From: Tejun Heo <tj@kernel.org>
To: Waiman Long <longman@redhat.com>
Cc: Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
kernel-team@fb.com, pjt@google.com, luto@amacapital.net,
efault@gmx.de
Subject: Re: [RFC PATCH v2 07/17] cgroup: Prevent kill_css() from being called more than once
Date: Wed, 17 May 2017 17:34:07 -0400 [thread overview]
Message-ID: <20170517213407.GD942@htj.duckdns.org> (raw)
In-Reply-To: <c541638f-b302-8c96-0dcd-f4b758a4a81f@redhat.com>
On Wed, May 17, 2017 at 04:24:32PM -0400, Waiman Long wrote:
> On 05/17/2017 03:23 PM, Tejun Heo wrote:
> > Hello,
> >
> > On Mon, May 15, 2017 at 09:34:06AM -0400, Waiman Long wrote:
> >> The kill_css() function may be called more than once under the condition
> >> that the css was killed but not physically removed yet followed by the
> >> removal of the cgroup that is hosting the css. This patch prevents any
> >> harmm from being done when that happens.
> >>
> >> Signed-off-by: Waiman Long <longman@redhat.com>
> > So, this is a bug fix which isn't really related to this patchset.
> > I'm applying it to cgroup/for-4.12-fixes w/ stable cc'd.
> >
> > Thanks.
> >
> Actually, this bug can be easily triggered with the resource domain
> patch later in the series. I guess it can also happen in the current
> code base, but I don't have a test that can reproduce it.
I can reproduce it easily.
[test /sys/fs/cgroup/asdf]# while true; do mkdir asdf; echo +memory > cgroup.subtree_control; echo -memory
[ 66.159258] percpu_ref_kill_and_confirm called more than once on css_release!
[ 66.159293] ------------[ cut here ]------------
[ 66.160966] WARNING: CPU: 1 PID: 1802 at lib/percpu-refcount.c:334 percpu_ref_kill_and_confirm+0x190/0x1a0
[ 66.162406] Modules linked in:
[ 66.162686] CPU: 1 PID: 1802 Comm: rmdir Not tainted 4.12.0-rc1-work+ #42
[ 66.163279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
[ 66.164043] task: ffff880018240040 task.stack: ffffc90000478000
[ 66.164571] RIP: 0010:percpu_ref_kill_and_confirm+0x190/0x1a0
[ 66.165106] RSP: 0018:ffffc9000047bde8 EFLAGS: 00010092
[ 66.165664] RAX: 0000000000000041 RBX: ffff88001a0fc148 RCX: 0000000000000002
[ 66.166443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff810acc2e
[ 66.167083] RBP: ffffc9000047be00 R08: 0000000000000000 R09: 0000000000000001
[ 66.167696] R10: ffffc9000047bd50 R11: 0000000000000000 R12: 0000000000000286
[ 66.168293] R13: ffffffff810e7c50 R14: ffff88001a106bb8 R15: 0000000000000000
[ 66.168897] FS: 00007fba87594700(0000) GS:ffff88001fc80000(0000) knlGS:0000000000000000
[ 66.169613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.170204] CR2: 000056167ee4e008 CR3: 000000001820e000 CR4: 00000000000006a0
[ 66.170861] Call Trace:
[ 66.171075] kill_css+0x3e/0x170
[ 66.171352] cgroup_destroy_locked+0xac/0x170
[ 66.171732] cgroup_rmdir+0x2c/0x150
[ 66.172037] kernfs_iop_rmdir+0x48/0x70
[ 66.172377] vfs_rmdir+0x73/0x150
[ 66.172679] do_rmdir+0x16d/0x1c0
[ 66.172962] SyS_rmdir+0x16/0x20
[ 66.173244] entry_SYSCALL_64_fastpath+0x18/0xad
[ 66.173682] RIP: 0033:0x7fba870c1487
[ 66.173985] RSP: 002b:00007ffec57e43a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[ 66.174719] RAX: ffffffffffffffda RBX: 00007fba87388b38 RCX: 00007fba870c1487
[ 66.175439] RDX: 00007fba8738ae80 RSI: 0000000000000000 RDI: 00007ffec57e5751
[ 66.176281] RBP: 00007fba87388ae0 R08: 0000000000000000 R09: 0000000000000000
[ 66.177046] R10: 000056167ee4e010 R11: 0000000000000246 R12: 00007fba87388b38
[ 66.177821] R13: 0000000000000030 R14: 00007fba87388b58 R15: 0000000000002710
[ 66.178574] Code: 80 3d f5 d3 89 00 00 0f 85 b8 fe ff ff 48 8b 53 10 48 c7 c6 e0 c0 83 81 48 c7 c7 68 e0 9c 81 c6 05 d6 d3 89 00 01 e8 09 0a d4 ff <0f> ff 48 8b 43 08 e9 8f fe ff ff 0f 1f 44 00 00 55 ba ff ffff
[ 66.181059] ---[ end trace 50ce5cd95cda7a2c ]---
--
tejun
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Tejun Heo <tj@kernel.org>
To: Waiman Long <longman@redhat.com>
Cc: Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
kernel-team@fb.com, pjt@google.com, luto@amacapital.net,
efault@gmx.de
Subject: Re: [RFC PATCH v2 07/17] cgroup: Prevent kill_css() from being called more than once
Date: Wed, 17 May 2017 17:34:07 -0400 [thread overview]
Message-ID: <20170517213407.GD942@htj.duckdns.org> (raw)
In-Reply-To: <c541638f-b302-8c96-0dcd-f4b758a4a81f@redhat.com>
On Wed, May 17, 2017 at 04:24:32PM -0400, Waiman Long wrote:
> On 05/17/2017 03:23 PM, Tejun Heo wrote:
> > Hello,
> >
> > On Mon, May 15, 2017 at 09:34:06AM -0400, Waiman Long wrote:
> >> The kill_css() function may be called more than once under the condition
> >> that the css was killed but not physically removed yet followed by the
> >> removal of the cgroup that is hosting the css. This patch prevents any
> >> harmm from being done when that happens.
