bisecting cause commit starting from ac0ba5454ca85162c08dc429fef1999e077ca976
building syzkaller on 912f5df7fadf1d0214995def5446208d0f26c54b
testing commit ac0ba5454ca85162c08dc429fef1999e077ca976
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1e652253b8accd6532fdfdf05c793584a1c8e3d41bfd75432bc63c4f3436cdef
all runs: crashed: WARNING in folio_lruvec_lock_irqsave
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8b7a19dcd194bd315e17f3f2359a3e791bd0c58f70419a84c4fcb6770da08901
all runs: OK
# git bisect start ac0ba5454ca85162c08dc429fef1999e077ca976 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
Bisecting: 9812 revisions left to test after this (roughly 13 steps)
[7182e897695d5b70fb772736f1f08639ca0fff78] Merge tag 'gpio-updates-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

testing commit 7182e897695d5b70fb772736f1f08639ca0fff78
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f946c16f2ab692bd7205c6463f10b4a54025bdd3f4c9ca476d5c56ede13cd88f
all runs: OK
# git bisect good 7182e897695d5b70fb772736f1f08639ca0fff78
Bisecting: 4908 revisions left to test after this (roughly 12 steps)
[9fb424c4c29df0d7f39b686d4037cbc7e06ed7b5] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit 9fb424c4c29df0d7f39b686d4037cbc7e06ed7b5
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a63dbaab6b2d84e0574517978657d214f7a7bf47b4d9a666753821408b542545
all runs: OK
# git bisect good 9fb424c4c29df0d7f39b686d4037cbc7e06ed7b5
Bisecting: 2544 revisions left to test after this (roughly 11 steps)
[d2eee3965e89932962ace93b55857c38ecbb6d64] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git

testing commit d2eee3965e89932962ace93b55857c38ecbb6d64
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1d1df891b426b9175e04211df9a726eec2b2c6ac950e3b21fae0b97cfdf188f7
all runs: OK
# git bisect good d2eee3965e89932962ace93b55857c38ecbb6d64
Bisecting: 1260 revisions left to test after this (roughly 10 steps)
[087fe5ae56e84ce54a5271babac0179e6a4a23fb] Merge branch 'usb-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git

testing commit 087fe5ae56e84ce54a5271babac0179e6a4a23fb
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3204a095adb930f5e4b5a6b4bc059e1a4615533bf9d77e927bc205506cd83b87
all runs: OK
# git bisect good 087fe5ae56e84ce54a5271babac0179e6a4a23fb
Bisecting: 634 revisions left to test after this (roughly 9 steps)
[7d99b58feea29d76ab9b35da56405a75a248b495] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux.git

testing commit 7d99b58feea29d76ab9b35da56405a75a248b495
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b959d88d78d16ddb7fa243abf09403a018a60168b0965e8fa1f201aa0542da6d
all runs: OK
# git bisect good 7d99b58feea29d76ab9b35da56405a75a248b495
Bisecting: 317 revisions left to test after this (roughly 8 steps)
[3dcecbef3f38a8a49417088c9a5f5107a5675665] Merge branch 'mm-nonmm-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

testing commit 3dcecbef3f38a8a49417088c9a5f5107a5675665
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 83824d1d78af719df68d8903c4662f6ddbf20da04892b2f366b0074204410e7b
all runs: OK
# git bisect good 3dcecbef3f38a8a49417088c9a5f5107a5675665
Bisecting: 158 revisions left to test after this (roughly 7 steps)
[63ca41519c830087f99a20658271bbc64d1030e0] mm: add merging after mremap resize

testing commit 63ca41519c830087f99a20658271bbc64d1030e0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ab64010a44bc90a5935cf37577ee0ab6a97465722b90233f8f45b97731f9eada
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 63ca41519c830087f99a20658271bbc64d1030e0
Bisecting: 79 revisions left to test after this (roughly 6 steps)
[5b465cb6a85ac9f01e58679d8d42c516bb7c3eef] mm/swap: optimise lru_add_drain_cpu()

testing commit 5b465cb6a85ac9f01e58679d8d42c516bb7c3eef
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0e19b4027d58cc2f6b6359b16d02f04b70fb48f8a60d5b48e764ab08c219fc32
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 5b465cb6a85ac9f01e58679d8d42c516bb7c3eef
Bisecting: 40 revisions left to test after this (roughly 5 steps)
[1725c19e5046da9268ac6c8d78423e1ee9e30c16] hugetlb: lazy page table copies in fork()

testing commit 1725c19e5046da9268ac6c8d78423e1ee9e30c16
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 935ba8e0453a4161e5b22a07f878ee9f05a144c56b61afa34bdeadf87fd64099
all runs: crashed: WARNING in folio_lruvec_lock_irqsave
# git bisect bad 1725c19e5046da9268ac6c8d78423e1ee9e30c16
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[3a25f065b3f475cad7dd2a393dbf23c68d5f32c6] mm-madvise-minor-cleanup-for-swapin_walk_pmd_entry-fix

