free_pages_and_swap_cache+0x4cd/0x590 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x2ad/0x500 mm/mmu_gather.c:373 tlb_finish_mmu+0xb6/0x1c0 mm/mmu_gather.c:465 exit_mmap+0x3c0/0x990 mm/mmap.c:1873 __mmput+0x94/0x2a0 kernel/fork.c:1344 exit_mm+0x1d7/0x290 kernel/exit.c:571 do_exit+0x887/0x21c0 kernel/exit.c:926 __do_sys_exit kernel/exit.c:1055 [inline] __se_sys_exit kernel/exit.c:1053 [inline] __pfx___ia32_sys_exit+0x0/0x10 kernel/exit.c:1053 x64_sys_call+0x2622/0x2640 arch/x86/include/generated/asm/syscalls_64.h:61 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4654 at mm/rmap.c:1342 __folio_add_anon_rmap mm/rmap.c:1339 [inline] WARNING: CPU: 1 PID: 4654 at mm/rmap.c:1342 folio_add_anon_rmap_pmd+0x891/0xf70 mm/rmap.c:1396 Modules linked in: CPU: 1 UID: 0 PID: 4654 Comm: syz.0.218 Not tainted 6.11.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__folio_add_anon_rmap mm/rmap.c:1339 [inline] RIP: 0010:folio_add_anon_rmap_pmd+0x891/0xf70 mm/rmap.c:1396 Code: f7 fd ff ff 4c 89 ff e8 6d a1 00 00 83 f8 02 0f 8c e6 fd ff ff e9 2a fe ff ff 4c 89 ff 48 c7 c6 a0 78 53 87 e8 10 1b f8 ff 90 <0f> 0b 90 e9 c9 fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c f9 fd RSP: 0018:ffffc900077ff138 EFLAGS: 00010246 RAX: 49b3becc8172df00 RBX: 1ffffd4000a56000 RCX: ffffc900077fed03 RDX: 0000000000000002 RSI: ffffffff8749da40 RDI: ffffffff877d7000 RBP: ffffea00052b0000 R08: ffffffff89da9c2f R09: 1ffffffff13b5385 R10: dffffc0000000000 R11: fffffbfff13b5386 R12: ffffea00052b0000 R13: 0000000000000000 R14: ffffea00052b0008 R15: ffffea00052b0000 FS: 00007fc5438d36c0(0000) GS:ffff8880b9700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5438b29c8 CR3: 000000001d91e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: remove_migration_pmd+0x4f0/0xcc0 mm/huge_memory.c:4156 remove_migration_pte+0xdc9/0x21c0 mm/migrate.c:270 rmap_walk_anon+0x412/0x6e0 mm/rmap.c:2638 remove_migration_ptes mm/migrate.c:372 [inline] migrate_folio_move mm/migrate.c:1387 [inline] migrate_pages_batch+0x1fbb/0x2bb0 mm/migrate.c:1897 migrate_pages_sync mm/migrate.c:1963 [inline] migrate_pages+0x1a65/0x2d40 mm/migrate.c:2072 migrate_to_node mm/mempolicy.c:1095 [inline] do_migrate_pages+0x6ce/0x880 mm/mempolicy.c:1194 kernel_migrate_pages mm/mempolicy.c:1709 [inline] __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages+0x4ca/0x520 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc542b7def9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc5438d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 RAX: ffffffffffffffda RBX: 00007fc542d35f80 RCX: 00007fc542b7def9 RDX: 00000000200002c0 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 00007fc542bf0b76 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc542d35f80 R15: 00007ffc98263438