arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:149 [inline] exit_to_user_mode_loop kernel/entry/common.c:187 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:222 __syscall_exit_to_user_mode_work kernel/entry/common.c:304 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:315 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae ------------[ cut here ]------------ kernel BUG at include/linux/memcontrol.h:472! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4168 Comm: syz-executor123 Tainted: G W 5.17.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:folio_memcg_rcu include/linux/memcontrol.h:472 [inline] RIP: 0010:workingset_activation+0x455/0x550 mm/workingset.c:413 Code: df 48 c1 e8 03 80 3c 10 00 0f 85 ec 00 00 00 48 8b 05 bf 31 0b 0b e9 64 fd ff ff 48 c7 c6 60 05 f6 88 48 89 ef e8 fb 00 00 00 <0f> 0b 0f 0b e9 4f fc ff ff 48 c7 c6 c0 07 f6 88 48 89 ef e8 e3 00 RSP: 0018:ffffc900037b75e8 EFLAGS: 00010292 RAX: 0000000000000000 RBX: ffffea0001a80000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012a8000a RBP: ffffea0001a80000 R08: 0000000000000029 R09: ffffc900037b718f R10: fffff520006f6e31 R11: 535f7972746e6520 R12: 0000000000000000 R13: ffff8880b9f34d40 R14: 0000000000000003 R15: ffff8880b9f34d70 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0bb592e1f0 CR3: 0000000022e3b000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: folio_mark_accessed+0x494/0xb60 mm/swap.c:440 handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:586 [inline] handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:469 [inline] __handle_changed_spte+0x70c/0xea0 arch/x86/kvm/mmu/tdp_mmu.c:577 handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:584 [inline] handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:469 [inline] __handle_changed_spte+0x6f7/0xea0 arch/x86/kvm/mmu/tdp_mmu.c:577 __tdp_mmu_set_spte+0x123/0x6a0 arch/x86/kvm/mmu/tdp_mmu.c:717 _tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:732 [inline] tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:740 [inline] __tdp_mmu_zap_root+0x4f0/0x540 arch/x86/kvm/mmu/tdp_mmu.c:845 tdp_mmu_zap_root+0xe2/0x240 arch/x86/kvm/mmu/tdp_mmu.c:881 kvm_tdp_mmu_zap_all+0xe0/0x120 arch/x86/kvm/mmu/tdp_mmu.c:1012 kvm_mmu_zap_all+0x1e8/0x240 arch/x86/kvm/mmu/mmu.c:6080 kvm_mmu_notifier_release+0x4e/0x80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:813 mn_hlist_release mm/mmu_notifier.c:319 [inline] __mmu_notifier_release+0x183/0x530 mm/mmu_notifier.c:357 mmu_notifier_release include/linux/mmu_notifier.h:415 [inline] exit_mmap+0x322/0x3f0 mm/mmap.c:3114 __mmput+0xed/0x430 kernel/fork.c:1183 exit_mm kernel/exit.c:509 [inline] do_exit+0x8e9/0x24b0 kernel/exit.c:781 do_group_exit+0xb2/0x2a0 kernel/exit.c:924 __do_sys_exit_group kernel/exit.c:935 [inline] __se_sys_exit_group kernel/exit.c:933 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:933 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f0bb58b81d9 Code: Unable to access opcode bytes at RIP 0x7f0bb58b81af. RSP: 002b:00007ffcae696c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f0bb592d350 RCX: 00007f0bb58b81d9 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 R10: 0000000000000006 R11: 0000000000000246 R12: 00007f0bb592d350 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:folio_memcg_rcu include/linux/memcontrol.h:472 [inline] RIP: 0010:workingset_activation+0x455/0x550 mm/workingset.c:413 Code: df 48 c1 e8 03 80 3c 10 00 0f 85 ec 00 00 00 48 8b 05 bf 31 0b 0b e9 64 fd ff ff 48 c7 c6 60 05 f6 88 48 89 ef e8 fb 00 00 00 <0f> 0b 0f 0b e9 4f fc ff ff 48 c7 c6 c0 07 f6 88 48 89 ef e8 e3 00 RSP: 0018:ffffc900037b75e8 EFLAGS: 00010292 RAX: 0000000000000000 RBX: ffffea0001a80000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012a8000a RBP: ffffea0001a80000 R08: 0000000000000029 R09: ffffc900037b718f R10: fffff520006f6e31 R11: 535f7972746e6520 R12: 0000000000000000 R13: ffff8880b9f34d40 R14: 0000000000000003 R15: ffff8880b9f34d70 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0bb592e1f0 CR3: 0000000022e3b000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400