[syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    0f853ca2a798 Add linux-next specific files for 20260113
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7259a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d6e5303d96e21b5
dashboard link: https://syzkaller.appspot.com/bug?extid=079a3b213add54dd18a7
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=167ef922580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16d295fa580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/480cd223f3f6/disk-0f853ca2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1ca2f0dbb7cc/vmlinux-0f853ca2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/60a0fef5805b/bzImage-0f853ca2.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: mm/memcontrol-v1.c:642 at memcg1_swapout+0x6c2/0x8d0 mm/memcontrol-v1.c:642, CPU#0: syz.4.233/6746
Modules linked in:
CPU: 0 UID: 0 PID: 6746 Comm: syz.4.233 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:memcg1_swapout+0x6c2/0x8d0 mm/memcontrol-v1.c:642
Code: 6d 5d 0d 00 0f 85 01 fa ff ff 48 89 df 48 c7 c6 a0 c3 98 8b e8 bf 8c f8 fe c6 05 77 6d 5d 0d 01 90 0f 0b 90 e9 e2 f9 ff ff 90 <0f> 0b 90 e9 eb fb ff ff 90 0f 0b 90 41 80 3c 2e 00 0f 85 d5 fe ff
RSP: 0018:ffffc9000bbae718 EFLAGS: 00010002
RAX: 0000000000000004 RBX: ffffea00017e9100 RCX: ffff888021f5c150
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9000b59b404
RBP: dffffc0000000000 R08: ffffc9000b59b407 R09: 1ffff920016b3680
R10: dffffc0000000000 R11: fffff520016b3681 R12: ffffea00017e9108
R13: 1ffffd40002fd220 R14: 1ffffd40002fd221 R15: ffff88805398b178
FS:  00007fdd6c81a6c0(0000) GS:ffff888125bf7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000009a000 CR3: 0000000075930000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __remove_mapping+0xac5/0xe30 mm/vmscan.c:764
 shrink_folio_list+0x28d8/0x5320 mm/vmscan.c:1542
 reclaim_folio_list+0xeb/0x4e0 mm/vmscan.c:2222
 reclaim_pages+0x454/0x520 mm/vmscan.c:2259
 madvise_cold_or_pageout_pte_range+0x19a0/0x1ce0 mm/madvise.c:563
 walk_pmd_range mm/pagewalk.c:130 [inline]
 walk_pud_range mm/pagewalk.c:224 [inline]
 walk_p4d_range mm/pagewalk.c:262 [inline]
 walk_pgd_range+0x1037/0x1d30 mm/pagewalk.c:303
 __walk_page_range+0x14c/0x710 mm/pagewalk.c:410
 walk_page_range_vma_unsafe+0x34c/0x400 mm/pagewalk.c:714
 madvise_pageout_page_range mm/madvise.c:622 [inline]
 madvise_pageout mm/madvise.c:647 [inline]
 madvise_vma_behavior+0x30c7/0x4420 mm/madvise.c:1366
 madvise_walk_vmas+0x575/0xaf0 mm/madvise.c:1721
 madvise_do_behavior+0x38e/0x550 mm/madvise.c:1937
 do_madvise+0x1bc/0x270 mm/madvise.c:2030
 __do_sys_madvise mm/madvise.c:2039 [inline]
 __se_sys_madvise mm/madvise.c:2037 [inline]
 __x64_sys_madvise+0xa7/0xc0 mm/madvise.c:2037
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdd6b98f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdd6c81a038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fdd6bbe5fa0 RCX: 00007fdd6b98f749
RDX: 0000000000000015 RSI: 0000000000600000 RDI: 0000200000000000
RBP: 00007fdd6ba13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdd6bbe6038 R14: 00007fdd6bbe5fa0 R15: 00007ffcd3996008
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Andrew Morton]

On Sat, 17 Jan 2026 01:30:25 -0800 syzbot <syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    0f853ca2a798 Add linux-next specific files for 20260113
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=14f7259a580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8d6e5303d96e21b5
> dashboard link: https://syzkaller.appspot.com/bug?extid=079a3b213add54dd18a7
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=167ef922580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16d295fa580000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/480cd223f3f6/disk-0f853ca2.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/1ca2f0dbb7cc/vmlinux-0f853ca2.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/60a0fef5805b/bzImage-0f853ca2.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com

Thanks.

> ------------[ cut here ]------------
> WARNING: mm/memcontrol-v1.c:642 at memcg1_swapout+0x6c2/0x8d0 mm/memcontrol-v1.c:642, CPU#0: syz.4.233/6746

That's

	VM_WARN_ON_ONCE(oldid != 0);

which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
swap_cgroup_record".

