===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:2/31 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff997fc730 (&p->sequence){+.-.}-{0:0}, at: __fprop_add_percpu_max+0x10d/0x210 lib/flex_proportions.c:186 and this task is already holding: ffff888051064240 (&xa->xa_lock#12){-...}-{3:3}, at: __folio_end_writeback+0x1da/0x950 mm/page-writeback.c:2996 which would create a new lock dependency: (&xa->xa_lock#12){-...}-{3:3} -> (&p->sequence){+.-.}-{0:0} but this new dependency connects a HARDIRQ-irq-safe lock: (&xa->xa_lock#12){-...}-{3:3} ... which became HARDIRQ-irq-safe at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 __folio_end_writeback+0x1da/0x950 mm/page-writeback.c:2996 folio_end_writeback_no_dropbehind+0x151/0x290 mm/filemap.c:1668 folio_end_writeback+0xea/0x220 mm/filemap.c:1694 end_bio_bh_io_sync+0xbd/0x120 fs/buffer.c:2776 blk_update_request+0x57e/0xe60 block/blk-mq.c:998 scsi_end_request+0x7c/0x830 drivers/scsi/scsi_lib.c:637 scsi_io_completion+0x131/0x390 drivers/scsi/scsi_lib.c:1078 ata_qc_complete_multiple+0x1ae/0x280 drivers/ata/libata-sata.c:789 ahci_qc_complete drivers/ata/libahci.c:1887 [inline] ahci_handle_port_interrupt+0x3d5/0x610 drivers/ata/libahci.c:1954 ahci_port_intr drivers/ata/libahci.c:1965 [inline] ahci_handle_port_intr+0x19f/0x2e0 drivers/ata/libahci.c:1996 ahci_single_level_irq_intr+0x9b/0xe0 drivers/ata/libahci.c:2030 __handle_irq_event_percpu+0x295/0xab0 kernel/irq/handle.c:203 handle_irq_event_percpu kernel/irq/handle.c:240 [inline] handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:257 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq arch/x86/kernel/irq.c:254 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:325 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:318 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] ata_scsi_queuecmd+0x3f0/0x5c0 drivers/ata/libata-scsi.c:4405 scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1626 [inline] scsi_queue_rq+0x1c91/0x2cc0 drivers/scsi/scsi_lib.c:1868 blk_mq_dispatch_rq_list+0x4c0/0x1900 block/blk-mq.c:2129 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline] __blk_mq_sched_dispatch_requests+0xda4/0x1570 block/blk-mq-sched.c:307 blk_mq_sched_dispatch_requests+0xd7/0x190 block/blk-mq-sched.c:329 blk_mq_run_work_fn+0x22e/0x300 block/blk-mq.c:2543 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 to a HARDIRQ-irq-unsafe lock: (&p->sequence){+.-.}-{0:0} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 do_write_seqcount_begin_nested include/linux/seqlock.h:477 [inline] do_write_seqcount_begin include/linux/seqlock.h:503 [inline] fprop_new_period+0x1a3/0x3a0 lib/flex_proportions.c:74 writeout_period+0x8b/0x130 mm/page-writeback.c:615 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0x103/0x180 kernel/time/timer.c:2405 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_release+0x2b5/0x3e0 kernel/locking/lockdep.c:5893 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 kvfree_call_rcu+0x130/0x4c0 mm/slab_common.c:1995 ma_free_rcu lib/maple_tree.c:208 [inline] mas_free lib/maple_tree.c:1174 [inline] mas_replace_node lib/maple_tree.c:1581 [inline] mas_wr_node_store lib/maple_tree.c:3553 [inline] mas_wr_store_entry+0x18c2/0x27b0 lib/maple_tree.c:3764 mas_store_prealloc+0xaf2/0x1030 lib/maple_tree.c:5169 commit_merge+0x5fc/0x700 mm/vma.c:765 vma_expand+0x40c/0x7e0 mm/vma.c:1158 vma_merge_new_range+0x6a3/0x860 mm/vma.c:1095 __mmap_region mm/vma.c:2665 [inline] mmap_region+0xd4c/0x2110 mm/vma.c:2740 do_mmap+0xc45/0x10d0 mm/mmap.c:558 vm_mmap_pgoff+0x2a6/0x4d0 mm/util.c:581 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:604 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->sequence); local_irq_disable(); lock(&xa->xa_lock#12); lock(&p->sequence); lock(&xa->xa_lock#12); *** DEADLOCK *** 5 locks held by kworker/u4:2/31: #0: ffff888030e8f148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3238 [inline] #0: ffff888030e8f148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3346 #1: ffffc90000527ba0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3239 [inline] #1: ffffc90000527ba0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3346 #2: ffff888042dfa0e0 (&type->s_umount_key#50){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:562 #3: ffff888051064638 (&fi->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #3: ffff888051064638 (&fi->lock){+.