------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:142!
Kernel BUG [#1]
Modules linked in:
CPU: 0 UID: 0 PID: 6551 Comm: syz.4.531 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: riscv-virtio,qemu (DT)
epc : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
 ra : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
epc : ffffffff80c4e2ce ra : ffffffff80c4e2ce sp : ffff8f8003c76aa0
 gp : ffffffff8a229d40 tp : ffffaf8018ff0000 t0 : ffffffff80afdcb4
 t1 : fffff5ef02788c13 t2 : ffffffff80bdd526 s0 : ffff8f8003c76b10
 s1 : ffffaf8013c46098 a0 : 0000000000000005 a1 : 0000000000000000
 a2 : 0000000000080000 a3 : ffffffff80c4e2ce a4 : ffff8f80045ba000
 a5 : 0000000000080000 a6 : 0000000000000003 a7 : ffffaf8013c4609b
 s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf8013c46050
 s5 : dfffffff00000000 s6 : 00000000000b8e01 s7 : 0000000000000001
 s8 : 0000000000000000 s9 : 0000000000007fff s10: fffffffef1468db0
 s11: ffffffff8a346d80 t3 : 0000000000000001 t4 : fffff5ef02788c13
 t5 : fffff5ef02788c14 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c4e2ce cause: 0000000000000003
[<ffffffff80c4e2ce>] __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
[<ffffffff80ab69c8>] page_table_check_free include/linux/page_table_check.h:46 [inline]
[<ffffffff80ab69c8>] __free_pages_prepare mm/page_alloc.c:1434 [inline]
[<ffffffff80ab69c8>] __free_frozen_pages+0x82c/0x14c4 mm/page_alloc.c:2978
[<ffffffff80ac064e>] free_frozen_pages+0xe/0x18 mm/page_alloc.c:3016
[<ffffffff808e621e>] __folio_put+0x296/0x378 mm/swap.c:112
[<ffffffff80b0d4bc>] folio_put include/linux/mm.h:1817 [inline]
[<ffffffff80b0d4bc>] free_folio_and_swap_cache+0x100/0x13c mm/swap_state.c:400
[<ffffffff80bdca1e>] __folio_split+0x10ce/0x16f8 mm/huge_memory.c:4097
[<ffffffff80bdd526>] __split_huge_page_to_list_to_order+0x7e/0x140 mm/huge_memory.c:4209
[<ffffffff80be0f8a>] split_huge_page_to_list_to_order include/linux/huge_mm.h:385 [inline]
[<ffffffff80be0f8a>] split_folio_to_list+0x22/0x30 mm/huge_memory.c:4273
[<ffffffff80af9ff2>] madvise_free_pte_range+0xd96/0x183c mm/madvise.c:728
[<ffffffff80a46dd2>] walk_pmd_range mm/pagewalk.c:130 [inline]
[<ffffffff80a46dd2>] walk_pud_range mm/pagewalk.c:224 [inline]
[<ffffffff80a46dd2>] walk_p4d_range mm/pagewalk.c:262 [inline]
[<ffffffff80a46dd2>] walk_pgd_range+0xcc6/0x1f84 mm/pagewalk.c:303
[<ffffffff80a481c8>] __walk_page_range+0x138/0x7a8 mm/pagewalk.c:411
[<ffffffff80a499fc>] walk_page_range_vma_unsafe+0x1ec/0x82c mm/pagewalk.c:715
[<ffffffff80a4a096>] walk_page_range_vma+0x5a/0x84 mm/pagewalk.c:725
[<ffffffff80af5e0a>] madvise_free_single_vma+0x432/0xae0 mm/madvise.c:829
[<ffffffff80afdcb4>] madvise_dontneed_free mm/madvise.c:958 [inline]
[<ffffffff80afdcb4>] madvise_vma_behavior+0xd80/0x2ae4 mm/madvise.c:1368
[<ffffffff80affc52>] madvise_walk_vmas+0x23a/0x978 mm/madvise.c:1719
[<ffffffff80b0057a>] madvise_do_behavior+0x1ea/0x5c0 mm/madvise.c:1935
[<ffffffff80b016c2>] do_madvise+0x18a/0x22c mm/madvise.c:2028
[<ffffffff80b017ec>] __do_sys_madvise mm/madvise.c:2037 [inline]
[<ffffffff80b017ec>] __se_sys_madvise mm/madvise.c:2035 [inline]
[<ffffffff80b017ec>] __riscv_sys_madvise+0x88/0xdc mm/madvise.c:2035
[<ffffffff80077f32>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8642f88e>] do_trap_ecall_u+0x402/0x680 arch/riscv/kernel/traps.c:344
[<ffffffff86459c22>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
Code: a980 8526 c0ef e7bf 8a2a b791 e097 ff8c 80e7 a860 (9002) e097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	a980                	fsd	fs0,16(a1)
   2:	8526                	mv	a0,s1
   4:	e7bfc0ef          	jal	0xffffffffffffce7e
   8:	8a2a                	mv	s4,a0
   a:	b791                	j	0xffffffffffffff4e
   c:	ff8ce097          	auipc	ra,0xff8ce
  10:	a86080e7          	jalr	-1402(ra) # 0xff8cda92
* 14:	9002                	ebreak <-- trapping instruction
  16:	97e0                	.short	0xe097