This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
which is six years old.  For some reason it has no cc:stable.

Deepanshu's patch has no reviews.

So can I please do the memcg maintainer summoning dance here?  We have a
repeatable BUG happening in mainline Linux.

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Deepanshu Kartikey]

On Sun, Jan 18, 2026 at 6:27 AM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Sat, 17 Jan 2026 01:30:25 -0800 syzbot <syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com> wrote:
>
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    0f853ca2a798 Add linux-next specific files for 20260113
> > git tree:       linux-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14f7259a580000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=8d6e5303d96e21b5
> > dashboard link: https://syzkaller.appspot.com/bug?extid=079a3b213add54dd18a7
> > compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=167ef922580000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16d295fa580000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/480cd223f3f6/disk-0f853ca2.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/1ca2f0dbb7cc/vmlinux-0f853ca2.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/60a0fef5805b/bzImage-0f853ca2.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com
>
> Thanks.
>
> > ------------[ cut here ]------------
> > WARNING: mm/memcontrol-v1.c:642 at memcg1_swapout+0x6c2/0x8d0 mm/memcontrol-v1.c:642, CPU#0: syz.4.233/6746
>
> That's
>
>         VM_WARN_ON_ONCE(oldid != 0);
>
> which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> swap_cgroup_record".
>
> This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
> which is six years old.  For some reason it has no cc:stable.
>
> Deepanshu's patch has no reviews.
>
> So can I please do the memcg maintainer summoning dance here?  We have a
> repeatable BUG happening in mainline Linux.
>

Hi Andrew,

I checked the git blame output for commit 0f853ca2a798:

Line 763: memcg1_swapout(folio, swap);
Line 764: __swap_cache_del_folio(ci, folio, swap, shadow);
                    (d7a7b2f91f36b - Kairui Song, 2026-01-13 02:33:36 +0800)

Kairui's reordering patch appears to have been merged on Jan 13.
The syzbot report is also from Jan 13, likely from earlier in the
day before the reordering patch was merged.

So this report is from before the fix. The warning should not appear
in linux-next builds after Jan 13.

Thanks,

Deepanshu

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Deepanshu Kartikey]

On Sun, Jan 18, 2026 at 9:51 AM Deepanshu Kartikey
<kartikey406@gmail.com> wrote:
>
> On Sun, Jan 18, 2026 at 6:27 AM Andrew Morton <akpm@linux-foundation.org> wrote:
> >
> > On Sat, 17 Jan 2026 01:30:25 -0800 syzbot <syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com> wrote:
> >
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit:    0f853ca2a798 Add linux-next specific files for 20260113
> > > git tree:       linux-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=14f7259a580000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=8d6e5303d96e21b5
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=079a3b213add54dd18a7
> > > compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=167ef922580000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16d295fa580000
> > >
> > > Downloadable assets:
> > > disk image: https://storage.googleapis.com/syzbot-assets/480cd223f3f6/disk-0f853ca2.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/1ca2f0dbb7cc/vmlinux-0f853ca2.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/60a0fef5805b/bzImage-0f853ca2.xz
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+079a3b213add54dd18a7@syzkaller.appspotmail.com
> >
> > Thanks.
> >
> > > ------------[ cut here ]------------
> > > WARNING: mm/memcontrol-v1.c:642 at memcg1_swapout+0x6c2/0x8d0 mm/memcontrol-v1.c:642, CPU#0: syz.4.233/6746
> >
> > That's
> >
> >         VM_WARN_ON_ONCE(oldid != 0);
> >
> > which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> > swap_cgroup_record".
> >
> > This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
> > which is six years old.  For some reason it has no cc:stable.
> >
> > Deepanshu's patch has no reviews.
> >
> > So can I please do the memcg maintainer summoning dance here?  We have a
> > repeatable BUG happening in mainline Linux.
> >
>
> Hi Andrew,
>
> I checked the git blame output for commit 0f853ca2a798:
>
> Line 763: memcg1_swapout(folio, swap);
> Line 764: __swap_cache_del_folio(ci, folio, swap, shadow);
>                     (d7a7b2f91f36b - Kairui Song, 2026-01-13 02:33:36 +0800)
>
> Kairui's reordering patch appears to have been merged on Jan 13.
> The syzbot report is also from Jan 13, likely from earlier in the
> day before the reordering patch was merged.
>
> So this report is from before the fix. The warning should not appear
> in linux-next builds after Jan 13.
>
> Thanks,
>
> Deepanshu

