------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:142!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 4413 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT 
Hardware name: riscv-virtio,qemu (DT)
Workqueue: events xdp_umem_release_deferred
epc : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
 ra : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
epc : ffffffff80c4e452 ra : ffffffff80c4e452 sp : ffff8f8003567660
 gp : ffffffff8a22a0c0 tp : ffffaf8012f30000 t0 : ffff8f8003567600
 t1 : fffff5ef0271cc09 t2 : fffffffffc1fffff s0 : ffff8f80035676d0
 s1 : ffffaf80138e6048 a0 : 0000000000000005 a1 : 0000000000000000
 a2 : 0000000000000002 a3 : ffffffff80c4e452 a4 : 0000000000000000
 a5 : ffffaf8012f31000 a6 : 0000000000000003 a7 : ffffaf80138e604b
 s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf80138e6000
 s5 : dfffffff00000000 s6 : 00000000000b2e00 s7 : 0000000000000200
 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef1468fb0
 s11: ffffffff8a347d80 t3 : 0000000000000001 t4 : fffff5ef0271cc09
 t5 : fffff5ef0271cc0a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c4e452 cause: 0000000000000003
[<ffffffff80c4e452>] __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
[<ffffffff80ab6b4c>] page_table_check_free include/linux/page_table_check.h:46 [inline]
[<ffffffff80ab6b4c>] __free_pages_prepare mm/page_alloc.c:1434 [inline]
[<ffffffff80ab6b4c>] __free_frozen_pages+0x82c/0x14c4 mm/page_alloc.c:2978
[<ffffffff80ac07d2>] free_frozen_pages+0xe/0x18 mm/page_alloc.c:3016
[<ffffffff808e5db6>] __folio_put+0x296/0x378 mm/swap.c:112
[<ffffffff809c15f8>] folio_put_refs include/linux/mm.h:1837 [inline]
[<ffffffff809c15f8>] gup_put_folio+0x2ac/0x310 mm/gup.c:114
[<ffffffff809c61a2>] unpin_user_pages_dirty_lock+0xe2/0x214 mm/gup.c:324
[<ffffffff862ce914>] xdp_umem_unpin_pages net/xdp/xdp_umem.c:26 [inline]
[<ffffffff862ce914>] xdp_umem_release+0xfc/0x24c net/xdp/xdp_umem.c:61
[<ffffffff862cea80>] xdp_umem_release_deferred+0x1c/0x28 net/xdp/xdp_umem.c:71
[<ffffffff801ca502>] process_one_work+0x972/0x2124 kernel/workqueue.c:3276
[<ffffffff801cc1f4>] process_scheduled_works kernel/workqueue.c:3359 [inline]
[<ffffffff801cc1f4>] worker_thread+0x540/0xcbc kernel/workqueue.c:3440
[<ffffffff801edbe0>] kthread+0x31c/0x444 kernel/kthread.c:436
[<ffffffff80069138>] ret_from_fork_kernel+0x94/0xef8 arch/riscv/kernel/process.c:230
[<ffffffff8645a282>] ret_from_fork_kernel_asm+0x16/0x18 arch/riscv/kernel/entry.S:363
Code: 4b00 8526 c0ef e7bf 8a2a b791 d097 ff8c 80e7 49e0 (9002) d097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	4b00                	lw	s0,16(a4)
   2:	8526                	mv	a0,s1
   4:	e7bfc0ef          	jal	0xffffffffffffce7e
   8:	8a2a                	mv	s4,a0
   a:	b791                	j	0xffffffffffffff4e
   c:	ff8cd097          	auipc	ra,0xff8cd
  10:	49e080e7          	jalr	1182(ra) # 0xff8cd4aa
* 14:	9002                	ebreak <-- trapping instruction
  16:	97d0                	.short	0xd097