[v5.15] possible deadlock in __hrtimer_run_queues
0 views
Skip to first unread message
syzbot
May 18, 2023, 2:36:00 PM5/18/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13ce865a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=508f7a387ef8f82b
dashboard link: https://syzkaller.appspot.com/bug?extid=08baca0b238aba1a0537
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a8ab2bd416bb/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c358e3d58bb2/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c82319bbaeb8/Image-9d6bde85.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+08baca...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.112-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/19288 is trying to acquire lock:
ffff0001fec70d20 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:137 [inline]
ffff0001fec70d20 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
but task is already holding lock:
ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x544/0xca4 kernel/time/hrtimer.c:1749
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (hrtimer_bases.lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
lock_hrtimer_base kernel/time/hrtimer.c:173 [inline]
hrtimer_start_range_ns+0xe4/0x9b0 kernel/time/hrtimer.c:1296
hrtimer_start_expires include/linux/hrtimer.h:432 [inline]
do_start_rt_bandwidth kernel/sched/rt.c:69 [inline]
start_rt_bandwidth kernel/sched/rt.c:80 [inline]
inc_rt_group kernel/sched/rt.c:1207 [inline]
inc_rt_tasks kernel/sched/rt.c:1251 [inline]
__enqueue_rt_entity kernel/sched/rt.c:1321 [inline]
enqueue_rt_entity kernel/sched/rt.c:1368 [inline]
enqueue_task_rt+0x4e0/0x9b0 kernel/sched/rt.c:1398
enqueue_task kernel/sched/core.c:1977 [inline]
activate_task+0x144/0x2d0 kernel/sched/core.c:2005
ttwu_do_activate+0x158/0x264 kernel/sched/core.c:3610
sched_ttwu_pending+0x1f8/0x400 kernel/sched/core.c:3685
flush_smp_call_function_queue+0x5f8/0x8c4 kernel/smp.c:678
generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
do_handle_IPI arch/arm64/kernel/smp.c:902 [inline]
ipi_handler+0x15c/0x7d4 arch/arm64/kernel/smp.c:948
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
default_idle_call+0xcc/0x4a8 kernel/sched/idle.c:112
cpuidle_idle_call kernel/sched/idle.c:194 [inline]
do_idle+0x1d4/0x4dc kernel/sched/idle.c:306
cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403
rest_init+0x364/0x38c init/main.c:736
arch_call_rest_init+0x14/0x20 init/main.c:889
start_kernel+0x444/0x604 init/main.c:1144
__primary_switched+0xa8/0xb0 arch/arm64/kernel/head.S:468
-> #3 (&rt_b->rt_runtime_lock){-...}-{2:2}:
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
__enable_runtime kernel/sched/rt.c:840 [inline]
rq_online_rt+0x144/0x328 kernel/sched/rt.c:2327
set_rq_online kernel/sched/core.c:9036 [inline]
sched_cpu_activate+0x350/0x470 kernel/sched/core.c:9143
cpuhp_invoke_callback+0x404/0x704 kernel/cpu.c:191
cpuhp_thread_fun+0x2e8/0x61c kernel/cpu.c:822
smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
-> #2 (&rq->__lock){-.-.}-{2:2}:
_raw_spin_lock_nested+0xb4/0x110 kernel/locking/spinlock.c:368
raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:475
raw_spin_rq_lock kernel/sched/sched.h:1326 [inline]
rq_lock kernel/sched/sched.h:1621 [inline]
task_fork_fair+0x7c/0x23c kernel/sched/fair.c:11494
sched_cgroup_fork+0x334/0x3d8 kernel/sched/core.c:4462
copy_process+0x24d4/0x3750 kernel/fork.c:2312
kernel_clone+0x1d8/0xa58 kernel/fork.c:2601
kernel_thread+0x148/0x1bc kernel/fork.c:2653
rest_init+0x2c/0x38c init/main.c:701
arch_call_rest_init+0x14/0x20 init/main.c:889
start_kernel+0x444/0x604 init/main.c:1144
__primary_switched+0xa8/0xb0 arch/arm64/kernel/head.S:468
-> #1 (&p->pi_lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
try_to_wake_up+0xb0/0xc2c kernel/sched/core.c:4026
default_wake_function+0x4c/0x60 kernel/sched/core.c:6788
autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:416
__wake_up_common+0x23c/0x3bc kernel/sched/wait.c:108
__wake_up_common_lock kernel/sched/wait.c:138 [inline]
__wake_up+0x108/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
balance_pgdat+0x18cc/0x1c80 mm/vmscan.c:4065
kswapd+0x81c/0x1118 mm/vmscan.c:4261
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
-> #0 (&pgdat->kcompactd_wait){-...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
wakeup_kswapd+0x2e0/0x85c mm/vmscan.c:4315
wake_all_kswapds mm/page_alloc.c:4678 [inline]
__alloc_pages_slowpath+0x3fc/0x226c mm/page_alloc.c:4952
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
stack_depot_save+0x364/0x4a0 lib/stackdepot.c:302
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x414 kernel/time/hrtimer.c:1084
