If I build a kernel from clean source with the default config,
it doesn't exhibit this problem.

But if I then modify the default config by turning off CONFIG_COMPAT,
and turning on CONFIG_DEBUG_VM, then I do get the crash, with

  futex((void*)0x1ffffff80c20000, FUTEX_WAIT, 0, 0, 0, 0); // bbb

I had to search for the address, with

  unsigned long base = 0x1ffffff80000000;
  for(unsigned long inc = 0; ; inc += 4096){
    printf("%lx\n", base+inc);
    futex((void*)(base+inc), FUTEX_WAIT, 0, 0, 0, 0);
  }

I've attached two config files: one is what I was using when I
originally submitted this issue, and the second is the default config
without COMPAT and with DEBUG_VM.

Robert

> Date: Wed, 18 Jun 2025 15:25:59 +0200
> From: Nam Cao <namcao@linutronix.de>
> To: rtm@csail.mit.edu
> Cc: Paul Walmsley <paul.walmsley@sifive.com>,
>         Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
>         Alexandre Ghiti <alex@ghiti.fr>, linux-riscv@lists.infradead.org
> Subject: Re: futex(0x1ffffff81300000) on risc-v -> mm panic
> 
> On Wed, Jun 18, 2025 at 07:10:28AM -0400, rtm@csail.mit.edu wrote:
> > This program on risc-v:
> > 
> > main(){
> >   futex((void*) 0x1ffffff81300000, FUTEX_WAIT, 0, 0, 0, 0);
> > }
> > 
> > results in:
> > 
> > BUG: Bad page state in process a.out  pfn:81500
> 
> I cannot reproduce this issue. Can you please share your .config?
> 
> Also, your kernel seems to have some commits on top. Are you sure none of
> those is the reason?
> 
> Best regards,
> Nam