Hi Andrew,

I tested with the latest linux-next in sysbot. It is working fine

Thanks

Deepanshu

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Andrew Morton]

On Sun, 18 Jan 2026 12:31:43 +0530 Deepanshu Kartikey <kartikey406@gmail.com> wrote:

> > >
> > > That's
> > >
> > >         VM_WARN_ON_ONCE(oldid != 0);
> > >
> > > which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> > > swap_cgroup_record".
> > >
> > > This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
> > > which is six years old.  For some reason it has no cc:stable.
> > >
> > > Deepanshu's patch has no reviews.
> > >
> > > So can I please do the memcg maintainer summoning dance here?  We have a
> > > repeatable BUG happening in mainline Linux.
> > >
> >
> > Hi Andrew,
> >
> > I checked the git blame output for commit 0f853ca2a798:
> >
> > Line 763: memcg1_swapout(folio, swap);
> > Line 764: __swap_cache_del_folio(ci, folio, swap, shadow);
> >                     (d7a7b2f91f36b - Kairui Song, 2026-01-13 02:33:36 +0800)
> >
> > Kairui's reordering patch appears to have been merged on Jan 13.

Eek, there are many patches, it helps to identify them carefully.

I think you're referring to
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-swap-use-swap-cache-as-the-swap-in-synchronize-layer-fix.patch

> > The syzbot report is also from Jan 13, likely from earlier in the
> > day before the reordering patch was merged.
> >
> > So this report is from before the fix. The warning should not appear
> > in linux-next builds after Jan 13.
> >
> > Thanks,
> >
> > Deepanshu
> 
> Hi Andrew,
> 
> I tested with the latest linux-next in sysbot. It is working fine

Great, thanks.  But we still don't have review for this one.

For some reason I don't have cc:stable on this - could people
make a recommendation?



From: Deepanshu Kartikey <kartikey406@gmail.com>
Subject: mm/swap_cgroup: fix kernel BUG in swap_cgroup_record
Date: Sat, 10 Jan 2026 12:16:13 +0530

When using MADV_PAGEOUT, pages can remain in swapcache with their swap
entries assigned.  If MADV_PAGEOUT is called again on these pages, they
reuse the same swap entries, causing memcg1_swapout() to call
swap_cgroup_record() with an already-recorded entry.

The existing code assumes swap entries are always being recorded for the
first time (oldid == 0), triggering VM_BUG_ON when it encounters an
already-recorded entry:

  ------------[ cut here ]------------
  kernel BUG at mm/swap_cgroup.c:78!
  Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
  CPU: 0 UID: 0 PID: 6176 Comm: syz.0.30 Not tainted
  RIP: 0010:swap_cgroup_record+0x19c/0x1c0 mm/swap_cgroup.c:78
  Call Trace:
   memcg1_swapout+0x2fa/0x830 mm/memcontrol-v1.c:623
   __remove_mapping+0xac5/0xe30 mm/vmscan.c:773
   shrink_folio_list+0x2786/0x4f40 mm/vmscan.c:1528
   reclaim_folio_list+0xeb/0x4e0 mm/vmscan.c:2208
   reclaim_pages+0x454/0x520 mm/vmscan.c:2245
   madvise_cold_or_pageout_pte_range+0x19a0/0x1ce0 mm/madvise.c:563
   ...
   do_madvise+0x1bc/0x270 mm/madvise.c:2030
   __do_sys_madvise mm/madvise.c:2039

This bug occurs because pages in swapcache can be targeted by MADV_PAGEOUT
multiple times without being swapped in between.  Each time, the same swap
entry is reused, but swap_cgroup_record() expects to only record new,
unused entries.

Fix this by checking if the swap entry already has the correct cgroup ID
recorded before attempting to record it.  Use the existing
lookup_swap_cgroup_id() to read the current cgroup ID, and return early
from memcg1_swapout() if the entry is already correctly recorded.  Only
call swap_cgroup_record() when the entry needs to be set or updated.

This approach avoids unnecessary atomic operations, reference count
manipulations, and statistics updates when the entry is already correct.