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x588/0xca4 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:659 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:670
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
jhash2 include/linux/jhash.h:129 [inline]
hash_stack lib/stackdepot.c:180 [inline]
stack_depot_save+0xbc/0x4a0 lib/stackdepot.c:272
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x5a8/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
__call_rcu kernel/rcu/tree.c:2978 [inline]
call_rcu+0x48/0xb40 kernel/rcu/tree.c:3074
dentry_free+0xac/0x18c
__dentry_kill+0x470/0x5e4 fs/dcache.c:596
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1176
prune_dcache_sb+0x104/0x164 fs/dcache.c:1257
super_cache_scan+0x2ac/0x3c8 fs/super.c:105
do_shrink_slab+0x4b4/0x10b0 mm/vmscan.c:758
shrink_slab_memcg mm/vmscan.c:827 [inline]
shrink_slab+0x4bc/0x894 mm/vmscan.c:906
shrink_node_memcgs mm/vmscan.c:2951 [inline]
shrink_node+0xe00/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_pages+0x8c0/0x10e0 mm/vmscan.c:3565
__perform_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
__alloc_pages_slowpath+0xdd0/0x226c mm/page_alloc.c:5051
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
vm_area_alloc_pages mm/vmalloc.c:2864 [inline]
__vmalloc_area_node mm/vmalloc.c:2920 [inline]
__vmalloc_node_range+0x538/0x8e0 mm/vmalloc.c:3025
vmalloc_user+0x138/0x19c mm/vmalloc.c:3161
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x5e0/0x10bc drivers/media/common/videobuf2/videobuf2-core.c:439
vb2_core_create_bufs+0x3c8/0x8a8 drivers/media/common/videobuf2/videobuf2-core.c:946
vb2_create_bufs+0x5dc/0xd1c drivers/media/common/videobuf2/videobuf2-v4l2.c:799
vb2_ioctl_create_bufs+0x378/0x5c8 drivers/media/common/videobuf2/videobuf2-v4l2.c:1031
v4l_create_bufs+0x19c/0x2d8 drivers/media/v4l2-core/v4l2-ioctl.c:2072
__video_do_ioctl+0x7f0/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2976
video_usercopy+0x988/0x1160 drivers/media/v4l2-core/v4l2-ioctl.c:3324
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3372
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Chain exists of:
&pgdat->kcompactd_wait --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(hrtimer_bases.lock);
lock(&rt_b->rt_runtime_lock);
lock(hrtimer_bases.lock);
lock(&pgdat->kcompactd_wait);
*** DEADLOCK ***
5 locks held by syz-executor.1/19288:
#0: ffff0000d01e6c40 (&vcap->lock){+.+.}-{3:3}, at: __video_do_ioctl+0x424/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2944
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4621 [inline]
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xd70/0x226c mm/page_alloc.c:5051
#2: ffff800014b328f0 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab_memcg mm/vmscan.c:800 [inline]
#2: ffff800014b328f0 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0x274/0x894 mm/vmscan.c:906
#3: ffff0000d41840e0 (&type->s_umount_key#30){++++}-{3:3}, at: trylock_super fs/super.c:418 [inline]
#3: ffff0000d41840e0 (&type->s_umount_key#30){++++}-{3:3}, at: super_cache_scan+0x80/0x3c8 fs/super.c:80
#4: ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
#4: ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x544/0xca4 kernel/time/hrtimer.c:1749
stack backtrace:
CPU: 0 PID: 19288 Comm: syz-executor.1 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
wakeup_kswapd+0x2e0/0x85c mm/vmscan.c:4315
wake_all_kswapds mm/page_alloc.c:4678 [inline]
__alloc_pages_slowpath+0x3fc/0x226c mm/page_alloc.c:4952
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
stack_depot_save+0x364/0x4a0 lib/stackdepot.c:302
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x414 kernel/time/hrtimer.c:1084
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x588/0xca4 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:659 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:670
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
jhash2 include/linux/jhash.h:129 [inline]
hash_stack lib/stackdepot.c:180 [inline]
stack_depot_save+0xbc/0x4a0 lib/stackdepot.c:272
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x5a8/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
__call_rcu kernel/rcu/tree.c:2978 [inline]
call_rcu+0x48/0xb40 kernel/rcu/tree.c:3074
dentry_free+0xac/0x18c
__dentry_kill+0x470/0x5e4 fs/dcache.c:596
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1176
prune_dcache_sb+0x104/0x164 fs/dcache.c:1257
super_cache_scan+0x2ac/0x3c8 fs/super.c:105
do_shrink_slab+0x4b4/0x10b0 mm/vmscan.c:758
shrink_slab_memcg mm/vmscan.c:827 [inline]
shrink_slab+0x4bc/0x894 mm/vmscan.c:906
shrink_node_memcgs mm/vmscan.c:2951 [inline]
shrink_node+0xe00/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_pages+0x8c0/0x10e0 mm/vmscan.c:3565
__perform_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
__alloc_pages_slowpath+0xdd0/0x226c mm/page_alloc.c:5051
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
vm_area_alloc_pages mm/vmalloc.c:2864 [inline]
__vmalloc_area_node mm/vmalloc.c:2920 [inline]
__vmalloc_node_range+0x538/0x8e0 mm/vmalloc.c:3025
vmalloc_user+0x138/0x19c mm/vmalloc.c:3161
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x5e0/0x10bc drivers/media/common/videobuf2/videobuf2-core.c:439
vb2_core_create_bufs+0x3c8/0x8a8 drivers/media/common/videobuf2/videobuf2-core.c:946
vb2_create_bufs+0x5dc/0xd1c drivers/media/common/videobuf2/videobuf2-v4l2.c:799
vb2_ioctl_create_bufs+0x378/0x5c8 drivers/media/common/videobuf2/videobuf2-v4l2.c:1031
v4l_create_bufs+0x19c/0x2d8 drivers/media/v4l2-core/v4l2-ioctl.c:2072
__video_do_ioctl+0x7f0/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2976
video_usercopy+0x988/0x1160 drivers/media/v4l2-core/v4l2-ioctl.c:3324
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3372
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13ce865a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=508f7a387ef8f82b
dashboard link: https://syzkaller.appspot.com/bug?extid=08baca0b238aba1a0537
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a8ab2bd416bb/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c358e3d58bb2/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c82319bbaeb8/Image-9d6bde85.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+08baca...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.112-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/19288 is trying to acquire lock:
ffff0001fec70d20 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:137 [inline]
ffff0001fec70d20 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
but task is already holding lock:
ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x544/0xca4 kernel/time/hrtimer.c:1749
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (hrtimer_bases.lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
lock_hrtimer_base kernel/time/hrtimer.c:173 [inline]
hrtimer_start_range_ns+0xe4/0x9b0 kernel/time/hrtimer.c:1296
hrtimer_start_expires include/linux/hrtimer.h:432 [inline]
do_start_rt_bandwidth kernel/sched/rt.c:69 [inline]
start_rt_bandwidth kernel/sched/rt.c:80 [inline]
inc_rt_group kernel/sched/rt.c:1207 [inline]
inc_rt_tasks kernel/sched/rt.c:1251 [inline]
__enqueue_rt_entity kernel/sched/rt.c:1321 [inline]
enqueue_rt_entity kernel/sched/rt.c:1368 [inline]
enqueue_task_rt+0x4e0/0x9b0 kernel/sched/rt.c:1398
enqueue_task kernel/sched/core.c:1977 [inline]
activate_task+0x144/0x2d0 kernel/sched/core.c:2005
ttwu_do_activate+0x158/0x264 kernel/sched/core.c:3610
sched_ttwu_pending+0x1f8/0x400 kernel/sched/core.c:3685
flush_smp_call_function_queue+0x5f8/0x8c4 kernel/smp.c:678
generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
do_handle_IPI arch/arm64/kernel/smp.c:902 [inline]
ipi_handler+0x15c/0x7d4 arch/arm64/kernel/smp.c:948
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
default_idle_call+0xcc/0x4a8 kernel/sched/idle.c:112
cpuidle_idle_call kernel/sched/idle.c:194 [inline]
do_idle+0x1d4/0x4dc kernel/sched/idle.c:306
cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403
rest_init+0x364/0x38c init/main.c:736
arch_call_rest_init+0x14/0x20 init/main.c:889
start_kernel+0x444/0x604 init/main.c:1144
__primary_switched+0xa8/0xb0 arch/arm64/kernel/head.S:468
-> #3 (&rt_b->rt_runtime_lock){-...}-{2:2}:
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
__enable_runtime kernel/sched/rt.c:840 [inline]
rq_online_rt+0x144/0x328 kernel/sched/rt.c:2327
set_rq_online kernel/sched/core.c:9036 [inline]
sched_cpu_activate+0x350/0x470 kernel/sched/core.c:9143
cpuhp_invoke_callback+0x404/0x704 kernel/cpu.c:191
cpuhp_thread_fun+0x2e8/0x61c kernel/cpu.c:822
smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
-> #2 (&rq->__lock){-.-.}-{2:2}:
_raw_spin_lock_nested+0xb4/0x110 kernel/locking/spinlock.c:368
raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:475
raw_spin_rq_lock kernel/sched/sched.h:1326 [inline]
rq_lock kernel/sched/sched.h:1621 [inline]
task_fork_fair+0x7c/0x23c kernel/sched/fair.c:11494
sched_cgroup_fork+0x334/0x3d8 kernel/sched/core.c:4462
copy_process+0x24d4/0x3750 kernel/fork.c:2312
kernel_clone+0x1d8/0xa58 kernel/fork.c:2601
kernel_thread+0x148/0x1bc kernel/fork.c:2653
rest_init+0x2c/0x38c init/main.c:701
arch_call_rest_init+0x14/0x20 init/main.c:889
start_kernel+0x444/0x604 init/main.c:1144
__primary_switched+0xa8/0xb0 arch/arm64/kernel/head.S:468
-> #1 (&p->pi_lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
