From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Harry Yoo <harry.yoo@oracle.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
syzbot <syzbot+8785aaf121cfb2141e0d@syzkaller.appspotmail.com>,
akpm@linux-foundation.org, jannh@google.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
pfalcato@suse.de, syzkaller-bugs@googlegroups.com,
vbabka@suse.cz, Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
peterz@infradead.org
Subject: Re: [syzbot] [mm?] INFO: rcu detected stall in sys_munmap (2)
Date: Wed, 27 Aug 2025 21:57:59 -0400 [thread overview]
Message-ID: <tvtzgibiy5fvmf7rms4jeyim3lx4nas7qmgv36oryizdvwaujh@bsxqbd3nii55> (raw)
In-Reply-To: <ourgzm4wai237cpcef3ypdn67hspjgw4u7fee4hyouj2hn3gwx@c322noqn4kzq>
* Josh Poimboeuf <jpoimboe@kernel.org> [250827 20:29]:
> On Fri, Aug 22, 2025 at 10:55:10PM +0900, Harry Yoo wrote:
> > On Fri, Aug 22, 2025 at 01:08:02PM +0100, Lorenzo Stoakes wrote:
> > > +cc Sebastian for RCU ORC change...
> > >
> > > +cc Harry for slab side.
> >
> > +cc Josh and Peter for stack unwinding stuff.
> >
> > > Pinging Jann for the CONFIG_SLUB_RCU_DEBUG element.
> > >
> > > Jann - could this possibly be related to CONFIG_SLUB_RCU_DEBUG? As it seems to
> > > the stack is within KASAN, but no KASAN report so maybe it's KASAN itself that's
> > > having an issue?
> > >
> > > Though I'm thinking maybe it's the orc unwinder itself that could be problematic
> > > here (yet invoked by CONFIG_SLUB_RCU_DEBUG though)... and yeah kinda suspcious
> > > because:
> > >
> > > - We have two threads freeing VMAs using SLAB_TYPESAFE_BY_RCU
> > > - CONFIG_SLUB_RCU_DEBUG means that we use KASAN to save an aux stack, which
> > > makes us do an unwind via ORC, which then takes an RCU read lock on
> > > unwind_next_frame(), and both are doing this unwinding at the time of report.
> > > - ???
> > > - Somehow things get locked up?
> > >
> > > I'm not an RCU expert (clearly :) so I'm not sure exactly how this could result
> > > in a stall, but it's suspicious.
> >
> > Can this be because of misleading ORC data or logical error in ORC unwinder
> > that makes it fall into an infinite loop (unwind_done() never returning
> > true in arch_stack_walk())?
> >
> > ...because the reported line number reported doesn't really make sense
> > as a cause of stalls.
>
> There shouldn't be any way for ORC to hit an infinite loop. Worst case
> it would stop after the caller's buffer fills up. ORC has always been
> solid, and the RCU usage looks fine to me. I tend to doubt ORC is at
> fault here.
>
> Maybe some interaction higher up the stack is causing things to run in a
> tight loop.
>
> All those debugging options (e.g., DEBUG_VM_MAPLE_TREE, LOCKDEP, KASAN,
> SLUB_RCU_DEBUG...) could be a factor in slowing things down to a crawl.
DEBUG_VM_MAPLE_TREE is super heavy, but that comes from validate_mm()
which would be the last thing to happen before returning, usually.
I mean surely that would show up in the logs.
Okay it's in the second log on the dashboard..
Yeah, I think it's debug options eventually causing failure. Apparently
there's a reproducer for syz now but without the validate_mm().
next prev parent reply other threads:[~2025-08-28 1:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 4:15 [syzbot] [mm?] INFO: rcu detected stall in sys_munmap (2) syzbot
2025-08-22 12:08 ` Lorenzo Stoakes
2025-08-22 13:55 ` Harry Yoo
2025-08-28 0:29 ` Josh Poimboeuf
2025-08-28 1:57 ` Liam R. Howlett [this message]
2025-08-28 3:35 ` Liam R. Howlett
2025-08-28 2:05 ` Liam R. Howlett
2025-08-28 2:05 ` syzbot
2025-08-28 2:20 ` Liam R. Howlett
2025-08-28 3:08 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tvtzgibiy5fvmf7rms4jeyim3lx4nas7qmgv36oryizdvwaujh@bsxqbd3nii55 \
--to=liam.howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=bigeasy@linutronix.de \
--cc=harry.yoo@oracle.com \
--cc=jannh@google.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=syzbot+8785aaf121cfb2141e0d@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).