public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* BUG: cgroup_task_counter subsys may crash with whole-threadgroup move
@ 2011-10-14  0:09 Ben Blum
  2011-10-17  7:20 ` Li Zefan
  0 siblings, 1 reply; 2+ messages in thread
From: Ben Blum @ 2011-10-14  0:09 UTC (permalink / raw)
  To: Frederic Weisbecker
  Cc: Andrew Morton, Li Zefan, Oleg Nesterov, Paul Menage, linux-kernel,
	bblum

I was testing some patches for cgroup_attach_proc and managed to cause a
crash with the following usage pattern:

    mount -t cgroup none -o tasks /dev/cgroup
    cd /dev/cgroup
    mkdir foo
    echo $PID > foo/cgroup.procs
    echo $PID > tasks
    echo $PID > foo/cgroup.procs

Where $PID is the thread ID of a member of a multithreaded process (my
test program just does CLONE_THREAD 8 times and then all threads sleep).
(It doesn't matter if the thread is the group leader or not, but a
single-threaded process doesn't crash.)

And get the following kernel panic:
http://maximegalon.andrew.cmu.edu/cgroup-taskstats/panic.txt

It's deterministic, and happens only when the "tasks" subsystem is
mounted.

I'm using user-mode linux to test, with the following config:
http://maximegalon.andrew.cmu.edu/cgroup-taskstats/config.txt

and I ran it in GDB to get the following backtrace:
http://maximegalon.andrew.cmu.edu/cgroup-taskstats/bt.txt

Thanks,
Ben

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-10-17  7:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-14  0:09 BUG: cgroup_task_counter subsys may crash with whole-threadgroup move Ben Blum
2011-10-17  7:20 ` Li Zefan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox