======================================================== WARNING: possible irq lock inversion dependency detected 6.4.0-rc7-next-20230623 #1 Not tainted -------------------------------------------------------- jbd2/sda-8/63 just changed the state of lock: ffffffff85815818 (blkg_stat_lock){+.-.}-{2:2}, at: __blkcg_rstat_flush.isra.0+0x11f/0x4e0 but this lock was taken by another, HARDIRQ-safe lock in the past: (per_cpu_ptr(&cgroup_rstat_cpu_lock, cpu)){-.-.}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(blkg_stat_lock); local_irq_disable(); lock(per_cpu_ptr(&cgroup_rstat_cpu_lock, cpu)); lock(blkg_stat_lock); lock(per_cpu_ptr(&cgroup_rstat_cpu_lock, cpu)); *** DEADLOCK *** 2 locks held by jbd2/sda-8/63: #0: ffffffff8560b5a0 (rcu_callback){....}-{0:0}, at: rcu_core+0x83e/0x28b0 #1: ffffffff8560b6c0 (rcu_read_lock){....}-{1:2}, at: __blkcg_rstat_flush.isra.0+0x93/0x4e0 the shortest dependencies between 2nd lock and 1st lock: -> (per_cpu_ptr(&cgroup_rstat_cpu_lock, cpu)){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x19a/0x4c0 _raw_spin_lock_irqsave+0x3a/0x60 cgroup_rstat_updated+0xcb/0x2e0 __cgroup_account_cputime_field+0xa0/0x120 account_system_index_time+0x199/0x2c0 update_process_times+0x26/0x150 tick_sched_handle+0x8e/0x170 tick_sched_timer+0xe6/0x110 __hrtimer_run_queues+0x17f/0xb60 hrtimer_interrupt+0x2ef/0x750 __sysvec_apic_timer_interrupt+0xff/0x380 sysvec_apic_timer_interrupt+0x69/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 lock_is_held_type+0xe4/0x120 __might_resched+0x40c/0x510 kmem_cache_alloc+0x304/0x370 __create_object+0x3c/0xc90 __kmem_cache_alloc_node+0x206/0x320 kmalloc_trace+0x26/0xc0 inode_doinit_use_xattr+0x54/0x420 inode_doinit_with_dentry+0x1052/0x1210 selinux_d_instantiate+0x27/0x30 security_d_instantiate+0x5a/0xf0 d_splice_alias+0x90/0xe30 kernfs_iop_lookup+0x283/0x330 lookup_open.isra.0+0x745/0x1400 path_openat+0x96c/0x2710 do_filp_open+0x1ba/0x410 do_sys_openat2+0x164/0x1d0 __x64_sys_openat+0x143/0x200 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 IN-SOFTIRQ-W at: lock_acquire+0x19a/0x4c0 _raw_spin_lock_irqsave+0x3a/0x60 cgroup_rstat_updated+0xcb/0x2e0 __cgroup_account_cputime+0x75/0xc0 update_curr+0x350/0x6d0 enqueue_task_fair+0x6a9/0x1ca0 activate_task+0xe7/0x250 ttwu_do_activate+0x10d/0x7a0 try_to_wake_up+0x627/0x1b30 wake_page_function+0x22a/0x430 __wake_up_common+0x14c/0x4c0 folio_wake_bit+0xfe/0x230 folio_unlock+0x83/0xb0 __read_end_io+0x10c/0x3e0 mpage_end_io+0x7a/0xe0 bio_endio+0x51a/0x620 blk_update_request+0x397/0x12a0 scsi_end_request+0x7a/0xa20 scsi_io_completion+0xc0/0x1640 scsi_complete+0x114/0x380 blk_complete_reqs+0xb8/0xf0 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 common_interrupt+0x7c/0xa0 asm_common_interrupt+0x26/0x40 _raw_spin_unlock_irqrestore+0x34/0x50 __kmem_cache_alloc_node+0x206/0x320 __kmalloc+0x4a/0x160 load_elf_phdrs+0x103/0x210 load_elf_binary+0x1e6/0x5030 bprm_execve+0x803/0x1940 do_execveat_common+0x734/0x8e0 __x64_sys_execve+0x93/0xc0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 INITIAL USE at: lock_acquire+0x19a/0x4c0 _raw_spin_lock_irqsave+0x3a/0x60 cgroup_rstat_flush_locked+0x131/0xd80 cgroup_rstat_flush+0x37/0x50 do_flush_stats+0x97/0xf0 flush_memcg_stats_dwork+0x9/0x50 process_one_work+0xabf/0x1770 worker_thread+0x64f/0x12a0 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 } ... key at: [] __key.0+0x0/0x40 ... acquired at: _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 blkcg_rstat_flush+0x87/0xb0 cgroup_rstat_flush_locked+0x706/0xd80 cgroup_rstat_flush+0x37/0x50 do_flush_stats+0x97/0xf0 flush_memcg_stats_dwork+0x9/0x50 process_one_work+0xabf/0x1770 worker_thread+0x64f/0x12a0 