try_to_wake_up+0xb0/0xc2c kernel/sched/core.c:4026
default_wake_function+0x4c/0x60 kernel/sched/core.c:6788
autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:416
__wake_up_common+0x23c/0x3bc kernel/sched/wait.c:108
__wake_up_common_lock kernel/sched/wait.c:138 [inline]
__wake_up+0x108/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
balance_pgdat+0x18cc/0x1c80 mm/vmscan.c:4065
kswapd+0x81c/0x1118 mm/vmscan.c:4261
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
-> #0 (&pgdat->kcompactd_wait){-...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
wakeup_kswapd+0x2e0/0x85c mm/vmscan.c:4315
wake_all_kswapds mm/page_alloc.c:4678 [inline]
__alloc_pages_slowpath+0x3fc/0x226c mm/page_alloc.c:4952
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
stack_depot_save+0x364/0x4a0 lib/stackdepot.c:302
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x414 kernel/time/hrtimer.c:1084
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x588/0xca4 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:659 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:670
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
jhash2 include/linux/jhash.h:129 [inline]
hash_stack lib/stackdepot.c:180 [inline]
stack_depot_save+0xbc/0x4a0 lib/stackdepot.c:272
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x5a8/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
__call_rcu kernel/rcu/tree.c:2978 [inline]
call_rcu+0x48/0xb40 kernel/rcu/tree.c:3074
dentry_free+0xac/0x18c
__dentry_kill+0x470/0x5e4 fs/dcache.c:596
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1176
prune_dcache_sb+0x104/0x164 fs/dcache.c:1257
super_cache_scan+0x2ac/0x3c8 fs/super.c:105
do_shrink_slab+0x4b4/0x10b0 mm/vmscan.c:758
shrink_slab_memcg mm/vmscan.c:827 [inline]
shrink_slab+0x4bc/0x894 mm/vmscan.c:906
shrink_node_memcgs mm/vmscan.c:2951 [inline]
shrink_node+0xe00/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_pages+0x8c0/0x10e0 mm/vmscan.c:3565
__perform_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
__alloc_pages_slowpath+0xdd0/0x226c mm/page_alloc.c:5051
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
vm_area_alloc_pages mm/vmalloc.c:2864 [inline]
__vmalloc_area_node mm/vmalloc.c:2920 [inline]
__vmalloc_node_range+0x538/0x8e0 mm/vmalloc.c:3025
vmalloc_user+0x138/0x19c mm/vmalloc.c:3161
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x5e0/0x10bc drivers/media/common/videobuf2/videobuf2-core.c:439
vb2_core_create_bufs+0x3c8/0x8a8 drivers/media/common/videobuf2/videobuf2-core.c:946
vb2_create_bufs+0x5dc/0xd1c drivers/media/common/videobuf2/videobuf2-v4l2.c:799
vb2_ioctl_create_bufs+0x378/0x5c8 drivers/media/common/videobuf2/videobuf2-v4l2.c:1031
v4l_create_bufs+0x19c/0x2d8 drivers/media/v4l2-core/v4l2-ioctl.c:2072
__video_do_ioctl+0x7f0/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2976
video_usercopy+0x988/0x1160 drivers/media/v4l2-core/v4l2-ioctl.c:3324
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3372
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Chain exists of:
&pgdat->kcompactd_wait --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(hrtimer_bases.lock);
lock(&rt_b->rt_runtime_lock);
lock(hrtimer_bases.lock);
lock(&pgdat->kcompactd_wait);
*** DEADLOCK ***
5 locks held by syz-executor.1/19288:
#0: ffff0000d01e6c40 (&vcap->lock){+.+.}-{3:3}, at: __video_do_ioctl+0x424/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2944
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4621 [inline]
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
#1: ffff800014b55280 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xd70/0x226c mm/page_alloc.c:5051
#2: ffff800014b328f0 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab_memcg mm/vmscan.c:800 [inline]
#2: ffff800014b328f0 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0x274/0x894 mm/vmscan.c:906
#3: ffff0000d41840e0 (&type->s_umount_key#30){++++}-{3:3}, at: trylock_super fs/super.c:418 [inline]
#3: ffff0000d41840e0 (&type->s_umount_key#30){++++}-{3:3}, at: super_cache_scan+0x80/0x3c8 fs/super.c:80
#4: ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
#4: ffff0001b4801618 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x544/0xca4 kernel/time/hrtimer.c:1749
stack backtrace:
CPU: 0 PID: 19288 Comm: syz-executor.1 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xc4/0x14c kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xe8/0x1a0 kernel/sched/wait.c:157
wakeup_kcompactd+0x2e4/0x600 mm/compaction.c:2927
wakeup_kswapd+0x2e0/0x85c mm/vmscan.c:4315
wake_all_kswapds mm/page_alloc.c:4678 [inline]
__alloc_pages_slowpath+0x3fc/0x226c mm/page_alloc.c:4952
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
stack_depot_save+0x364/0x4a0 lib/stackdepot.c:302
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x414 kernel/time/hrtimer.c:1084
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x588/0xca4 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:659 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:670
handle_percpu_devid_irq+0x29c/0x7fc kernel/irq/chip.c:933
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
handle_domain_irq+0xec/0x178 kernel/irq/irqdesc.c:706
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:757
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:442
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:458
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:580
jhash2 include/linux/jhash.h:129 [inline]
hash_stack lib/stackdepot.c:180 [inline]
stack_depot_save+0xbc/0x4a0 lib/stackdepot.c:272
kasan_save_stack mm/kasan/common.c:40 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
slab_alloc_node mm/slub.c:3220 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
kmem_cache_zalloc include/linux/slab.h:711 [inline]
fill_pool lib/debugobjects.c:171 [inline]
debug_objects_fill_pool+0x5a8/0x814 lib/debugobjects.c:600
debug_object_activate+0x114/0x790 lib/debugobjects.c:696
debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
__call_rcu kernel/rcu/tree.c:2978 [inline]
call_rcu+0x48/0xb40 kernel/rcu/tree.c:3074
dentry_free+0xac/0x18c
__dentry_kill+0x470/0x5e4 fs/dcache.c:596
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1176
prune_dcache_sb+0x104/0x164 fs/dcache.c:1257
super_cache_scan+0x2ac/0x3c8 fs/super.c:105
do_shrink_slab+0x4b4/0x10b0 mm/vmscan.c:758
shrink_slab_memcg mm/vmscan.c:827 [inline]
shrink_slab+0x4bc/0x894 mm/vmscan.c:906
shrink_node_memcgs mm/vmscan.c:2951 [inline]
shrink_node+0xe00/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_pages+0x8c0/0x10e0 mm/vmscan.c:3565
__perform_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4645 [inline]
__alloc_pages_slowpath+0xdd0/0x226c mm/page_alloc.c:5051
__alloc_pages+0x3a4/0x674 mm/page_alloc.c:5434
alloc_pages+0x390/0x634
vm_area_alloc_pages mm/vmalloc.c:2864 [inline]
__vmalloc_area_node mm/vmalloc.c:2920 [inline]
__vmalloc_node_range+0x538/0x8e0 mm/vmalloc.c:3025
vmalloc_user+0x138/0x19c mm/vmalloc.c:3161
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x5e0/0x10bc drivers/media/common/videobuf2/videobuf2-core.c:439
vb2_core_create_bufs+0x3c8/0x8a8 drivers/media/common/videobuf2/videobuf2-core.c:946
vb2_create_bufs+0x5dc/0xd1c drivers/media/common/videobuf2/videobuf2-v4l2.c:799
vb2_ioctl_create_bufs+0x378/0x5c8 drivers/media/common/videobuf2/videobuf2-v4l2.c:1031
v4l_create_bufs+0x19c/0x2d8 drivers/media/v4l2-core/v4l2-ioctl.c:2072
__video_do_ioctl+0x7f0/0xb64 drivers/media/v4l2-core/v4l2-ioctl.c:2976
video_usercopy+0x988/0x1160 drivers/media/v4l2-core/v4l2-ioctl.c:3324
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3372
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 23, 2023, 8:32:06 AM5/23/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fa74641fb6b9 Linux 6.1.29
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=151bea5a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
dashboard link: https://syzkaller.appspot.com/bug?extid=695c09885cef9d49936a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/53e4da6b145c/disk-fa74641f.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/adeb1a2cfa86/vmlinux-fa74641f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c976f1155d08/Image-fa74641f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor.4/24029 is trying to acquire lock:
ffff0001fec71600 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:137 [inline]
ffff0001fec71600 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up+0xec/0x1a8 kernel/sched/wait.c:160
but task is already holding lock:
ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x58c/0xdc0 kernel/time/hrtimer.c:1749
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (hrtimer_bases.lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
lock_hrtimer_base kernel/time/hrtimer.c:173 [inline]
hrtimer_start_range_ns+0xe4/0x9b0 kernel/time/hrtimer.c:1296
hrtimer_start_expires include/linux/hrtimer.h:432 [inline]
do_start_rt_bandwidth kernel/sched/rt.c:116 [inline]
hrtimer_start_range_ns+0xe4/0x9b0 kernel/time/hrtimer.c:1296
hrtimer_start_expires include/linux/hrtimer.h:432 [inline]
start_rt_bandwidth kernel/sched/rt.c:127 [inline]
inc_rt_group kernel/sched/rt.c:1241 [inline]
inc_rt_tasks kernel/sched/rt.c:1285 [inline]
__enqueue_rt_entity kernel/sched/rt.c:1461 [inline]
enqueue_rt_entity kernel/sched/rt.c:1510 [inline]
enqueue_task_rt+0x500/0xc18 kernel/sched/rt.c:1545
