From: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
To: linux-arm-kernel@lists.infradead.org,
linux-rt-devel@lists.linux.dev,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Steven Rostedt <rostedt@goodmis.org>,
Mark Rutland <mark.rutland@arm.com>,
Ryan Roberts <ryan.roberts@arm.com>,
Mark Brown <broonie@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
Joey Gouly <joey.gouly@arm.com>
Cc: linux-kernel@vger.kernel.org
Subject: BUG: debug_exception_enter() disables preemption and may call sleeping functions on aarch64 with RT
Date: Fri, 7 Feb 2025 11:22:57 -0300 [thread overview]
Message-ID: <Z6YW_Kx4S2tmj2BP@uudg.org> (raw)
Hello!
While running ssdd[1] from rt-tests on an aarch64 kernel with PREEMPT_RT and
debug features enabled, this bug was triggered on every single run:
[1] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git/tree/src/ssdd/ssdd.c
# ssdd
[ 273.115597] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[ 273.115607] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6077, name: ssdd
[ 273.115611] preempt_count: 1, expected: 0
[ 273.115614] RCU nest depth: 0, expected: 0
[ 273.115617] 1 lock held by ssdd/6077:
[ 273.115620] #0: ffff07ffd77893e0 (&sighand->siglock){+.+.}-{3:3}, at: force_sig_info_to_task+0x58/0x200
[ 273.115642] Preemption disabled at:
[ 273.115644] [<ffffad24518bd1f4>] debug_exception_enter+0x1c/0x80
[ 273.115653] CPU: 47 UID: 0 PID: 6077 Comm: ssdd Not tainted 6.13.0-rt3 #1 PREEMPT_RT
[ 273.115659] Hardware name: GIGABYTE R152-P31-00/MP32-AR1-00, BIOS F31n (SCP: 2.10.20220810) 09/30/2022
[ 273.115662] Call trace:
[ 273.115664] show_stack+0x34/0x98 (C)
[ 273.115670] dump_stack_lvl+0xa8/0xe8
[ 273.115675] dump_stack+0x1c/0x38
[ 273.115680] __might_resched+0x254/0x330
[ 273.115686] rt_spin_lock+0xcc/0x220
[ 273.115692] force_sig_info_to_task+0x58/0x200
[ 273.115697] force_sig_fault+0xd0/0x120
[ 273.115702] arm64_force_sig_fault+0x48/0x80
[ 273.115707] send_user_sigtrap+0x88/0xe8
[ 273.115712] single_step_handler+0x100/0x160
[ 273.115717] do_debug_exception+0x94/0x160
[ 273.115722] el0_dbg+0x54/0x150
[ 273.115727] el0t_64_sync_handler+0x134/0x138
[ 273.115732] el0t_64_sync+0x1ac/0x1b0
The ptrace usage in ssdd eventually exercises the code path that starts on
el0t_64_sync_handler() and may end up calling do_debug_exception(), which
calls debug_exception_enter() that disables preemption.
Looking at the backtrace, later in the call chain force_sig_info_to_task()
tries to take a spinlock, which on PREEMPT_RT becomes a rtmutex and could
sleep in case of contention. That triggers the "BUG: sleeping function
called from invalid context" warning.
It is also possible to reproduce the problem in an aarch64 kernel with
PREEMPT_RT enabled, no extra debug features, by running ssdd in a loop.
