mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	 401c636a0e
			
		
	
	
		401c636a0e
		
	
	
	
	
		
			
			When we get a hung task it can often be valuable to see _all_ the hung tasks on the system before calling panic(). Quoting from https://syzkaller.appspot.com/text?tag=CrashReport&id=5316056503549952 ---------------------------------------- INFO: task syz-executor0:6540 blocked for more than 120 seconds. Not tainted 4.16.0+ #13 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D23560 6540 4521 0x80000004 Call Trace: context_switch kernel/sched/core.c:2848 [inline] __schedule+0x8fb/0x1ef0 kernel/sched/core.c:3490 schedule+0xf5/0x430 kernel/sched/core.c:3549 schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3607 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0xb7f/0x1810 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 lo_ioctl+0x8b/0x1b70 drivers/block/loop.c:1355 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x1759/0x1e00 block/ioctl.c:601 ioctl_by_bdev+0xa5/0x110 fs/block_dev.c:2060 isofs_get_last_session fs/isofs/inode.c:567 [inline] isofs_fill_super+0x2ba9/0x3bc0 fs/isofs/inode.c:660 mount_bdev+0x2b7/0x370 fs/super.c:1119 isofs_mount+0x34/0x40 fs/isofs/inode.c:1560 mount_fs+0x66/0x2d0 fs/super.c:1222 vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037 vfs_kern_mount fs/namespace.c:2514 [inline] do_new_mount fs/namespace.c:2517 [inline] do_mount+0xea4/0x2b90 fs/namespace.c:2847 ksys_mount+0xab/0x120 fs/namespace.c:3063 SYSC_mount fs/namespace.c:3077 [inline] SyS_mount+0x39/0x50 fs/namespace.c:3074 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 (...snipped...) Showing all locks held in the system: (...snipped...) 2 locks held by syz-executor0/6540: #0: 00000000566d4c39 (&type->s_umount_key#49/1){+.+.}, at: alloc_super fs/super.c:211 [inline] #0: 00000000566d4c39 (&type->s_umount_key#49/1){+.+.}, at: sget_userns+0x3b2/0xe60 fs/super.c:502 /* down_write_nested(&s->s_umount, SINGLE_DEPTH_NESTING); */ #1: 0000000043ca8836 (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x8b/0x1b70 drivers/block/loop.c:1355 /* mutex_lock_nested(&lo->lo_ctl_mutex, 1); */ (...snipped...) 3 locks held by syz-executor7/6541: #0: 0000000043ca8836 (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x8b/0x1b70 drivers/block/loop.c:1355 /* mutex_lock_nested(&lo->lo_ctl_mutex, 1); */ #1: 000000007bf3d3f9 (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 block/ioctl.c:192 #2: 00000000566d4c39 (&type->s_umount_key#50){.+.+}, at: __get_super.part.10+0x1d3/0x280 fs/super.c:663 /* down_read(&sb->s_umount); */ ---------------------------------------- When reporting an AB-BA deadlock like shown above, it would be nice if trace of PID=6541 is printed as well as trace of PID=6540 before calling panic(). Showing hung tasks up to /proc/sys/kernel/hung_task_warnings could delay calling panic() but normally there should not be so many hung tasks. Link: http://lkml.kernel.org/r/201804050705.BHE57833.HVFOFtSOMQJFOL@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dmitry Vyukov <dvyukov@google.com> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Mandeep Singh Baines <msb@chromium.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
		
			
				
	
	
