------------[ cut here ]------------ kernel BUG at [] mm/page_table_check.c:142! Kernel BUG [#1] Modules linked in: CPU: 0 UID: 0 PID: 5067 Comm: syz.0.366 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142 ra : __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142 epc : ffffffff80c6a8b6 ra : ffffffff80c6a8b6 sp : ffff8f800a0a6fa0 gp : ffffffff8a24e5c0 tp : ffffaf801b6d0000 t0 : ffff8f800a0a6f40 t1 : fffff5ef02738409 t2 : ffffffff91627f80 s0 : ffff8f800a0a7010 s1 : ffffaf80139c2048 a0 : 0000000000000005 a1 : 0000000000000000 a2 : 0000000000000002 a3 : ffffffff80c6a8b6 a4 : 0000000000000000 a5 : ffffaf801b6d1000 a6 : 0000000000000003 a7 : ffffaf80139c204b s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf80139c2000 s5 : dfffffff00000000 s6 : 00000000000b5a00 s7 : 0000000000000200 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef146d78c s11: ffffffff8a36bc60 t3 : 0000000000000001 t4 : fffff5ef02738409 t5 : fffff5ef0273840a t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff80c6a8b6 cause: 0000000000000003 [] __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142 [] page_table_check_free include/linux/page_table_check.h:46 [inline] [] __free_pages_prepare mm/page_alloc.c:1403 [inline] [] free_unref_folios+0xb1e/0x1ad0 mm/page_alloc.c:3004 [] folios_put_refs+0x458/0x7c8 mm/swap.c:1008 [] free_pages_and_swap_cache+0x22e/0x3c0 mm/swap_state.c:401 [] __tlb_batch_free_encoded_pages+0xe4/0x25c mm/mmu_gather.c:138 [] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] [] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] [] tlb_flush_mmu mm/mmu_gather.c:424 [inline] [] tlb_finish_mmu+0x188/0x824 mm/mmu_gather.c:549 [] exit_mmap+0x416/0xcc0 mm/mmap.c:1313 [] __mmput+0x106/0x3d0 kernel/fork.c:1178 [] mmput+0x74/0x88 kernel/fork.c:1201 [] exit_mm kernel/exit.c:582 [inline] [] do_exit+0x876/0x2a18 kernel/exit.c:964 [] do_group_exit+0xca/0x258 kernel/exit.c:1119 [] get_signal+0x1f56/0x2224 kernel/signal.c:3037 [] arch_do_signal_or_restart+0xf4/0x1e08 arch/riscv/kernel/signal.c:534 [] __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] [] exit_to_user_mode_loop kernel/entry/common.c:98 [inline] [] __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] [] irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline] [] irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline] [] irqentry_exit+0x6a0/0xe8c kernel/entry/common.c:162 [] do_page_fault+0x3e/0x58 arch/riscv/kernel/traps.c:420 [] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 Code: f580 8526 d0ef 88af 8a2a b7a1 7097 ff8c 80e7 f460 (9002) 7097 ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: f580 fsw fs0,40(a1) 2: 8526 mv a0,s1 4: 88afd0ef jal 0xffffffffffffd08e 8: 8a2a mv s4,a0 a: b7a1 j 0xffffffffffffff52 c: ff8c7097 auipc ra,0xff8c7 10: f46080e7 jalr -186(ra) # 0xff8c6f52 * 14: 9002 ebreak <-- trapping instruction 16: 9770 .short 0x7097