With that we can see not only the backtrace reported above but also other
instances where the process is scheduled out while preemption is disabled:
# while :; do ssdd; done
[ 754.673678] BUG: scheduling while atomic: ssdd/7340/0x00000002
[ 754.673682] Modules linked in: qrtr rfkill sunrpc vfat fat acpi_ipmi ipmi_ssif arm_spe_pmu igb ipmi_devintf ipmi_msghandler arm_dmc620_pmu arm_cmn cppc_cpufreq arm_dsu_pmu loop dm_multipath nfnetlink xfs nvme ghash_ce sha2_ce sha256_arm64 nvme_core sha1_ce nvme_auth sbsa_gwdt ast i2c_algo_bit i2c_designware_platform xgene_hwmon i2c_designware_core dm_mirror dm_region_hash dm_log dm_mod fuse
[ 754.673703] Preemption disabled at:
[ 754.673703] [<ffffa87a17ca470c>] do_debug_exception+0x54/0x100
[ 754.673710] CPU: 102 UID: 0 PID: 7340 Comm: ssdd Kdump: loaded Not tainted 6.14.0-rc1 #1
[ 754.673712] Hardware name: GIGABYTE R152-P31-00/MP32-AR1-00, BIOS F31n (SCP: 2.10.20220810) 09/30/2022
[ 754.673713] Call trace:
[ 754.673714] show_stack+0x34/0x98 (C)
[ 754.673718] dump_stack_lvl+0x80/0xa8
[ 754.673721] dump_stack+0x18/0x2c
[ 754.673722] __schedule_bug+0x90/0xc0
[ 754.673726] schedule_debug.isra.0+0x128/0x158
[ 754.673728] __schedule+0x68/0x690
[ 754.673731] schedule_rtlock+0x24/0x50
[ 754.673733] rtlock_slowlock_locked+0x1c0/0x350
[ 754.673735] rt_spin_lock+0xcc/0x130
[ 754.673737] obj_cgroup_charge+0x54/0x138
[ 754.673740] __memcg_slab_post_alloc_hook+0xcc/0x300
[ 754.673743] kmem_cache_alloc_noprof+0x304/0x338
[ 754.673745] __send_signal_locked+0x90/0x428
[ 754.673748] send_signal_locked+0xe4/0x140
[ 754.673750] force_sig_info_to_task+0xd0/0x160
[ 754.673753] force_sig_fault+0x6c/0xa8
[ 754.673755] arm64_force_sig_fault+0x48/0x80
[ 754.673757] send_user_sigtrap+0x54/0xd0
[ 754.673759] single_step_handler+0xc4/0xe0
[ 754.673761] do_debug_exception+0x7c/0x100
[ 754.673762] el0_dbg+0x40/0x158
[ 754.673766] el0t_64_sync_handler+0x134/0x138
[ 754.673768] el0t_64_sync+0x1ac/0x1b0
In this case one of the local_lock_* calls in (the functions called by)
obj_cgroup_charge() seems to hit contention and, as it is dealing with
rtmutexes, be effectively scheduled out to sleep.
The scary comment on top of debug_exception_enter() provides a reason for
preemption being disabled at that point, but it seems to open a can of worms
for PREEMPT_RT usage:
/*
* In debug exception context, we explicitly disable preemption despite
* having interrupts disabled.
* This serves two purposes: it makes it much less likely that we would
* accidentally schedule in exception context and it will force a warning
* if we somehow manage to schedule by accident.
*/
This is the data I gathered so far, using both v6.13.0-rt3 and 6.14.0-rc1
for testing. But due to my ignorance wrt the debug exception treatment in
aarch64 I can't devise a solution for the observed behavior.
Any suggestions or comments?
Best regards,
Luis
next reply other threads:[~2025-02-07 14:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-07 14:22 Luis Claudio R. Goncalves [this message]
2025-02-10 12:49 ` BUG: debug_exception_enter() disables preemption and may call sleeping functions on aarch64 with RT Mark Rutland
2025-02-10 14:06 ` Sebastian Andrzej Siewior
2025-02-12 0:48 ` Luis Claudio R. Goncalves
2025-02-12 11:21 ` Sebastian Andrzej Siewior
2025-02-11 14:34 ` Luis Claudio R. Goncalves
2025-02-12 0:35 ` Luis Claudio R. Goncalves
2025-02-12 12:40 ` Mark Rutland
2025-02-12 13:07 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6YW_Kx4S2tmj2BP@uudg.org \
--to=lgoncalv@redhat.com \
--cc=ardb@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rt-devel@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=rostedt@goodmis.org \
--cc=ryan.roberts@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).