From: Matthew Wilcox <willy@infradead.org>
To: Bernd Schubert <bernd@bsbernd.com>, Jan Kara <jack@suse.cz>
Cc: Joanne Koong <joannelkoong@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Horst Birthelmer <hbirthelmer@ddn.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"David Hildenbrand (Red Hat)" <david@kernel.org>
Subject: Re: __folio_end_writeback() lockdep issue
Date: Sat, 10 Jan 2026 16:30:28 +0000 [thread overview]
Message-ID: <aWJ-pHIY8Y8sjLeC@casper.infradead.org> (raw)
In-Reply-To: <b7b72183-f9e1-4e58-b40f-45a267cc6831@bsbernd.com>
On Sat, Jan 10, 2026 at 04:31:28PM +0100, Bernd Schubert wrote:
> [ 872.499480] Possible interrupt unsafe locking scenario:
> [ 872.499480]
> [ 872.500326] CPU0 CPU1
> [ 872.500906] ---- ----
> [ 872.501464] lock(&p->sequence);
> [ 872.501923] local_irq_disable();
> [ 872.502615] lock(&xa->xa_lock#4);
> [ 872.503327] lock(&p->sequence);
> [ 872.504116] <Interrupt>
> [ 872.504513] lock(&xa->xa_lock#4);
>
>
> Which is introduced by commit 2841808f35ee for all file systems.
> The should be rather generic - I shouldn't be the only one seeing
> it?
Oh wow, 2841808f35ee has a very confusing commit message. It implies
that _no_ filesystem uses BDI_CAP_WRITEBACK_ACCT, but what it really
means is that no filesystem now _clears_ BDI_CAP_WRITEBACK_ACCT, so
all filesystems do use this code path and therefore the flag can be
removed. And that matches the code change.
So you should be able to reproduce this problem with commit 494d2f508883
as well?
That tells me that this is something fuse-specific. Other filesystems
aren't seeing this. Wonder why ...
__wb_writeout_add() or its predecessor __wb_writeout_inc() have been in
that spot since 2015 or earlier.
The sequence lock itself is taken inside fprop_new_period() called from
writeout_period() which has been there since 2012, so that's not it.
Looking at fprop_new_period() is more interesting. Commit a91befde3503
removed an earlier call to local_irq_save(). It was then replaced with
preempt_disable() in 9458e0a78c45 but maybe removing it was just
erroneous?
Anyway, that was 2022, so it doesn't answer "why is this only showing up
now and only for fuse?" But maybe replacing the preempt-disable with
irq-disable in fprop_new_period() is the right solution, regardless.
> So this?
>
> mm: fix HARDIRQ-safe -> HARDIRQ-unsafe lock order in __folio_end_writeback()
>
> __wb_writeout_add() is called while holding xa_lock (HARDIRQ-safe),
> but it eventually calls fprop_fraction_percpu() which acquires
> p->sequence (HARDIRQ-unsafe via seqcount), creating a lock ordering
> violation.
>
> Call trace:
> __folio_end_writeback()
> xa_lock_irqsave(&mapping->i_pages) <- HARDIRQ-safe
> __wb_writeout_add()
> wb_domain_writeout_add()
> __fprop_add_percpu_max()
> fprop_fraction_percpu()
> read_seqcount_begin(&p->sequence) <- HARDIRQ-unsafe
>
> Possible deadlock scenario:
>
> CPU0 CPU1
> ---- ----
> lock(p->sequence)
> local_irq_disable()
> lock(xa_lock)
> lock(p->sequence)
> <hardirq>
> lock(xa_lock)
>
> *** DEADLOCK ***
>
> Fix by moving __wb_writeout_add() outside the xa_lock critical section.
> It only accesses percpu counters and global writeback domain structures,
> none of which require xa_lock protection.
>
> Fixes: 2841808f35ee ("mm: remove BDI_CAP_WRITEBACK_ACCT")
> Signed-off-by: Bernd Schubert <bschubert@ddn.com>
>
> diff --git a/mm/page-writeback.c b/mm/page-writeback.c
> index ccdeb0e84d39..ab83e3cbbf94 100644
> --- a/mm/page-writeback.c
> +++ b/mm/page-writeback.c
> @@ -2994,7 +2994,6 @@ bool __folio_end_writeback(struct folio *folio)
>
> wb = inode_to_wb(inode);
> wb_stat_mod(wb, WB_WRITEBACK, -nr);
> - __wb_writeout_add(wb, nr);
> if (!mapping_tagged(mapping, PAGECACHE_TAG_WRITEBACK)) {
> wb_inode_writeback_end(wb);
> if (mapping->host)
> @@ -3002,6 +3001,7 @@ bool __folio_end_writeback(struct folio *folio)
> }
>
> xa_unlock_irqrestore(&mapping->i_pages, flags);
> + __wb_writeout_add(wb, nr);
> } else {
> ret = folio_xor_flags_has_waiters(folio, 1 << PG_writeback);
> }
>
>
>
> Thanks,
> Bernd
>
>
>
next prev parent reply other threads:[~2026-01-10 16:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <9b845a47-9aee-43dd-99bc-1a82bea00442@bsbernd.com>
2026-01-10 15:31 ` Bernd Schubert
2026-01-10 16:30 ` Matthew Wilcox [this message]
2026-01-10 20:24 ` Bernd Schubert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aWJ-pHIY8Y8sjLeC@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=bernd@bsbernd.com \
--cc=david@kernel.org \
--cc=hbirthelmer@ddn.com \
--cc=jack@suse.cz \
--cc=joannelkoong@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox