Re: [BUG] Re: Linux 6.4.4

From: Joel Fernandes
Date: Thu Jul 20 2023 - 12:31:33 EST

Next message: Valentin Schneider: "[RFC PATCH v2 00/20] context_tracking,x86: Defer some IPIs until a user->kernel transition"
Previous message: Conor Dooley: "Re: (subset) [PATCH v7 0/7] Add PLL clocks driver and syscon for StarFive JH7110 SoC"
In reply to: Paul E. McKenney: "Re: [BUG] Re: Linux 6.4.4"
Next in thread: Paul E. McKenney: "Re: [BUG] Re: Linux 6.4.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Paul,

On Thu, Jul 20, 2023 at 11:55 AM Paul E. McKenney <paulmck@xxxxxxxxxx> wrote:
>
> On Thu, Jul 20, 2023 at 01:27:14PM +0000, Joel Fernandes wrote:
> > On Wed, Jul 19, 2023 at 05:06:39PM +0200, Greg Kroah-Hartman wrote:
> > > I'm announcing the release of the 6.4.4 kernel.
> > >
> > > All users of the 6.4 kernel series must upgrade.
> > >
> > > The updated 6.4.y git tree can be found at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.4.y
> > > and can be browsed at the normal kernel.org git web browser:
> > > https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
> >
> > I have been consistently hitting the following splat with rcutorture's TREE03
> > test on 6.4.4. This happened with 6.4.4-rc3 as well.
> >
> > Happens at:
> > WARN_ON_ONCE(n_rcu_torture_boost_failure); // boost failed (TIMER_SOFTIRQ RT prio?)
> >
> > So likely RCU boosting is failing:
> >
> > The full TREE03 splat:
> > [ 54.243588] ------------[ cut here ]------------
> > [ 54.244547] rcu-torture: rcu_torture_boost started
> > [ 54.247643] WARNING: CPU: 12 PID: 166 at kernel/rcu/rcutorture.c:2227 rcu_torture_stats_print+0x5b2/0x620
> > [ 54.273082] Modules linked in:
> > [ 54.278336] CPU: 12 PID: 166 Comm: rcu_torture_sta Not tainted 6.4.4-g62813c2d2a36 #1
> > [ 54.288540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 54.300499] RIP: 0010:rcu_torture_stats_print+0x5b2/0x620
> > [ 54.307525] Code: 00 00 48 8b 05 3f 6c 46 02 e9 4a fe ff ff 0f 0b e9 02 fd ff ff 0f 0b e9 09 fd ff ff 0f 0b e9 10 fd ff ff 0f 0b e9 17 fd ff ff <0f> 0b e9 1e fd ff ff 0f 0b e9 21 fd ff ff e8 0b 54 ff ff 84 c0 0f
> > [ 54.331276] RSP: 0000:ffff9fef805efe08 EFLAGS: 00010202
> > [ 54.338374] RAX: 0000000000000000 RBX: ffff9fef805efe88 RCX: 00000000ffffdfff
> > [ 54.347738] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
> > [ 54.358923] RBP: ffff9fef805efe30 R08: 00000000ffffdfff R09: 00000000ffffdfff
> > [ 54.368209] R10: ffffffff94e59280 R11: ffffffff94e59280 R12: 0000000000000001
> > [ 54.377367] R13: 0000000000000000 R14: 00000000000002fc R15: ffffffff93514000
> > [ 54.386739] FS: 0000000000000000(0000) GS:ffff9c901f500000(0000) knlGS:0000000000000000
> > [ 54.397130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 54.404585] CR2: 0000000000000000 CR3: 000000000308e000 CR4: 00000000000006e0
> > [ 54.413884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > [ 54.423118] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > [ 54.432192] Call Trace:
> > [ 54.435634] <TASK>
> > [ 54.438512] ? rcu_torture_stats_print+0x5b2/0x620
> > [ 54.444904] ? __warn+0x7c/0x130
> > [ 54.449221] ? rcu_torture_stats_print+0x5b2/0x620
> > [ 54.455737] ? report_bug+0x171/0x1a0
> > [ 54.460935] ? handle_bug+0x3c/0x70
> > [ 54.465874] ? exc_invalid_op+0x17/0x70
> > [ 54.471336] ? asm_exc_invalid_op+0x1a/0x20
> > [ 54.477092] ? __pfx_rcu_torture_stats+0x10/0x10
> > [ 54.483472] ? rcu_torture_stats_print+0x5b2/0x620
> > [ 54.490029] ? rcu_torture_stats_print+0x28a/0x620
> > [ 54.496565] ? finish_task_switch.isra.0+0x7e/0x240
> > [ 54.503261] rcu_torture_stats+0x25/0x70
> > [ 54.508686] kthread+0xe3/0x110
> > [ 54.513141] ? __pfx_kthread+0x10/0x10
> > [ 54.518330] ret_from_fork+0x2c/0x50
> > [ 54.523356] </TASK>
> > [ 54.526500] ---[ end trace 0000000000000000 ]---
>
> Agreed, this indicates that RCU priority boosting isn't getting its
> job done. Does this consistently fail about a minute into the run,
> or is it less deterministic than that?