testing commit 3a25f065b3f475cad7dd2a393dbf23c68d5f32c6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 20e02b5da1e3918d940a44ea1a354961aaed3dca8ea736a774b97ada07b734e4
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 3a25f065b3f475cad7dd2a393dbf23c68d5f32c6
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[12b55b7454bc87a2379c808d3b467b50f364c620] mm: lru: add VM_WARN_ON_ONCE_FOLIO to lru maintenance function

testing commit 12b55b7454bc87a2379c808d3b467b50f364c620
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 66db2d82a6baa1c41f687371cb3b80eddcf8aad7c900bc8691eeb90be8ea1e4b
all runs: OK
# git bisect good 12b55b7454bc87a2379c808d3b467b50f364c620
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[fc0232a0cb8e795595d68dbd13bc4441e93f9b74] mm-docs-fix-comments-that-mention-mem_hotplug_end-fix

testing commit fc0232a0cb8e795595d68dbd13bc4441e93f9b74
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 289fd4edccf0b7a97179a7ff54287c14a8b1492792e53e322291bb7578f97f12
all runs: crashed: WARNING in folio_lruvec_lock_irqsave
# git bisect bad fc0232a0cb8e795595d68dbd13bc4441e93f9b74
Bisecting: 2 revisions left to test after this (roughly 1 step)
[a5754930cf60e7a921799d2ae5def89c13dc3ce7] mm: rmap: simplify the hugetlb handling when unmapping or migration

testing commit a5754930cf60e7a921799d2ae5def89c13dc3ce7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f91389b6285884af1cb89a656ecd7789f3a9549da579117a67623f972b7b2b20
all runs: crashed: WARNING in folio_lruvec_lock_irqsave
# git bisect bad a5754930cf60e7a921799d2ae5def89c13dc3ce7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[cca700a8e695fbe4a647e3a509ac513f05d5740a] mm: lru: use lruvec lock to serialize memcg changes

testing commit cca700a8e695fbe4a647e3a509ac513f05d5740a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f1ef4cda5ccb1a52ed5819c641eb12cef697aa31d4a7cdc07d17acbab3c946c9
all runs: crashed: WARNING in folio_lruvec_lock_irqsave
# git bisect bad cca700a8e695fbe4a647e3a509ac513f05d5740a
cca700a8e695fbe4a647e3a509ac513f05d5740a is the first bad commit
commit cca700a8e695fbe4a647e3a509ac513f05d5740a
Author: Muchun Song <songmuchun@bytedance.com>
Date:   Tue Jun 21 20:56:58 2022 +0800

    mm: lru: use lruvec lock to serialize memcg changes
    
    As described by commit fc574c23558c ("mm/swap.c: serialize memcg changes
    in pagevec_lru_move_fn"), TestClearPageLRU() aims to serialize
    mem_cgroup_move_account() during pagevec_lru_move_fn().  Now
    folio_lruvec_lock*() has the ability to detect whether page memcg has been
    changed.  So we can use lruvec lock to serialize mem_cgroup_move_account()
    during pagevec_lru_move_fn().  This change is a partial revert of the
    commit fc574c23558c ("mm/swap.c: serialize memcg changes in
    pagevec_lru_move_fn").
    
    And pagevec_lru_move_fn() is more hot compare with
    mem_cgroup_move_account(), removing an atomic operation would be an
    optimization.  Also this change would not dirty cacheline for a page which
    isn't on the LRU.
    
    Link: https://lkml.kernel.org/r/20220621125658.64935-12-songmuchun@bytedance.com
    Signed-off-by: Muchun Song <songmuchun@bytedance.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michal Hocko <mhocko@kernel.org>
    Cc: Michal Koutný <mkoutny@suse.com>
    Cc: Roman Gushchin <roman.gushchin@linux.dev>
    Cc: Shakeel Butt <shakeelb@google.com>
    Cc: Waiman Long <longman@redhat.com>
    Cc: Xiongchun Duan <duanxiongchun@bytedance.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

 mm/memcontrol.c | 34 ++++++++++++++++++++++++++++++++++
 mm/swap.c       | 32 +++++++++++++++-----------------
 mm/vmscan.c     | 16 +++++++---------
 3 files changed, 56 insertions(+), 26 deletions(-)

