------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:118!
Kernel BUG [#1]
Modules linked in:
CPU: 0 UID: 0 PID: 5834 Comm: syz.0.616 Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118
 ra : page_table_check_set+0x996/0xc38 mm/page_table_check.c:118
epc : ffffffff80c8200a ra : ffffffff80c8200a sp : ffff8f8003c16e00
 gp : ffffffff8a49d240 tp : ffffaf801c238000 t0 : ffff8f8003c173b8
 t1 : fffff5ef027be809 t2 : ffffffff80ae2e74 s0 : ffff8f8003c16e80
 s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000
 a2 : 0000000000080000 a3 : ffffffff80c8200a a4 : ffff8f8005fabbe8
 a5 : 000000000002cbe8 a6 : 0000000000000003 a7 : ffffaf8013df404b
 s2 : 00000000000b6400 s3 : 0000000000000000 s4 : ffffaf8013df4000
 s5 : 0000000000000200 s6 : 0000000000000001 s7 : dfffffff00000000
 s8 : 0000000000007fff s9 : ffffffff88c5a000 s10: 0000000000000000
 s11: ffffffff8a5bbca0 t3 : 0000000000000001 t4 : fffff5ef027be809
 t5 : fffff5ef027be80a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c8200a cause: 0000000000000003
[<ffffffff80c8200a>] page_table_check_set+0x996/0xc38 mm/page_table_check.c:118
[<ffffffff80c82774>] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:212
[<ffffffff80c0b212>] page_table_check_ptes_set include/linux/page_table_check.h:83 [inline]
[<ffffffff80c0b212>] set_ptes arch/riscv/include/asm/pgtable.h:635 [inline]
[<ffffffff80c0b212>] __split_huge_pmd_locked mm/huge_memory.c:3300 [inline]
[<ffffffff80c0b212>] split_huge_pmd_locked+0x1eba/0x23dc mm/huge_memory.c:3318
[<ffffffff80c0b9de>] __split_huge_pmd+0x2aa/0x3d4 mm/huge_memory.c:3332
[<ffffffff80c0e05e>] split_huge_pmd_address mm/huge_memory.c:3345 [inline]
[<ffffffff80c0e05e>] split_huge_pmd_if_needed mm/huge_memory.c:3357 [inline]
[<ffffffff80c0e05e>] split_huge_pmd_if_needed mm/huge_memory.c:3348 [inline]
[<ffffffff80c0e05e>] vma_adjust_trans_huge+0x272/0x4b4 mm/huge_memory.c:3369
[<ffffffff80ad99f4>] __split_vma+0x978/0xf10 mm/vma.c:557
[<ffffffff80ada168>] vms_gather_munmap_vmas+0x1dc/0x160c mm/vma.c:1427
[<ffffffff80ae30b4>] do_vmi_align_munmap+0x240/0x6d8 mm/vma.c:1595
[<ffffffff80ae371a>] do_vmi_munmap+0x1ce/0x3bc mm/vma.c:1652
[<ffffffff80a6f484>] do_munmap+0xd4/0x10c mm/mmap.c:1067
[<ffffffff80a85f18>] mremap_to+0x28c/0x474 mm/mremap.c:1448
[<ffffffff80a86b24>] do_mremap mm/mremap.c:1999 [inline]
[<ffffffff80a86b24>] __do_sys_mremap+0xa24/0x16c8 mm/mremap.c:2055
[<ffffffff80a87868>] __se_sys_mremap mm/mremap.c:2023 [inline]
[<ffffffff80a87868>] __riscv_sys_mremap+0xa0/0x124 mm/mremap.c:2023
[<ffffffff80078f96>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff864f95a4>] do_trap_ecall_u+0x3e4/0x638 arch/riscv/kernel/traps.c:342
[<ffffffff86525518>] handle_exception+0x168/0x174 arch/riscv/kernel/entry.S:237
Code: d097 ff8a 80e7 4f20 83e3 e004 e097 ff8a 80e7 9f20 (9002) e097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	ff8ad097          	auipc	ra,0xff8ad
   4:	4f2080e7          	jalr	1266(ra) # 0xff8ad4f2
   8:	e00483e3          	beqz	s1,0xfffffffffffffe0e
   c:	ff8ae097          	auipc	ra,0xff8ae
  10:	9f2080e7          	jalr	-1550(ra) # 0xff8ad9fe
* 14:	9002                	ebreak <-- trapping instruction
  16:	97e0                	.short	0xe097