0kB
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
524158 pages RAM
R13: ffff88800db95680 R14: 0000000000000001 R15: ffff88801010fda0
0 pages HighMem/MovableOnly
FS:  000000c000300410(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
106451 pages reserved
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#2] PREEMPT SMP KASAN NOPTI
CR2: 0000000000454f60 CR3: 000000000efd8000 CR4: 0000000000350ee0
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 PID: 276 Comm: syz-executor.5 Tainted: G    B D            6.3.0-rc4-next-20230328 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:filemap_fault+0xad8/0x2170
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff888019e8fbd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: ffffffff8162a147
RDX: 0000000000000005 RSI: 0000000000000004 RDI: 0000000000000028
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffff000
R10: fffffffffffffff4 R11: 0000000000000001 R12: fffffffffffffff4
R13: ffff88800ef63400 R14: 0000000000000001 R15: ffff888019e8fda0
FS:  00005555574bc400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38072ad65e CR3: 000000000f54c000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __do_fault+0x10d/0x590
 __handle_mm_fault+0x1289/0x30b0
 handle_mm_fault+0x2ce/0xb40
 do_user_addr_fault+0x5f6/0x1310
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f38072ad688
Code: Unable to access opcode bytes at 0x7f38072ad65e.
RSP: 002b:00007ffcb26d11f0 EFLAGS: 00010202
RAX: 0000001b2c720000 RBX: 0000000000000213 RCX: 0000000000158ba0
RDX: 0000000000158f51 RSI: 00007ffcb26d12b0 RDI: 0000000000000001
RBP: 00007ffcb26d124c R08: 0000000000000584 R09: 00007ffcb2723080
R10: 00007ffcb2723090 R11: 0000000000284892 R12: 0000000000000032
R13: 0000000000158dab R14: 0000000000000007 R15: 00007ffcb26d12b0
 </TASK>
Modules linked in:
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#3] PREEMPT SMP KASAN NOPTI
---[ end trace 0000000000000000 ]---
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 1 PID: 272 Comm: syz-executor.4 Tainted: G    B D            6.3.0-rc4-next-20230328 #1
RIP: 0010:filemap_fault+0xad8/0x2170
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:filemap_fault+0xad8/0x2170
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff88801010fbd8 EFLAGS: 00010216
RSP: 0018:ffff88800eb07bd8 EFLAGS: 00010216


RAX: dffffc0000000000 RBX: 0000000000000028 RCX: ffffffff8162a147
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
RDX: 0000000000000005 RSI: 0000000000000004 RDI: 0000000000000028
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffff000
RDX: 0000000000000005 RSI: ffffffff818050f8 RDI: 0000000000000007
R10: fffffffffffffff4 R11: 0000000000000001 R12: fffffffffffffff4
RBP: 0000000000000702 R08: 0000000000000007 R09: 0000000000000000
R13: ffff88800d830280 R14: 0000000000000001 R15: ffff88800eb07da0
FS:  0000555556eaf400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000454f60 CR3: 000000000fbb6000 CR4: 0000000000350ee0
R13: ffff88800db95680 R14: 0000000000000001 R15: ffff88801010fda0
Call Trace:
 <TASK>
FS:  00005555574bc400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38072ad65e CR3: 000000000f54c000 CR4: 0000000000350ef0
 __do_fault+0x10d/0x590
 __handle_mm_fault+0x1289/0x30b0
 handle_mm_fault+0x2ce/0xb40
 do_user_addr_fault+0x5f6/0x1310
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7fe0a0ea6688
Code: Unable to access opcode bytes at 0x7fe0a0ea665e.
RSP: 002b:00007ffef57f04e0 EFLAGS: 00010202
RAX: 0000001b2c320000 RBX: 0000000000000204 RCX: 0000000000158ba0
RDX: 0000000000158f26 RSI: 00007ffef57f05a0 RDI: 0000000000000001
RBP: 00007ffef57f053c R08: 0000000000000584 R09: 00007ffef57f5080
R10: 00007ffef57f5090 R11: 000000000028483c R12: 0000000000000032
R13: 0000000000158a0a R14: 0000000000000007 R15: 00007ffef57f05a0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:filemap_fault+0xad8/0x2170
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff88801010fbd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff818050f8 RDI: 0000000000000007
RBP: 0000000000000702 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
R13: ffff88800db95680 R14: 0000000000000001 R15: ffff88801010fda0
FS:  0000555556eaf400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe0a0ea665e CR3: 000000000fbb6000 CR4: 0000000000350ee0
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#4] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 PID: 275 Comm: syz-executor.6 Tainted: G    B D            6.3.0-rc4-next-20230328 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:filemap_fault+0xad8/0x2170
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff888018c67bd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: ffffffff8162a147
RDX: 0000000000000005 RSI: 0000000000000004 RDI: 0000000000000028
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffff000
R10: fffffffffffffff4 R11: 0000000000000001 R12: fffffffffffffff4
R13: ffff88800ef32c80 R14: 0000000000000001 R15: ffff888018c67da0
FS:  00005555565c2400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38072ad65e CR3: 000000000c638000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __do_fault+0x10d/0x590
 __handle_mm_fault+0x1289/0x30b0
 handle_mm_fault+0x2ce/0xb40
 do_user_addr_fault+0x5f6/0x1310
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f63193f4688
Code: Unable to access opcode bytes at 0x7f63193f465e.
RSP: 002b:00007ffdb4817500 EFLAGS: 00010202
RAX: 0000001b2c620000 RBX: 0000000000000204 RCX: 0000000000158ba0
RDX: 0000000000158ec8 RSI: 00007ffdb48175c0 RDI: 0000000000000001
RBP: 00007ffdb481755c R08: 0000000000000584 R09: 00007ffdb48eb080
R10: 00007ffdb48eb090 R11: 0000000000284780 R12: 0000000000000032
R13: 0000000000158d6e R14: 0000000000000003 R15: 00007ffdb48175c0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:filemap_fault+0xad8/0x2170
Code: 00 00 e8 9b e5 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 29 db 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff88801010fbd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff818050f8 RDI: 0000000000000007
RBP: 0000000000000702 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
R13: ffff88800db95680 R14: 0000000000000001 R15: ffff88801010fda0
FS:  00005555565c2400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f63193f465e CR3: 000000000c638000 CR4: 0000000000350ef0
blktrace: Concurrent blktraces are not allowed on sg0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	e8 9b e5 e8 ff       	callq  0xffe8e5a2
   7:	49 8d 5c 24 34       	lea    0x34(%r12),%rbx
   c:	be 04 00 00 00       	mov    $0x4,%esi
  11:	48 89 df             	mov    %rbx,%rdi
  14:	e8 29 db 1d 00       	callq  0x1ddb42
  19:	48 89 da             	mov    %rbx,%rdx
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 14 02          	movzbl (%rdx,%rax,1),%edx <-- trapping instruction
  2e:	48 89 d8             	mov    %rbx,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 03             	add    $0x3,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85                   	.byte 0x85
  3f:	ad                   	lods   %ds:(%rsi),%eax