------------[ cut here ]------------ kernel BUG at [] mm/filemap.c:858! Kernel BUG [#1] Modules linked in: CPU: 0 UID: 0 PID: 4710 Comm: syz.1.324 Not tainted syzkaller #0 PREEMPT Hardware name: riscv-virtio,qemu (DT) epc : __filemap_add_folio+0xf94/0x136c mm/filemap.c:858 ra : __filemap_add_folio+0xf94/0x136c mm/filemap.c:858 epc : ffffffff808a1c48 ra : ffffffff808a1c48 sp : ffff8f80038a7070 gp : ffffffff8a22a0c0 tp : ffffaf8031270000 t0 : 0000000000000000 t1 : fffff5ef03c37438 t2 : ffffffff91601820 s0 : ffff8f80038a7230 s1 : 0000000000112cc0 a0 : ffffaf80312704c4 a1 : ffffffff86dda2c0 a2 : 0000000000080000 a3 : ffffffff809bf25c a4 : ffff8f8004e7c468 a5 : 00000000001c2468 a6 : fffff5ef03c37439 a7 : ffffaf801e1ba1c3 s2 : 0000000000000000 s3 : 1ffff1f000714e24 s4 : 0000000000000004 s5 : ffff8d8000cb8e00 s6 : 0000000000000000 s7 : 0000000000000000 s8 : ffffaf80163cb7d0 s9 : ffff8f80038a7280 s10: 0000000000000000 s11: ffff8f80038a71c0 t3 : ffffffff87fb2860 t4 : fffff5ef03c37438 t5 : fffff5ef03c37439 t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff808a1c48 cause: 0000000000000003 [] __filemap_add_folio+0xf94/0x136c mm/filemap.c:858 [] filemap_add_folio+0x1b6/0xb34 mm/filemap.c:966 [] ra_alloc_folio mm/readahead.c:456 [inline] [] page_cache_ra_order+0x626/0x1454 mm/readahead.c:515 [] do_sync_mmap_readahead mm/filemap.c:3405 [inline] [] filemap_fault+0x19c6/0x2f4c mm/filemap.c:3554 [] __do_fault+0xee/0x7e4 mm/memory.c:5364 [] do_read_fault mm/memory.c:5799 [inline] [] do_fault+0xe08/0x1a60 mm/memory.c:5933 [] do_pte_missing mm/memory.c:4477 [inline] [] handle_pte_fault mm/memory.c:6317 [inline] [] __handle_mm_fault+0x1432/0x23a0 mm/memory.c:6455 [] handle_mm_fault+0x268/0x8c4 mm/memory.c:6624 [] faultin_page mm/gup.c:1126 [inline] [] __get_user_pages+0xdec/0x2e0c mm/gup.c:1428 [] populate_vma_page_range+0x244/0x3d0 mm/gup.c:1860 [] __mm_populate+0x10e/0x3b0 mm/gup.c:1963 [] mm_populate include/linux/mm.h:3894 [inline] [] vm_mmap_pgoff+0x34c/0x418 mm/util.c:586 [] ksys_mmap_pgoff+0x2c2/0x718 mm/mmap.c:605 [] riscv_sys_mmap arch/riscv/kernel/sys_riscv.c:29 [inline] [] __do_sys_mmap arch/riscv/kernel/sys_riscv.c:38 [inline] [] __se_sys_mmap arch/riscv/kernel/sys_riscv.c:34 [inline] [] __riscv_sys_mmap+0x11c/0x18c arch/riscv/kernel/sys_riscv.c:34 [] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 [] do_trap_ecall_u+0x402/0x680 arch/riscv/kernel/traps.c:342 [] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 Code: cba0 8556 c597 0628 8593 4285 d097 0011 80e7 5a80 (9002) a097 ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: cba0 sw s0,80(a5) 2: 8556 mv a0,s5 4: 0628c597 auipc a1,0x628c 8: 42858593 addi a1,a1,1064 # 0x628c42c c: 0011d097 auipc ra,0x11d 10: 5a8080e7 jalr 1448(ra) # 0x11d5b4 * 14: 9002 ebreak <-- trapping instruction 16: 97a0 .short 0xa097