+.}-{3:3}, at: fuse_writepages_send fs/fuse/file.c:2089 [inline] #3: ffff888051064638 (&fi->lock){+.+.}-{3:3}, at: fuse_iomap_writeback_range+0x818/0x1800 fs/fuse/file.c:2150 #4: ffff888051064240 (&xa->xa_lock#12){-...}-{3:3}, at: __folio_end_writeback+0x1da/0x950 mm/page-writeback.c:2996 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&xa->xa_lock#12){-...}-{3:3} { IN-HARDIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 __folio_end_writeback+0x1da/0x950 mm/page-writeback.c:2996 folio_end_writeback_no_dropbehind+0x151/0x290 mm/filemap.c:1668 folio_end_writeback+0xea/0x220 mm/filemap.c:1694 end_bio_bh_io_sync+0xbd/0x120 fs/buffer.c:2776 blk_update_request+0x57e/0xe60 block/blk-mq.c:998 scsi_end_request+0x7c/0x830 drivers/scsi/scsi_lib.c:637 scsi_io_completion+0x131/0x390 drivers/scsi/scsi_lib.c:1078 ata_qc_complete_multiple+0x1ae/0x280 drivers/ata/libata-sata.c:789 ahci_qc_complete drivers/ata/libahci.c:1887 [inline] ahci_handle_port_interrupt+0x3d5/0x610 drivers/ata/libahci.c:1954 ahci_port_intr drivers/ata/libahci.c:1965 [inline] ahci_handle_port_intr+0x19f/0x2e0 drivers/ata/libahci.c:1996 ahci_single_level_irq_intr+0x9b/0xe0 drivers/ata/libahci.c:2030 __handle_irq_event_percpu+0x295/0xab0 kernel/irq/handle.c:203 handle_irq_event_percpu kernel/irq/handle.c:240 [inline] handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:257 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq arch/x86/kernel/irq.c:254 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:325 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:318 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] ata_scsi_queuecmd+0x3f0/0x5c0 drivers/ata/libata-scsi.c:4405 scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1626 [inline] scsi_queue_rq+0x1c91/0x2cc0 drivers/scsi/scsi_lib.c:1868 blk_mq_dispatch_rq_list+0x4c0/0x1900 block/blk-mq.c:2129 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline] __blk_mq_sched_dispatch_requests+0xda4/0x1570 block/blk-mq-sched.c:307 blk_mq_sched_dispatch_requests+0xd7/0x190 block/blk-mq-sched.c:329 blk_mq_run_work_fn+0x22e/0x300 block/blk-mq.c:2543 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:376 [inline] shmem_add_to_page_cache+0x72d/0xba0 mm/shmem.c:886 shmem_alloc_and_add_folio+0x829/0xf40 mm/shmem.c:1938 shmem_get_folio_gfp+0x59d/0x1660 mm/shmem.c:2535 shmem_read_folio_gfp+0x8a/0xe0 mm/shmem.c:5933 drm_gem_get_pages+0x223/0xa20 drivers/gpu/drm/drm_gem.c:656 drm_gem_shmem_get_pages_locked+0x201/0x440 drivers/gpu/drm/drm_gem_shmem_helper.c:200 drm_gem_shmem_pin_locked+0x22c/0x460 drivers/gpu/drm/drm_gem_shmem_helper.c:261 drm_gem_shmem_vmap_locked+0x46b/0x790 drivers/gpu/drm/drm_gem_shmem_helper.c:365 drm_gem_vmap_locked drivers/gpu/drm/drm_gem.c:1279 [inline] drm_gem_vmap+0x10a/0x1d0 drivers/gpu/drm/drm_gem.c:1321 drm_client_buffer_vmap+0x43/0x80 drivers/gpu/drm/drm_client.c:312 drm_fbdev_shmem_driver_fbdev_probe+0x258/0x900 drivers/gpu/drm/drm_fbdev_shmem.c:160 drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1650 [inline] __drm_fb_helper_initial_config_and_unlock+0x1239/0x18a0 drivers/gpu/drm/drm_fb_helper.c:1830 drm_fbdev_client_hotplug+0x16c/0x230 drivers/gpu/drm/clients/drm_fbdev_client.c:52 drm_client_register+0x172/0x210 drivers/gpu/drm/drm_client.c:141 drm_fbdev_client_setup+0x19f/0x3f0 drivers/gpu/drm/clients/drm_fbdev_client.c:159 drm_client_setup+0x107/0x220 drivers/gpu/drm/clients/drm_client_setup.c:46 vkms_create drivers/gpu/drm/vkms/vkms_drv.c:201 [inline] vkms_init+0x3e0/0x4b0 drivers/gpu/drm/vkms/vkms_drv.c:221 do_one_initcall+0x236/0x820 init/main.c:1283 do_initcall_level+0x104/0x190 init/main.c:1345 do_initcalls+0x59/0xa0 init/main.c:1361 kernel_init_freeable+0x334/0x4b0 init/main.c:1593 kernel_init+0x1d/0x1d0 init/main.c:1483 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] xa_init_flags.