It is not consistently a minute in, on another run it happened in an hour:
[ 3611.018653] WARNING: CPU: 10 PID: 168 at
kernel/rcu/rcutorture.c:2227 rcu_torture_stats_print+0x5b2/0x620

> > Also other issues in 6.4.4, I am seeing RCU failures with TREE07 about 40
> > minutes into the test. This warning indicates that an rcu_torture object from
> > the rcu_torture pool is still allocated which is an indiciation that RCU is
> > not working.
> >
> > [ 2169.481783] rcu_torture_writer: rtort_pipe_count: 9
> >
> > However, if we are to believe the '9', it appears the object did made it
> > quite some till the end of the pipe array but not until the free pool.
>
> This is from this if/for statement, correct?
>
> stutter_waited = stutter_wait("rcu_torture_writer");
> if (stutter_waited &&
> !atomic_read(&rcu_fwd_cb_nodelay) &&
> !cur_ops->slow_gps &&
> !torture_must_stop() &&
> boot_ended)
> for (i = 0; i < ARRAY_SIZE(rcu_tortures); i++)
> if (list_empty(&rcu_tortures[i].rtort_free) &&
> rcu_access_pointer(rcu_torture_current) !=
> &rcu_tortures[i]) {
> tracing_off();
> show_rcu_gp_kthreads();
> WARN(1, "%s: rtort_pipe_count: %d\n", __func__, rcu_tortures[i].rtort_pipe_count);
> rcu_ftrace_dump(DUMP_ALL);
> }

Yes, that's right.

>
> If so, this happens when there was a stutter wait, but RCU grace
> periods failed to clear out the backlog during the several seconds that
> rcutorture was forced idle. This might be related to the RCU priority
> boosting failure, in which a preempted reader persisted across the
> stutter interval.

When RCU is operating normally, shouldn't the check
"(list_empty(&rcu_tortures[i].rtort_free)" not run until the preempted
reader unblocks and exits its RCU read-side critical section?

One thing that confuses me, in the case of
"cur_ops->deferred_free(old_rp);" , the earlier do-while loop may exit
before the async callbacks can finish. So what prevents the
"(list_empty(&rcu_tortures[i].rtort_free)" check from happening before
grace periods happen? Thanks for any clarification.

>
> > The full TREE07 splat:
> > [ 2169.481783] rcu_torture_writer: rtort_pipe_count: 9
> > [ 2169.489413] WARNING: CPU: 4 PID: 130 at kernel/rcu/rcutorture.c:1584 rcu_torture_writer+0x7f2/0xd80
> > [ 2169.504064] Modules linked in:
> > [ 2169.508957] CPU: 4 PID: 130 Comm: rcu_torture_wri Not tainted 6.4.4-g62813c2d2a36 #2
> > [ 2169.521735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 2169.540908] RIP: 0010:rcu_torture_writer+0x7f2/0xd80
> > [ 2169.548542] Code: 15 8b 62 45 02 49 8d 45 e8 48 39 c2 74 bf e8 85 03 08 00 41 8b 55 f8 48 c7 c6 d0 f7 e0 9d 48 c7 c7 d7 7b 28 9e e8 ce 29 f7 ff <0f> 0b 8b 05 9a 48 45 02 85 c0 75 97 89 d8 87 05 8e 48 45 02 85 c0
> > [ 2169.578445] RSP: 0000:ffffa645804cfe20 EFLAGS: 00010282
> > [ 2169.586793] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000ffffdfff
> > [ 2169.598069] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000009ffb
> > [ 2169.609359] RBP: ffffa645804cff10 R08: 00000000ffffdfff R09: 00000000ffffdfff
> > [ 2169.620717] R10: ffffffff9e659220 R11: ffffffff9e659220 R12: 0000000000000017
> > [ 2169.631918] R13: ffffffff9f166b60 R14: 0000000000000000 R15: 0000000000000001
> > [ 2169.643365] FS: 0000000000000000(0000) GS:ffff8b3a5f300000(0000) knlGS:0000000000000000
> > [ 2169.655249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 2169.663207] CR2: 0000000000000000 CR3: 000000001562e000 CR4: 00000000000006e0
> > [ 2169.672806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > [ 2169.682194] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > [ 2169.693530] Call Trace:
> > [ 2169.698054] <TASK>
> > [ 2169.701786] ? rcu_torture_writer+0x7f2/0xd80
> > [ 2169.708853] ? __warn+0x7c/0x120
> > [ 2169.714088] ? rcu_torture_writer+0x7f2/0xd80
> > [ 2169.721066] ? report_bug+0x15d/0x180
> > [ 2169.726125] ? handle_bug+0x3c/0x70
> > [ 2169.730948] ? exc_invalid_op+0x17/0x70
> > [ 2169.736238] ? asm_exc_invalid_op+0x1a/0x20
> > [ 2169.742047] ? rcu_torture_writer+0x7f2/0xd80
> > [ 2169.747907] ? __pfx_rcu_torture_writer+0x10/0x10
> > [ 2169.754175] kthread+0xcb/0xf0
> > [ 2169.758407] ? __pfx_kthread+0x10/0x10
> > [ 2169.763501] ret_from_fork+0x2c/0x50
> > [ 2169.768420] </TASK>
> > [ 2169.771445] ---[ end trace 0000000000000000 ]---
> > [ 2169.777698] Dumping ftrace buffer:
> > [ 2169.782470] (ftrace buffer empty)
> > [ 2169.787241] ------------[ cut here ]------------
> >
> >
> > I will continue to monitor and debug these but since I recently re-started
> > testing stable (my infra was down for a long time), I don't have any
> > reference for when these started happening.
>
> I haven't been seeing this in v6.4, though there is always the possibility
> that your hardware setup has timing differences from mine, so maybe my
> testing simply isn't seeing this.
>
> And thank you very much for testing this!!!

Sure, my pleasure, thanks!

- Joel

Next message: Valentin Schneider: "[RFC PATCH v2 00/20] context_tracking,x86: Defer some IPIs until a user->kernel transition"
Previous message: Conor Dooley: "Re: (subset) [PATCH v7 0/7] Add PLL clocks driver and syscon for StarFive JH7110 SoC"
In reply to: Paul E. McKenney: "Re: [BUG] Re: Linux 6.4.4"
Next in thread: Paul E. McKenney: "Re: [BUG] Re: Linux 6.4.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]