		
			270 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			270 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Detect Hung Task
 | |
|  *
 | |
|  * kernel/hung_task.c - kernel thread for detecting tasks stuck in D state
 | |
|  *
 | |
|  */
 | |
| 
 | |
| #include <linux/mm.h>
 | |
| #include <linux/cpu.h>
 | |
| #include <linux/nmi.h>
 | |
| #include <linux/init.h>
 | |
| #include <linux/delay.h>
 | |
| #include <linux/freezer.h>
 | |
| #include <linux/kthread.h>
 | |
| #include <linux/lockdep.h>
 | |
| #include <linux/export.h>
 | |
| #include <linux/sysctl.h>
 | |
| #include <linux/utsname.h>
 | |
| #include <linux/sched/signal.h>
 | |
| #include <linux/sched/debug.h>
 | |
| 
 | |
| #include <trace/events/sched.h>
 | |
| 
 | |
| /*
 | |
|  * The number of tasks checked:
 | |
|  */
 | |
| int __read_mostly sysctl_hung_task_check_count = PID_MAX_LIMIT;
 | |
| 
 | |
| /*
 | |
|  * Limit number of tasks checked in a batch.
 | |
|  *
 | |
|  * This value controls the preemptibility of khungtaskd since preemption
 | |
|  * is disabled during the critical section. It also controls the size of
 | |
|  * the RCU grace period. So it needs to be upper-bound.
 | |
|  */
 | |
| #define HUNG_TASK_BATCHING 1024
 | |
| 
 | |
| /*
 | |
|  * Zero means infinite timeout - no checking done:
 | |
|  */
 | |
| unsigned long __read_mostly sysctl_hung_task_timeout_secs = CONFIG_DEFAULT_HUNG_TASK_TIMEOUT;
 | |
| 
 | |
| int __read_mostly sysctl_hung_task_warnings = 10;
 | |
| 
 | |
| static int __read_mostly did_panic;
 | |
| static bool hung_task_show_lock;
 | |
| static bool hung_task_call_panic;
 | |
| 
 | |
| static struct task_struct *watchdog_task;
 | |
| 
 | |
| /*
 | |
|  * Should we panic (and reboot, if panic_timeout= is set) when a
 | |
|  * hung task is detected:
 | |
|  */
 | |
| unsigned int __read_mostly sysctl_hung_task_panic =
 | |
| 				CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE;
 | |
| 
 | |
| static int __init hung_task_panic_setup(char *str)
 | |
| {
 | |
| 	int rc = kstrtouint(str, 0, &sysctl_hung_task_panic);
 | |
| 
 | |
| 	if (rc)
 | |
| 		return rc;
 | |
| 	return 1;
 | |
| }
 | |
| __setup("hung_task_panic=", hung_task_panic_setup);
 | |
| 
 | |
| static int
 | |
| hung_task_panic(struct notifier_block *this, unsigned long event, void *ptr)
 | |
| {
 | |
| 	did_panic = 1;
 | |
| 
 | |
| 	return NOTIFY_DONE;
 | |
| }
 | |
| 
 | |
| static struct notifier_block panic_block = {
 | |
| 	.notifier_call = hung_task_panic,
 | |
| };
 | |
| 
 | |
| static void check_hung_task(struct task_struct *t, unsigned long timeout)
 | |
| {
 | |
| 	unsigned long switch_count = t->nvcsw + t->nivcsw;
 | |
| 
 | |
| 	/*
 | |
| 	 * Ensure the task is not frozen.
 | |
| 	 * Also, skip vfork and any other user process that freezer should skip.
 | |
| 	 */
 | |
| 	if (unlikely(t->flags & (PF_FROZEN | PF_FREEZER_SKIP)))
 | |
| 	    return;
 | |
| 
 | |
| 	/*
 | |
| 	 * When a freshly created task is scheduled once, changes its state to
 | |
| 	 * TASK_UNINTERRUPTIBLE without having ever been switched out once, it
 | |
| 	 * musn't be checked.
 | |
| 	 */
 | |
| 	if (unlikely(!switch_count))
 | |
| 		return;
 | |
| 
 | |
| 	if (switch_count != t->last_switch_count) {
 | |
| 		t->last_switch_count = switch_count;
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	trace_sched_process_hang(t);
 | |
| 
 | |
| 	if (!sysctl_hung_task_warnings && !sysctl_hung_task_panic)
 | |
| 		return;
 | |
| 
 | |
| 	/*
 | |
| 	 * Ok, the task did not get scheduled for more than 2 minutes,
 | |
| 	 * complain:
 | |
| 	 */
 | |
| 	if (sysctl_hung_task_warnings) {
 | |
| 		if (sysctl_hung_task_warnings > 0)
 | |
| 			sysctl_hung_task_warnings--;
 | |
| 		pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n",
 | |
| 			t->comm, t->pid, timeout);
 | |
| 		pr_err("      %s %s %.*s\n",
 | |
| 			print_tainted(), init_utsname()->release,
 | |
| 			(int)strcspn(init_utsname()->version, " "),
 | |
| 			init_utsname()->version);
 | |
| 		pr_err("\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\""
 | |
| 			" disables this message.\n");
 | |
| 		sched_show_task(t);
 | |
| 		hung_task_show_lock = true;
 | |
| 	}
 | |
| 
 | |
| 	touch_nmi_watchdog();
 | |
| 
 | |