__key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&p->sequence){+.-.}-{0:0} { HARDIRQ-ON-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 do_write_seqcount_begin_nested include/linux/seqlock.h:477 [inline] do_write_seqcount_begin include/linux/seqlock.h:503 [inline] fprop_new_period+0x1a3/0x3a0 lib/flex_proportions.c:74 writeout_period+0x8b/0x130 mm/page-writeback.c:615 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0x103/0x180 kernel/time/timer.c:2405 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_release+0x2b5/0x3e0 kernel/locking/lockdep.c:5893 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 kvfree_call_rcu+0x130/0x4c0 mm/slab_common.c:1995 ma_free_rcu lib/maple_tree.c:208 [inline] mas_free lib/maple_tree.c:1174 [inline] mas_replace_node lib/maple_tree.c:1581 [inline] mas_wr_node_store lib/maple_tree.c:3553 [inline] mas_wr_store_entry+0x18c2/0x27b0 lib/maple_tree.c:3764 mas_store_prealloc+0xaf2/0x1030 lib/maple_tree.c:5169 commit_merge+0x5fc/0x700 mm/vma.c:765 vma_expand+0x40c/0x7e0 mm/vma.c:1158 vma_merge_new_range+0x6a3/0x860 mm/vma.c:1095 __mmap_region mm/vma.c:2665 [inline] mmap_region+0xd4c/0x2110 mm/vma.c:2740 do_mmap+0xc45/0x10d0 mm/mmap.c:558 vm_mmap_pgoff+0x2a6/0x4d0 mm/util.c:581 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:604 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f IN-SOFTIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 do_write_seqcount_begin_nested include/linux/seqlock.h:477 [inline] do_write_seqcount_begin include/linux/seqlock.h:503 [inline] fprop_new_period+0x1a3/0x3a0 lib/flex_proportions.c:74 writeout_period+0x8b/0x130 mm/page-writeback.c:615 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0x103/0x180 kernel/time/timer.c:2405 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_release+0x2b5/0x3e0 kernel/locking/lockdep.c:5893 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 kvfree_call_rcu+0x130/0x4c0 mm/slab_common.c:1995 ma_free_rcu lib/maple_tree.c:208 [inline] mas_free lib/maple_tree.c:1174 [inline] mas_replace_node lib/maple_tree.c:1581 [inline] mas_wr_node_store lib/maple_tree.c:3553 [inline] mas_wr_store_entry+0x18c2/0x27b0 lib/maple_tree.c:3764 mas_store_prealloc+0xaf2/0x1030 lib/maple_tree.c:5169 commit_merge+0x5fc/0x700 mm/vma.c:765 vma_expand+0x40c/0x7e0 mm/vma.c:1158 vma_merge_new_range+0x6a3/0x860 mm/vma.c:1095 __mmap_region mm/vma.c:2665 [inline] mmap_region+0xd4c/0x2110 mm/vma.c:2740 do_mmap+0xc45/0x10d0 mm/mmap.c:558 vm_mmap_pgoff+0x2a6/0x4d0 mm/util.c:581 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:604 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 do_write_seqcount_begin_nested include/linux/seqlock.h:477 [inline] do_write_seqcount_begin include/linux/seqlock.h:503 [inline] fprop_new_period+0x1a3/0x3a0 lib/flex_proportions.c:74 writeout_period+0x8b/0x130 mm/page-writeback.c:615 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0x103/0x180 kernel/time/timer.c:2405 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_release+0x2b5/0x3e0 kernel/locking/lockdep.c:5893 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 kvfree_call_rcu+0x130/0x4c0 mm/slab_common.c:1995 ma_free_rcu lib/maple_tree.c:208 [inline] mas_free lib/maple_tree.c:1174 [inline] mas_replace_node lib/maple_tree.c:1581 [inline] mas_wr_node_store lib/maple_tree.c:3553 [inline] mas_wr_store_entry+0x18c2/0x27b0 lib/maple_tree.c:3764 mas_store_prealloc+0xaf2/0x1030 lib/maple_tree.c:5169 commit_merge+0x5fc/0x700 mm/vma.c:765 vma_expand+0x40c/0x7e0 mm/vma.c:1158 vma_merge_new_range+0x6a3/0x860 mm/vma.c:1095 __mmap_region mm/vma.c:2665 [inline] mmap_region+0xd4c/0x2110 