From: Breno Leitao <leitao@debian.org>
To: SeongJae Park <sj@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH RFC] mm/kmemleak: avoid soft lockup when scanning task stacks
Date: Fri, 12 Jun 2026 02:42:41 -0700 [thread overview]
Message-ID: <aivUb606z0rHakVK@gmail.com> (raw)
In-Reply-To: <20260612011049.84146-1-sj@kernel.org>
On Thu, Jun 11, 2026 at 06:10:48PM -0700, SeongJae Park wrote:
> On Thu, 11 Jun 2026 05:45:00 -0700 Breno Leitao <leitao@debian.org> wrote:
>
> > kmemleak_scan() walks every thread and scans its kernel stack under a
> > single rcu_read_lock() with no reschedule point. On a host with very
> > many threads -- amplified by KASAN/lockdep in debug builds -- this loop
> > can hog a CPU long enough to trip the soft lockup watchdog:
> >
> > watchdog: BUG: soft lockup - CPU#35 stuck for 22s! [kmemleak:537]
> > scan_block
> > kmemleak_scan
> > kmemleak_scan_thread
> > kthread
> >
> > A cond_resched() cannot be added directly: the loop runs inside an RCU
> > read-side critical section.
> >
> > Split the scan in two parts:
> >
> > 1) get the list of tasks (with RCU read lock) in an array
> > 2) run scan_block() for the tasks (with cond_reschd()).
> >
> > Is it a sane approach?
> >
> > Signed-off-by: Breno Leitao <leitao@debian.org>
> > ---
> > mm/kmemleak.c | 26 ++++++++++++++++++++++----
> > 1 file changed, 22 insertions(+), 4 deletions(-)
> >
> > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > index 7c7ba17ce7af0..9f8a35ecbb50c 100644
> > --- a/mm/kmemleak.c
> > +++ b/mm/kmemleak.c
> > @@ -62,6 +62,7 @@
> > #include <linux/kernel.h>
> > #include <linux/list.h>
> > #include <linux/sched/signal.h>
> > +#include <linux/sched/stat.h>
> > #include <linux/sched/task.h>
> > #include <linux/sched/task_stack.h>
> > #include <linux/jiffies.h>
> > @@ -1885,17 +1886,34 @@ static void kmemleak_scan(void)
> > * Scanning the task stacks (may introduce false negatives).
> > */
> > if (kmemleak_stack_scan) {
> > - struct task_struct *p, *g;
> > + struct task_struct **tasks, *p, *g;
> > + unsigned int nr = 0, max, i;
> >
> > + max = nr_threads + 64;
> > + tasks = kvmalloc_array(max, sizeof(*tasks), GFP_KERNEL);
> > +
> > + /* Snapshot the threads under RCU */
> > rcu_read_lock();
> > for_each_process_thread(g, p) {
> > - void *stack = try_get_task_stack(p);
> > + if (!tasks || nr >= max)
> > + break;
>
> Why don't you check !tasks right after the allocation?
Good question. I will update if we agree this approach is good enough.
Thanks for the review, SJ!
--breno
next prev parent reply other threads:[~2026-06-12 9:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-11 12:45 [PATCH RFC] mm/kmemleak: avoid soft lockup when scanning task stacks Breno Leitao
2026-06-12 1:10 ` SeongJae Park
2026-06-12 9:42 ` Breno Leitao [this message]
2026-06-12 3:16 ` Lance Yang
2026-06-12 4:27 ` Lance Yang
2026-06-12 9:09 ` Breno Leitao
2026-06-12 9:57 ` Lance Yang
2026-06-12 10:39 ` Breno Leitao
2026-06-12 11:22 ` Lance Yang
2026-06-12 11:57 ` Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aivUb606z0rHakVK@gmail.com \
--to=leitao@debian.org \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.