------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:118!
Kernel BUG [#1]
Modules linked in:
CPU: 0 UID: 0 PID: 7886 Comm: syz.4.1009 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: riscv-virtio,qemu (DT)
epc : page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
ra : page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
epc : ffffffff80bfcb7c ra : ffffffff80bfcb7c sp : ffff8f8000cb6860
gp : ffffffff89f9df20 tp : ffffaf801c80b500 t0 : 0000000000000000
t1 : fffff5ef026b8409 t2 : ffffffff9136c6e8 s0 : ffff8f8000cb68e0
s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000
a2 : 0000000000080000 a3 : ffffffff80bfcb7c a4 : ffff8f800b83a948
a5 : 000000000007f948 a6 : 0000000000000003 a7 : ffffaf80135c204b
s2 : 00000000000b5a00 s3 : 0000000000000000 s4 : ffffaf80135c2000
s5 : 0000000000000001 s6 : 0000000000000001 s7 : dfffffff00000000
s8 : 0000000000007fff s9 : ffffffff88825fa0 s10: 0000000000000000
s11: ffffffff8a0b5d80 t3 : 0000000000000001 t4 : fffff5ef026b8409
t5 : fffff5ef026b840a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80bfcb7c cause: 0000000000000003
[<ffffffff80bfcb7c>] page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
[<ffffffff80bfd300>] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:212
[<ffffffff80b5e6c2>] page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
[<ffffffff80b5e6c2>] set_ptes arch/riscv/include/asm/pgtable.h:640 [inline]
[<ffffffff80b5e6c2>] remove_migration_pte+0x1136/0x2494 mm/migrate.c:436
[<ffffffff80a0df26>] rmap_walk_anon+0x30e/0x690 mm/rmap.c:2861
[<ffffffff80a27da6>] rmap_walk_locked+0xa6/0xcc mm/rmap.c:2977
[<ffffffff80b69a0a>] remove_migration_ptes+0x18a/0x1bc mm/migrate.c:470
[<ffffffff80b90dc0>] remap_page mm/huge_memory.c:3434 [inline]
[<ffffffff80b90dc0>] __folio_split+0xeb4/0x16f8 mm/huge_memory.c:4069
[<ffffffff80b91ae2>] __split_huge_page_to_list_to_order+0x7e/0x140 mm/huge_memory.c:4200
[<ffffffff80b9554a>] split_huge_page_to_list_to_order include/linux/huge_mm.h:385 [inline]
[<ffffffff80b9554a>] split_folio_to_list+0x22/0x30 mm/huge_memory.c:4264
[<ffffffff80ab469a>] madvise_cold_or_pageout_pte_range+0x1862/0x2400 mm/madvise.c:412
[<ffffffff80a03002>] walk_pmd_range mm/pagewalk.c:130 [inline]
[<ffffffff80a03002>] walk_pud_range mm/pagewalk.c:224 [inline]
[<ffffffff80a03002>] walk_p4d_range mm/pagewalk.c:262 [inline]
[<ffffffff80a03002>] walk_pgd_range+0xcc6/0x1f84 mm/pagewalk.c:303
[<ffffffff80a043f8>] __walk_page_range+0x138/0x7a8 mm/pagewalk.c:410
[<ffffffff80a05cf2>] walk_page_range_vma_unsafe+0x212/0x868 mm/pagewalk.c:714
[<ffffffff80a063a2>] walk_page_range_vma+0x5a/0x84 mm/pagewalk.c:724
[<ffffffff80aadfe8>] madvise_cold_page_range mm/madvise.c:586 [inline]
[<ffffffff80aadfe8>] madvise_cold+0x1a4/0x5f4 mm/madvise.c:606
[<ffffffff80ab66c0>] madvise_vma_behavior+0x1188/0x251c mm/madvise.c:1364
[<ffffffff80ab7c8e>] madvise_walk_vmas+0x23a/0x970 mm/madvise.c:1721
[<ffffffff80ab85ae>] madvise_do_behavior+0x1ea/0x5c0 mm/madvise.c:1937
[<ffffffff80ab94c6>] do_madvise+0x18a/0x22c mm/madvise.c:2030
[<ffffffff80ab95f0>] __do_sys_madvise mm/madvise.c:2039 [inline]
[<ffffffff80ab95f0>] __se_sys_madvise mm/madvise.c:2037 [inline]
[<ffffffff80ab95f0>] __riscv_sys_madvise+0x88/0xdc mm/madvise.c:2037
[<ffffffff80078192>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c arch/riscv/kernel/traps.c:344
[<ffffffff863bb61e>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: 7097 ff90 80e7 4580 81e3 e004 8097 ff90 80e7 9380 (9002) 8097
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: ff907097 auipc ra,0xff907
4: 458080e7 jalr 1112(ra) # 0xff907458
8: e00481e3 beqz s1,0xfffffffffffffe0a
c: ff908097 auipc ra,0xff908
10: 938080e7 jalr -1736(ra) # 0xff907944
* 14: 9002 ebreak <-- trapping instruction
16: 9780 .short 0x8097