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 -> (blkg_stat_lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x19a/0x4c0 _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 __blkg_release+0xfa/0x3b0 rcu_core+0x8c8/0x28b0 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 crc32_body+0xc6/0x600 chksum_update+0x50/0xb0 crypto_shash_update+0xce/0x130 jbd2_journal_commit_transaction+0x1c7b/0x5f80 kjournald2+0x1d0/0x890 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 IN-SOFTIRQ-W at: lock_acquire+0x19a/0x4c0 _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 __blkg_release+0xfa/0x3b0 rcu_core+0x8c8/0x28b0 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 crc32_body+0xc6/0x600 chksum_update+0x50/0xb0 crypto_shash_update+0xce/0x130 jbd2_journal_commit_transaction+0x1c7b/0x5f80 kjournald2+0x1d0/0x890 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 INITIAL USE at: lock_acquire+0x19a/0x4c0 _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 blkcg_rstat_flush+0x87/0xb0 cgroup_rstat_flush_locked+0x706/0xd80 cgroup_rstat_flush+0x37/0x50 do_flush_stats+0x97/0xf0 flush_memcg_stats_dwork+0x9/0x50 process_one_work+0xabf/0x1770 worker_thread+0x64f/0x12a0 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 } ... key at: [] blkg_stat_lock+0x18/0x60 ... acquired at: __lock_acquire+0x8b8/0x6340 lock_acquire+0x19a/0x4c0 _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 __blkg_release+0xfa/0x3b0 rcu_core+0x8c8/0x28b0 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 crc32_body+0xc6/0x600 chksum_update+0x50/0xb0 crypto_shash_update+0xce/0x130 jbd2_journal_commit_transaction+0x1c7b/0x5f80 kjournald2+0x1d0/0x890 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 stack backtrace: CPU: 1 PID: 63 Comm: jbd2/sda-8 Not tainted 6.4.0-rc7-next-20230623 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x91/0xf0 print_irq_inversion_bug.part.0+0x3d5/0x570 mark_lock.part.0+0x900/0x2f50 __lock_acquire+0x8b8/0x6340 lock_acquire+0x19a/0x4c0 _raw_spin_lock+0x2b/0x40 __blkcg_rstat_flush.isra.0+0x11f/0x4e0 __blkg_release+0xfa/0x3b0 rcu_core+0x8c8/0x28b0 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:crc32_body+0xc6/0x600 Code: 03 38 c8 7c 08 84 c9 0f 85 1e 05 00 00 41 8b 47 04 31 d8 0f b6 c8 49 8d 9c 8d 00 1c 00 00 48 89 d9 48 c1 e9 03 42 0f b6 34 21 <48> 89 d9 83 e1 07 83 c1 03 40 38 f1 7c 09 40 84 f6 0f 85 d5 04 00 RSP: 0018:ffff8880100bfa18 EFLAGS: 00000213 RAX: 00000000a0dc7bfd RBX: ffffffff849f5af4 RCX: 1ffffffff093eb5e RDX: ffff88800f620000 RSI: 0000000000000000 RDI: ffff88802f768e48 RBP: 0000000000000200 R08: 0000000000000006 R09: 0000000000000200 R10: 00000000000001c9 R11: 0000000000000000 R12: dffffc0000000000 R13: ffffffff849f3b00 R14: 00000000000001c9 R15: ffff88802f768e44 chksum_update+0x50/0xb0 crypto_shash_update+0xce/0x130 jbd2_journal_commit_transaction+0x1c7b/0x5f80 kjournald2+0x1d0/0x890 kthread+0x33f/0x440 ret_from_fork+0x2c/0x50 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. loop4: detected capacity change from 0 to 40 ---------------- Code disassembly (best guess): 0: 03 38 add (%rax),%edi 2: c8 7c 08 84 enterq $0x87c,$0x84 6: c9 leaveq 7: 0f 85 1e 05 00 00 jne 0x52b d: 41 8b 47 04 mov 0x4(%r15),%eax 11: 31 d8 xor %ebx,%eax 13: 0f b6 c8 movzbl %al,%ecx 16: 49 8d 9c 8d 00 1c 00 lea 0x1c00(%r13,%rcx,4),%rbx 1d: 00 1e: 48 89 d9 mov %rbx,%rcx 21: 48 c1 e9 03 shr $0x3,%rcx 25: 42 0f b6 34 21 movzbl (%rcx,%r12,1),%esi * 2a: 48 89 d9 mov %rbx,%rcx <-- trapping instruction 2d: 83 e1 07 and $0x7,%ecx 30: 83 c1 03 add $0x3,%ecx 33: 40 38 f1 cmp %sil,%cl 36: 7c 09 jl 0x41 38: 40 84 f6 test %sil,%sil 3b: 0f .byte 0xf 3c: 85 d5 test %edx,%ebp 3e: 04 00 add $0x0,%al