------------[ cut here ]------------
kernel BUG at [] mm/filemap.c:858!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 6669 Comm: syz.2.874 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: riscv-virtio,qemu (DT)
epc : __filemap_add_folio+0xed0/0x1258 mm/filemap.c:858
 ra : __filemap_add_folio+0xed0/0x1258 mm/filemap.c:858
epc : ffffffff8086a050 ra : ffffffff8086a050 sp : ffff8f80008d7080
 gp : ffffffff89f9df20 tp : ffffaf801b984f80 t0 : ffff8f80008d6ad4
 t1 : ffffffff8007a568 t2 : 655f656c646e6168 s0 : ffff8f80008d7240
 s1 : 0000000000112cc0 a0 : ffffaf801b985404 a1 : ffffffff87ef9348
 a2 : 0000000000080000 a3 : ffffffff8097d320 a4 : ffff8f800a8bc940
 a5 : 00000000001c2940 a6 : 0000000000000003 a7 : 0000000041b58ab3
 s2 : 0000000000000000 s3 : 1ffff1f00011ae24 s4 : 0000000000000004
 s5 : ffff8d8000c63680 s6 : 0000000000000000 s7 : 0000000000000000
 s8 : ffffaf8015ccf008 s9 : ffff8f80008d7280 s10: 0000000000000000
 s11: ffff8f80008d71c0 t3 : ffffffff87d89ca8 t4 : fffffffef10bfaa3
 t5 : fffffffef10bfaa4 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff8086a050 cause: 0000000000000003
[<ffffffff8086a050>] __filemap_add_folio+0xed0/0x1258 mm/filemap.c:858
[<ffffffff8086a58e>] filemap_add_folio+0x1b6/0xb34 mm/filemap.c:966
[<ffffffff808a0a62>] ra_alloc_folio mm/readahead.c:453 [inline]
[<ffffffff808a0a62>] page_cache_ra_order+0x5f6/0x12c8 mm/readahead.c:512
[<ffffffff808723a6>] do_sync_mmap_readahead mm/filemap.c:3400 [inline]
[<ffffffff808723a6>] filemap_fault+0x1902/0x2e00 mm/filemap.c:3549
[<ffffffff8099dda2>] __do_fault+0xee/0x404 mm/memory.c:5323
[<ffffffff809b674a>] do_read_fault mm/memory.c:5758 [inline]
[<ffffffff809b674a>] do_fault+0xb06/0x14a8 mm/memory.c:5892
[<ffffffff809ce7a8>] do_pte_missing mm/memory.c:4404 [inline]
[<ffffffff809ce7a8>] handle_pte_fault mm/memory.c:6276 [inline]
[<ffffffff809ce7a8>] __handle_mm_fault+0x144c/0x2500 mm/memory.c:6414
[<ffffffff809cfac4>] handle_mm_fault+0x268/0x8bc mm/memory.c:6583
[<ffffffff8098758c>] faultin_page mm/gup.c:1126 [inline]
[<ffffffff8098758c>] __get_user_pages+0xdec/0x2e0c mm/gup.c:1428
[<ffffffff8098fa10>] populate_vma_page_range+0x244/0x3d0 mm/gup.c:1860
[<ffffffff809905ea>] __mm_populate+0x10e/0x3b0 mm/gup.c:1963
[<ffffffff80923978>] mm_populate include/linux/mm.h:3706 [inline]
[<ffffffff80923978>] vm_mmap_pgoff+0x34c/0x418 mm/util.c:586
[<ffffffff809e0d8e>] ksys_mmap_pgoff+0x2c2/0x708 mm/mmap.c:604
[<ffffffff80073a34>] riscv_sys_mmap arch/riscv/kernel/sys_riscv.c:29 [inline]
[<ffffffff80073a34>] __do_sys_mmap arch/riscv/kernel/sys_riscv.c:38 [inline]
[<ffffffff80073a34>] __se_sys_mmap arch/riscv/kernel/sys_riscv.c:34 [inline]
[<ffffffff80073a34>] __riscv_sys_mmap+0x11c/0x18c arch/riscv/kernel/sys_riscv.c:34
[<ffffffff80078192>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c arch/riscv/kernel/traps.c:344
[<ffffffff863bb61e>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: 4760 8556 1597 060c 8593 3605 3097 0011 80e7 2640 (9002) a097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	4760                	lw	s0,76(a4)
   2:	8556                	mv	a0,s5
   4:	060c1597          	auipc	a1,0x60c1
   8:	36058593          	addi	a1,a1,864 # 0x60c1364
   c:	00113097          	auipc	ra,0x113
  10:	264080e7          	jalr	612(ra) # 0x113270
* 14:	9002                	ebreak <-- trapping instruction
  16:	97a0                	.short	0xa097