On Wed, Apr 05, 2023 at 10:15:32PM +0900, Tetsuo Handa wrote:
> syzbot is reporting circular locking dependency between cpu_hotplug_lock
> and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core
> freezer logic") replaced atomic_inc() in freezer_apply_state() with
> static_branch_inc() which holds cpu_hotplug_lock.
>
> cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex
>
> cgroup_file_write() {
> cgroup_procs_write() {
> __cgroup_procs_write() {
> cgroup_procs_write_start() {
> cgroup_attach_lock() {
> cpus_read_lock() {
> percpu_down_read(&cpu_hotplug_lock);
> }
> percpu_down_write(&cgroup_threadgroup_rwsem);
> }
> }
> cgroup_attach_task() {
> cgroup_migrate() {
> cgroup_migrate_execute() {
> freezer_attach() {
> mutex_lock(&freezer_mutex);
> (...snipped...)
> }
> }
> }
> }
> (...snipped...)
> }
> }
> }
>
> freezer_mutex => cpu_hotplug_lock
>
> cgroup_file_write() {
> freezer_write() {
> freezer_change_state() {
> mutex_lock(&freezer_mutex);
> freezer_apply_state() {
> static_branch_inc(&freezer_active) {
> static_key_slow_inc() {
> cpus_read_lock();
> static_key_slow_inc_cpuslocked();
> cpus_read_unlock();
> }
> }
> }
> mutex_unlock(&freezer_mutex);
> }
> }
> }
>
> Swap locking order by moving cpus_read_lock() in freezer_apply_state()
> to before mutex_lock(&freezer_mutex) in freezer_change_state().
>
> Reported-by: syzbot <syzbot+c39682e86c9d84152f93@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Link: https://syzkaller.appspot.com/bug?extid=c39682e86c9d84152f93
> Suggested-by: Hillf Danton <hdanton@xxxxxxxx>
> Fixes: f5d39b020809 ("freezer,sched: Rewrite core freezer logic")
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Applied to cgroup/for-6.3-fixes.
Thanks.
--
tejun
