------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:118!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 4001 Comm: syz.1.57 Not tainted syzkaller #0 PREEMPT 
Hardware name: riscv-virtio,qemu (DT)
epc : page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
 ra : page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
epc : ffffffff80c4d300 ra : ffffffff80c4d300 sp : ffff8f800a6e70c0
 gp : ffffffff8a22a0c0 tp : ffffaf801ba73500 t0 : ffff8f800a6e7658
 t1 : fffff5ef02744c09 t2 : ffffffff80a56694 s0 : ffff8f800a6e7140
 s1 : 0000000000000001 a0 : 0000000000000001 a1 : 0000000000000000
 a2 : 0000000000080000 a3 : ffffffff80c4d300 a4 : ffff8f80053d4e68
 a5 : 000000000002ee68 a6 : 0000000000000003 a7 : ffffaf8013a2604b
 s2 : 00000000000b6e00 s3 : 0000000000000000 s4 : ffffaf8013a26000
 s5 : 0000000000000200 s6 : 0000000000000001 s7 : dfffffff00000000
 s8 : 0000000000007fff s9 : ffffffff88a44e80 s10: 0000000000000000
 s11: ffffffff8a347d80 t3 : 0000000000000001 t4 : fffff5ef02744c09
 t5 : fffff5ef02744c0a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c4d300 cause: 0000000000000003
[<ffffffff80c4d300>] page_table_check_set+0xa74/0xd30 mm/page_table_check.c:118
[<ffffffff80c4da84>] __page_table_check_ptes_set+0x264/0x47c mm/page_table_check.c:215
[<ffffffff80bd6c5c>] page_table_check_ptes_set include/linux/page_table_check.h:83 [inline]
[<ffffffff80bd6c5c>] set_ptes arch/riscv/include/asm/pgtable.h:625 [inline]
[<ffffffff80bd6c5c>] __split_huge_pmd_locked mm/huge_memory.c:3256 [inline]
[<ffffffff80bd6c5c>] split_huge_pmd_locked+0x2b08/0x3268 mm/huge_memory.c:3274
[<ffffffff80bd7676>] __split_huge_pmd+0x2ba/0x3e4 mm/huge_memory.c:3288
[<ffffffff80bda896>] split_huge_pmd_address mm/huge_memory.c:3301 [inline]
[<ffffffff80bda896>] split_huge_pmd_if_needed mm/huge_memory.c:3313 [inline]
[<ffffffff80bda896>] split_huge_pmd_if_needed mm/huge_memory.c:3304 [inline]
[<ffffffff80bda896>] vma_adjust_trans_huge+0x15a/0x49c mm/huge_memory.c:3325
[<ffffffff80a97d30>] __split_vma+0x978/0xf10 mm/vma.c:554
[<ffffffff80a9a606>] split_vma mm/vma.c:596 [inline]
[<ffffffff80a9a606>] vma_modify+0xf02/0x1fa8 mm/vma.c:1672
[<ffffffff80aa174c>] vma_modify_flags+0x220/0x32c mm/vma.c:1700
[<ffffffff80a179c4>] mlock_fixup+0x1d8/0xc08 mm/mlock.c:481
[<ffffffff80a18636>] apply_vma_lock_flags+0x242/0x378 mm/mlock.c:551
[<ffffffff80a189a6>] do_mlock+0x23a/0x81c mm/mlock.c:647
[<ffffffff80a20860>] __do_sys_mlock mm/mlock.c:661 [inline]
[<ffffffff80a20860>] __se_sys_mlock mm/mlock.c:659 [inline]
[<ffffffff80a20860>] __riscv_sys_mlock+0x54/0x74 mm/mlock.c:659
[<ffffffff80077f1e>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8642fdbe>] do_trap_ecall_u+0x402/0x680 arch/riscv/kernel/traps.c:342
[<ffffffff8645a152>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: e097 ff8c 80e7 11c0 81e3 e004 e097 ff8c 80e7 5f00 (9002) e097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	ff8ce097          	auipc	ra,0xff8ce
   4:	11c080e7          	jalr	284(ra) # 0xff8ce11c
   8:	e00481e3          	beqz	s1,0xfffffffffffffe0a
   c:	ff8ce097          	auipc	ra,0xff8ce
  10:	5f0080e7          	jalr	1520(ra) # 0xff8ce5fc
* 14:	9002                	ebreak <-- trapping instruction
  16:	97e0                	.short	0xe097