From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8A183B7B64 for ; Thu, 16 Apr 2026 12:28:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776342511; cv=none; b=dmPWrqDvE9ryiu8kKaNgwos3QITqpZ4XceZnWEQ4FAyg5exqO0QYA621R/tigKcoRcLWTXJe+5z0/W3NlO65kIEM04z64yiWRTL5xvVX8VP+E8cwqaRE2Imr6mZxC93A4xo9UK+YGzrX0cbyjCR/zxCsCBsCY4q3EjG09L88avA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776342511; c=relaxed/simple; bh=DY6hqLa7faUy76nbNk16z9bcdcYm77NXQ6+MpwcBLCA=; h=From:Date:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=cj3k6Nybc6vPmltdNDrUcR+KRD1gp8+vDRwE94eCKyB6XXa5Oas0gdvLLdhTLwt2JOwyvTJuTfUQXFODntDCKJf6/3OL8+tCytUGyxN7H/cfLWtOlFJgIIibXedehikgpdIpIU4DjoRTvLWobMUhJe6VkFjplmabp/TmoJZJL98= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qhrNcupC; arc=none smtp.client-ip=209.85.167.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qhrNcupC" Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5a2c77c62d7so8110744e87.0 for ; Thu, 16 Apr 2026 05:28:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776342506; x=1776947306; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc:subject:date:message-id:reply-to; bh=sZ9wqYq/QjB3jbobfNvsubm1vMuCdM+BbT/Jqfm468w=; b=qhrNcupCvFMhyHT5AStuRDPtr/HtQr+oaAD3nWLbS7lMWIKwsYDrk9/EscBxf5VESL 0J6EYI+VT+H8asKS8mT9x7jpyt/BRHagsfzZ6dEZriSmCQMjv7GBM8QGeYZITGQGkLIo v3SQwftRoU1IiViC39v2A1UhmEOmCApFYbReL9+g+oHl/sqxdJ44N7Iq6N8aWDQ3xF6R eaj6QwIkqb6EAengQmSuRXHq8+5ZiNBJoMpm6GwvRFa4IX8GIYiKEzy6Yw1fiz9EcLRD JBYWJm9+Y+U2rTmqeKJkQHWiiADBqR19R/zrDKm3CN1nNq4CVOkKOEvJ7y05VRsPIMKr EoBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776342506; x=1776947306; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sZ9wqYq/QjB3jbobfNvsubm1vMuCdM+BbT/Jqfm468w=; b=RZDK95byeINld38kmGTDjYJB21PrghBxWZLX3PZa49aACi4BZ2nzV6N0js61BYmTx0 qQEU/BVQNmGASmTSOtW9PttwU5Inmwsto1nSK2N7Uv0vrOxPXB+QNBZXybdhzTNp2e5N H84/uuZrAX/o/kC2lbPH3GfGCrwJiDojRERo3B9Z35y6hsX+94A5wS4Ttw4N9d6xCZZQ qcSRAinZElHsi2EkpBmeQeea3ABM3mp4spuvDe4IqSzmNf1ui8fDcy5NOFqxKhkfaaB2 pgHdHl9OqQ+98du8OK+qA/Mwy97PSeVNktwWdbRT0NfzUoOtURrhW/W1uEqkMm/BImc8 k9EQ== X-Forwarded-Encrypted: i=1; AFNElJ/tePZvhQg+YQ8bGh+3SDFNM798gzawOCFzVVkxdooTlOY7X/UpJF4M00bNFakjqAA0fZRkPSAhJEA0tW0=@vger.kernel.org X-Gm-Message-State: AOJu0YxCGFFlNQfKFokqJasDl6RTAEkV5pJfmD3THE/HGXEhcCE9QG3c ZSl6OzDUPmTSkvP7itD5ISjDyIQdRk5NxL4RLUWWvxlswBHu4j9Pk4sM X-Gm-Gg: AeBDieu8dChEGNwXjWnVfqEuyApjxMKW1jA4jNnER5TVHynbsJ+vPTGuuatf1lZNLxA beoC3iHuk5c4m+b4Z9P5dpdB6MDrQt3+Ky0P1f4y9bG2pNYr1BR9ALUEvFDeU3bUUN3+etYO+aC gA3sR4nVbygDO6QqQdz+eMKCYext6vg7AYcTmEtWq8jP/qvq2UiO92h24OhFB6vWiItaX0dwINR MyXFRasiVFvtVvcwrZvqGs2qh7QsoLDvHmIKsFmf2yWMQyPko6c2u4i70BnkGQbQX44pwuuusYQ t6/g09DA2/QcDaxqFR0tDUSqYngZ3Ie8SSKRrdCvYCHDLmmUuCIu2836oks3U+51OLbxJqnh3y0 C7Sfs96ZT7d3RHYQZCGc8cz3Z9l7TK7PQFQ2Kz78gHy6tOPjDpuBhKBF6IvhqARjI X-Received: by 2002:ac2:5604:0:b0:5a4:10b5:624e with SMTP id 2adb3069b0e04-5a410b563camr617997e87.24.1776342505434; Thu, 16 Apr 2026 05:28:25 -0700 (PDT) Received: from milan ([2001:9b1:d5a0:a500::24b]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a40a308feesm1235140e87.78.2026.04.16.05.28.