Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751592AbcCKSUk (ORCPT ); Fri, 11 Mar 2016 13:20:40 -0500 Received: from mail-yk0-f174.google.com ([209.85.160.174]:35995 "EHLO mail-yk0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750944AbcCKSUi (ORCPT ); Fri, 11 Mar 2016 13:20:38 -0500 Date: Fri, 11 Mar 2016 13:20:35 -0500 From: Tejun Heo To: Peter Zijlstra Cc: Niklas Cassel , "linux-kernel@vger.kernel.org" Subject: Re: [BUG] sched: leaf_cfs_rq_list use after free Message-ID: <20160311182035.GM24046@htj.duckdns.org> References: <56D9664D.8080503@axis.com> <20160310125417.GW6344@twins.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160310125417.GW6344@twins.programming.kicks-ass.net> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1044 Lines: 29 Hello, Peter. On Thu, Mar 10, 2016 at 01:54:17PM +0100, Peter Zijlstra wrote: > > I've reproduced this on v4.4, but I've also managed to reproduce the bug > > after cherry-picking the following patches > > (all but one were marked for v4.4 stable): > > > > 6fe1f34 sched/cgroup: Fix cgroup entity load tracking tear-down > > d6e022f workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup > > 041bd12 Revert "workqueue: make sure delayed work run in local cpu" > > 8bb5ef7 cgroup: make sure a parent css isn't freed before its children > > aa226ff cgroup: make sure a parent css isn't offlined before its children > > e93ad19 cpuset: make mm migration asynchronous > > Hmm, that is most unfortunate indeed. > > Can you describe a reliable reproducer? > > So we only call list_add_leaf_cfs_rq() through enqueue_task_fair(), > which means someone is still running inside that cgroup. > > TJ, I thought we only call offline when the cgroup is empty, don't we? Yeap, populated csses shouldn't be being offlined. Thanks. -- tejun