mm/vma.c:2740 do_mmap+0xc45/0x10d0 mm/mmap.c:558 vm_mmap_pgoff+0x2a6/0x4d0 mm/util.c:581 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:604 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline] fprop_fraction_percpu+0x170/0x400 lib/flex_proportions.c:155 __wb_calc_thresh+0x119/0x4a0 mm/page-writeback.c:913 wb_bg_dirty_limits mm/page-writeback.c:2130 [inline] domain_over_bg_thresh mm/page-writeback.c:2144 [inline] wb_over_bg_thresh+0x154/0x3d0 mm/page-writeback.c:2165 wb_check_background_flush fs/fs-writeback.c:2257 [inline] wb_do_writeback fs/fs-writeback.c:2355 [inline] wb_workfn+0xb1c/0xef0 fs/fs-writeback.c:2382 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] fprop_global_init.__key.1+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline] fprop_fraction_percpu+0x130/0x400 lib/flex_proportions.c:155 __fprop_add_percpu_max+0x10d/0x210 lib/flex_proportions.c:186 wb_domain_writeout_add mm/page-writeback.c:562 [inline] __wb_writeout_add+0xa5/0x290 mm/page-writeback.c:586 __folio_end_writeback+0x4d5/0x950 mm/page-writeback.c:3003 folio_end_writeback_no_dropbehind+0x151/0x290 mm/filemap.c:1668 folio_end_writeback+0xea/0x220 mm/filemap.c:1694 fuse_writepage_finish fs/fuse/file.c:1837 [inline] fuse_send_writepage fs/fuse/file.c:1887 [inline] fuse_flush_writepages+0x6c8/0x900 fs/fuse/file.c:1912 fuse_writepages_send fs/fuse/file.c:2091 [inline] fuse_iomap_writeback_range+0x923/0x1800 fs/fuse/file.c:2150 iomap_writeback_range fs/iomap/buffered-io.c:1593 [inline] iomap_writeback_folio+0xe75/0x1c80 fs/iomap/buffered-io.c:1718 iomap_writepages+0x162/0x2d0 fs/iomap/buffered-io.c:1770 fuse_writepages+0x2ad/0x380 fs/fuse/file.c:2220 do_writepages+0x32e/0x550 mm/page-writeback.c:2604 __writeback_single_inode+0x145/0xff0 fs/fs-writeback.c:1719 writeback_sb_inodes+0x6c7/0x1010 fs/fs-writeback.c:2015 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2086 wb_writeback+0x44f/0xaf0 fs/fs-writeback.c:2197 wb_check_background_flush fs/fs-writeback.c:2267 [inline] wb_do_writeback fs/fs-writeback.c:2355 [inline] wb_workfn+0xb63/0xef0 fs/fs-writeback.c:2382 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 stack backtrace: CPU: 0 UID: 0 PID: 31 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: writeback wb_workfn (flush-0:42) Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline] check_irq_usage kernel/locking/lockdep.c:2857 [inline] check_prev_add kernel/locking/lockdep.c:3169 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3908 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline] fprop_fraction_percpu+0x130/0x400 lib/flex_proportions.c:155 __fprop_add_percpu_max+0x10d/0x210 lib/flex_proportions.c:186 wb_domain_writeout_add mm/page-writeback.c:562 [inline] __wb_writeout_add+0xa5/0x290 mm/page-writeback.c:586 __folio_end_writeback+0x4d5/0x950 mm/page-writeback.c:3003 folio_end_writeback_no_dropbehind+0x151/0x290 mm/filemap.c:1668 folio_end_writeback+0xea/0x220 mm/filemap.c:1694 fuse_writepage_finish fs/fuse/file.c:1837 [inline] fuse_send_writepage fs/fuse/file.c:1887 [inline] fuse_flush_writepages+0x6c8/0x900 fs/fuse/file.c:1912 fuse_writepages_send fs/fuse/file.c:2091 [inline] fuse_iomap_writeback_range+0x923/0x1800 fs/fuse/file.c:2150 iomap_writeback_range fs/iomap/buffered-io.c:1593 [inline] iomap_writeback_folio+0xe75/0x1c80 fs/iomap/buffered-io.c:1718 iomap_writepages+0x162/0x2d0 fs/iomap/buffered-io.c:1770 fuse_writepages+0x2ad/0x380 fs/fuse/file.c:2220 do_writepages+0x32e/0x550 mm/page-writeback.c:2604 __writeback_single_inode+0x145/0xff0 fs/fs-writeback.c:1719 writeback_sb_inodes+0x6c7/0x1010 fs/fs-writeback.c:2015 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2086 wb_writeback+0x44f/0xaf0 fs/fs-writeback.c:2197 wb_check_background_flush fs/fs-writeback.c:2267 [inline] wb_do_writeback fs/fs-writeback.c:2355 [inline] wb_workfn+0xb63/0xef0 fs/fs-writeback.c:2382 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245