Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751811AbdHAKYB (ORCPT <rfc822;w@1wt.eu>);
        Tue, 1 Aug 2017 06:24:01 -0400
Received: from merlin.infradead.org ([205.233.59.134]:57112 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751295AbdHAKYA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Aug 2017 06:24:00 -0400
Date: Tue, 1 Aug 2017 12:23:55 +0200
From: Peter Zijlstra <peterz@infradead.org>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: mingo@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] sched: fix NULL pointer issue in pick_next_entity()
Message-ID: <20170801102355.n2daefbynx6wnl22@hirez.programming.kicks-ass.net>
References: <1501581716-8608-1-git-send-email-laoar.shao@gmail.com>
 <20170801083812.GH6524@worktop.programming.kicks-ass.net>
 <CALOAHbCop71efobq4y2FD_=f4cXd-a5G9hwKgC8occkN0YTVBw@mail.gmail.com>
 <20170801091213.mcygpbrf3c5c5qf5@hirez.programming.kicks-ass.net>
 <CALOAHbCJXhG0DyCRpSEU=t5uTV1JhxOW+vNDCm-UjS8CHazkHA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALOAHbCJXhG0DyCRpSEU=t5uTV1JhxOW+vNDCm-UjS8CHazkHA@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1284
Lines: 29

On Tue, Aug 01, 2017 at 05:20:11PM +0800, Yafang Shao wrote:
> Hi Peter,
> 
> 2017-08-01 17:12 GMT+08:00 Peter Zijlstra <peterz@infradead.org>:
> > On Tue, Aug 01, 2017 at 04:57:43PM +0800, Yafang Shao wrote:
> >> > And how would that happen? We only call pick_next_entity(.curr=NULL)
> >> > when we _know_ cfs_rq->nr_running.
> >>
> >> It crashed my machine when I did hadoop test, and after I made this change
> >> it works now.
> >> On SMP system, cfs_rq->nr_running isn't protected well, although we _know_
> >> cfs_rq->nr_running,
> >> but it is modified by other thread running on other CPU and the
> >> sched_entity is set NULL as well.
> >> Then this thread broken here as accessed the NULL pointer here.
> >
> > cfs_rq->nr_running should be protected by the rq->lock. If it is not,
> > something else is buggered.
> 
> Yes, I admit that something else is buggered, but unfortunately I
> haven't understood the
> scheduler deeply so can't find the root cause.
> 
> But from my understanding,  it is obviously  a bug here as we can find
> that it may occurs that both 'se'
> and 'curr' are NULL. That's why I submit this patch to fix it.

Thing is, it doesn't fix a bug, it hides one. The real bug is nr_running
changing while you own the rq->lock. That should _never_ happen.