enqueue_task kernel/sched/core.c:2060 [inline]
__sched_setscheduler+0xf38/0x16ec kernel/sched/core.c:7659
_sched_setscheduler kernel/sched/core.c:7705 [inline]
sched_setscheduler_nocheck kernel/sched/core.c:7752 [inline]
sched_set_fifo+0xf8/0x1c0 kernel/sched/core.c:7776
watchdog_dev_init+0x5c/0x124 drivers/watchdog/watchdog_dev.c:1217
watchdog_init+0x18/0x54 drivers/watchdog/watchdog_core.c:465
do_one_initcall+0x260/0xacc init/main.c:1303
do_initcall_level+0x154/0x214 init/main.c:1376
do_initcalls+0x58/0xac init/main.c:1392
do_basic_setup+0x8c/0xa0 init/main.c:1411
kernel_init_freeable+0x3a4/0x528 init/main.c:1631
kernel_init+0x24/0x29c init/main.c:1519
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #3 (&rt_b->rt_runtime_lock){-.-.}-{2:2}:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
__enable_runtime kernel/sched/rt.c:876 [inline]
rq_online_rt+0x15c/0x36c kernel/sched/rt.c:2485
set_rq_online kernel/sched/core.c:9330 [inline]
sched_cpu_activate+0x340/0x578 kernel/sched/core.c:9438
cpuhp_invoke_callback+0x404/0x704 kernel/cpu.c:192
cpuhp_thread_fun+0x2e8/0x61c kernel/cpu.c:815
smpboot_thread_fn+0x4b0/0x96c kernel/smpboot.c:164
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #2 (&rq->__lock){-.-.}-{2:2}:
raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:537
raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
rq_lock kernel/sched/sched.h:1645 [inline]
task_fork_fair+0x7c/0x23c kernel/sched/fair.c:11893
sched_cgroup_fork+0x38c/0x464 kernel/sched/core.c:4682
copy_process+0x2650/0x38d0 kernel/fork.c:2376
kernel_clone+0x1d8/0x98c kernel/fork.c:2679
user_mode_thread+0x110/0x178 kernel/fork.c:2755
rest_init+0x2c/0x2f0 init/main.c:694
start_kernel+0x0/0x60c init/main.c:890
start_kernel+0x44c/0x60c init/main.c:1145
__primary_switched+0xb8/0xc0 arch/arm64/kernel/head.S:468
-> #1 (&p->pi_lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
try_to_wake_up+0xb4/0xe60 kernel/sched/core.c:4108
default_wake_function+0x4c/0x60 kernel/sched/core.c:6878
autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:419
__wake_up_common+0x23c/0x3bc kernel/sched/wait.c:107
__wake_up_common_lock kernel/sched/wait.c:138 [inline]
__wake_up+0x10c/0x1a8 kernel/sched/wait.c:160
wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
balance_pgdat+0x2868/0x2ccc mm/vmscan.c:7200
kswapd+0x828/0x1254 mm/vmscan.c:7397
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #0 (&pgdat->kcompactd_wait){-...}-{2:2}:
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xec/0x1a8 kernel/sched/wait.c:160
wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
wakeup_kswapd+0x350/0x964 mm/vmscan.c:7451
wake_all_kswapds+0x13c/0x23c mm/page_alloc.c:4818
__alloc_pages_slowpath+0x37c/0x2138 mm/page_alloc.c:5087
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
__stack_depot_save+0x43c/0x4dc lib/stackdepot.c:474
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x64/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
__kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
kmem_cache_zalloc include/linux/slab.h:679 [inline]
fill_pool lib/debugobjects.c:168 [inline]
debug_objects_fill_pool+0x4d0/0x814 lib/debugobjects.c:597
debug_object_activate+0x114/0x790 lib/debugobjects.c:693
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x4ac kernel/time/hrtimer.c:1084
debug_activate kernel/time/hrtimer.c:475 [inline]
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x5d0/0xdc0 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:655 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:666
handle_percpu_devid_irq+0x174/0x354 kernel/irq/chip.c:930
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:707
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
__gic_handle_irq drivers/irqchip/irq-gic-v3.c:695 [inline]
__gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:746 [inline]
gic_handle_irq+0x70/0x1e4 drivers/irqchip/irq-gic-v3.c:790
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:274
__el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
seqcount_lockdep_reader_access include/linux/seqlock.h:104 [inline]
read_seqbegin+0xa0/0x138 include/linux/seqlock.h:836
zone_span_seqbegin include/linux/memory_hotplug.h:132 [inline]
page_outside_zone_boundaries mm/page_alloc.c:647 [inline]
bad_range+0x9c/0x268 mm/page_alloc.c:674
rmqueue mm/page_alloc.c:3864 [inline]
get_page_from_freelist+0x3068/0x31f0 mm/page_alloc.c:4289
__alloc_pages_slowpath+0x390/0x2138 mm/page_alloc.c:5093
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
alloc_slab_page+0xa0/0x15c mm/slub.c:1794
allocate_slab mm/slub.c:1939 [inline]
new_slab+0xa0/0x2f4 mm/slub.c:1992
