------------[ cut here ]------------ kernel BUG at [] mm/page_table_check.c:142! Kernel BUG [#1] Modules linked in: CPU: 1 UID: 0 PID: 4041 Comm: syz.0.45 Not tainted syzkaller #0 PREEMPT Hardware name: riscv-virtio,qemu (DT) epc : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142 ra : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142 epc : ffffffff80bfdcce ra : ffffffff80bfdcce sp : ffff8f800b926b90 gp : ffffffff89f9df20 tp : ffffaf80142bb500 t0 : ffff8f800b926b40 t1 : fffff5ef026ae409 t2 : 0000000000000000 s0 : ffff8f800b926c00 s1 : ffffaf8013572048 a0 : 0000000000000005 a1 : 0000000000000000 a2 : 0000000000000002 a3 : ffffffff80bfdcce a4 : 0000000000000000 a5 : ffffaf80142bc500 a6 : 0000000000000003 a7 : ffffaf801357204b s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf8013572000 s5 : dfffffff00000000 s6 : 00000000000b4a00 s7 : 0000000000000200 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef1416bb0 s11: ffffffff8a0b5d80 t3 : 0000000000000001 t4 : fffff5ef026ae409 t5 : fffff5ef026ae40a t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff80bfdcce cause: 0000000000000003 [] __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142 [] page_table_check_free include/linux/page_table_check.h:43 [inline] [] free_pages_prepare mm/page_alloc.c:1434 [inline] [] free_unref_folios+0xa22/0x1dc8 mm/page_alloc.c:3030 [] folios_put_refs+0x41c/0x61c mm/swap.c:1002 [] free_pages_and_swap_cache+0x252/0x480 mm/swap_state.c:355 [] __tlb_batch_free_encoded_pages+0xe4/0x25c mm/mmu_gather.c:137 [] tlb_batch_pages_flush mm/mmu_gather.c:150 [inline] [] tlb_flush_mmu_free mm/mmu_gather.c:398 [inline] [] tlb_flush_mmu+0xdc/0x5f8 mm/mmu_gather.c:405 [] zap_pte_range mm/memory.c:1897 [inline] [] zap_pmd_range mm/memory.c:1950 [inline] [] zap_pud_range mm/memory.c:1978 [inline] [] zap_p4d_range mm/memory.c:1999 [inline] [] unmap_page_range+0x1b3a/0x408c mm/memory.c:2020 [] unmap_single_vma+0x13e/0x230 mm/memory.c:2062 [] unmap_vmas+0x1ea/0x40c mm/memory.c:2104 [] exit_mmap+0x184/0xca8 mm/mmap.c:1277 [] __mmput+0x106/0x3d0 kernel/fork.c:1173 [] mmput+0x74/0x88 kernel/fork.c:1196 [] exit_mm kernel/exit.c:581 [inline] [] do_exit+0x792/0x2828 kernel/exit.c:959 [] do_group_exit+0xca/0x258 kernel/exit.c:1112 [] get_signal+0x1f7e/0x224c kernel/signal.c:3034 [] arch_do_signal_or_restart+0x632/0x1ddc arch/riscv/kernel/signal.c:534 [] __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] [] exit_to_user_mode_loop+0x8e/0x874 kernel/entry/common.c:75 [] __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] [] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] [] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] [] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] [] do_trap_ecall_u+0x462/0x58c arch/riscv/kernel/traps.c:359 [] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 Code: 7f80 8526 c0ef ec3f 8a2a b791 6097 ff90 80e7 7e60 (9002) 6097 ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 7f80 flw fs0,56(a5) 2: 8526 mv a0,s1 4: ec3fc0ef jal 0xffffffffffffcec6 8: 8a2a mv s4,a0 a: b791 j 0xffffffffffffff4e c: ff906097 auipc ra,0xff906 10: 7e6080e7 jalr 2022(ra) # 0xff9067f2 * 14: 9002 ebreak <-- trapping instruction 16: 9760 .short 0x6097