------------[ cut here ]------------ kernel BUG at [] mm/page_table_check.c:118! Kernel BUG [#1] Modules linked in: CPU: 1 UID: 0 PID: 3856 Comm: syz.1.4 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 ra : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 epc : ffffffff80c4d33e ra : ffffffff80c4d33e sp : ffff8f800a236b60 gp : ffffffff8a2739c0 tp : ffffaf801bffb500 t0 : ffff8f800a237118 t1 : fffff5ef02723009 t2 : ffffffff80a6d720 s0 : ffff8f800a236be0 s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000 a2 : 0000000000080000 a3 : ffffffff80c4d33e a4 : ffff8f8004ad2270 a5 : 0000000000038270 a6 : 0000000000000003 a7 : ffffaf801391804b s2 : 00000000000b3800 s3 : 0000000000000000 s4 : ffffaf8013918000 s5 : 0000000000000200 s6 : 0000000000000001 s7 : dfffffff00000000 s8 : 0000000000007fff s9 : ffffffff88a4b000 s10: 0000000000000000 s11: ffffffff8a390be0 t3 : 0000000000000001 t4 : fffff5ef02723009 t5 : fffff5ef0272300a t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff80c4d33e cause: 0000000000000003 [] page_table_check_set+0x996/0xc38 mm/page_table_check.c:118 [] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:212 [] page_table_check_ptes_set include/linux/page_table_check.h:83 [inline] [] set_ptes arch/riscv/include/asm/pgtable.h:625 [inline] [] __split_huge_pmd_locked mm/huge_memory.c:3358 [inline] [] split_huge_pmd_locked+0x1e2a/0x2388 mm/huge_memory.c:3376 [] __split_huge_pmd+0x2aa/0x3d4 mm/huge_memory.c:3390 [] split_huge_pmd_address mm/huge_memory.c:3403 [inline] [] split_huge_pmd_if_needed mm/huge_memory.c:3415 [inline] [] split_huge_pmd_if_needed mm/huge_memory.c:3406 [inline] [] vma_adjust_trans_huge+0x272/0x4b4 mm/huge_memory.c:3427 [] __split_vma+0x94c/0xe40 mm/vma.c:557 [] vms_gather_munmap_vmas+0x3b4/0x14c4 mm/vma.c:1448 [] __mmap_setup mm/vma.c:2439 [inline] [] __mmap_region+0x3b2/0x27d8 mm/vma.c:2753 [] mmap_region+0x30c/0x4ec mm/vma.c:2857 [] do_mmap+0xaea/0x1090 mm/mmap.c:560 [] vm_mmap_pgoff+0x27c/0x418 mm/util.c:581 [] ksys_mmap_pgoff+0x74/0x708 mm/mmap.c:606 [] riscv_sys_mmap arch/riscv/kernel/sys_riscv.c:29 [inline] [] __do_sys_mmap arch/riscv/kernel/sys_riscv.c:38 [inline] [] __se_sys_mmap arch/riscv/kernel/sys_riscv.c:34 [inline] [] __riscv_sys_mmap+0x11c/0x18c arch/riscv/kernel/sys_riscv.c:34 [] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 [] do_trap_ecall_u+0x3e4/0x638 arch/riscv/kernel/traps.c:342 [] handle_exception+0x168/0x174 arch/riscv/kernel/entry.S:232 Code: 1097 ff8d 80e7 8be0 83e3 e004 1097 ff8d 80e7 d920 (9002) 1097 ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: ff8d1097 auipc ra,0xff8d1 4: 8be080e7 jalr -1858(ra) # 0xff8d08be 8: e00483e3 beqz s1,0xfffffffffffffe0e c: ff8d1097 auipc ra,0xff8d1 10: d92080e7 jalr -622(ra) # 0xff8d0d9e * 14: 9002 ebreak <-- trapping instruction 16: 9710 .short 0x1097