kernel BUG at include/linux/swapops.h:LINE!

kernel BUG at include/linux/swapops.h:LINE!
Status: upstream: reported C repro on 2020/05/30 17:05
Reported-by: syzbot+c48f34012b06c4ac67dd@syzkaller.appspotmail.com
First crash: 355d, last: 3h14m

Cause bisection: failed (bisect log)

Fix bisection: failed (bisect log)

Sample crash report:

------------[ cut here ]------------
kernel BUG at include/linux/swapops.h:197!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8460 Comm: syz-executor246 Not tainted 5.12.0-next-20210507-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:migration_entry_to_page include/linux/swapops.h:197 [inline]
RIP: 0010:migration_entry_to_page include/linux/swapops.h:190 [inline]
RIP: 0010:zap_huge_pmd+0xe5b/0x1110 mm/huge_memory.c:1697
Code: 2b 3f b8 ff 48 8b 5c 24 10 48 83 eb 01 e9 a8 f6 ff ff e8 18 3f b8 ff 48 8b 5c 24 10 48 83 eb 01 e9 66 f7 ff ff e8 05 3f b8 ff <0f> 0b e8 fe 3e b8 ff 31 f6 31 ff 49 bc 00 f0 ff ff ff ff 0f 00 e8
RSP: 0018:ffffc90001a2f730 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024bc5580 RSI: ffffffff81bc972b RDI: 0000000000000003
RBP: ffffc90001a2fa48 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81bc8ec8 R11: 0000000000000000 R12: ffff88802c9a5800
R13: ffffea0000e58080 R14: ffff8880303bfea0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c8168 CR3: 0000000016b36000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 zap_pmd_range mm/memory.c:1361 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0x1aa4/0x2650 mm/memory.c:1445
 unmap_single_vma+0x198/0x300 mm/memory.c:1490
 unmap_vmas+0x16d/0x2f0 mm/memory.c:1522
 exit_mmap+0x2a8/0x590 mm/mmap.c:3207
 __mmput+0x122/0x470 kernel/fork.c:1096
 mmput+0x58/0x60 kernel/fork.c:1117
 exit_mm kernel/exit.c:502 [inline]
 do_exit+0xb0a/0x2a60 kernel/exit.c:813
 do_group_exit+0x125/0x310 kernel/exit.c:923
 get_signal+0x47f/0x2150 kernel/signal.c:2856
 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x171/0x280 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:301
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4458f9
Code: Unable to access opcode bytes at RIP 0x4458cf.
RSP: 002b:00007f45f24e4318 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00000000004ca408 RCX: 00000000004458f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000004ca408
RBP: 00000000004ca400 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000001000000020
R13: 00007ffeb676771f R14: 00007f45f24e4400 R15: 0000000000022000
Modules linked in:
---[ end trace 8c9f5c48deec1bb7 ]---
RIP: 0010:migration_entry_to_page include/linux/swapops.h:197 [inline]
RIP: 0010:migration_entry_to_page include/linux/swapops.h:190 [inline]
RIP: 0010:zap_huge_pmd+0xe5b/0x1110 mm/huge_memory.c:1697
Code: 2b 3f b8 ff 48 8b 5c 24 10 48 83 eb 01 e9 a8 f6 ff ff e8 18 3f b8 ff 48 8b 5c 24 10 48 83 eb 01 e9 66 f7 ff ff e8 05 3f b8 ff <0f> 0b e8 fe 3e b8 ff 31 f6 31 ff 49 bc 00 f0 ff ff ff ff 0f 00 e8
RSP: 0018:ffffc90001a2f730 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024bc5580 RSI: ffffffff81bc972b RDI: 0000000000000003
RBP: ffffc90001a2fa48 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81bc8ec8 R11: 0000000000000000 R12: ffff88802c9a5800
R13: ffffea0000e58080 R14: ffff8880303bfea0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c8168 CR3: 000000000bc8e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (13):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-linux-next-kasan-gce-root	2021/05/08 11:23	linux-next	869a85b9	bc5434be	.config	log	report	syz	C		kernel BUG in zap_huge_pmd
ci-upstream-kasan-gce-selinux-root	2020/07/24 07:55	upstream	d15be546	70c104a1	.config	log	report	syz
ci-upstream-kasan-gce-386	2020/07/21 15:14	upstream	4fa640dc	d88894e6	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/07/20 08:08	linux-next	4c43049f	9c812472	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/07/19 21:09	linux-next	4c43049f	9c812472	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/04/22 19:00	upstream	16fc44d6	33c28d03	.config	log	report			info	kernel BUG in pmd_migration_entry_wait
ci-upstream-kasan-gce-root	2020/05/26 12:29	upstream	9cb1fd0e	8ca3b7d2	.config	log	report
ci-upstream-kasan-gce-386	2021/05/16 18:20	upstream	63d1cb53	f54a5c09	.config	log	report			info	kernel BUG in pmd_migration_entry_wait
ci-upstream-kasan-gce-386	2021/04/22 19:04	upstream	16fc44d6	33c28d03	.config	log	report			info	kernel BUG in pmd_migration_entry_wait
ci-upstream-kasan-gce-386	2020/09/26 03:01	upstream	171d4ff7	4a006f63	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/05/10 19:04	linux-next	e6f67ebd	ca873091	.config	log	report			info	kernel BUG in pmd_migration_entry_wait
ci-upstream-linux-next-kasan-gce-root	2021/05/08 10:08	linux-next	869a85b9	bc5434be	.config	log	report			info	kernel BUG in pmd_migration_entry_wait
ci-upstream-linux-next-kasan-gce-root	2020/07/19 16:31	linux-next	4c43049f	9c812472	.config	log	report