------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:118!
Kernel BUG [#1]
Modules linked in:
CPU: 0 UID: 0 PID: 6165 Comm: syz.0.793 Tainted: G        W    L      syzkaller #0 PREEMPT 
Tainted: [W]=WARN, [L]=SOFTLOCKUP
Hardware name: riscv-virtio,qemu (DT)
epc : page_table_check_set+0x9ba/0xc5c mm/page_table_check.c:118
 ra : page_table_check_set+0x9ba/0xc5c mm/page_table_check.c:118
epc : ffffffff80c6794a ra : ffffffff80c6794a sp : ffff8f80016d6c90
 gp : ffffffff8a2425a0 tp : ffffaf801b485040 t0 : 0000000000000000
 t1 : fffff5ef02746009 t2 : ffffffff9161bec0 s0 : ffff8f80016d6d10
 s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000
 a2 : 0000000000080000 a3 : ffffffff80c6794a a4 : ffff8f8004cfc1b8
 a5 : 00000000001cf1b8 a6 : 0000000000000003 a7 : ffffaf8013a3004b
 s2 : 00000000000b7000 s3 : 0000000000000000 s4 : ffffaf8013a30000
 s5 : 0000000000000200 s6 : 0000000000000001 s7 : dfffffff00000000
 s8 : 0000000000007fff s9 : ffffffff88a4ea40 s10: 0000000000000000
 s11: ffffffff8a35fca0 t3 : 0000000000000001 t4 : fffff5ef02746009
 t5 : fffff5ef0274600a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c6794a cause: 0000000000000003
[<ffffffff80c6794a>] page_table_check_set+0x9ba/0xc5c mm/page_table_check.c:118
[<ffffffff80c680b4>] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:212
[<ffffffff80bf306e>] page_table_check_ptes_set include/linux/page_table_check.h:83 [inline]
[<ffffffff80bf306e>] set_ptes arch/riscv/include/asm/pgtable.h:625 [inline]
[<ffffffff80bf306e>] __split_huge_pmd_locked mm/huge_memory.c:3358 [inline]
[<ffffffff80bf306e>] split_huge_pmd_locked+0x1e2a/0x2388 mm/huge_memory.c:3376
[<ffffffff80bf3886>] __split_huge_pmd+0x2ba/0x3e4 mm/huge_memory.c:3390
[<ffffffff80bf581a>] copy_huge_pmd+0x1e6a/0x2300 mm/huge_memory.c:2009
[<ffffffff80a2e6a8>] copy_pmd_range mm/memory.c:1382 [inline]
[<ffffffff80a2e6a8>] copy_pud_range mm/memory.c:1429 [inline]
[<ffffffff80a2e6a8>] copy_p4d_range mm/memory.c:1453 [inline]
[<ffffffff80a2e6a8>] copy_page_range+0xd7c/0x5420 mm/memory.c:1539
[<ffffffff80a55b54>] dup_mmap+0xd18/0x2168 mm/mmap.c:1840
[<ffffffff80147cea>] dup_mm kernel/fork.c:1534 [inline]
[<ffffffff80147cea>] copy_mm kernel/fork.c:1586 [inline]
[<ffffffff80147cea>] copy_process+0x4716/0x7db4 kernel/fork.c:2262
[<ffffffff8014b5e4>] kernel_clone+0x154/0xf6c kernel/fork.c:2723
[<ffffffff8014c4fa>] __do_sys_clone+0xfe/0x140 kernel/fork.c:2864
[<ffffffff8014cc98>] __se_sys_clone kernel/fork.c:2832 [inline]
[<ffffffff8014cc98>] __riscv_sys_clone+0xa0/0x110 kernel/fork.c:2832
[<ffffffff80078f0a>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8647fe08>] do_trap_ecall_u+0x3dc/0x61c arch/riscv/kernel/traps.c:342
[<ffffffff864ab17a>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: 5097 ff8c 80e7 7420 81e3 e004 6097 ff8c 80e7 c160 (9002) 6097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	ff8c5097          	auipc	ra,0xff8c5
   4:	742080e7          	jalr	1858(ra) # 0xff8c5742
   8:	e00481e3          	beqz	s1,0xfffffffffffffe0a
   c:	ff8c6097          	auipc	ra,0xff8c6
  10:	c16080e7          	jalr	-1002(ra) # 0xff8c5c22
* 14:	9002                	ebreak <-- trapping instruction
  16:	9760                	.short	0x6097