------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:142!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 38 Comm: khugepaged Not tainted syzkaller #0 PREEMPT 
Hardware name: riscv-virtio,qemu (DT)
epc : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
 ra : __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
epc : ffffffff80bfdcce ra : ffffffff80bfdcce sp : ffff8f80002c7400
 gp : ffffffff89f9df20 tp : ffffaf80156e0000 t0 : ffff8f80002c73a0
 t1 : fffff5ef026c3809 t2 : fffffffffc1fffff s0 : ffff8f80002c7470
 s1 : ffffaf801361c048 a0 : 0000000000000005 a1 : 0000000000000000
 a2 : 0000000000000002 a3 : ffffffff80bfdcce a4 : 0000000000000000
 a5 : ffffaf80156e1000 a6 : 0000000000000003 a7 : ffffaf801361c04b
 s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf801361c000
 s5 : dfffffff00000000 s6 : 00000000000b6c00 s7 : 0000000000000200
 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef1416bb0
 s11: ffffffff8a0b5d80 t3 : 0000000000000001 t4 : fffff5ef026c3809
 t5 : fffff5ef026c380a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80bfdcce cause: 0000000000000003
[<ffffffff80bfdcce>] __page_table_check_zero+0x396/0x544 mm/page_table_check.c:142
[<ffffffff80a6f0d6>] page_table_check_free include/linux/page_table_check.h:43 [inline]
[<ffffffff80a6f0d6>] free_pages_prepare mm/page_alloc.c:1434 [inline]
[<ffffffff80a6f0d6>] __free_frozen_pages+0x7e6/0x1480 mm/page_alloc.c:2973
[<ffffffff80a76b8a>] free_frozen_pages+0xe/0x18 mm/page_alloc.c:3011
[<ffffffff808ab912>] __folio_put+0x296/0x378 mm/swap.c:112
[<ffffffff808e9c04>] folio_put include/linux/mm.h:1617 [inline]
[<ffffffff808e9c04>] folio_putback_lru+0xb8/0xe0 mm/vmscan.c:848
[<ffffffff80bad520>] __collapse_huge_page_copy_succeeded mm/khugepaged.c:738 [inline]
[<ffffffff80bad520>] __collapse_huge_page_copy mm/khugepaged.c:810 [inline]
[<ffffffff80bad520>] collapse_huge_page+0x2c1c/0x4000 mm/khugepaged.c:1214
[<ffffffff80baf900>] hpage_collapse_scan_pmd+0xffc/0x162c mm/khugepaged.c:1407
[<ffffffff80bb2fe6>] khugepaged_scan_mm_slot mm/khugepaged.c:2486 [inline]
[<ffffffff80bb2fe6>] khugepaged_do_scan mm/khugepaged.c:2570 [inline]
[<ffffffff80bb2fe6>] khugepaged+0x10ee/0x1564 mm/khugepaged.c:2626
[<ffffffff801e2fcc>] kthread+0x37c/0x778 kernel/kthread.c:463
[<ffffffff80069946>] ret_from_fork_kernel+0x2a/0xbbc arch/riscv/kernel/process.c:228
[<ffffffff863bb74e>] ret_from_fork_kernel_asm+0x16/0x18 arch/riscv/kernel/entry.S:363
Code: 7f80 8526 c0ef ec3f 8a2a b791 6097 ff90 80e7 7e60 (9002) 6097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	7f80                	flw	fs0,56(a5)
   2:	8526                	mv	a0,s1
   4:	ec3fc0ef          	jal	0xffffffffffffcec6
   8:	8a2a                	mv	s4,a0
   a:	b791                	j	0xffffffffffffff4e
   c:	ff906097          	auipc	ra,0xff906
  10:	7e6080e7          	jalr	2022(ra) # 0xff9067f2
* 14:	9002                	ebreak <-- trapping instruction
  16:	9760                	.short	0x6097