culprit signature: f1ef4cda5ccb1a52ed5819c641eb12cef697aa31d4a7cdc07d17acbab3c946c9
parent  signature: 66db2d82a6baa1c41f687371cb3b80eddcf8aad7c900bc8691eeb90be8ea1e4b
revisions tested: 16, total time: 4h7m20.801228013s (build: 1h46m45.424798731s, test: 2h18m49.485828557s)
first bad commit: cca700a8e695fbe4a647e3a509ac513f05d5740a mm: lru: use lruvec lock to serialize memcg changes
recipients (to): ["akpm@linux-foundation.org" "akpm@linux-foundation.org" "linux-kernel@vger.kernel.org" "songmuchun@bytedance.com"]
recipients (cc): ["cgroups@vger.kernel.org" "hannes@cmpxchg.org" "linux-mm@kvack.org" "mhocko@kernel.org" "roman.gushchin@linux.dev" "shakeelb@google.com"]
crash: WARNING in folio_lruvec_lock_irqsave
 free_unref_page_prepare mm/page_alloc.c:3383 [inline]
 free_unref_page+0x19/0x580 mm/page_alloc.c:3480
 free_contig_range+0xb1/0x180 mm/page_alloc.c:9420
 destroy_args+0x7e/0x509 mm/debug_vm_pgtable.c:1031
 debug_vm_pgtable+0x1f57/0x1fdb mm/debug_vm_pgtable.c:1354
 do_one_initcall+0xbe/0x440 init/main.c:1297
 do_initcall_level init/main.c:1370 [inline]
 do_initcalls init/main.c:1386 [inline]
 do_basic_setup init/main.c:1405 [inline]
 kernel_init_freeable+0x5ab/0x605 init/main.c:1612
 kernel_init+0x14/0x130 init/main.c:1501
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4106 at include/linux/memcontrol.h:800 folio_lruvec include/linux/memcontrol.h:800 [inline]
WARNING: CPU: 1 PID: 4106 at include/linux/memcontrol.h:800 folio_lruvec_lock_irqsave+0x2fd/0x4f0 mm/memcontrol.c:1424
Modules linked in:
CPU: 1 PID: 4106 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:folio_lruvec include/linux/memcontrol.h:800 [inline]
RIP: 0010:folio_lruvec_lock_irqsave+0x2fd/0x4f0 mm/memcontrol.c:1424
Code: 1f 44 00 00 45 31 e4 80 3d 55 8f 21 0b 00 0f 85 01 fe ff ff 48 c7 c6 40 0b 19 89 4c 89 f7 e8 aa 65 e7 ff c6 05 39 8f 21 0b 01 <0f> 0b e9 e4 fd ff ff e8 67 51 f1 06 85 c0 0f 84 37 fd ff ff 80 3d
RSP: 0018:ffffc90002e2f360 EFLAGS: 00010286
RSP: 0018:ffffc90002e2f360 EFLAGS: 00010286
RAX: 0000000000000000 RBX: fffff94000251007 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801308800a
RBP: dffffc0000000000 R08: 0000000000000018 R09: ffff8880b9d2792b
R10: ffffed10173a4f25 R11: 0000000000000001 R12: 0000000000000000
R13: fffff94000251000 R14: ffffea0001288000 R15: 0000000000000000
FS:  00007f057ead2700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 0000000072d5e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 folio_lruvec_relock_irqsave include/linux/memcontrol.h:1666 [inline]
 folio_batch_move_lru+0xd9/0x450 mm/swap.c:242
 deactivate_file_folio+0x1ff/0x4c0 mm/swap.c:678
 invalidate_mapping_pagevec+0x2ad/0x470 mm/truncate.c:535
 drop_pagecache_sb+0xc5/0x240 fs/drop_caches.c:39
 iterate_supers+0x102/0x200 fs/super.c:694
 drop_caches_sysctl_handler+0x55/0x80 fs/drop_caches.c:62
 proc_sys_call_handler+0x3c9/0x580 fs/proc/proc_sysctl.c:611
 call_write_iter include/linux/fs.h:2059 [inline]
 do_iter_readv_writev+0x2b4/0x5b0 fs/read_write.c:742
 do_iter_write+0x124/0x620 fs/read_write.c:868
 iter_file_splice_write+0x598/0xaf0 fs/splice.c:689
 do_splice_from fs/splice.c:767 [inline]
 direct_splice_actor+0xfb/0x1c0 fs/splice.c:936
 splice_direct_to_actor+0x2dd/0x7c0 fs/splice.c:891
 do_splice_direct+0x148/0x250 fs/splice.c:979
 do_sendfile+0x90c/0x1100 fs/read_write.c:1262
 __do_sys_sendfile64 fs/read_write.c:1321 [inline]
 __se_sys_sendfile64 fs/read_write.c:1313 [inline]
 __x64_sys_sendfile64+0x11a/0x1d0 fs/read_write.c:1313
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f057d889109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f057ead2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f057d99bf60 RCX: 00007f057d889109
RDX: 0000000020002080 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007f057d8e305d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000262 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdbad3de4f R14: 00007f057ead2300 R15: 0000000000022000
 </TASK>