| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [cgroups?] possible deadlock in try_to_wake_up (8) | 1 (2) | 2025/06/16 09:50 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [cgroups?] possible deadlock in try_to_wake_up (8) | 1 (2) | 2025/06/16 09:50 |
------------[ cut here ]------------
======================================================
WARNING: possible circular locking dependency detected
6.16.0-rc1-syzkaller-g39dfc971e42d #0 Not tainted
------------------------------------------------------
bch-copygc/loop/7881 is trying to acquire lock:
ffff0000c9cb46c8 (&p->pi_lock){-.-.}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline]
ffff0000c9cb46c8 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x68/0xdf0 kernel/sched/core.c:4226
but task is already holding lock:
ffff8000975fb610 (&obj_hash[i].lock){-.-.}-{2:2}, at: __debug_object_init+0x6c/0x40c lib/debugobjects.c:741
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&obj_hash[i].lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
debug_object_assert_init+0xa0/0x2c8 lib/debugobjects.c:1007
debug_timer_assert_init kernel/time/timer.c:803 [inline]
debug_assert_init kernel/time/timer.c:848 [inline]
__mod_timer+0x5c/0xd00 kernel/time/timer.c:1025
add_timer_global+0x88/0xc0 kernel/time/timer.c:1283
__queue_delayed_work+0x218/0x2c8 kernel/workqueue.c:2526
queue_delayed_work_on+0xe4/0x194 kernel/workqueue.c:2561
queue_delayed_work include/linux/workqueue.h:677 [inline]
schedule_delayed_work include/linux/workqueue.h:817 [inline]
psi_group_change+0xd50/0x12e4 kernel/sched/psi.c:873
psi_task_change+0xec/0x244 kernel/sched/psi.c:912
psi_enqueue kernel/sched/stats.h:166 [inline]
enqueue_task+0x250/0x2f4 kernel/sched/core.c:2086
activate_task kernel/sched/core.c:2126 [inline]
wake_up_new_task+0x324/0x990 kernel/sched/core.c:4891
kernel_clone+0x440/0x7a0 kernel/fork.c:2630
user_mode_thread+0xc8/0x11c kernel/fork.c:2677
rest_init+0x30/0x2f4 init/main.c:709
start_kernel+0x450/0x4ac init/main.c:1101
__primary_switched+0x8c/0x94 arch/arm64/kernel/head.S:246
-> #1 (&rq->__lock){-.-.}-{2:2}:
_raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested kernel/sched/core.c:606 [inline]
raw_spin_rq_lock kernel/sched/sched.h:1532 [inline]
task_rq_lock+0xc4/0x33c kernel/sched/core.c:708
cgroup_move_task+0x9c/0x454 kernel/sched/psi.c:1161
css_set_move_task+0x69c/0x8bc kernel/cgroup/cgroup.c:918
cgroup_post_fork+0x160/0x5cc kernel/cgroup/cgroup.c:6754
copy_process+0x2e48/0x31ec kernel/fork.c:2413
kernel_clone+0x1d8/0x7a0 kernel/fork.c:2599
user_mode_thread+0xc8/0x11c kernel/fork.c:2677
rest_init+0x30/0x2f4 init/main.c:709
start_kernel+0x450/0x4ac init/main.c:1101
__primary_switched+0x8c/0x94 arch/arm64/kernel/head.S:246
-> #0 (&p->pi_lock){-.-.}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain kernel/locking/lockdep.c:3911 [inline]
__lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5240
lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5871
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline]
try_to_wake_up+0x68/0xdf0 kernel/sched/core.c:4226
wake_up_process kernel/sched/core.c:4475 [inline]
wake_up_q+0x70/0x9c kernel/sched/core.c:1081
up+0x100/0x170 kernel/locking/semaphore.c:235
__up_console_sem kernel/printk/printk.c:343 [inline]
__console_unlock+0x88/0xc4 kernel/printk/printk.c:2885
__console_flush_and_unlock kernel/printk/printk.c:3287 [inline]
console_unlock+0xfc/0x288 kernel/printk/printk.c:3325
vprintk_emit+0x298/0x430 kernel/printk/printk.c:2450
vprintk_default+0x54/0x80 kernel/printk/printk.c:2465
vprintk+0x90/0x128 kernel/printk/printk_safe.c:82
_printk+0xd0/0x118 kernel/printk/printk.c:2475
__report_bug lib/bug.c:191 [inline]
report_bug+0x3a8/0x568 lib/bug.c:215
bug_handler+0x50/0x1fc arch/arm64/kernel/traps.c:1002
call_break_hook arch/arm64/kernel/debug-monitors.c:315 [inline]
brk_handler+0x1d8/0x288 arch/arm64/kernel/debug-monitors.c:325
do_debug_exception+0x1e4/0x38c arch/arm64/mm/fault.c:1002
el1_dbg+0x64/0x80 arch/arm64/kernel/entry-common.c:513
el1h_64_sync_handler+0x40/0xcc arch/arm64/kernel/entry-common.c:559
el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595
debug_object_is_on_stack lib/debugobjects.c:-1 [inline]
lookup_object_or_alloc lib/debugobjects.c:688 [inline]
__debug_object_init+0x364/0x40c lib/debugobjects.c:743
debug_object_init+0x20/0x2c lib/debugobjects.c:779
__init_work+0x58/0x68 kernel/workqueue.c:677
rhashtable_init_noprof+0x734/0xa10 lib/rhashtable.c:1085
bch2_copygc_thread+0xec/0xd40 fs/bcachefs/movinggc.c:353
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
other info that might help us debug this:
Chain exists of:
&p->pi_lock --> &rq->__lock --> &obj_hash[i].lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&obj_hash[i].lock);
lock(&rq->__lock);
lock(&obj_hash[i].lock);
lock(&p->pi_lock);
