BACKPORT: mm: remove folio from deferred split list before uncharging it

When freeing a large folio, we must remove it from the deferred split list
before we uncharge it as each memcg has its own deferred split list (with
associated lock) and removing a folio from the deferred split list while
holding the wrong lock will corrupt that list and cause various related
problems.

Link: https://lore.kernel.org/linux-mm/367a14f7-340e-4b29-90ae-bc3fcefdd5f4@arm.com/
Link: https://lkml.kernel.org/r/20240311191835.312162-1-willy@infradead.org
Fixes: f77171d241e3 (mm: allow non-hugetlb large folios to be batch processed)
Fixes: 29f3843026cf (mm: free folios directly in move_folios_to_lru())
Fixes: bc2ff4cbc329 (mm: free folios in a batch in shrink_folio_list())
Change-Id: I012dfb4c33678bb1e8a546a6dc78a0227858aa5b
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Debugged-by: Ryan Roberts <ryan.roberts@arm.com>
Tested-by: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 47932e7048df9156e96133ee90fb3e9df68dbd15)
[ Drop changes to shrink_folio_list() and move_folios_to_lru() in
  mm/vmscan.c since they both call destroy_large_folio() which removes
  the folio from the deferred split list - Kalesh Singh ]
[ Use folio_unqueue_deferred_split() instead of
  folio_undo_large_unmappable(); which also performs the necessary large
  folio checks - Kalesh Singh ]
Bug: 419599659
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>

mm/swap.c

@@ -1019,6 +1019,7 @@ void folios_put_refs(struct folio_batch *folios, unsigned int *refs)
 			continue;
 		}
 
+		folio_unqueue_deferred_split(folio);
 		__page_cache_release(folio, &lruvec, &flags);
 
 		if (j != i)