------------[ cut here ]------------
kernel BUG at [] mm/page_table_check.c:142!
Kernel BUG [#1]
Modules linked in:
CPU: 1 UID: 0 PID: 37 Comm: khugepaged Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142
 ra : __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142
epc : ffffffff80c4e466 ra : ffffffff80c4e466 sp : ffff8f80002b73c0
 gp : ffffffff8a2739c0 tp : ffffaf80156b0000 t0 : ffff8f80002b7360
 t1 : fffff5ef0272a809 t2 : ffffffff9164ab80 s0 : ffff8f80002b7430
 s1 : ffffaf8013954048 a0 : 0000000000000005 a1 : 0000000000000000
 a2 : 0000000000000002 a3 : ffffffff80c4e466 a4 : 0000000000000000
 a5 : ffffaf80156b1000 a6 : 0000000000000003 a7 : ffffaf801395404b
 s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf8013954000
 s5 : dfffffff00000000 s6 : 00000000000b4400 s7 : 0000000000000200
 s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef147217c
 s11: ffffffff8a390be0 t3 : 0000000000000001 t4 : fffff5ef0272a809
 t5 : fffff5ef0272a80a t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: ffffffff80c4e466 cause: 0000000000000003
[<ffffffff80c4e466>] __page_table_check_zero+0x386/0x534 mm/page_table_check.c:142
[<ffffffff80ac9f62>] page_table_check_free include/linux/page_table_check.h:46 [inline]
[<ffffffff80ac9f62>] __free_pages_prepare mm/page_alloc.c:1403 [inline]
[<ffffffff80ac9f62>] __free_frozen_pages+0x71e/0x11d8 mm/page_alloc.c:2943
[<ffffffff80ad2e5e>] free_frozen_pages+0xe/0x18 mm/page_alloc.c:2981
[<ffffffff80901ace>] __folio_put+0x29a/0x454 mm/swap.c:112
[<ffffffff8094792c>] folio_put include/linux/mm.h:2090 [inline]
[<ffffffff8094792c>] folio_putback_lru+0xb8/0xe0 mm/vmscan.c:828
[<ffffffff80bf7d7a>] __collapse_huge_page_copy_succeeded mm/khugepaged.c:748 [inline]
[<ffffffff80bf7d7a>] __collapse_huge_page_copy mm/khugepaged.c:820 [inline]
[<ffffffff80bf7d7a>] collapse_huge_page+0x2b52/0x3f44 mm/khugepaged.c:1218
[<ffffffff80bfd786>] collapse_scan_pmd mm/khugepaged.c:1425 [inline]
[<ffffffff80bfd786>] collapse_single_pmd+0x31d2/0x3eb0 mm/khugepaged.c:2437
[<ffffffff80bff4d6>] collapse_scan_mm_slot mm/khugepaged.c:2552 [inline]
[<ffffffff80bff4d6>] khugepaged_do_scan mm/khugepaged.c:2632 [inline]
[<ffffffff80bff4d6>] khugepaged+0x1072/0x1760 mm/khugepaged.c:2687
[<ffffffff801f14ac>] kthread+0x310/0x438 kernel/kthread.c:436
[<ffffffff8006a124>] ret_from_fork_kernel+0x94/0xef8 arch/riscv/kernel/process.c:230
[<ffffffff86494fea>] ret_from_fork_kernel_asm+0x16/0x18 arch/riscv/kernel/entry.S:363
Code: c7c0 8526 d0ef 88af 8a2a b7a1 0097 ff8d 80e7 c6a0 (9002) 0097 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	c7c0                	sw	s0,12(a5)
   2:	8526                	mv	a0,s1
   4:	88afd0ef          	jal	0xffffffffffffd08e
   8:	8a2a                	mv	s4,a0
   a:	b7a1                	j	0xffffffffffffff52
   c:	ff8d0097          	auipc	ra,0xff8d0
  10:	c6a080e7          	jalr	-918(ra) # 0xff8cfc76
* 14:	9002                	ebreak <-- trapping instruction
  16:	9700                	.short	0x0097