*** DEADLOCK ***
1 lock held by bch-copygc/loop/7881:
#0: ffff8000975fb610 (&obj_hash[i].lock){-.-.}-{2:2}, at: __debug_object_init+0x6c/0x40c lib/debugobjects.c:741
stack backtrace:
CPU: 0 UID: 0 PID: 7881 Comm: bch-copygc/loop Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
__dump_stack+0x30/0x40 lib/dump_stack.c:94
dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
print_circular_bug+0x324/0x32c kernel/locking/lockdep.c:2046
check_noncircular+0x154/0x174 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain kernel/locking/lockdep.c:3911 [inline]
__lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5240
lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5871
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline]
try_to_wake_up+0x68/0xdf0 kernel/sched/core.c:4226
wake_up_process kernel/sched/core.c:4475 [inline]
wake_up_q+0x70/0x9c kernel/sched/core.c:1081
up+0x100/0x170 kernel/locking/semaphore.c:235
__up_console_sem kernel/printk/printk.c:343 [inline]
__console_unlock+0x88/0xc4 kernel/printk/printk.c:2885
__console_flush_and_unlock kernel/printk/printk.c:3287 [inline]
console_unlock+0xfc/0x288 kernel/printk/printk.c:3325
vprintk_emit+0x298/0x430 kernel/printk/printk.c:2450
vprintk_default+0x54/0x80 kernel/printk/printk.c:2465
vprintk+0x90/0x128 kernel/printk/printk_safe.c:82
_printk+0xd0/0x118 kernel/printk/printk.c:2475
__report_bug lib/bug.c:191 [inline]
report_bug+0x3a8/0x568 lib/bug.c:215
bug_handler+0x50/0x1fc arch/arm64/kernel/traps.c:1002
call_break_hook arch/arm64/kernel/debug-monitors.c:315 [inline]
brk_handler+0x1d8/0x288 arch/arm64/kernel/debug-monitors.c:325
do_debug_exception+0x1e4/0x38c arch/arm64/mm/fault.c:1002
el1_dbg+0x64/0x80 arch/arm64/kernel/entry-common.c:513
el1h_64_sync_handler+0x40/0xcc arch/arm64/kernel/entry-common.c:559
el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595
debug_object_is_on_stack lib/debugobjects.c:-1 [inline] (P)
lookup_object_or_alloc lib/debugobjects.c:688 [inline] (P)
__debug_object_init+0x364/0x40c lib/debugobjects.c:743 (P)
debug_object_init+0x20/0x2c lib/debugobjects.c:779
__init_work+0x58/0x68 kernel/workqueue.c:677
rhashtable_init_noprof+0x734/0xa10 lib/rhashtable.c:1085
bch2_copygc_thread+0xec/0xd40 fs/bcachefs/movinggc.c:353
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
WARNING: CPU: 0 PID: 7881 at lib/debugobjects.c:655 debug_object_is_on_stack lib/debugobjects.c:-1 [inline]
WARNING: CPU: 0 PID: 7881 at lib/debugobjects.c:655 lookup_object_or_alloc lib/debugobjects.c:688 [inline]
WARNING: CPU: 0 PID: 7881 at lib/debugobjects.c:655 __debug_object_init+0x364/0x40c lib/debugobjects.c:743
Modules linked in:
CPU: 0 UID: 0 PID: 7881 Comm: bch-copygc/loop Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_object_is_on_stack lib/debugobjects.c:-1 [inline]
pc : lookup_object_or_alloc lib/debugobjects.c:688 [inline]
pc : __debug_object_init+0x364/0x40c lib/debugobjects.c:743
lr : debug_object_is_on_stack lib/debugobjects.c:-1 [inline]
lr : lookup_object_or_alloc lib/debugobjects.c:688 [inline]
lr : __debug_object_init+0x364/0x40c lib/debugobjects.c:743
sp : ffff80009c337700
x29: ffff80009c337700 x28: 0000000000000000 x27: dfff800000000000
x26: ffff800097693000 x25: ffff0000d2e30020 x24: 0000000000000000
x23: ffff0000f27cbd58 x22: 0000000000000000 x21: ffff8000975fb5f0
x20: ffff80008af70de0 x19: ffff80009c337bb0 x18: 00000000ffffffff
x17: ffff80009331f000 x16: ffff80008aec8e2c x15: 0000000000000001
x14: 1ffff00013866e58 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700013866e59 x10: 0000000000ff0100 x9 : 6623cf50e130e900
x8 : 6623cf50e130e900 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009c337098 x4 : ffff80008f727060 x3 : ffff8000807c0744
x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000050
Call trace:
debug_object_is_on_stack lib/debugobjects.c:-1 [inline] (P)
lookup_object_or_alloc lib/debugobjects.c:688 [inline] (P)
__debug_object_init+0x364/0x40c lib/debugobjects.c:743 (P)
debug_object_init+0x20/0x2c lib/debugobjects.c:779
__init_work+0x58/0x68 kernel/workqueue.c:677
rhashtable_init_noprof+0x734/0xa10 lib/rhashtable.c:1085
bch2_copygc_thread+0xec/0xd40 fs/bcachefs/movinggc.c:353
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 18
hardirqs last enabled at (17): [<ffff800083e7f73c>] get_random_u32+0x2d4/0x540 drivers/char/random.c:554
hardirqs last disabled at (18): [<ffff80008aeea2b4>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (18): [<ffff80008aeea2b4>] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162
softirqs last enabled at (0): [<ffff8000803afb44>] copy_process+0x1134/0x31ec kernel/fork.c:2114
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/06/14 04:08 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 39dfc971e42d | 0e8da31f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in try_to_wake_up |