> >>
> >> Signed-off-by: Waiman Long <longman@redhat.com>
> > So, this is a bug fix which isn't really related to this patchset.
> > I'm applying it to cgroup/for-4.12-fixes w/ stable cc'd.
> >
> > Thanks.
> >
> Actually, this bug can be easily triggered with the resource domain
> patch later in the series. I guess it can also happen in the current
> code base, but I don't have a test that can reproduce it.
I can reproduce it easily.
[test /sys/fs/cgroup/asdf]# while true; do mkdir asdf; echo +memory > cgroup.subtree_control; echo -memory
[ 66.159258] percpu_ref_kill_and_confirm called more than once on css_release!
[ 66.159293] ------------[ cut here ]------------
[ 66.160966] WARNING: CPU: 1 PID: 1802 at lib/percpu-refcount.c:334 percpu_ref_kill_and_confirm+0x190/0x1a0
[ 66.162406] Modules linked in:
[ 66.162686] CPU: 1 PID: 1802 Comm: rmdir Not tainted 4.12.0-rc1-work+ #42
[ 66.163279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
[ 66.164043] task: ffff880018240040 task.stack: ffffc90000478000
[ 66.164571] RIP: 0010:percpu_ref_kill_and_confirm+0x190/0x1a0
[ 66.165106] RSP: 0018:ffffc9000047bde8 EFLAGS: 00010092
[ 66.165664] RAX: 0000000000000041 RBX: ffff88001a0fc148 RCX: 0000000000000002
[ 66.166443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff810acc2e
[ 66.167083] RBP: ffffc9000047be00 R08: 0000000000000000 R09: 0000000000000001
[ 66.167696] R10: ffffc9000047bd50 R11: 0000000000000000 R12: 0000000000000286
[ 66.168293] R13: ffffffff810e7c50 R14: ffff88001a106bb8 R15: 0000000000000000
[ 66.168897] FS: 00007fba87594700(0000) GS:ffff88001fc80000(0000) knlGS:0000000000000000
[ 66.169613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.170204] CR2: 000056167ee4e008 CR3: 000000001820e000 CR4: 00000000000006a0
[ 66.170861] Call Trace:
[ 66.171075] kill_css+0x3e/0x170
[ 66.171352] cgroup_destroy_locked+0xac/0x170
[ 66.171732] cgroup_rmdir+0x2c/0x150
[ 66.172037] kernfs_iop_rmdir+0x48/0x70
[ 66.172377] vfs_rmdir+0x73/0x150
[ 66.172679] do_rmdir+0x16d/0x1c0
[ 66.172962] SyS_rmdir+0x16/0x20
[ 66.173244] entry_SYSCALL_64_fastpath+0x18/0xad
[ 66.173682] RIP: 0033:0x7fba870c1487
[ 66.173985] RSP: 002b:00007ffec57e43a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[ 66.174719] RAX: ffffffffffffffda RBX: 00007fba87388b38 RCX: 00007fba870c1487
[ 66.175439] RDX: 00007fba8738ae80 RSI: 0000000000000000 RDI: 00007ffec57e5751
[ 66.176281] RBP: 00007fba87388ae0 R08: 0000000000000000 R09: 0000000000000000
[ 66.177046] R10: 000056167ee4e010 R11: 0000000000000246 R12: 00007fba87388b38
[ 66.177821] R13: 0000000000000030 R14: 00007fba87388b58 R15: 0000000000002710
[ 66.178574] Code: 80 3d f5 d3 89 00 00 0f 85 b8 fe ff ff 48 8b 53 10 48 c7 c6 e0 c0 83 81 48 c7 c7 68 e0 9c 81 c6 05 d6 d3 89 00 01 e8 09 0a d4 ff <0f> ff 48 8b 43 08 e9 8f fe ff ff 0f 1f 44 00 00 55 ba ff ffff
[ 66.181059] ---[ end trace 50ce5cd95cda7a2c ]---
--
tejun
next prev parent reply other threads:[~2017-05-17 21:34 UTC|newest]
Thread overview: 155+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-15 13:33 [RFC PATCH v2 00/17] cgroup: Major changes to cgroup v2 core Waiman Long
2017-05-15 13:33 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 01/17] cgroup: reorganize cgroup.procs / task write path Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 02/17] cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 03/17] cgroup: introduce cgroup->proc_cgrp and threaded css_set handling Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 04/17] cgroup: implement CSS_TASK_ITER_THREADED Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 06/17] cgroup: Fix reference counting bug in cgroup_procs_write() Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-17 19:20 ` Tejun Heo
2017-05-17 19:20 ` Tejun Heo
2017-05-15 13:34 ` [RFC PATCH v2 07/17] cgroup: Prevent kill_css() from being called more than once Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-17 19:23 ` Tejun Heo
2017-05-17 19:23 ` Tejun Heo
[not found] ` <20170517192357.GC942-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-05-17 20:24 ` Waiman Long
2017-05-17 20:24 ` Waiman Long
2017-05-17 20:24 ` Waiman Long
2017-05-17 21:34 ` Tejun Heo [this message]
2017-05-17 21:34 ` Tejun Heo
2017-05-15 13:34 ` [RFC PATCH v2 08/17] cgroup: Move debug cgroup to its own file Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-17 21:36 ` Tejun Heo
2017-05-17 21:36 ` Tejun Heo
2017-05-18 15:29 ` Waiman Long
2017-05-18 15:29 ` Waiman Long
2017-05-18 15:52 ` Waiman Long
2017-05-18 15:52 ` Waiman Long
[not found] ` <ee36d4f8-9e9d-a5c7-2174-56c21aaf75af-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-05-19 19:21 ` Tejun Heo
2017-05-19 19:21 ` Tejun Heo
2017-05-19 19:21 ` Tejun Heo
[not found] ` <20170519192146.GA9741-U58pm7aPsJ1N0TnZuCh8vA@public.gmane.org>
2017-05-19 19:33 ` Waiman Long
2017-05-19 19:33 ` Waiman Long
2017-05-19 19:33 ` Waiman Long
2017-05-19 20:28 ` Tejun Heo
2017-05-19 20:28 ` Tejun Heo
2017-05-15 13:34 ` [RFC PATCH v2 09/17] cgroup: Keep accurate count of tasks in each css_set Waiman Long
2017-05-15 13:34 ` Waiman Long
[not found] ` <1494855256-12558-10-git-send-email-longman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-05-17 21:40 ` Tejun Heo
2017-05-17 21:40 ` Tejun Heo
2017-05-17 21:40 ` Tejun Heo
2017-05-18 15:56 ` Waiman Long
2017-05-18 15:56 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 10/17] cgroup: Make debug cgroup support v2 and thread mode Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-17 21:43 ` Tejun Heo
2017-05-17 21:43 ` Tejun Heo
2017-05-18 15:58 ` Waiman Long
2017-05-18 15:58 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 11/17] cgroup: Implement new thread mode semantics Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-17 21:47 ` Tejun Heo
2017-05-17 21:47 ` Tejun Heo
2017-05-18 17:21 ` Waiman Long
2017-05-18 17:21 ` Waiman Long
2017-05-19 20:26 ` Tejun Heo
2017-05-19 20:26 ` Tejun Heo
2017-05-19 20:58 ` Tejun Heo
2017-05-19 20:58 ` Tejun Heo
[not found] ` <20170519202624.GA15279-U58pm7aPsJ1N0TnZuCh8vA@public.gmane.org>
2017-05-22 17:13 ` Waiman Long
2017-05-22 17:13 ` Waiman Long
2017-05-22 17:13 ` Waiman Long
[not found] ` <b1d02881-f522-8baa-5ebe-9b1ad74a03e4-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-05-22 17:32 ` Waiman Long
2017-05-22 17:32 ` Waiman Long
2017-05-22 17:32 ` Waiman Long
2017-05-24 20:36 ` Tejun Heo
2017-05-24 20:36 ` Tejun Heo
2017-05-24 21:17 ` Waiman Long
2017-05-24 21:17 ` Waiman Long
2017-05-24 21:27 ` Tejun Heo
2017-05-24 21:27 ` Tejun Heo
2017-06-01 14:50 ` Tejun Heo
2017-06-01 14:50 ` Tejun Heo
[not found] ` <20170601145042.GA3494-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-06-01 15:10 ` Peter Zijlstra
2017-06-01 15:10 ` Peter Zijlstra
2017-06-01 15:10 ` Peter Zijlstra
2017-06-01 15:35 ` Tejun Heo
2017-06-01 15:35 ` Tejun Heo
2017-06-01 18:44 ` Waiman Long
2017-06-01 18:44 ` Waiman Long
2017-06-01 18:47 ` Tejun Heo
2017-06-01 18:47 ` Tejun Heo
2017-06-01 19:27 ` Waiman Long
2017-06-01 19:27 ` Waiman Long
