Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 UID: 0 PID: 81 Comm: kswapd1 Not tainted 6.14.0-rc5-syzkaller-g848e07631744 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:PagePoisoned include/linux/page-flags.h:294 [inline]
RIP: 0010:dump_page+0x90/0xc90 mm/debug.c:167
Code: 3d 00 f1 f1 f1 f1 48 b8 f2 f2 f2 f2 f2 f2 f2 f2 4b 89 44 3d 1c 43 c7 44 3d 2c f3 f3 f3 f3 e8 c7 64 b5 ff 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 01 a0 1c 00 49 8b 1c 24 48 c7 c7
RSP: 0018:ffffc900012ae6a0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffc900012ae960 RCX: ffff8880334b0000
RDX: 0000000000000000 RSI: ffffffff8c368840 RDI: 0000000000000000
RBP: ffffc900012ae8d0 R08: ffffffff8c065786 R09: 1ffffffff2079e8e
R10: dffffc0000000000 R11: fffffbfff2079e8f R12: 0000000000000000
R13: 1ffff92000255ce0 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f94969e0010 CR3: 0000000011c10000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __delete_from_swap_cache+0x6cc/0x7d0 mm/swap_state.c:160
 __remove_mapping+0x812/0xad0 mm/vmscan.c:771
 shrink_folio_list+0x2c18/0x5ac0 mm/vmscan.c:1502
 evict_folios+0x45fd/0x56a0 mm/vmscan.c:4660
 try_to_shrink_lruvec+0x713/0x9b0 mm/vmscan.c:4821
 shrink_one+0x3b9/0x850 mm/vmscan.c:4866
 shrink_many mm/vmscan.c:4929 [inline]
 lru_gen_shrink_node mm/vmscan.c:5007 [inline]
 shrink_node+0x379b/0x3e20 mm/vmscan.c:5978
 kswapd_shrink_node mm/vmscan.c:6807 [inline]
 balance_pgdat mm/vmscan.c:6999 [inline]
 kswapd+0x20f3/0x3b10 mm/vmscan.c:7264
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:PagePoisoned include/linux/page-flags.h:294 [inline]
RIP: 0010:dump_page+0x90/0xc90 mm/debug.c:167
Code: 3d 00 f1 f1 f1 f1 48 b8 f2 f2 f2 f2 f2 f2 f2 f2 4b 89 44 3d 1c 43 c7 44 3d 2c f3 f3 f3 f3 e8 c7 64 b5 ff 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 01 a0 1c 00 49 8b 1c 24 48 c7 c7
RSP: 0018:ffffc900012ae6a0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffc900012ae960 RCX: ffff8880334b0000
RDX: 0000000000000000 RSI: ffffffff8c368840 RDI: 0000000000000000
RBP: ffffc900012ae8d0 R08: ffffffff8c065786 R09: 1ffffffff2079e8e
R10: dffffc0000000000 R11: fffffbfff2079e8f R12: 0000000000000000
R13: 1ffff92000255ce0 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f94969e0010 CR3: 0000000011c10000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	3d 00 f1 f1 f1       	cmp    $0xf1f1f100,%eax
   5:	f1                   	int1
   6:	48 b8 f2 f2 f2 f2 f2 	movabs $0xf2f2f2f2f2f2f2f2,%rax
   d:	f2 f2 f2
  10:	4b 89 44 3d 1c       	mov    %rax,0x1c(%r13,%r15,1)
  15:	43 c7 44 3d 2c f3 f3 	movl   $0xf3f3f3f3,0x2c(%r13,%r15,1)
  1c:	f3 f3
  1e:	e8 c7 64 b5 ff       	call   0xffb564ea
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 e7             	mov    %r12,%rdi
  34:	e8 01 a0 1c 00       	call   0x1ca03a
  39:	49 8b 1c 24          	mov    (%r12),%rbx
  3d:	48                   	rex.W
  3e:	c7                   	.byte 0xc7
  3f:	c7                   	.byte 0xc7