------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:142!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 5033 Comm: syz.2.234 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: riscv-virtio,qemu (DT)
epc : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
 ra : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
epc : ffffffff80c4e452 ra : ffffffff80c4e452 sp : ffff8f80030b6d20
 gp : ffffffff8a22a0c0 tp : ffffaf801bf01a80 t0 : ffff8f80030b6cc0
 t1 : fffff5ef02749c09 t2 : ffffffff91601828 s0 : ffff8f80030b6d90
 s1 : ffffaf8013a4e048 a0 : 0000000000000005 a1 : 0000000000000000
 a2 : 0000000000080000 a3 : ffffffff80c4e452 a4 : ffff8f800ad8d4d8
 a5 : 00000000002114d8 a6 : 0000000000000003 a7 : ffffaf8013a4e04b
 s2 : 0000000000000002 s3 : 0000000000000000 s4 : ffffaf8013a4e000
 s5 : dfffffff00000000 s6 : 00000000000b7600 s7 : 0000000000000200
 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef1468fb0
 s11: ffffffff8a347d80 t3 : 0000000000000001 t4 : fffff5ef02749c09
 t5 : fffff5ef02749c0a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c4e452 cause: 0000000000000003
[<ffffffff80c4e452>] __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
[<ffffffff80ac124c>] page_table_check_free include/linux/page_table_check.h:46 [inline]
[<ffffffff80ac124c>] __free_pages_prepare mm/page_alloc.c:1434 [inline]
[<ffffffff80ac124c>] free_unref_folios+0xa58/0x1ef4 mm/page_alloc.c:3040
[<ffffffff808e5128>] folios_put_refs+0x41c/0x61c mm/swap.c:1002
[<ffffffff80b0d918>] free_pages_and_swap_cache+0x29c/0x480 mm/swap_state.c:426
[<ffffffff80a2d8d0>] __tlb_batch_free_encoded_pages+0xe4/0x25c mm/mmu_gather.c:138
[<ffffffff80a30434>] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
[<ffffffff80a30434>] tlb_flush_mmu_free mm/mmu_gather.c:398 [inline]
[<ffffffff80a30434>] tlb_flush_mmu mm/mmu_gather.c:405 [inline]
[<ffffffff80a30434>] tlb_finish_mmu+0x188/0x824 mm/mmu_gather.c:530
[<ffffffff80a96e08>] unmap_region+0x2a0/0x358 mm/vma.c:488
[<ffffffff80a9f154>] vms_clear_ptes mm/vma.c:1284 [inline]
[<ffffffff80a9f154>] vms_clean_up_area mm/vma.c:1296 [inline]
[<ffffffff80a9f154>] __mmap_setup mm/vma.c:2448 [inline]
[<ffffffff80a9f154>] __mmap_region+0x142c/0x22a0 mm/vma.c:2741
[<ffffffff80aa48d0>] mmap_region+0x138/0x2b8 mm/vma.c:2837
[<ffffffff80a2817e>] do_mmap+0xaea/0x1090 mm/mmap.c:559
[<ffffffff80962544>] vm_mmap_pgoff+0x27c/0x418 mm/util.c:581
[<ffffffff80a2463e>] ksys_mmap_pgoff+0x76/0x718 mm/mmap.c:605
[<ffffffff80073820>] riscv_sys_mmap arch/riscv/kernel/sys_riscv.c:29 [inline]
[<ffffffff80073820>] __do_sys_mmap arch/riscv/kernel/sys_riscv.c:38 [inline]
[<ffffffff80073820>] __se_sys_mmap arch/riscv/kernel/sys_riscv.c:34 [inline]
[<ffffffff80073820>] __riscv_sys_mmap+0x11c/0x18c arch/riscv/kernel/sys_riscv.c:34
[<ffffffff80077f1e>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8642fdbe>] do_trap_ecall_u+0x402/0x680 arch/riscv/kernel/traps.c:342
[<ffffffff8645a152>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: 4b00 8526 c0ef e7bf 8a2a b791 d097 ff8c 80e7 49e0 (9002) d097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	4b00                	lw	s0,16(a4)
   2:	8526                	mv	a0,s1
   4:	e7bfc0ef          	jal	0xffffffffffffce7e
   8:	8a2a                	mv	s4,a0
   a:	b791                	j	0xffffffffffffff4e
   c:	ff8cd097          	auipc	ra,0xff8cd
  10:	49e080e7          	jalr	1182(ra) # 0xff8cd4aa
* 14:	9002                	ebreak <-- trapping instruction
  16:	97d0                	.short	0xd097