[BUG] arm64: Sleeping function called from invalid context in do_debug_exception on PREEMPT_RT

Wed Aug 13 03:06:54 PDT 2025

On Wed, Aug 13, 2025 at 09:59:06AM +0100, Yeoreum Yun wrote:
> +Ada Couprie Diaz
> 
> > Hi Yeoreum,
> >
> > Thank you for pointing it!
> >
> > On 8/13/25 3:56 PM, Yeoreum Yun wrote:
> > > Hi Yunseong,
> > >
> > >>
> > >> | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
> > >> | in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 20466, name: syz.0.1689
> > >> | preempt_count: 1, expected: 0
> > >> | RCU nest depth: 0, expected: 0
> > >> | Preemption disabled at:
> > >> | [<ffff800080241600>] debug_exception_enter arch/arm64/mm/fault.c:978 [inline]
> > >> | [<ffff800080241600>] do_debug_exception+0x68/0x2fc arch/arm64/mm/fault.c:997
> > >> | CPU: 0 UID: 0 PID: 20466 Comm: syz.0.1689 Not tainted 6.16.0-rc1-rt1-dirty #12 PREEMPT_RT
> > >> | Hardware name: QEMU KVM Virtual Machine, BIOS 2025.02-8 05/13/2025
> > >> | Call trace:
> > >> |  show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
> > >> |  __dump_stack+0x30/0x40 lib/dump_stack.c:94
> > >> |  dump_stack_lvl+0x148/0x1d8 lib/dump_stack.c:120
> > >> |  dump_stack+0x1c/0x3c lib/dump_stack.c:129
> > >> |  __might_resched+0x2e4/0x52c kernel/sched/core.c:8800
> > >> |  __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline]
> > >> |  rt_spin_lock+0xa8/0x1bc kernel/locking/spinlock_rt.c:57
> > >> |  spin_lock include/linux/spinlock_rt.h:44 [inline]
> > >> |  force_sig_info_to_task+0x6c/0x4a8 kernel/signal.c:1302
> > >> |  force_sig_fault_to_task kernel/signal.c:1699 [inline]
> > >> |  force_sig_fault+0xc4/0x110 kernel/signal.c:1704
> > >> |  arm64_force_sig_fault+0x6c/0x80 arch/arm64/kernel/traps.c:265
> > >> |  send_user_sigtrap arch/arm64/kernel/debug-monitors.c:237 [inline]
> > >> |  single_step_handler+0x1f4/0x36c arch/arm64/kernel/debug-monitors.c:257
> > >> |  do_debug_exception+0x154/0x2fc arch/arm64/mm/fault.c:1002
> > >> |  el0_dbg+0x44/0x120 arch/arm64/kernel/entry-common.c:756
> > >> |  el0t_64_sync_handler+0x3c/0x108 arch/arm64/kernel/entry-common.c:832
> > >> |  el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:600
> > >>
> > >>
> > >> It seems that commit eaff68b32861 ("arm64: entry: Add entry and exit functions
> > >> for debug exception") in 6.17-rc1, also present as 6fb44438a5e1 in mainline,
> > >> removed code that previously avoided sleeping context issues when handling
> > >> debug exceptions:
> > >> Link: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/arch/arm64/mm/fault.c?id=eaff68b3286116d499a3d4e513a36d772faba587
> > >
> > > No. Her patch commit 31575e11ecf7 (arm64: debug: split brk64 exception entry)
> > > solves your splat since el0_brk64() doesn't call debug_exception_enter()
> > > by spliting el0/el1 brk64 entry exception entry.
> > >
> > > Formerly, el(0/1)_dbg() are handled in do_debug_exception() together
> > > and it calls debug_exception_enter() disabling preemption and this makes
> > > your splat while handling brk excepttion from el0.
> > >
> >
> > Do you think a fix is necessary if this issue also affects the LTS kernel
> > before 6.17-rc1? As far as I know, most production RT kernels are still
> > based on the existing LTS versions.
> 
> IMHO, I think her patch should be backedported.

I also strongly suggest backporting Ada's patch series, as without them
using anything that resorts to debug exceptions (ptrace, gdb, ...) on
aarch64 with PREEMPT_RT enabled may result in a backtrace or worse.

Luis

> 
> [0]: https://lore.kernel.org/all/20250707114109.35672-1-ada.coupriediaz@arm.com/
> 
> Thanks.
> 
> --
> Sincerely,
> Yeoreum Yun
> 
---end quoted text---