From: Breno Leitao <leitao@debian.org>
To: SeongJae Park <sj@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH RFC] mm/kmemleak: avoid soft lockup when scanning task stacks
Date: Fri, 12 Jun 2026 02:42:41 -0700 [thread overview]
Message-ID: <aivUb606z0rHakVK@gmail.com> (raw)
In-Reply-To: <20260612011049.84146-1-sj@kernel.org>
On Thu, Jun 11, 2026 at 06:10:48PM -0700, SeongJae Park wrote:
> On Thu, 11 Jun 2026 05:45:00 -0700 Breno Leitao <leitao@debian.org> wrote:
>
> > kmemleak_scan() walks every thread and scans its kernel stack under a
> > single rcu_read_lock() with no reschedule point. On a host with very
> > many threads -- amplified by KASAN/lockdep in debug builds -- this loop
> > can hog a CPU long enough to trip the soft lockup watchdog:
> >
> > watchdog: BUG: soft lockup - CPU#35 stuck for 22s! [kmemleak:537]
> > scan_block
> > kmemleak_scan
> > kmemleak_scan_thread
> > kthread
> >
> > A cond_resched() cannot be added directly: the loop runs inside an RCU
> > read-side critical section.
> >
> > Split the scan in two parts:
> >
> > 1) get the list of tasks (with RCU read lock) in an array
> > 2) run scan_block() for the tasks (with cond_reschd()).
> >
> > Is it a sane approach?
> >
> > Signed-off-by: Breno Leitao <leitao@debian.org>
> > ---
> > mm/kmemleak.c | 26 ++++++++++++++++++++++----
> > 1 file changed, 22 insertions(+), 4 deletions(-)
> >
> > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > index 7c7ba17ce7af0..9f8a35ecbb50c 100644
> > --- a/mm/kmemleak.c
> > +++ b/mm/kmemleak.c
> > @@ -62,6 +62,7 @@
> > #include <linux/kernel.h>
> > #include <linux/list.h>
> > #include <linux/sched/signal.h>
> > +#include <linux/sched/stat.h>
> > #include <linux/sched/task.h>
> > #include <linux/sched/task_stack.h>
> > #include <linux/jiffies.h>
> > @@ -1885,17 +1886,34 @@ static void kmemleak_scan(void)
> > * Scanning the task stacks (may introduce false negatives).
> > */
> > if (kmemleak_stack_scan) {
> > - struct task_struct *p, *g;
> > + struct task_struct **tasks, *p, *g;
> > + unsigned int nr = 0, max, i;
> >
> > + max = nr_threads + 64;
> > + tasks = kvmalloc_array(max, sizeof(*tasks), GFP_KERNEL);
> > +
> > + /* Snapshot the threads under RCU */
> > rcu_read_lock();
> > for_each_process_thread(g, p) {
> > - void *stack = try_get_task_stack(p);
> > + if (!tasks || nr >= max)
> > + break;
>
> Why don't you check !tasks right after the allocation?
Good question. I will update if we agree this approach is good enough.
Thanks for the review, SJ!
--breno
next prev parent reply other threads:[~2026-06-12 9:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-11 12:45 [PATCH RFC] mm/kmemleak: avoid soft lockup when scanning task stacks Breno Leitao
2026-06-12 1:10 ` SeongJae Park
2026-06-12 9:42 ` Breno Leitao [this message]
2026-06-12 3:16 ` Lance Yang
2026-06-12 4:27 ` Lance Yang
2026-06-12 9:09 ` Breno Leitao
2026-06-12 9:57 ` Lance Yang
2026-06-12 10:39 ` Breno Leitao
2026-06-12 11:22 ` Lance Yang
2026-06-12 11:57 ` Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aivUb606z0rHakVK@gmail.com \
--to=leitao@debian.org \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox