On Sat, Mar 08, 2025 at 10:00:31AM +0000, Ryder Wang wrote: > It looks there is a potential bug in some device tree function in > Kernel code (It does not depend on the version of the kernel). > > One device tree function of_find_node_by_name() calls > raw_spin_lock_irqsave() to lock. Then it calls of_node_put(), before > unlocking (raw_spin_unlock_irqrestore). of_node_put() will call > kernfs_remove() in some cases. So problem is here: kernfs_remove() > will always call down_write() which might make the process sleep. As > we know, sleep is not allowed between lock and unlock of spin lock. > That's why there is might_sleep checking within down_write(), as > there may be dead lock risk or disabling interrupt too long. > > The actual call trace is like this: > of_find_node_by_name > raw_spin_lock_irqsave > ... > kernfs_remove > down_write > ... > raw_spin_unlock_irqrestore The bug here would be the reference count going to 0. Do you have a case or unittest that can trigger this? Rob