___slab_alloc+0x8bc/0xee0 mm/slub.c:3180
__slab_alloc mm/slub.c:3279 [inline]
slab_alloc_node mm/slub.c:3364 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2cc/0x37c mm/slub.c:3422
kmem_cache_zalloc include/linux/slab.h:679 [inline]
fill_pool lib/debugobjects.c:168 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:597
debug_object_activate+0x114/0x790 lib/debugobjects.c:693
debug_rcu_head_queue kernel/rcu/rcu.h:189 [inline]
call_rcu+0x50/0xa40 kernel/rcu/tree.c:2784
dentry_free+0xa8/0x174
__dentry_kill+0x470/0x5e4 fs/dcache.c:621
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1201
prune_dcache_sb+0x104/0x164 fs/dcache.c:1282
super_cache_scan+0x2ac/0x3c8 fs/super.c:104
do_shrink_slab+0x4f4/0x11d8 mm/vmscan.c:846
shrink_slab_memcg mm/vmscan.c:915 [inline]
shrink_slab+0x48c/0x7f0 mm/vmscan.c:994
shrink_node_memcgs mm/vmscan.c:6129 [inline]
shrink_node+0x5b4/0x212c mm/vmscan.c:6158
shrink_zones mm/vmscan.c:6396 [inline]
do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6458
try_to_free_pages+0x8cc/0x11f4 mm/vmscan.c:6693
__perform_reclaim mm/page_alloc.c:4759 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
__alloc_pages_slowpath+0xc58/0x2138 mm/page_alloc.c:5187
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
__get_free_pages+0x18/0x84 mm/page_alloc.c:5609
kasan_populate_vmalloc_pte+0x50/0xf0 mm/kasan/shadow.c:271
apply_to_pte_range mm/memory.c:2635 [inline]
apply_to_pmd_range mm/memory.c:2679 [inline]
apply_to_pud_range mm/memory.c:2715 [inline]
apply_to_p4d_range mm/memory.c:2751 [inline]
__apply_to_page_range+0x834/0xc3c mm/memory.c:2785
apply_to_page_range+0x4c/0x64 mm/memory.c:2804
kasan_populate_vmalloc+0x60/0x70 mm/kasan/shadow.c:318
alloc_vmap_area+0x15dc/0x171c mm/vmalloc.c:1646
__get_vm_area_node+0x1a0/0x374 mm/vmalloc.c:2505
__vmalloc_node_range+0x1d4/0xf78 mm/vmalloc.c:3179
vmalloc_user+0xc8/0xf0 mm/vmalloc.c:3373
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x620/0x111c drivers/media/common/videobuf2/videobuf2-core.c:444
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
vb2_core_create_bufs+0x4e8/0xa54 drivers/media/common/videobuf2/videobuf2-core.c:976
vb2_create_bufs+0x650/0xddc drivers/media/common/videobuf2/videobuf2-v4l2.c:794
v4l2_m2m_create_bufs drivers/media/v4l2-core/v4l2-mem2mem.c:840 [inline]
v4l2_m2m_ioctl_create_bufs+0x120/0x158 drivers/media/v4l2-core/v4l2-mem2mem.c:1376
v4l_create_bufs+0xc4/0x178 drivers/media/v4l2-core/v4l2-ioctl.c:2133
__video_do_ioctl+0x7f4/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3037
video_usercopy+0x938/0x10d4 drivers/media/v4l2-core/v4l2-ioctl.c:3384
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3431
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
vfs_ioctl fs/ioctl.c:51 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Chain exists of:
&pgdat->kcompactd_wait --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(hrtimer_bases.lock);
lock(&rt_b->rt_runtime_lock);
lock(hrtimer_bases.lock);
lock(&pgdat->kcompactd_wait);
*** DEADLOCK ***
#0: ffff00012bd9d2f0 (&ctx->vb_mutex){+.+.}-{3:3}, at: __video_do_ioctl+0x424/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3005
#1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4756 [inline]
#1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
#1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xbf4/0x2138 mm/page_alloc.c:5187
#2: ffff800015811b90 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab_memcg mm/vmscan.c:888 [inline]
#2: ffff800015811b90 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0x25c/0x7f0 mm/vmscan.c:994
#3: ffff0000d84780e0 (&type->s_umount_key#30){++++}-{3:3}, at: trylock_super fs/super.c:415 [inline]
#3: ffff0000d84780e0 (&type->s_umount_key#30){++++}-{3:3}, at: super_cache_scan+0x80/0x3c8 fs/super.c:79
#4: ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
#4: ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x58c/0xdc0 kernel/time/hrtimer.c:1749
stack backtrace:
CPU: 1 PID: 24029 Comm: syz-executor.4 Not tainted 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xec/0x1a8 kernel/sched/wait.c:160
wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
wakeup_kswapd+0x350/0x964 mm/vmscan.c:7451
wake_all_kswapds+0x13c/0x23c mm/page_alloc.c:4818
__alloc_pages_slowpath+0x37c/0x2138 mm/page_alloc.c:5087
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
__stack_depot_save+0x43c/0x4dc lib/stackdepot.c:474
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x64/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
__kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
kmem_cache_zalloc include/linux/slab.h:679 [inline]
fill_pool lib/debugobjects.c:168 [inline]
debug_objects_fill_pool+0x4d0/0x814 lib/debugobjects.c:597
