The commit afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
introduced a seqcount to track freeze timing but initialized it as a
plain seqcount_t using seqcount_init().

However, the write-side critical section in cgroup_do_freeze() holds
the css_set_lock spinlock while calling write_seqcount_begin(). On
PREEMPT_RT kernels, spinlocks do not disable preemption, causing the
lockdep assertion for a plain seqcount_t, which checks for preemption
being disabled, to fail.

This triggers the following warning:
  WARNING: CPU: 0 PID: 9692 at include/linux/seqlock.h:221

Fix this by changing the type to seqcount_spinlock_t and initializing
it with seqcount_spinlock_init() to associate css_set_lock with the
seqcount. This allows lockdep to correctly validate that the spinlock
is held during write operations, resolving the assertion failure on all
kernel configurations.

Reported-by: syzbot+27a2519eb4dad86d0156@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=27a2519eb4dad86d0156
Fixes: afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com>
---
 include/linux/cgroup-defs.h | 2 +-
 kernel/cgroup/cgroup.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
index 539c64eeef38..933c4487a846 100644
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -435,7 +435,7 @@ struct cgroup_freezer_state {
 	int nr_frozen_tasks;
 
 	/* Freeze time data consistency protection */
-	seqcount_t freeze_seq;
+	seqcount_spinlock_t freeze_seq;
 
 	/*
 	 * Most recent time the cgroup was requested to freeze.
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index ab096b884bbc..fe175326b155 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5789,7 +5789,7 @@ static struct cgroup *cgroup_create(struct cgroup *parent, const char *name,
 	 * if the parent has to be frozen, the child has too.
 	 */
 	cgrp->freezer.e_freeze = parent->freezer.e_freeze;
-	seqcount_init(&cgrp->freezer.freeze_seq);
+	seqcount_spinlock_init(&cgrp->freezer.freeze_seq, &css_set_lock);
 	if (cgrp->freezer.e_freeze) {
 		/*
 		 * Set the CGRP_FREEZE flag, so when a process will be
-- 
2.51.0

Nirbhay Sharma <nirbhay.lkd@gmail.com> writes:

> The commit afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> introduced a seqcount to track freeze timing but initialized it as a
> plain seqcount_t using seqcount_init().

> However, the write-side critical section in cgroup_do_freeze() holds
> the css_set_lock spinlock while calling write_seqcount_begin(). On
> PREEMPT_RT kernels, spinlocks do not disable preemption, causing the
> lockdep assertion for a plain seqcount_t, which checks for preemption
> being disabled, to fail.

> This triggers the following warning:
>    WARNING: CPU: 0 PID: 9692 at include/linux/seqlock.h:221

> Fix this by changing the type to seqcount_spinlock_t and initializing
> it with seqcount_spinlock_init() to associate css_set_lock with the
> seqcount. This allows lockdep to correctly validate that the spinlock
> is held during write operations, resolving the assertion failure on all
> kernel configurations.

> Reported-by: syzbot+27a2519eb4dad86d0156@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=27a2519eb4dad86d0156
> Fixes: afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com>
> ---
>   include/linux/cgroup-defs.h | 2 +-
>   kernel/cgroup/cgroup.c      | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)

> diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
> index 539c64eeef38..933c4487a846 100644
> --- a/include/linux/cgroup-defs.h
> +++ b/include/linux/cgroup-defs.h
> @@ -435,7 +435,7 @@ struct cgroup_freezer_state {
>   	int nr_frozen_tasks;

>   	/* Freeze time data consistency protection */
> -	seqcount_t freeze_seq;
> +	seqcount_spinlock_t freeze_seq;

>   	/*
>   	 * Most recent time the cgroup was requested to freeze.
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index ab096b884bbc..fe175326b155 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -5789,7 +5789,7 @@ static struct cgroup *cgroup_create(struct cgroup  
> *parent, const char *name,
>   	 * if the parent has to be frozen, the child has too.
>   	 */
>   	cgrp->freezer.e_freeze = parent->freezer.e_freeze;
> -	seqcount_init(&cgrp->freezer.freeze_seq);
> +	seqcount_spinlock_init(&cgrp->freezer.freeze_seq, &css_set_lock);
>   	if (cgrp->freezer.e_freeze) {
>   		/*
>   		 * Set the CGRP_FREEZE flag, so when a process will be

Thanks for this fix, Nirbhay!

-- 
Tiffany Y. Yang

On Fri, Oct 03, 2025 at 05:15:55PM +0530, Nirbhay Sharma <nirbhay.lkd@gmail.com> wrote:
> The commit afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> introduced a seqcount to track freeze timing but initialized it as a
> plain seqcount_t using seqcount_init().
> 
> However, the write-side critical section in cgroup_do_freeze() holds
> the css_set_lock spinlock while calling write_seqcount_begin(). On
> PREEMPT_RT kernels, spinlocks do not disable preemption, causing the
> lockdep assertion for a plain seqcount_t, which checks for preemption
> being disabled, to fail.
> 
> This triggers the following warning:
>   WARNING: CPU: 0 PID: 9692 at include/linux/seqlock.h:221
> 
> Fix this by changing the type to seqcount_spinlock_t and initializing
> it with seqcount_spinlock_init() to associate css_set_lock with the
> seqcount. This allows lockdep to correctly validate that the spinlock
> is held during write operations, resolving the assertion failure on all
> kernel configurations.
> 
> Reported-by: syzbot+27a2519eb4dad86d0156@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=27a2519eb4dad86d0156
> Fixes: afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com>

Link: https://lore.kernel.org/r/20251002165510.KtY3IT--@linutronix.de/

Yes, this is what was discussed yesterday. Thanks.

Acked-by: Michal Koutný <mkoutny@suse.com>

On Fri, Oct 03, 2025 at 04:00:22PM +0200, Michal Koutný wrote:
> On Fri, Oct 03, 2025 at 05:15:55PM +0530, Nirbhay Sharma <nirbhay.lkd@gmail.com> wrote:
> > The commit afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> > introduced a seqcount to track freeze timing but initialized it as a
> > plain seqcount_t using seqcount_init().
> > 
> > However, the write-side critical section in cgroup_do_freeze() holds
> > the css_set_lock spinlock while calling write_seqcount_begin(). On
> > PREEMPT_RT kernels, spinlocks do not disable preemption, causing the
> > lockdep assertion for a plain seqcount_t, which checks for preemption
> > being disabled, to fail.
> > 
> > This triggers the following warning:
> >   WARNING: CPU: 0 PID: 9692 at include/linux/seqlock.h:221
> > 
> > Fix this by changing the type to seqcount_spinlock_t and initializing
> > it with seqcount_spinlock_init() to associate css_set_lock with the
> > seqcount. This allows lockdep to correctly validate that the spinlock
> > is held during write operations, resolving the assertion failure on all
> > kernel configurations.
> > 
> > Reported-by: syzbot+27a2519eb4dad86d0156@syzkaller.appspotmail.com
> > Closes: https://syzkaller.appspot.com/bug?extid=27a2519eb4dad86d0156
> > Fixes: afa3701c0e45 ("cgroup: cgroup.stat.local time accounting")
> > Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com>
> 
> Link: https://lore.kernel.org/r/20251002165510.KtY3IT--@linutronix.de/
> 
> Yes, this is what was discussed yesterday. Thanks.
> 
> Acked-by: Michal Koutný <mkoutny@suse.com>

Okay, reverting that one and applying this one.

Thanks.

-- 
tejun