syzbot

page:ffffea0000d50000 refcount:512 mapcount:0 mapping:ffff888097d904c9 index:0x20a00 compound_mapcount: -1
anon 
flags: 0x1fffc000009000d(locked|uptodate|dirty|head|swapbacked)
raw: 01fffc000009000d dead000000000100 dead000000000200 ffff888097d904c9
raw: 0000000000020a00 0000000000000000 0000020000000000 ffff88805736ea00
page dumped because: VM_BUG_ON_PAGE(compound_mapcount(head))
page->mem_cgroup:ffff88805736ea00
------------[ cut here ]------------
kernel BUG at mm/huge_memory.c:2725!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 1769 Comm: kswapd0 Not tainted 5.2.0-rc5+ #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:split_huge_page_to_list+0x2145/0x2f70 mm/huge_memory.c:2725
Code: 30 ff ff ff 48 c7 c6 a0 22 75 87 e8 b5 c4 ec ff 0f 0b e8 4e 9c c4 ff 48 8b bd 30 ff ff ff 48 c7 c6 e0 22 75 87 e8 9b c4 ec ff <0f> 0b e8 34 9c c4 ff 4d 8d 6e ff e9 85 e7 ff ff 41 bd 02 00 00 00
RSP: 0018:ffff8880a5937628 EFLAGS: 00010293
RAX: ffff8880a5950040 RBX: ffffea0000d50080 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8198fa12 RDI: ffffed1014b26ea9
RBP: ffff8880a59377a0 R08: 0000000000000021 R09: ffffed1015d260a1
R10: ffffed1015d260a0 R11: ffff8880ae930507 R12: 01fffc000009000d
R13: 00000000fffffffe R14: ffffea0000d50054 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000241ea78 CR3: 000000009e67c000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 split_huge_page include/linux/huge_mm.h:146 [inline]
 deferred_split_scan+0x64b/0xa60 mm/huge_memory.c:2862
 do_shrink_slab+0x3f6/0xa70 mm/vmscan.c:551
 shrink_slab mm/vmscan.c:700 [inline]
 shrink_slab+0x4be/0x5e0 mm/vmscan.c:680
 shrink_node+0x612/0x1680 mm/vmscan.c:2666
 kswapd_shrink_node mm/vmscan.c:3412 [inline]
 balance_pgdat+0x56c/0xe80 mm/vmscan.c:3570
 kswapd+0x5f4/0xfc0 mm/vmscan.c:3825
 kthread+0x354/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 28916772917342fb ]---
RIP: 0010:split_huge_page_to_list+0x2145/0x2f70 mm/huge_memory.c:2725
Code: 30 ff ff ff 48 c7 c6 a0 22 75 87 e8 b5 c4 ec ff 0f 0b e8 4e 9c c4 ff 48 8b bd 30 ff ff ff 48 c7 c6 e0 22 75 87 e8 9b c4 ec ff <0f> 0b e8 34 9c c4 ff 4d 8d 6e ff e9 85 e7 ff ff 41 bd 02 00 00 00
RSP: 0018:ffff8880a5937628 EFLAGS: 00010293
RAX: ffff8880a5950040 RBX: ffffea0000d50080 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8198fa12 RDI: ffffed1014b26ea9
RBP: ffff8880a59377a0 R08: 0000000000000021 R09: ffffed1015d260a1
R10: ffffed1015d260a0 R11: ffff8880ae930507 R12: 01fffc000009000d
R13: 00000000fffffffe R14: ffffea0000d50054 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000241ea78 CR3: 000000009c551000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400