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2026 05:28:25 -0700 (PDT) From: Uladzislau Rezki X-Google-Original-From: Uladzislau Rezki Date: Thu, 16 Apr 2026 14:28:23 +0200 To: Sechang Lim Cc: akpm@linux-foundation.org, urezki@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm/vmalloc: Prevent RCU stall in decay_va_pool_node() Message-ID: References: <20260415084837.1001739-1-rhkrqnwk98@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260415084837.1001739-1-rhkrqnwk98@gmail.com> On Wed, Apr 15, 2026 at 08:48:37AM +0000, Sechang Lim wrote: > decay_va_pool_node() walks every per-pool free-list entry under > vmap_purge_lock and merges each vmap_area into a global RB-tree via > reclaim_list_global() without yielding. The outer loop has no > rescheduling point, so when many vmap areas are queued the function > can monopolize the CPU long enough to trigger an RCU self-detected > stall: > > rcu: INFO: rcu_preempt self-detected stall on CPU > rcu: 2-...0: (6344 ticks this GP) idle=853c/1/0x4000000000000000 softirq=41536/41536 fqs=3211 > rcu: (t=6528 jiffies g=37549 q=4652 ncpus=4) > CPU: 2 UID: 0 PID: 1516 Comm: syz.5.318 Not tainted 7.0.0-rc7 #4 PREEMPT(full) > Call Trace: > > finish_task_switch.isra.0+0x23e/0x990 kernel/sched/core.c:5155 > context_switch kernel/sched/core.c:5301 [inline] > __schedule+0xb3d/0x3680 kernel/sched/core.c:6911 > preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:7095 > preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 > __raw_spin_unlock include/linux/spinlock_api_smp.h:169 [inline] > _raw_spin_unlock+0x43/0x50 kernel/locking/spinlock.c:186 > reclaim_list_global mm/vmalloc.c:2213 [inline] > decay_va_pool_node+0xccf/0x1070 mm/vmalloc.c:2273 > __purge_vmap_area_lazy+0x136/0xc80 mm/vmalloc.c:2361 > _vm_unmap_aliases+0x469/0x6e0 mm/vmalloc.c:2996 > change_page_attr_set_clr+0x24d/0x4a0 arch/x86/mm/pat/set_memory.c:2082 > set_memory_rox+0xc2/0x110 arch/x86/mm/pat/set_memory.c:2314 > create_trampoline arch/x86/kernel/ftrace.c:421 [inline] > arch_ftrace_update_trampoline+0x79d/0xb50 arch/x86/kernel/ftrace.c:479 > ftrace_update_trampoline+0x45/0x360 kernel/trace/ftrace.c:8391 > __register_ftrace_function+0x238/0x340 kernel/trace/ftrace.c:365 > ftrace_startup+0x3b/0x370 kernel/trace/ftrace.c:3098 > register_ftrace_function_nolock+0x5e/0x160 kernel/trace/ftrace.c:9162 > register_ftrace_function+0x32b/0x4c0 kernel/trace/ftrace.c:9189 > perf_ftrace_function_register kernel/trace/trace_event_perf.c:494 [inline] > perf_ftrace_event_register+0x159/0x240 kernel/trace/trace_event_perf.c:518 > perf_trace_event_open kernel/trace/trace_event_perf.c:184 [inline] > perf_trace_event_init kernel/trace/trace_event_perf.c:206 [inline] > perf_trace_event_init+0x17b/0xad0 kernel/trace/trace_event_perf.c:193 > perf_trace_init+0x176/0x290 kernel/trace/trace_event_perf.c:226 > perf_tp_event_init+0xa6/0x120 kernel/events/core.c:11270 > perf_try_init_event+0x103/0x930 kernel/events/core.c:13029 > perf_init_event kernel/events/core.c:13127 [inline] > perf_event_alloc.part.0+0x11dd/0x4970 kernel/events/core.c:13402 > perf_event_alloc kernel/events/core.c:13283 [inline] > __do_sys_perf_event_open+0x764/0x2eb0 kernel/events/core.c:13924 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xa9/0x580 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x76/0x7e > > > Add cond_resched() at the bottom of the outer loop in > decay_va_pool_node(). At that point the per-pool spinlock has already > been released and the outer vmap_purge_lock is a mutex, so sleeping > is safe. > > Found by Syzkaller. > Could you please point to the link with Syzkaller report? -- Uladzislau Rezki