BUG: Bad page map in process syz-fuzzer pte:41b58ab3 pmd:235dec01 addr:000000c0089fc000 vm_flags:00100073 anon_vma:ffffaf8010799c00 mapping:0000000000000000 index:c0089fc file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 0 PID: 3247 Comm: syz-fuzzer Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_bad_pte+0x3d4/0x4a0 mm/memory.c:563 [] vm_normal_page+0x20c/0x22a mm/memory.c:626 [] zap_pte_range mm/memory.c:1361 [inline] [] zap_pmd_range mm/memory.c:1490 [inline] [] zap_pud_range mm/memory.c:1519 [inline] [] zap_p4d_range mm/memory.c:1540 [inline] [] unmap_page_range+0x6d0/0x13f0 mm/memory.c:1561 [] unmap_single_vma mm/memory.c:1606 [inline] [] zap_page_range+0x28e/0x430 mm/memory.c:1663 [] madvise_dontneed_single_vma mm/madvise.c:799 [inline] [] madvise_dontneed_free mm/madvise.c:854 [inline] [] madvise_vma_behavior+0xf5e/0x1250 mm/madvise.c:991 [] madvise_walk_vmas+0x186/0x23e mm/madvise.c:1207 [] do_madvise mm/madvise.c:1385 [inline] [] do_madvise+0x2f4/0x3a8 mm/madvise.c:1343 [] __do_sys_madvise mm/madvise.c:1398 [inline] [] sys_madvise+0x38/0x48 mm/madvise.c:1396 [] ret_from_syscall+0x0/0x2 BUG: Bad page map in process syz-fuzzer pte:ffffffff8451f630 pmd:235dec01 addr:000000c0089fd000 vm_flags:00100073 anon_vma:ffffaf8010799c00 mapping:0000000000000000 index:c0089fd file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 0 PID: 3247 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_bad_pte+0x3d4/0x4a0 mm/memory.c:563 [] vm_normal_page+0x20c/0x22a mm/memory.c:626 [] zap_pte_range mm/memory.c:1361 [inline] [] zap_pmd_range mm/memory.c:1490 [inline] [] zap_pud_range mm/memory.c:1519 [inline] [] zap_p4d_range mm/memory.c:1540 [inline] [] unmap_page_range+0x6d0/0x13f0 mm/memory.c:1561 [] unmap_single_vma mm/memory.c:1606 [inline] [] zap_page_range+0x28e/0x430 mm/memory.c:1663 [] madvise_dontneed_single_vma mm/madvise.c:799 [inline] [] madvise_dontneed_free mm/madvise.c:854 [inline] [] madvise_vma_behavior+0xf5e/0x1250 mm/madvise.c:991 [] madvise_walk_vmas+0x186/0x23e mm/madvise.c:1207 [] do_madvise mm/madvise.c:1385 [inline] [] do_madvise+0x2f4/0x3a8 mm/madvise.c:1343 [] __do_sys_madvise mm/madvise.c:1398 [inline] [] sys_madvise+0x38/0x48 mm/madvise.c:1396 [] ret_from_syscall+0x0/0x2 Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 Oops [#1] Modules linked in: CPU: 0 PID: 3247 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : __nr_to_section include/linux/mmzone.h:1396 [inline] epc : __pfn_to_section include/linux/mmzone.h:1480 [inline] epc : pfn_swap_entry_to_page include/linux/swapops.h:252 [inline] epc : zap_pte_range mm/memory.c:1417 [inline] epc : zap_pmd_range mm/memory.c:1490 [inline] epc : zap_pud_range mm/memory.c:1519 [inline] epc : zap_p4d_range mm/memory.c:1540 [inline] epc : unmap_page_range+0xb18/0x13f0 mm/memory.c:1561 ra : __nr_to_section include/linux/mmzone.h:1396 [inline] ra : __pfn_to_section include/linux/mmzone.h:1480 [inline] ra : pfn_swap_entry_to_page include/linux/swapops.h:252 [inline] ra : zap_pte_range mm/memory.c:1417 [inline] ra : zap_pmd_range mm/memory.c:1490 [inline] ra : zap_pud_range mm/memory.c:1519 [inline] ra : zap_p4d_range mm/memory.c:1540 [inline] ra : unmap_page_range+0xb18/0x13f0 mm/memory.c:1561 epc : ffffffff803d2158 ra : ffffffff803d2158 sp : ffffaf801006b7b0 gp : ffffffff85863ac0 tp : ffffaf800b6e6100 t0 : ffffaf801006b8b0 t1 : fffff5ef0200d715 t2 : 0000000000002000 s0 : ffffaf801006b960 s1 : ffffaf800d57bf90 a0 : ffffaf847c9ffff8 a1 : 0000000000000007 a2 : 1ffff5f08f93ffff a3 : ffffffff803d2158 a4 : 0000000000000000 a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffaf801006b8af s2 : 000000c0089f3000 s3 : ffffffff80110fdc s4 : 7c1ffffffff00221 s5 : 000000c0089f4000 s6 : ffffaf847c9ffff8 s7 : 0000000000000000 s8 : ffffaf801006b8e0 s9 : ffffaf801006ba00 s10: 000000c0089f2000 s11: 001ffffffff00221 t3 : 0000000000000000 t4 : fffff5ef0200d714 t5 : fffff5ef0200d716 t6 : 00000000000829e4 status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [] unmap_single_vma mm/memory.c:1606 [inline] [] zap_page_range+0x28e/0x430 mm/memory.c:1663 [] madvise_dontneed_single_vma mm/madvise.c:799 [inline] [] madvise_dontneed_free mm/madvise.c:854 [inline] [] madvise_vma_behavior+0xf5e/0x1250 mm/madvise.c:991 [] madvise_walk_vmas+0x186/0x23e mm/madvise.c:1207 [] do_madvise mm/madvise.c:1385 [inline] [] do_madvise+0x2f4/0x3a8 mm/madvise.c:1343 [] __do_sys_madvise mm/madvise.c:1398 [inline] [] sys_madvise+0x38/0x48 mm/madvise.c:1396 [] ret_from_syscall+0x0/0x2 ---[ end trace 0000000000000000 ]---