| 	if (sysctl_hung_task_panic) {
 | |
| 		hung_task_show_lock = true;
 | |
| 		hung_task_call_panic = true;
 | |
| 	}
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * To avoid extending the RCU grace period for an unbounded amount of time,
 | |
|  * periodically exit the critical section and enter a new one.
 | |
|  *
 | |
|  * For preemptible RCU it is sufficient to call rcu_read_unlock in order
 | |
|  * to exit the grace period. For classic RCU, a reschedule is required.
 | |
|  */
 | |
| static bool rcu_lock_break(struct task_struct *g, struct task_struct *t)
 | |
| {
 | |
| 	bool can_cont;
 | |
| 
 | |
| 	get_task_struct(g);
 | |
| 	get_task_struct(t);
 | |
| 	rcu_read_unlock();
 | |
| 	cond_resched();
 | |
| 	rcu_read_lock();
 | |
| 	can_cont = pid_alive(g) && pid_alive(t);
 | |
| 	put_task_struct(t);
 | |
| 	put_task_struct(g);
 | |
| 
 | |
| 	return can_cont;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Check whether a TASK_UNINTERRUPTIBLE does not get woken up for
 | |
|  * a really long time (120 seconds). If that happens, print out
 | |
|  * a warning.
 | |
|  */
 | |
| static void check_hung_uninterruptible_tasks(unsigned long timeout)
 | |
| {
 | |
| 	int max_count = sysctl_hung_task_check_count;
 | |
| 	int batch_count = HUNG_TASK_BATCHING;
 | |
| 	struct task_struct *g, *t;
 | |
| 
 | |
| 	/*
 | |
| 	 * If the system crashed already then all bets are off,
 | |
| 	 * do not report extra hung tasks:
 | |
| 	 */
 | |
| 	if (test_taint(TAINT_DIE) || did_panic)
 | |
| 		return;
 | |
| 
 | |
| 	hung_task_show_lock = false;
 | |
| 	rcu_read_lock();
 | |
| 	for_each_process_thread(g, t) {
 | |
| 		if (!max_count--)
 | |
| 			goto unlock;
 | |
| 		if (!--batch_count) {
 | |
| 			batch_count = HUNG_TASK_BATCHING;
 | |
| 			if (!rcu_lock_break(g, t))
 | |
| 				goto unlock;
 | |
| 		}
 | |
| 		/* use "==" to skip the TASK_KILLABLE tasks waiting on NFS */
 | |
| 		if (t->state == TASK_UNINTERRUPTIBLE)
 | |
| 			check_hung_task(t, timeout);
 | |
| 	}
 | |
|  unlock:
 | |
| 	rcu_read_unlock();
 | |
| 	if (hung_task_show_lock)
 | |
| 		debug_show_all_locks();
 | |
| 	if (hung_task_call_panic) {
 | |
| 		trigger_all_cpu_backtrace();
 | |
| 		panic("hung_task: blocked tasks");
 | |
| 	}
 | |
| }
 | |
| 
 | |
| static long hung_timeout_jiffies(unsigned long last_checked,
 | |
| 				 unsigned long timeout)
 | |
| {
 | |
| 	/* timeout of 0 will disable the watchdog */
 | |
| 	return timeout ? last_checked - jiffies + timeout * HZ :
 | |
| 		MAX_SCHEDULE_TIMEOUT;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Process updating of timeout sysctl
 | |
|  */
 | |
| int proc_dohung_task_timeout_secs(struct ctl_table *table, int write,
 | |
| 				  void __user *buffer,
 | |
| 				  size_t *lenp, loff_t *ppos)
 | |
| {
 | |
| 	int ret;
 | |
| 
 | |
| 	ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
 | |
| 
 | |
| 	if (ret || !write)
 | |
| 		goto out;
 | |
| 
 | |
| 	wake_up_process(watchdog_task);
 | |
| 
 | |
|  out:
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| static atomic_t reset_hung_task = ATOMIC_INIT(0);
 | |
| 
 | |
| void reset_hung_task_detector(void)
 | |
| {
 | |
| 	atomic_set(&reset_hung_task, 1);
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(reset_hung_task_detector);
 | |
| 
 | |
| /*
 | |
|  * kthread which checks for tasks stuck in D state
 | |
|  */
 | |
| static int watchdog(void *dummy)
 | |
| {
 | |
| 	unsigned long hung_last_checked = jiffies;
 | |
| 
 | |
| 	set_user_nice(current, 0);
 | |
| 
 | |
| 	for ( ; ; ) {
 | |
| 		unsigned long timeout = sysctl_hung_task_timeout_secs;
 | |
| 		long t = hung_timeout_jiffies(hung_last_checked, timeout);
 | |
| 
 | |
| 		if (t <= 0) {
 | |
| 			if (!atomic_xchg(&reset_hung_task, 0))
 | |
| 				check_hung_uninterruptible_tasks(timeout);
 | |
| 			hung_last_checked = jiffies;
 | |
| 			continue;
 | |
| 		}
 | |
| 		schedule_timeout_interruptible(t);
 | |
| 	}
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| static int __init hung_task_init(void)
 | |
| {
 | |
| 	atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
 | |
| 	watchdog_task = kthread_run(watchdog, NULL, "khungtaskd");
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| subsys_initcall(hung_task_init);
 |