| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e048a5c5-dea5-a31a-1022-1b007e022adb@alu.unizg.hr>
Date: Fri, 4 Nov 2022 23:01:47 +0100
From: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To: LKML <linux-kernel@...r.kernel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
Thorsten Leemhuis <regressions@...mhuis.info>,
srinivas pandruvada <srinivas.pandruvada@...ux.intel.com>
Subject: INFO: rcu_preempt detected expedited stalls on CPUs/tasks
(6.1.0-rc3): in cat /sys/kernel/debug/kmemleak
Dear all,
When investigating thermald kmemleak, it occurred that the "cat
/sys/kernel/debug/kmemleak"
and "tail -20 /sys/kernel/debug/kmemleak" commands take unusual amount
of time.
Dmesg output showed expedited stalls that the commands caused NMIs and
NMI backtraces:
[ 8123.263464] rcu: INFO: rcu_preempt detected expedited stalls on
CPUs/tasks: { 0-.... } 26 jiffies s: 3829 root: 0x1/.
[ 8123.263500] rcu: blocking rcu_node structures (internal RCU debug):
[ 8123.263508] Sending NMI from CPU 7 to CPUs 0:
[ 8123.263528] NMI backtrace for cpu 0
[ 8123.263539] CPU: 0 PID: 27898 Comm: cat Not tainted 6.1.0-rc3 #1
[ 8123.263552] Hardware name: LENOVO 82H8/LNVNB161216, BIOS GGCN34WW
03/08/2022
[ 8123.263557] RIP: 0010:kmemleak_seq_start+0x41/0x80
[ 8123.263579] Code: 55 04 a6 00 4c 63 e0 85 c0 78 40 e8 b9 80 db ff 48
8b 05 92 fb 88 01 4c 8d 60 f8 48 3d 30
62 63 92 75 17 eb 32 49 8b 44 24 08
<48> 83 eb 01 4c 8d 60 f8 48 3d 30 62 63 92 74 1d
48 85 db 7f e6 4c
[ 8123.263588] RSP: 0018:ffff9968e400fc30 EFLAGS: 00000206
[ 8123.263598] RAX: ffff8963b7005b58 RBX: 0000000000011cb8 RCX:
0000000000000001
[ 8123.263604] RDX: ffff8963b09c4000 RSI: ffff8963856de028 RDI:
ffffffff926361c0
[ 8123.263608] RBP: ffff9968e400fc40 R08: 0000000000020000 R09:
ffff896380592a80
[ 8123.263613] R10: 0000000000020000 R11: 0000000000000000 R12:
ffff8964114c2390
[ 8123.263617] R13: ffff89639fa25b00 R14: ffff8963856de000 R15:
ffff9968e400fe30
[ 8123.263622] FS: 00007ff217c15740(0000) GS:ffff896528800000(0000)
knlGS:0000000000000000
[ 8123.263630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8123.263636] CR2: 00007f19bd6a8000 CR3: 000000028e392001 CR4:
0000000000770ef0
[ 8123.263642] PKRU: 55555554
[ 8123.263646] Call Trace:
[ 8123.263649] <TASK>
[ 8123.263656] seq_read_iter+0x169/0x420
[ 8123.263671] seq_read+0xad/0xe0
[ 8123.263685] full_proxy_read+0x59/0x90
[ 8123.263701] vfs_read+0xb2/0x2e0
[ 8123.263718] ksys_read+0x61/0xe0
[ 8123.263730] __x64_sys_read+0x1a/0x20
[ 8123.263741] do_syscall_64+0x58/0x80
[ 8123.263754] ? do_syscall_64+0x67/0x80
[ 8123.263767] ? exit_to_user_mode_prepare+0x15d/0x190
[ 8123.263781] ? syscall_exit_to_user_mode+0x1b/0x30
[ 8123.263791] ? do_syscall_64+0x67/0x80
[ 8123.263804] ? syscall_exit_to_user_mode+0x1b/0x30
[ 8123.263813] ? do_syscall_64+0x67/0x80
[ 8123.263823] ? do_syscall_64+0x67/0x80
[ 8123.263833] ? do_syscall_64+0x67/0x80
[ 8123.263844] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 8123.263857] RIP: 0033:0x7ff217914992
[ 8123.263867] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d
02 00 0f 1f 44 00 00 f3 0f
1e fa 64 8b 04 25 18 00 00 00 85 c0
75 10 0f 05 <48> 3d 00 f0 ff ff 77 56
c3 0f 1f 44 00 00 48 83 ec 28 48 89
54 24
[ 8123.263875] RSP: 002b:00007ffdfcbc3e28 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[ 8123.263894] RAX: ffffffffffffffda RBX: 0000000000020000 RCX:
00007ff217914992
[ 8123.263899] RDX: 0000000000020000 RSI: 00007ff217b9d000 RDI:
0000000000000003
[ 8123.263904] RBP: 00007ff217b9d000 R08: 00007ff217b9c010 R09:
00007ff217b9c010
[ 8123.263909] R10: 0000000000000022 R11: 0000000000000246 R12:
0000000000022000
[ 8123.263914] R13: 0000000000000003 R14: 0000000000020000 R15:
0000000000020000
[ 8123.263927] </TASK>
To reproduce:
Enable CONFIG_DEBUG_KMEMLEAK=y in linux_stable 6.1.0-rc3 build.
Then, a stress test on a service known from the previous report is required:
for a in {1..1000}; doRIP: 0010:kmemleak_seq_start+0x41/0x80
echo $a
systemctl stop thermald
sleep 0.5
systemctl start thermald
sleep 0.5
done
After that, /sys/kernel/debug/kmemleak indicated 1413 unreferenced objects.
However, dmesg had shown the stalls on CPUs while executing "cat" or
"tail -40" of /sys/kernel/debug/kmemleak.
I've read the
https://www.kernel.org/doc/Documentation/RCU/stallwarn.txt, but I was
unable to understand
what is going on except to locate the stall to "RIP:
0010:kmemleak_seq_start+0x41/0x80" and probable
maintainer/developer.
Please find attached the kernel build config, the output of "cat
/sys/kernel/debug/kmemleak" and
dmesg ouput about the expedited stalls. The number of jiffies is not so
large, but IMHO they possibly indicate
greater problems or deadlocks in RCU code in kmemleak.
NOTE:
Please add:
Reported-By: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
if (or when) the bug is fixed.
Thank you.
-mt
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
The European Union
Download attachment "config-6.1.0-rc3.gz" of type "application/gzip" (65705 bytes)
Download attachment "expedited_stalls_cat_tail_kmemleak.dmesg.gz" of type "application/gzip" (24792 bytes)
Download attachment "kmemleak-thermald.txt.gz" of type "application/gzip" (31677 bytes)
Powered by blists - more mailing lists