------------[ cut here ]------------
kernel BUG at mm/swap_cgroup.c:78!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 3171 Comm: syz.2.11547 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:swap_cgroup_record+0x19c/0x1c0
Code: 02 e9 6d ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 35 ff ff ff 4c 89 f7 e8 df 83 f6 ff e9 28 ff ff ff e8 d5 6c 90 ff 90 <0f> 0b e8 cd 6c 90 ff 4c 89 f7 48 c7 c6 20 9a 78 8b e8 9e 42 f8 fe
RSP: 0018:ffffc9000989d268 EFLAGS: 00010093
RAX: ffffffff822fac3b RBX: 00000000000055b6 RCX: ffff888194693a00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52001313a3c R12: dffffc0000000000
R13: 0000000000000000 R14: ffffc900215d5000 R15: 0000000000000002
FS:  00002000000001c0(0000) GS:ffff88818eb34000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d199904aea CR3: 000000011240e000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 memcg1_swapout+0x40b/0xa10
 __remove_mapping+0xac5/0xe30
 shrink_folio_list+0x2817/0x5030
 evict_folios+0x471e/0x57c0
 try_to_shrink_lruvec+0x8a3/0xb50
 shrink_lruvec+0x49c/0x2980
 shrink_node+0xaa9/0x35b0
 do_try_to_free_pages+0x668/0x1960
 try_to_free_mem_cgroup_pages+0x2fa/0x7e0
 try_charge_memcg+0xa39/0x1280
 charge_memcg+0x9f/0x180
 __mem_cgroup_charge+0x25/0x80
 shmem_alloc_and_add_folio+0x790/0xf40
 shmem_get_folio_gfp+0x59d/0x1660
 shmem_write_begin+0xf7/0x2b0
 generic_perform_write+0x2c5/0x900
 shmem_file_write_iter+0xf8/0x120
 __kernel_write_iter+0x428/0x910
 dump_user_range+0x8a0/0xc90
 elf_core_dump+0x3369/0x3960
 coredump_write+0x116c/0x1900
 vfs_coredump+0x1db5/0x2a60
 get_signal+0x1108/0x1340
 arch_do_signal_or_restart+0xa0/0x790
 irqentry_exit_to_user_mode+0x7e/0x110
 exc_page_fault+0xab/0x100
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0xd199904b14
Code: Unable to access opcode bytes at 0xd199904aea.
RSP: 002b:00002000000000b8 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f95545e6090 RCX: 00007f955438f749
RDX: 00002000000000c0 RSI: 00002000000000b0 RDI: 00000000000e0480
RBP: 00007f9554413f91 R08: 00002000000001c0 R09: 00002000000001c0
R10: 0000200000000100 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f95545e6128 R14: 00007f95545e6090 R15: 00007fff2d0cb468
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:swap_cgroup_record+0x19c/0x1c0
Code: 02 e9 6d ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 35 ff ff ff 4c 89 f7 e8 df 83 f6 ff e9 28 ff ff ff e8 d5 6c 90 ff 90 <0f> 0b e8 cd 6c 90 ff 4c 89 f7 48 c7 c6 20 9a 78 8b e8 9e 42 f8 fe
RSP: 0018:ffffc9000989d268 EFLAGS: 00010093
RAX: ffffffff822fac3b RBX: 00000000000055b6 RCX: ffff888194693a00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52001313a3c R12: dffffc0000000000
R13: 0000000000000000 R14: ffffc900215d5000 R15: 0000000000000002
FS:  00002000000001c0(0000) GS:ffff88818eb34000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d199904aea CR3: 000000011240e000 CR4: 00000000000006f0