Link: https://syzkaller.appspot.com/bug?extid=d97580a8cceb9b03c13e
Link: https://lkml.kernel.org/r/20260110064613.606532-1-kartikey406@gmail.com
Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT")
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Reported-by: syzbot+d97580a8cceb9b03c13e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d97580a8cceb9b03c13e
Tested-by: syzbot+d97580a8cceb9b03c13e@syzkaller.appspotmail.com
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Shakeel Butt <shakeel.butt@linux.dev>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memcontrol-v1.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

--- a/mm/memcontrol-v1.c~mm-swap_cgroup-fix-kernel-bug-in-swap_cgroup_record
+++ a/mm/memcontrol-v1.c
@@ -592,6 +592,7 @@ void memcg1_swapout(struct folio *folio,
 {
 	struct mem_cgroup *memcg, *swap_memcg;
 	unsigned int nr_entries;
+	unsigned short oldid;
 
 	VM_BUG_ON_FOLIO(folio_test_lru(folio), folio);
 	VM_BUG_ON_FOLIO(folio_ref_count(folio), folio);
@@ -609,6 +610,16 @@ void memcg1_swapout(struct folio *folio,
 		return;
 
 	/*
+	 * Check if this swap entry is already recorded. This can happen
+	 * when MADV_PAGEOUT is called multiple times on pages that remain
+	 * in swapcache, reusing the same swap entries.
+	 */
+	oldid = lookup_swap_cgroup_id(entry);
+	if (oldid == mem_cgroup_id(memcg))
+		return;
+	VM_WARN_ON_ONCE(oldid != 0);
+
+	/*
 	 * In case the memcg owning these pages has been offlined and doesn't
 	 * have an ID allocated to it anymore, charge the closest online
 	 * ancestor for the swap instead and transfer the memory+swap charge.
_

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Shakeel Butt]

On Sun, Jan 18, 2026 at 12:53:11PM -0800, Andrew Morton wrote:
> On Sun, 18 Jan 2026 12:31:43 +0530 Deepanshu Kartikey <kartikey406@gmail.com> wrote:
> 
> > > >
> > > > That's
> > > >
> > > >         VM_WARN_ON_ONCE(oldid != 0);
> > > >
> > > > which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> > > > swap_cgroup_record".
> > > >
> > > > This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
> > > > which is six years old.  For some reason it has no cc:stable.
> > > >
> > > > Deepanshu's patch has no reviews.
> > > >
> > > > So can I please do the memcg maintainer summoning dance here?  We have a
> > > > repeatable BUG happening in mainline Linux.
> > > >
> > >
> > > Hi Andrew,
> > >
> > > I checked the git blame output for commit 0f853ca2a798:
> > >
> > > Line 763: memcg1_swapout(folio, swap);
> > > Line 764: __swap_cache_del_folio(ci, folio, swap, shadow);
> > >                     (d7a7b2f91f36b - Kairui Song, 2026-01-13 02:33:36 +0800)
> > >
> > > Kairui's reordering patch appears to have been merged on Jan 13.
> 
> Eek, there are many patches, it helps to identify them carefully.
> 
> I think you're referring to
> https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-swap-use-swap-cache-as-the-swap-in-synchronize-layer-fix.patch
> 
> > > The syzbot report is also from Jan 13, likely from earlier in the
> > > day before the reordering patch was merged.
> > >
> > > So this report is from before the fix. The warning should not appear
> > > in linux-next builds after Jan 13.
> > >
> > > Thanks,
> > >
> > > Deepanshu
> > 
> > Hi Andrew,
> > 
> > I tested with the latest linux-next in sysbot. It is working fine
> 
> Great, thanks.  But we still don't have review for this one.
> 
> For some reason I don't have cc:stable on this - could people
> make a recommendation?
> 

I will get to this in couple of days (hopefully sooner). I think
Johannes was looking into this as well.

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Johannes Weiner]

On Sun, Jan 18, 2026 at 12:53:11PM -0800, Andrew Morton wrote:
> On Sun, 18 Jan 2026 12:31:43 +0530 Deepanshu Kartikey <kartikey406@gmail.com> wrote:
> 
> > > >
> > > > That's
> > > >
> > > >         VM_WARN_ON_ONCE(oldid != 0);
> > > >
> > > > which was added by Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> > > > swap_cgroup_record".
> > > >
> > > > This patch has Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT"),
> > > > which is six years old.  For some reason it has no cc:stable.
> > > >
> > > > Deepanshu's patch has no reviews.
> > > >
> > > > So can I please do the memcg maintainer summoning dance here?  We have a
> > > > repeatable BUG happening in mainline Linux.
> > > >
> > >
> > > Hi Andrew,
> > >
> > > I checked the git blame output for commit 0f853ca2a798:
> > >
> > > Line 763: memcg1_swapout(folio, swap);
> > > Line 764: __swap_cache_del_folio(ci, folio, swap, shadow);
> > >                     (d7a7b2f91f36b - Kairui Song, 2026-01-13 02:33:36 +0800)
> > >
> > > Kairui's reordering patch appears to have been merged on Jan 13.
> 
> Eek, there are many patches, it helps to identify them carefully.
> 
> I think you're referring to
> https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-swap-use-swap-cache-as-the-swap-in-synchronize-layer-fix.patch

This was supposed to be the replacement for Deepanshu's patch below.

