------------[ cut here ]------------ kernel BUG at [] mm/page_table_check.c:118! Kernel BUG [#1] Modules linked in: CPU: 0 UID: 60928 PID: 5810 Comm: syz.1.610 Tainted: G W L syzkaller #0 PREEMPT Tainted: [W]=WARN, [L]=SOFTLOCKUP Hardware name: riscv-virtio,qemu (DT) epc : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 ra : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 epc : ffffffff80c8200a ra : ffffffff80c8200a sp : ffff8f8002cf61d0 gp : ffffffff8a49d240 tp : ffffaf8019a11ac0 t0 : 0000000000000000 t1 : fffff5ef027a9409 t2 : ffffffff91874220 s0 : ffff8f8002cf6250 s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000 a2 : 0000000000080000 a3 : ffffffff80c8200a a4 : ffff8f8004d77930 a5 : 00000000000ac930 a6 : 0000000000000003 a7 : ffffaf8013d4a04b s2 : 00000000000b4200 s3 : 0000000000000000 s4 : ffffaf8013d4a000 s5 : 0000000000000001 s6 : 0000000000000001 s7 : dfffffff00000000 s8 : 0000000000007fff s9 : ffffffff88c5a000 s10: 0000000000000000 s11: ffffffff8a5bbca0 t3 : 0000000000000001 t4 : fffff5ef027a9409 t5 : fffff5ef027a940a t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff80c8200a cause: 0000000000000003 [] page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 [] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:212 [] page_table_check_ptes_set include/linux/page_table_check.h:83 [inline] [] set_ptes arch/riscv/include/asm/pgtable.h:635 [inline] [] remove_migration_pte+0x1038/0x213c mm/migrate.c:436 [] rmap_walk_anon+0x30e/0x690 mm/rmap.c:3001 [] rmap_walk_locked+0xa6/0xcc mm/rmap.c:3117 [] remove_migration_ptes+0x18a/0x1bc mm/migrate.c:471 [] remap_page mm/huge_memory.c:3482 [inline] [] __folio_split+0xce8/0x1410 mm/huge_memory.c:4110 [] __split_huge_page_to_list_to_order mm/huge_memory.c:4240 [inline] [] split_huge_page_to_list_to_order include/linux/huge_mm.h:415 [inline] [] split_folio_to_list+0x4c/0x60 mm/huge_memory.c:4304 [] shrink_folio_list+0x21d8/0x4d90 mm/vmscan.c:1284 [] reclaim_folio_list+0x134/0x8f0 mm/vmscan.c:2171 [] reclaim_pages+0x33e/0x4b8 mm/vmscan.c:2208 [] madvise_cold_or_pageout_pte_range+0x1b40/0x236c mm/madvise.c:444 [] walk_pmd_range mm/pagewalk.c:148 [inline] [] walk_pud_range mm/pagewalk.c:239 [inline] [] walk_p4d_range mm/pagewalk.c:280 [inline] [] walk_pgd_range+0xd12/0x1ecc mm/pagewalk.c:321 [] __walk_page_range+0x138/0x7a8 mm/pagewalk.c:429 [] walk_page_range_vma_unsafe+0x1ec/0x82c mm/pagewalk.c:733 [] walk_page_range_vma+0x5a/0x84 mm/pagewalk.c:743 [] madvise_pageout_page_range mm/madvise.c:622 [inline] [] madvise_pageout+0x236/0x780 mm/madvise.c:647 [] madvise_vma_behavior+0x72c/0x1eb0 mm/madvise.c:1358 [] madvise_walk_vmas+0x23a/0x978 mm/madvise.c:1713 [] madvise_do_behavior+0x1ea/0x5c0 mm/madvise.c:1908 [] do_madvise+0x23a/0x294 mm/madvise.c:2006 [] __do_sys_madvise mm/madvise.c:2015 [inline] [] __se_sys_madvise mm/madvise.c:2013 [inline] [] __riscv_sys_madvise+0x88/0xdc mm/madvise.c:2013 [] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 [] do_trap_ecall_u+0x3e4/0x638 arch/riscv/kernel/traps.c:342 [] handle_exception+0x168/0x174 arch/riscv/kernel/entry.S:237 Code: d097 ff8a 80e7 4f20 83e3 e004 e097 ff8a 80e7 9f20 (9002) e097 ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: ff8ad097 auipc ra,0xff8ad 4: 4f2080e7 jalr 1266(ra) # 0xff8ad4f2 8: e00483e3 beqz s1,0xfffffffffffffe0e c: ff8ae097 auipc ra,0xff8ae 10: 9f2080e7 jalr -1550(ra) # 0xff8ad9fe * 14: 9002 ebreak <-- trapping instruction 16: 97e0 .short 0xe097