debug_object_activate+0x114/0x790 lib/debugobjects.c:693
debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
debug_activate kernel/time/hrtimer.c:475 [inline]
enqueue_hrtimer+0x40/0x4ac kernel/time/hrtimer.c:1084
debug_activate kernel/time/hrtimer.c:475 [inline]
__run_hrtimer kernel/time/hrtimer.c:1702 [inline]
__hrtimer_run_queues+0x5d0/0xdc0 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
timer_handler drivers/clocksource/arm_arch_timer.c:655 [inline]
arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:666
handle_percpu_devid_irq+0x174/0x354 kernel/irq/chip.c:930
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:707
handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
__gic_handle_irq drivers/irqchip/irq-gic-v3.c:695 [inline]
__gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:746 [inline]
gic_handle_irq+0x70/0x1e4 drivers/irqchip/irq-gic-v3.c:790
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:274
__el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
seqcount_lockdep_reader_access include/linux/seqlock.h:104 [inline]
read_seqbegin+0xa0/0x138 include/linux/seqlock.h:836
zone_span_seqbegin include/linux/memory_hotplug.h:132 [inline]
page_outside_zone_boundaries mm/page_alloc.c:647 [inline]
bad_range+0x9c/0x268 mm/page_alloc.c:674
rmqueue mm/page_alloc.c:3864 [inline]
get_page_from_freelist+0x3068/0x31f0 mm/page_alloc.c:4289
__alloc_pages_slowpath+0x390/0x2138 mm/page_alloc.c:5093
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
alloc_slab_page+0xa0/0x15c mm/slub.c:1794
allocate_slab mm/slub.c:1939 [inline]
new_slab+0xa0/0x2f4 mm/slub.c:1992
___slab_alloc+0x8bc/0xee0 mm/slub.c:3180
__slab_alloc mm/slub.c:3279 [inline]
slab_alloc_node mm/slub.c:3364 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2cc/0x37c mm/slub.c:3422
kmem_cache_zalloc include/linux/slab.h:679 [inline]
fill_pool lib/debugobjects.c:168 [inline]
debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:597
debug_object_activate+0x114/0x790 lib/debugobjects.c:693
debug_rcu_head_queue kernel/rcu/rcu.h:189 [inline]
call_rcu+0x50/0xa40 kernel/rcu/tree.c:2784
dentry_free+0xa8/0x174
__dentry_kill+0x470/0x5e4 fs/dcache.c:621
shrink_dentry_list+0x41c/0x850 fs/dcache.c:1201
prune_dcache_sb+0x104/0x164 fs/dcache.c:1282
super_cache_scan+0x2ac/0x3c8 fs/super.c:104
do_shrink_slab+0x4f4/0x11d8 mm/vmscan.c:846
shrink_slab_memcg mm/vmscan.c:915 [inline]
shrink_slab+0x48c/0x7f0 mm/vmscan.c:994
shrink_node_memcgs mm/vmscan.c:6129 [inline]
shrink_node+0x5b4/0x212c mm/vmscan.c:6158
shrink_zones mm/vmscan.c:6396 [inline]
do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6458
try_to_free_pages+0x8cc/0x11f4 mm/vmscan.c:6693
__perform_reclaim mm/page_alloc.c:4759 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
__alloc_pages_slowpath+0xc58/0x2138 mm/page_alloc.c:5187
__alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
alloc_pages+0x4bc/0x7c0
__get_free_pages+0x18/0x84 mm/page_alloc.c:5609
kasan_populate_vmalloc_pte+0x50/0xf0 mm/kasan/shadow.c:271
apply_to_pte_range mm/memory.c:2635 [inline]
apply_to_pmd_range mm/memory.c:2679 [inline]
apply_to_pud_range mm/memory.c:2715 [inline]
apply_to_p4d_range mm/memory.c:2751 [inline]
__apply_to_page_range+0x834/0xc3c mm/memory.c:2785
apply_to_page_range+0x4c/0x64 mm/memory.c:2804
kasan_populate_vmalloc+0x60/0x70 mm/kasan/shadow.c:318
alloc_vmap_area+0x15dc/0x171c mm/vmalloc.c:1646
__get_vm_area_node+0x1a0/0x374 mm/vmalloc.c:2505
__vmalloc_node_range+0x1d4/0xf78 mm/vmalloc.c:3179
vmalloc_user+0xc8/0xf0 mm/vmalloc.c:3373
vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
__vb2_queue_alloc+0x620/0x111c drivers/media/common/videobuf2/videobuf2-core.c:444
__vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
vb2_core_create_bufs+0x4e8/0xa54 drivers/media/common/videobuf2/videobuf2-core.c:976
vb2_create_bufs+0x650/0xddc drivers/media/common/videobuf2/videobuf2-v4l2.c:794
v4l2_m2m_create_bufs drivers/media/v4l2-core/v4l2-mem2mem.c:840 [inline]
v4l2_m2m_ioctl_create_bufs+0x120/0x158 drivers/media/v4l2-core/v4l2-mem2mem.c:1376
v4l_create_bufs+0xc4/0x178 drivers/media/v4l2-core/v4l2-ioctl.c:2133
__video_do_ioctl+0x7f4/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3037
video_usercopy+0x938/0x10d4 drivers/media/v4l2-core/v4l2-ioctl.c:3384
video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3431
v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
vfs_ioctl fs/ioctl.c:51 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
syzbot
Aug 31, 2023, 8:31:41 AM8/31/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
syzbot
Sep 6, 2023, 6:20:48 AM9/6/23
to syzkaller...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages