ci starts bisection 2023-02-24 19:21:05.666163608 +0000 UTC m=+19789.868741527
bisecting fixing commit since 948ef7bb70c4acaf74d87420ea3a1190862d4548
building syzkaller on 9dfcf09cf38eb123a007af28c5ee2562718893a0
ensuring issue is reproducible on original commit 948ef7bb70c4acaf74d87420ea3a1190862d4548

testing commit 948ef7bb70c4acaf74d87420ea3a1190862d4548 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3ef5d81ac1c487e864c2a9d305ad634d76dcffe4b07a9c45e7291967e95fb76b
all runs: crashed: kernel BUG in workingset_activation
testing current HEAD d2980d8d826554fa6981d621e569a453787472f8
testing commit d2980d8d826554fa6981d621e569a453787472f8 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1cf7fc18d67e0e364579f824ee470f41890cca98a3778b3b6d2b2f3987a5626b
all runs: crashed: kernel BUG in workingset_activation
revisions tested: 2, total time: 25m26.083896513s (build: 18m2.65102896s, test: 6m30.827096286s)
the crash still happens on HEAD
commit msg: Merge tag 'mm-nonmm-stable-2023-02-20-15-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
crash: kernel BUG in workingset_activation
 free_unref_page_prepare mm/page_alloc.c:3387 [inline]
 free_unref_page+0x1d/0x490 mm/page_alloc.c:3482
 __unfreeze_partials+0x17c/0x1a0 mm/slub.c:2637
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x192/0x220 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:186 [inline]
 slab_post_alloc_hook mm/slab.h:769 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 kmem_cache_alloc_node+0x183/0x350 mm/slub.c:3497
 __alloc_skb+0x1ce/0x280 net/core/skbuff.c:598
 alloc_skb include/linux/skbuff.h:1277 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1211 [inline]
 netlink_sendmsg+0x813/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:722 [inline]
 sock_sendmsg+0xc0/0x150 net/socket.c:745
 __sys_sendto+0x1bf/0x290 net/socket.c:2145
 __do_sys_sendto net/socket.c:2157 [inline]
 __se_sys_sendto net/socket.c:2153 [inline]
 __x64_sys_sendto+0xdc/0x1b0 net/socket.c:2153
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
------------[ cut here ]------------
kernel BUG at include/linux/memcontrol.h:455!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5576 Comm: syz-executor.0 Not tainted 6.2.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
RIP: 0010:folio_memcg_rcu include/linux/memcontrol.h:455 [inline]
RIP: 0010:workingset_activation+0x3ae/0x480 mm/workingset.c:523
Code: 48 89 04 24 e8 d3 0e 00 00 c6 05 4f d0 a5 0b 01 0f 0b 48 8b 04 24 e9 ab fd ff ff 48 c7 c6 60 91 76 89 48 89 ef e8 b2 0e 00 00 <0f> 0b 0f 0b e9 fa fc ff ff 48 c7 c6 20 92 76 89 48 89 ef e8 9a 0e
RSP: 0018:ffffc90004c6f700 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea00007e7a00 RCX: ffffc90004c6f5d8
RDX: 1ffff110054eb145 RSI: ffffffff896b9900 RDI: ffffffff89c2aba0
RBP: ffffea00007e7a00 R08: 0000000000000001 R09: ffffffff8d652e97
R10: fffffbfff1aca5d2 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b9a36cc0 R14: 0000000000000003 R15: ffff8880b9a36cf0
FS:  0000555555cff400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055cfe21d2950 CR3: 000000001e7ea000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 folio_mark_accessed+0x498/0x6b0 mm/swap.c:485
 handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:626 [inline]
 handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:510 [inline]
 __handle_changed_spte+0x76a/0x1230 arch/x86/kvm/mmu/tdp_mmu.c:617
 handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:624 [inline]
 handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:510 [inline]
 __handle_changed_spte+0x75a/0x1230 arch/x86/kvm/mmu/tdp_mmu.c:617
 __tdp_mmu_set_spte+0x14a/0x7a0 arch/x86/kvm/mmu/tdp_mmu.c:749
 _tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:765 [inline]
 tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:774 [inline]
 __tdp_mmu_zap_root+0x40d/0x470 arch/x86/kvm/mmu/tdp_mmu.c:880
 tdp_mmu_zap_root+0xe2/0x250 arch/x86/kvm/mmu/tdp_mmu.c:916
 kvm_tdp_mmu_zap_all+0xe4/0x120 arch/x86/kvm/mmu/tdp_mmu.c:1020
 kvm_mmu_zap_all+0x1ec/0x250 arch/x86/kvm/mmu/mmu.c:6557
 kvm_flush_shadow_all arch/x86/kvm/../../../virt/kvm/kvm_main.c:383 [inline]
 kvm_mmu_notifier_release+0x5c/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:895
 mmu_notifier_unregister+0x116/0x350 mm/mmu_notifier.c:838
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1304 [inline]
 kvm_put_kvm+0x385/0xab0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1352
 kvm_vcpu_release+0x4d/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3851
 __fput+0x1fa/0x9a0 fs/file_table.c:321
 task_work_run+0x12f/0x220 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f027423df7b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007fffaf133110 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f027423df7b
RDX: 00007f0273e00688 RSI: ffffffffffffffff RDI: 0000000000000006
RBP: 00007f02743ad980 R08: 0000000000000000 R09: 00007f0273e00000
R10: 00007f0273e00690 R11: 0000000000000293 R12: 0000000000010b89
R13: 00007fffaf133210 R14: 00007f02743abf80 R15: 0000000000000032
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_memcg_rcu include/linux/memcontrol.h:455 [inline]
RIP: 0010:workingset_activation+0x3ae/0x480 mm/workingset.c:523
Code: 48 89 04 24 e8 d3 0e 00 00 c6 05 4f d0 a5 0b 01 0f 0b 48 8b 04 24 e9 ab fd ff ff 48 c7 c6 60 91 76 89 48 89 ef e8 b2 0e 00 00 <0f> 0b 0f 0b e9 fa fc ff ff 48 c7 c6 20 92 76 89 48 89 ef e8 9a 0e
RSP: 0018:ffffc90004c6f700 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea00007e7a00 RCX: ffffc90004c6f5d8
RDX: 1ffff110054eb145 RSI: ffffffff896b9900 RDI: ffffffff89c2aba0
RBP: ffffea00007e7a00 R08: 0000000000000001 R09: ffffffff8d652e97
R10: fffffbfff1aca5d2 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b9a36cc0 R14: 0000000000000003 R15: ffff8880b9a36cf0
FS:  0000555555cff400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055cfe21d2950 CR3: 000000001e7ea000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400