> > > The syzbot report is also from Jan 13, likely from earlier in the
> > > day before the reordering patch was merged.
> > >
> > > So this report is from before the fix. The warning should not appear
> > > in linux-next builds after Jan 13.
> > >
> > > Thanks,
> > >
> > > Deepanshu
> > 
> > Hi Andrew,
> > 
> > I tested with the latest linux-next in sysbot. It is working fine
> 
> Great, thanks.  But we still don't have review for this one.

IOW, this is not necessary anymore. Kairui's (cc'd) fix which you
picked up fixed the syzbot reported problem.

> For some reason I don't have cc:stable on this - could people
> make a recommendation?

So this:

> From: Deepanshu Kartikey <kartikey406@gmail.com>
> Subject: mm/swap_cgroup: fix kernel BUG in swap_cgroup_record

can be dropped.

Please correct if I'm wrong.

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Andrew Morton]

On Wed, 21 Jan 2026 09:58:42 -0500 Johannes Weiner <hannes@cmpxchg.org> wrote:

> > > I tested with the latest linux-next in sysbot. It is working fine
> > 
> > Great, thanks.  But we still don't have review for this one.
> 
> IOW, this is not necessary anymore. Kairui's (cc'd) fix which you
> picked up fixed the syzbot reported problem.
> 
> > For some reason I don't have cc:stable on this - could people
> > make a recommendation?
> 
> So this:
> 
> > From: Deepanshu Kartikey <kartikey406@gmail.com>
> > Subject: mm/swap_cgroup: fix kernel BUG in swap_cgroup_record
> 
> can be dropped.
> 

OK, thanks, I'll drop Deepanshu's "mm/swap_cgroup: fix kernel BUG in
swap_cgroup_record".  I understand that Kairui's
mm-swap-use-swap-cache-as-the-swap-in-synchronize-layer-fix
(https://lkml.kernel.org/r/CAMgjq7CGUnzOVG7uSaYjzw9wD7w2dSKOHprJfaEp4CcGLgE3iw@mail.gmail.com)
has addressed this mm-unstable issue.


However Deepanshu's "mm/swap_cgroup: fix kernel BUG in
swap_cgroup_record" has

	Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT")

Which I assume was mistaken?

Re: [syzbot] [cgroups?] [mm?] WARNING in memcg1_swapout

[Johannes Weiner]

On Wed, Jan 21, 2026 at 08:35:26AM -0800, Andrew Morton wrote:
> On Wed, 21 Jan 2026 09:58:42 -0500 Johannes Weiner <hannes@cmpxchg.org> wrote:
> 
> > > > I tested with the latest linux-next in sysbot. It is working fine
> > > 
> > > Great, thanks.  But we still don't have review for this one.
> > 
> > IOW, this is not necessary anymore. Kairui's (cc'd) fix which you
> > picked up fixed the syzbot reported problem.
> > 
> > > For some reason I don't have cc:stable on this - could people
> > > make a recommendation?
> > 
> > So this:
> > 
> > > From: Deepanshu Kartikey <kartikey406@gmail.com>
> > > Subject: mm/swap_cgroup: fix kernel BUG in swap_cgroup_record
> > 
> > can be dropped.
> > 
> 
> OK, thanks, I'll drop Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> swap_cgroup_record".  I understand that Kairui's
> mm-swap-use-swap-cache-as-the-swap-in-synchronize-layer-fix
> (https://lkml.kernel.org/r/CAMgjq7CGUnzOVG7uSaYjzw9wD7w2dSKOHprJfaEp4CcGLgE3iw@mail.gmail.com)
> has addressed this mm-unstable issue.

Yes.

> However Deepanshu's "mm/swap_cgroup: fix kernel BUG in
> swap_cgroup_record" has
> 
> 	Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT")
> 
> Which I assume was mistaken?

Yes, this appeared to be a misdiagnosis of the bug sequence.
MADV_PAGEOUT was in the stacktrace, but not the culprit.