Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp805902pxb; Fri, 22 Apr 2022 11:31:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx9s3yphi87+AZ3Cq/qBLvYudK3DC7LGvxTM50N5TLVdh8IdCBj/ZrC/nDneizQVgHS5bYT X-Received: by 2002:a17:902:dac5:b0:15a:fc5c:10ce with SMTP id q5-20020a170902dac500b0015afc5c10cemr5806632plx.41.1650652306505; Fri, 22 Apr 2022 11:31:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650652306; cv=none; d=google.com; s=arc-20160816; b=OfXdtXWfaqdCJNvrRa1YE7gFMMm5+F5nZhRV6I/XfjotqL5/3AxDnXw8NSCsJbQowg d4f7n4GX2prsTvZGt1bVCs3H+q3mavEtyRniU0Q85dioNFO9AoIhUz7ED99RM3ukS30N ntqEOyv3WtM4it3E2xpASR31oC9wlk9cLovyCTQQLOmkZcAVhjg6gdBmG0LP0rimTwdu 5r92l3C8L+tiUo8cnUfzRxoEJ7ns4fP2dlS10ISDRaqNKj6r+JwA3+nf/Ulnj2NtO1Ty FckCqI1atkN0nZ6BJ9t6ZJcXD9tJSOeoXmgW1CErfXC2ysA6lADDSdAaElNjQOHbLIDp e4xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=/eAIscwqrdOmVK8JO+DB8Q4/nTvq74/yqQoE6DPm+YE=; b=pWv/H0x1uW23mThTWD1ozloWkNc/eiT4fsFxU+psyxeKKLD18Irz7EGvZU70UI9IZQ Fhu8cTiMgF563eqr6Y2y7lSQ3eAOGXGXyoljS9VNrbmSYV/LOFg6lVzMSIJPHHiUqoV5 bhWfg0DOJn3sXyz53LACBVBuO/lqFBk5evMrgfTq8OHuibQnBdIIHMA/wuowov/HFJGv /i5ECxBDrS4wPxf8Mm9WqtyjxsL/NnMk7eErOPLA5375bpXxi6rhFEXWTv0ppXGiuLDI wdFwNK8egnslvJ2MkGLunG+/nziEjCmytdlEXNDFGAmDBbfnqJM9x9ewv7kEgWHmp1mZ jMrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BuOn9jZF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id rj3-20020a17090b3e8300b001cb8365e641si9119884pjb.52.2022.04.22.11.31.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 11:31:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BuOn9jZF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C3923CC51F; Fri, 22 Apr 2022 11:00:33 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1389805AbiDUXqW (ORCPT + 99 others); Thu, 21 Apr 2022 19:46:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1442701AbiDUXqL (ORCPT ); Thu, 21 Apr 2022 19:46:11 -0400 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89F933B549; Thu, 21 Apr 2022 16:43:20 -0700 (PDT) Received: by mail-pf1-x42f.google.com with SMTP id l127so6386213pfl.6; Thu, 21 Apr 2022 16:43:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=/eAIscwqrdOmVK8JO+DB8Q4/nTvq74/yqQoE6DPm+YE=; b=BuOn9jZFa0z5WyxQu4hiLUdJAi/zwUHm1r5eQfF7B2DC/9QVs/N7Mp7ZrccbIIYZNo JsuVB84ni+bT89l44FR+k4nl0uSUmLdPjndEgpc7uQjvsH7k7fC8x6jdaCnPmXGAj72B RD3E5PqhesJS6VUic1lN4Y1goCu1XOftLSnezxcJKa4c8uYsIR2rXQJvctMKpqafnXgI X8fYyAgjhj0wzO9ejjFn/X4JrqEEwzeOGAaPglJsO0KPU1g1t/Xlv7qycSpvTjiS/OEW aQD80Xii/k6tttIIf28RUlUjmahDWuo5Gvo5TzlOb23eBJLCNKOeV4/LWcBQRJ59T7gZ yvFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=/eAIscwqrdOmVK8JO+DB8Q4/nTvq74/yqQoE6DPm+YE=; b=0ari8QYeiJBp50Pv5qe7Dgt4I75lfCIlOPnDWFXGEn6X8cwHCBWpJvuSjNX1bC7tyr IOekfKGCtN97VOuNFV8NhbisiXBkWXoVxKpLMG/GH85GdLrWDVxe8cbkGXaRbfW9bxxV 4QJM1vA2PlNU2EdInEY3uml1rn7xz5nLlBEMplrDM2sLdZVuiNCouULlgMf3bjPqskM9 rqMAUuRPBhFS7p1ak96I/efmiAFtr8b3K1hJ+JDfHLDnJrdWHWebZmobpvZ5cUmuxLYo 1kLct7LoVsF8AYvsqMPCxbm159JGXS2CxxGO0jP8vzZfl1Y4Q0UaxCpt7dB37rW/FCn9 vQYA== X-Gm-Message-State: AOAM531gwhzxS5DFs3pD1bQRTrF5kMspEkZKnoLj6jA5K7CFCR/DYumJ 40i3d0zyim+t3kF58v17xG4= X-Received: by 2002:a05:6a00:10cc:b0:506:e0:d6c3 with SMTP id d12-20020a056a0010cc00b0050600e0d6c3mr1906210pfu.33.1650584599907; Thu, 21 Apr 2022 16:43:19 -0700 (PDT) Received: from localhost ([2620:10d:c090:400::5:15fa]) by smtp.gmail.com with ESMTPSA id g17-20020a625211000000b005056a6313a7sm220809pfb.87.2022.04.21.16.43.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Apr 2022 16:43:19 -0700 (PDT) Sender: Tejun Heo Date: Thu, 21 Apr 2022 13:43:17 -1000 From: Tejun Heo To: Tadeusz Struk Cc: Michal =?iso-8859-1?Q?Koutn=FD?= , cgroups@vger.kernel.org, Zefan Li , Johannes Weiner , Christian Brauner , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+e42ae441c3b10acf9e9d@syzkaller.appspotmail.com Subject: Re: [PATCH] cgroup: don't queue css_release_work if one already pending Message-ID: References: <20220412192459.227740-1-tadeusz.struk@linaro.org> <20220414164409.GA5404@blackbody.suse.cz> <584183e2-2473-6185-e07d-f478da118b87@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <584183e2-2473-6185-e07d-f478da118b87@linaro.org> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Thu, Apr 14, 2022 at 10:51:18AM -0700, Tadeusz Struk wrote: > What happened was, the write triggered: > cgroup_subtree_control_write()->cgroup_apply_control()->cgroup_apply_control_enable()->css_create() > > which, allocates and initializes the css, then fails in cgroup_idr_alloc(), > bails out and calls queue_rcu_work(cgroup_destroy_wq, &css->destroy_rwork); Yes, but this css hasn't been installed yet. > then cgroup_subtree_control_write() bails out to out_unlock:, which then goes: > > cgroup_kn_unlock()->cgroup_put()->css_put()->percpu_ref_put(&css->refcnt)->percpu_ref_put_many(ref) And this is a different css. cgroup->self which isn't connected to the half built css which got destroyed in css_create(). So, I have a bit of difficulty following this scenario. The way that the current code uses destroy_work is definitely nasty and it'd probably be a good idea to separate out the different use cases, but let's first understand what's failing. Thanks. -- tejun