[BUG] WARNING in unlink_anon_vmas()
From: Jiakai Xu
Date: Wed Mar 18 2026 - 06:43:09 EST
Hi all,
While fuzzing the KVM subsystem on RISC-V, I stumbled upon a kernel WARNING
that triggers in unlink_anon_vmas().
WARNING: mm/rmap.c:528 at unlink_anon_vmas+0x562/0x768 mm/rmap.c:528
unlink_anon_vmas+0x562/0x768 mm/rmap.c:528
free_pgtables+0x2a0/0x860 mm/memory.c:427
exit_mmap+0x406/0xd14 mm/mmap.c:1314
__mmput+0x114/0x3d4 kernel/fork.c:1174
mmput+0x74/0x88 kernel/fork.c:1197
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7de/0x2adc kernel/exit.c:959
do_group_exit+0xd4/0x26c kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__riscv_sys_exit_group+0x4a/0x54 kernel/exit.c:1121
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
do_trap_ecall_u+0x39e/0x62e arch/riscv/kernel/traps.c:344
handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
I am not an expert in this area and have not done a deep manual analysis.
The full crash log, a reproducer, the kernel .config, and the relevant
source/commit info are available in my GitHub repository:
https://github.com/j1akai/temp/tree/main/20260318
If this turns out to be a real bug and there is anything I can do to help
with fixing or testing, I am happy to do so. I hope this report is useful
and sorry for any noise if it has already been addressed.
Thanks,
Jiakai