From: Peter Zijlstra <peterz@infradead.org>
To: kernel test robot <oliver.sang@intel.com>, japo@linux.ibm.com
Cc: oe-lkp@lists.linux.dev, lkp@intel.com,
linux-kernel@vger.kernel.org, x86@kernel.org,
Juri Lelli <juri.lelli@redhat.com>, Tejun Heo <tj@kernel.org>,
Vincent Guittot <vincent.guittot@linaro.org>,
cgroups@vger.kernel.org, aubrey.li@linux.intel.com,
yu.c.chen@intel.com
Subject: Re: [tip:sched/core] [sched] b079d93796: WARNING:possible_recursive_locking_detected_migration_is_trying_to_acquire_lock:at:set_cpus_allowed_force_but_task_is_already_holding_lock:at:cpu_stopper_thread
Date: Mon, 27 Oct 2025 12:01:33 +0100 [thread overview]
Message-ID: <20251027110133.GI3245006@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <202510271206.24495a68-lkp@intel.com>
On Mon, Oct 27, 2025 at 01:14:09PM +0800, kernel test robot wrote:
> kernel test robot noticed "WARNING:possible_recursive_locking_detected_migration_is_trying_to_acquire_lock:at:set_cpus_allowed_force_but_task_is_already_holding_lock:at:cpu_stopper_thread" on:
>
> commit: b079d93796528053cde322f2ca838c2d21c297e7 ("sched: Rename do_set_cpus_allowed()")
> https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git sched/core
Your biscect went sideways, it is, as Jan correctly found:
abfc01077df6 ("sched: Fix do_set_cpus_allowed() locking")
Anyway, this was helpful:
> [ 116.814488][ T21] ============================================
> [ 116.815227][ T21] WARNING: possible recursive locking detected
> [ 116.815957][ T21] 6.18.0-rc1-00014-gb079d9379652 #1 Tainted: G S
> [ 116.816878][ T21] --------------------------------------------
> [ 116.817602][ T21] migration/1/21 is trying to acquire lock:
> [ 116.818301][ T21] ee7f1930 (&rq->__lock){-.-.}-{2:2}, at: set_cpus_allowed_force+0x3c/0xc0
> [ 116.820432][ T21]
> [ 116.820432][ T21] but task is already holding lock:
> [ 116.821314][ T21] ee7f1930 (&rq->__lock){-.-.}-{2:2}, at: cpu_stopper_thread+0x93/0x170
> [ 116.841003][ T21]
> [ 116.842427][ T21] 2 locks held by migration/1/21:
> [ 116.843393][ T21] #0: b92d06dc (&p->pi_lock){-.-.}-{2:2}, at: __balance_push_cpu_stop+0x28/0x2b0
> [ 116.845044][ T21] #1: ee7f1930 (&rq->__lock){-.-.}-{2:2}, at: cpu_stopper_thread+0x93/0x170
> [ 116.846669][ T21]
> [ 116.846669][ T21] stack backtrace:
> [ 116.847890][ T21] CPU: 1 UID: 0 PID: 21 Comm: migration/1 Tainted: G S 6.18.0-rc1-00014-gb079d9379652 #1 NONE 6d63d2e836521c1c681a07c673117fb98e4815ab
> [ 116.847897][ T21] Tainted: [S]=CPU_OUT_OF_SPEC
> [ 116.847898][ T21] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 116.847901][ T21] Stopper: __balance_push_cpu_stop+0x0/0x2b0 <- finish_lock_switch+0x7d/0xd0
> [ 116.847909][ T21] Call Trace:
> [ 116.847939][ T21] ? lock_acquire+0xc3/0x1f0
> [ 116.847943][ T21] ? set_cpus_allowed_force+0x3c/0xc0
> [ 116.847947][ T21] ? lock_acquire+0xc3/0x1f0
> [ 116.847952][ T21] ? __task_rq_lock+0x73/0x1d0
> [ 116.847955][ T21] ? set_cpus_allowed_force+0x3c/0xc0
> [ 116.847959][ T21] ? set_cpus_allowed_force+0x3c/0xc0
> [ 116.847962][ T21] ? __balance_push_cpu_stop+0x136/0x2b0
> [ 116.847966][ T21] ? select_fallback_rq+0x148/0x230
> [ 116.847970][ T21] ? __balance_push_cpu_stop+0x163/0x2b0
> [ 116.847974][ T21] ? cpu_stopper_thread+0x93/0x170
Clearly I missed that case :/
---
Subject: sched: Fix the do_set_cpus_allowed() locking fix
Commit abfc01077df6 ("sched: Fix do_set_cpus_allowed() locking")
overlooked that __balance_push_cpu_stop() calls select_fallback_rq()
with rq->lock held. This makes that set_cpus_allowed_force() will
recursively take rq->lock and the machine locks up.
Run select_fallback_rq() earlier, without holding rq->lock. This opens
up a race window where a task could get migrated out from under us, but
that is harmless, we want the task migrated.
select_fallback_rq() itself will not be subject to concurrency as it
will be fully serialized by p->pi_lock, so there is no chance of
set_cpus_allowed_force() getting called with different arguments and
selecting different fallback CPUs for one task.
Fixes: abfc01077df6 ("sched: Fix do_set_cpus_allowed() locking")
Reported-by: Jan Polensky <japo@linux.ibm.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Closes: https://lore.kernel.org/oe-lkp/202510271206.24495a68-lkp@intel.com
---
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 1842285eac1e..67b5f2faab36 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -8044,18 +8044,15 @@ static int __balance_push_cpu_stop(void *arg)
struct rq_flags rf;
int cpu;
- raw_spin_lock_irq(&p->pi_lock);
- rq_lock(rq, &rf);
-
- update_rq_clock(rq);
-
- if (task_rq(p) == rq && task_on_rq_queued(p)) {
+ scoped_guard (raw_spinlock_irq, &p->pi_lock) {
cpu = select_fallback_rq(rq->cpu, p);
- rq = __migrate_task(rq, &rf, p, cpu);
- }
- rq_unlock(rq, &rf);
- raw_spin_unlock_irq(&p->pi_lock);
+ rq_lock(rq, &rf);
+ update_rq_clock(rq);
+ if (task_rq(p) == rq && task_on_rq_queued(p))
+ rq = __migrate_task(rq, &rf, p, cpu);
+ rq_unlock(rq, &rf);
+ }
put_task_struct(p);
next prev parent reply other threads:[~2025-10-27 11:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-27 5:14 [tip:sched/core] [sched] b079d93796: WARNING:possible_recursive_locking_detected_migration_is_trying_to_acquire_lock:at:set_cpus_allowed_force_but_task_is_already_holding_lock:at:cpu_stopper_thread kernel test robot
2025-10-27 11:01 ` Peter Zijlstra [this message]
2025-10-28 9:03 ` Peter Zijlstra
2025-10-28 11:29 ` Jan Polensky
2025-10-28 11:44 ` [tip: sched/core] sched: Fix the do_set_cpus_allowed() locking fix tip-bot2 for Peter Zijlstra
2025-10-28 14:10 ` tip-bot2 for Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251027110133.GI3245006@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aubrey.li@linux.intel.com \
--cc=cgroups@vger.kernel.org \
--cc=japo@linux.ibm.com \
--cc=juri.lelli@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=oliver.sang@intel.com \
--cc=tj@kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=x86@kernel.org \
--cc=yu.c.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox