================================ WARNING: inconsistent lock state 6.4.0-syzkaller-01647-g6e2332e0ab53 #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor.1/10919 [HC0[0]:SC1[1]:HE0:SE0] takes: ffff88807ffdc728 (&pgdat->memcg_lru.lock){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline] ffff88807ffdc728 (&pgdat->memcg_lru.lock){+.?.}-{2:2}, at: lru_gen_rotate_memcg+0x64/0xab0 mm/vmscan.c:4734 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5761 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5726 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] lru_gen_online_memcg+0x16b/0x5a0 mm/vmscan.c:4782 mem_cgroup_css_online+0x227/0x3b0 mm/memcontrol.c:5468 online_css+0xaf/0x2a0 kernel/cgroup/cgroup.c:5462 cgroup_init_subsys+0x46b/0x900 kernel/cgroup/cgroup.c:5993 cgroup_init+0xb83/0x1090 kernel/cgroup/cgroup.c:6077 start_kernel+0x398/0x490 init/main.c:1066 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:556 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:537 secondary_startup_64_no_verify+0x167/0x16b irq event stamp: 214513 hardirqs last enabled at (214512): [] mod_memcg_state include/linux/memcontrol.h:982 [inline] hardirqs last enabled at (214512): [] memcg_account_kmem+0x4f/0x80 mm/memcontrol.c:3094 hardirqs last disabled at (214513): [] uncharge_batch+0x1c7/0x560 mm/memcontrol.c:7142 softirqs last enabled at (208108): [] invoke_softirq kernel/softirq.c:427 [inline] softirqs last enabled at (208108): [] __irq_exit_rcu kernel/softirq.c:632 [inline] softirqs last enabled at (208108): [] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 softirqs last disabled at (214477): [] invoke_softirq kernel/softirq.c:427 [inline] softirqs last disabled at (214477): [] __irq_exit_rcu kernel/softirq.c:632 [inline] softirqs last disabled at (214477): [] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&pgdat->memcg_lru.lock); lock(&pgdat->memcg_lru.lock); *** DEADLOCK *** 4 locks held by syz-executor.1/10919: #0: ffff888023da4b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: do_writepages+0x1a8/0x640 mm/page-writeback.c:2551 #1: ffff888023aa2990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfb4/0x14e0 fs/jbd2/transaction.c:461 #2: ffffffff8c795a00 (rcu_read_lock){....}-{1:2}, at: folio_clear_dirty_for_io+0x160/0x770 mm/page-writeback.c:2915 #3: ffffffff8c7958e0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2124 [inline] #3: ffffffff8c7958e0 (rcu_callback){....}-{0:0}, at: rcu_core+0x78d/0x1c10 kernel/rcu/tree.c:2399 stack backtrace: CPU: 0 PID: 10919 Comm: syz-executor.1 Not tainted 6.4.0-syzkaller-01647-g6e2332e0ab53 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3978 [inline] valid_state kernel/locking/lockdep.c:4020 [inline] mark_lock_irq kernel/locking/lockdep.c:4223 [inline] mark_lock.part.0+0x1102/0x1960 kernel/locking/lockdep.c:4685 mark_lock kernel/locking/lockdep.c:4649 [inline] mark_usage kernel/locking/lockdep.c:4574 [inline] __lock_acquire+0x1231/0x5e20 kernel/locking/lockdep.c:5098 lock_acquire kernel/locking/lockdep.c:5761 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5726 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] lru_gen_rotate_memcg+0x64/0xab0 mm/vmscan.c:4734 lru_gen_soft_reclaim+0x62/0x70 mm/vmscan.c:4837 uncharge_batch+0x2be/0x560 mm/memcontrol.c:7145 __mem_cgroup_uncharge+0x11f/0x290 mm/memcontrol.c:7221 mem_cgroup_uncharge include/linux/memcontrol.h:698 [inline] __folio_put_small mm/swap.c:105 [inline] __folio_put+0xb6/0x140 mm/swap.c:129 folio_put include/linux/mm.h:1430 [inline] put_page include/linux/mm.h:1499 [inline] free_page_and_swap_cache+0x257/0x2c0 mm/swap_state.c:305 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline] __tlb_remove_table_free mm/mmu_gather.c:153 [inline] tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:208 rcu_do_batch kernel/rcu/tree.c:2135 [inline] rcu_core+0x802/0x1c10 kernel/rcu/tree.c:2399 __do_softirq+0x1d4/0x905 kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1109 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:percpu_counter_add_batch+0x175/0x1e0 lib/percpu_counter.c:103 Code: 89 ee e8 ae e5 44 fd 48 85 ed 75 53 e8 64 e9 44 fd 31 ff 48 89 de e8 9a e5 44 fd 48 85 db 74 06 e8 50 e9 44 fd fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 3c e9 44 fd e8 37 e9 44 fd 65 45 RSP: 0000:ffffc9000ff97288 EFLAGS: 00000286 RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000 RDX: ffff88805b8e9b00 RSI: ffffffff843edf80 RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000200 R11: 0000000000000001 R12: fffffffffffffffa R13: ffffffffffffffff R14: 0000607e920671fc R15: ffff888022988158 wb_stat_mod include/linux/backing-dev.h:68 [inline] folio_clear_dirty_for_io+0x4e3/0x770 mm/page-writeback.c:2930 mpage_submit_folio+0x80/0x350 fs/ext4/inode.c:1870 mpage_map_and_submit_buffers+0x574/0xaf0 fs/ext4/inode.c:2135 mpage_map_and_submit_extent fs/ext4/inode.c:2275 [inline] ext4_do_writepages+0x196f/0x3290 fs/ext4/inode.c:2703 ext4_writepages+0x304/0x770 fs/ext4/inode.c:2792 do_writepages+0x1a8/0x640 mm/page-writeback.c:2551 filemap_fdatawrite_wbc mm/filemap.c:390 [inline] filemap_fdatawrite_wbc+0x147/0x1b0 mm/filemap.c:380 __filemap_fdatawrite_range+0xb8/0xf0 mm/filemap.c:423 ext4_alloc_da_blocks+0x1e8/0x270 fs/ext4/inode.c:3056 ext4_release_file+0x178/0x360 fs/ext4/file.c:169 __fput+0x40c/0xad0 fs/file_table.c:378 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xaa3/0x29b0 kernel/exit.c:874 do_group_exit+0xd4/0x2a0 kernel/exit.c:1024 get_signal+0x2318/0x25b0 kernel/signal.c:2876 arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:308 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204 irqentry_exit_to_user_mode+0x9/0x40 kernel/entry/common.c:310 exc_page_fault+0xc0/0x170 arch/x86/mm/fault.c:1593 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0033:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 002b:00000000200003c8 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007fa2e9dabf80 RCX: 00007fa2e9c8c389 RDX: 0000000020000440 RSI: 00000000200003c0 RDI: 0000000001000000 RBP: 00007fa2e9cd7493 R08: 00000000200004c0 R09: 00000000200004c0 R10: 0000000020000480 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ffe348642bf R14: 00007fa2ea9a1300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 89 ee mov %ebp,%esi 2: e8 ae e5 44 fd callq 0xfd44e5b5 7: 48 85 ed test %rbp,%rbp a: 75 53 jne 0x5f c: e8 64 e9 44 fd callq 0xfd44e975 11: 31 ff xor %edi,%edi 13: 48 89 de mov %rbx,%rsi 16: e8 9a e5 44 fd callq 0xfd44e5b5 1b: 48 85 db test %rbx,%rbx 1e: 74 06 je 0x26 20: e8 50 e9 44 fd callq 0xfd44e975 25: fb sti 26: 48 83 c4 18 add $0x18,%rsp * 2a: 5b pop %rbx <-- trapping instruction 2b: 5d pop %rbp 2c: 41 5c pop %r12 2e: 41 5d pop %r13 30: 41 5e pop %r14 32: 41 5f pop %r15 34: e9 3c e9 44 fd jmpq 0xfd44e975 39: e8 37 e9 44 fd callq 0xfd44e975 3e: 65 gs 3f: 45 rex.RB