[not found] ` <ca834386-c41c-2797-702f-91516b06779f-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-06-01 20:38 ` Tejun Heo
2017-06-01 20:38 ` Tejun Heo
2017-06-01 20:38 ` Tejun Heo
[not found] ` <20170601203815.GA13390-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-06-01 20:48 ` Waiman Long
2017-06-01 20:48 ` Waiman Long
2017-06-01 20:48 ` Waiman Long
2017-06-01 20:52 ` Tejun Heo
2017-06-01 20:52 ` Tejun Heo
[not found] ` <20170601205203.GB13390-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-06-01 21:12 ` Waiman Long
2017-06-01 21:12 ` Waiman Long
2017-06-01 21:12 ` Waiman Long
2017-06-01 21:18 ` Tejun Heo
2017-06-01 21:18 ` Tejun Heo
2017-06-02 20:36 ` Waiman Long
2017-06-02 20:36 ` Waiman Long
2017-06-03 10:33 ` Tejun Heo
2017-06-03 10:33 ` Tejun Heo
2017-06-01 19:55 ` Waiman Long
2017-06-01 19:55 ` Waiman Long
2017-06-01 20:15 ` Waiman Long
2017-06-01 20:15 ` Waiman Long
2017-06-01 18:41 ` Waiman Long
2017-06-01 18:41 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 12/17] cgroup: Remove cgroup v2 no internal process constraint Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-19 20:38 ` Tejun Heo
2017-05-19 20:38 ` Tejun Heo
2017-05-20 2:10 ` Mike Galbraith
2017-05-20 2:10 ` Mike Galbraith
2017-05-24 17:01 ` Tejun Heo
2017-05-24 17:01 ` Tejun Heo
2017-05-22 16:56 ` Waiman Long
2017-05-22 16:56 ` Waiman Long
2017-05-24 17:05 ` Tejun Heo
2017-05-24 17:05 ` Tejun Heo
2017-05-24 18:09 ` Waiman Long
2017-05-24 18:09 ` Waiman Long
[not found] ` <20170524170527.GH24798-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-05-24 18:19 ` Waiman Long
2017-05-24 18:19 ` Waiman Long
2017-05-24 18:19 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 13/17] cgroup: Allow fine-grained controllers control in cgroup v2 Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-19 20:55 ` Tejun Heo
2017-05-19 20:55 ` Tejun Heo
2017-05-19 21:20 ` Waiman Long
2017-05-19 21:20 ` Waiman Long
2017-05-24 17:31 ` Tejun Heo
2017-05-24 17:31 ` Tejun Heo
2017-05-24 17:49 ` Waiman Long
2017-05-24 17:49 ` Waiman Long
[not found] ` <29bc746d-f89b-3385-fd5c-314bcd22f9f7-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-05-24 17:56 ` Tejun Heo
2017-05-24 17:56 ` Tejun Heo
2017-05-24 17:56 ` Tejun Heo
[not found] ` <20170524175600.GL24798-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-05-24 18:17 ` Waiman Long
2017-05-24 18:17 ` Waiman Long
2017-05-24 18:17 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 14/17] cgroup: Enable printing of v2 controllers' cgroup hierarchy Waiman Long
2017-05-15 13:34 ` Waiman Long
[not found] ` <1494855256-12558-1-git-send-email-longman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-05-15 13:34 ` [RFC PATCH v2 05/17] cgroup: implement cgroup v2 thread support Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 15/17] sched: Misc preps for cgroup unified hierarchy interface Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 16/17] sched: Implement interface for cgroup unified hierarchy Waiman Long
2017-05-15 13:34 ` Waiman Long
2017-05-15 13:34 ` [RFC PATCH v2 17/17] sched: Make cpu/cpuacct threaded controllers Waiman Long
2017-05-15 13:34 ` Waiman Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170517213407.GD942@htj.duckdns.org \
--to=tj@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=efault@gmx.de \
--cc=hannes@cmpxchg.org \
--cc=kernel-team@fb.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lizefan@huawei.com \
--cc=longman@redhat.com \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.