From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=LZ0z=4W=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=3.0 tests=MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 027F0C3F2D1
	for <linux-mm@archiver.kernel.org>; Thu,  5 Mar 2020 09:24:52 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C21EC20870
	for <linux-mm@archiver.kernel.org>; Thu,  5 Mar 2020 09:24:51 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C21EC20870
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 4B7F96B0003; Thu,  5 Mar 2020 04:24:51 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 468066B0005; Thu,  5 Mar 2020 04:24:51 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 37CE06B0007; Thu,  5 Mar 2020 04:24:51 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0056.hostedemail.com [216.40.44.56])
	by kanga.kvack.org (Postfix) with ESMTP id 1D97B6B0003
	for <linux-mm@kvack.org>; Thu,  5 Mar 2020 04:24:51 -0500 (EST)
Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 08EEC8248D52
	for <linux-mm@kvack.org>; Thu,  5 Mar 2020 09:24:51 +0000 (UTC)
X-FDA: 76560773982.04.drum07_2a50bc1a8ff0b
X-HE-Tag: drum07_2a50bc1a8ff0b
X-Filterd-Recvd-Size: 3365
Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65])
	by imf37.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu,  5 Mar 2020 09:24:50 +0000 (UTC)
Received: by mail-wr1-f65.google.com with SMTP id x7so6087330wrr.0
        for <linux-mm@kvack.org>; Thu, 05 Mar 2020 01:24:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:content-transfer-encoding
         :in-reply-to;
        bh=9vQe482RUcHrdGZKLAu+qnIPkFKqJ2yT+5bmZriPGCE=;
        b=aCpLa3AyTYFGzTDavP5zemQsdb1U8pbDiIfEot2pNJVPXyCSP8WRu+7ACh9Ri9sXoA
         KomLlGjd7OlYH4Uru517vWC093qgR4mFKsKMvgwwcJsJiyCPzmkYyuSQaStFcyHzqCLr
         XDlT4mx4Ul5IFrtKT5MRFv1ZS0Kq5wV6mbw4rPkoh22P8e3yEPU3yxyXznvz/9tX279L
         vSJHz/Fc+WO8pk6D+gPxbHK9RVae+OJgcy4ej5+XuEuZvP1rp/q2Hj21281s4R8xEM5J
         zPERlUw+572hoWCoye97/LNmCxlkMOymaND/tNbbIShSroyF8TxxS6BgWUxXvrBXsLM/
         m/iw==
X-Gm-Message-State: ANhLgQ2JpPRsj4WYtw9gukJDlMB78GJh0QMODf/hgoWKyTTgg8jbt+Ka
	YbrVIHb71K8/gi2vDHmU8RE=
X-Google-Smtp-Source: ADFU+vvqdBUB33jqLEFP4NDcqKysj/IfEmhB8jpmFa+xqd50R/xS6n1SmUdsZTIOV3TA19m3kIXQZQ==
X-Received: by 2002:a5d:54ce:: with SMTP id x14mr8898569wrv.353.1583400289434;
        Thu, 05 Mar 2020 01:24:49 -0800 (PST)
Received: from localhost (prg-ext-pat.suse.com. [213.151.95.130])
        by smtp.gmail.com with ESMTPSA id w16sm9863676wrp.8.2020.03.05.01.24.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 05 Mar 2020 01:24:48 -0800 (PST)
Date: Thu, 5 Mar 2020 10:24:47 +0100
From: Michal Hocko <mhocko@kernel.org>
To: brookxu <brookxu.cn@gmail.com>
Cc: hannes@cmpxchg.org, vdavydov.dev@gmail.com, akpm@linux-foundation.org,
	cgroups@vger.kernel.org, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] memcg: fix NULL pointer dereference in
 __mem_cgroup_usage_unregister_event
Message-ID: <20200305092447.GQ16139@dhcp22.suse.cz>
References: <5ee35fe7-2a90-ae71-9100-3f2833cbf252@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <5ee35fe7-2a90-ae71-9100-3f2833cbf252@gmail.com>
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Thank you for the report!

On Thu 05-03-20 13:52:03, brookxu wrote:
> One eventfd monitors multiple memory thresholds of cgroup, closing it, =
the
> system will delete related events. Before all events are deleted, anoth=
er
> eventfd monitors the cgroup's memory threshold.

Could you describe the race scenario please? Ideally=20
>=20
> As a result, thresholds->primary[] is not empty, but thresholds->sparse=
[]
> is NULL, __mem_cgroup_usage_unregister_event() leading to a crash:
>=20
> [=A0 138.925809] BUG: unable to handle kernel NULL pointer dereference =
at 0000000000000004
> [=A0 138.926817] IP: [<ffffffff8116c9b7>] mem_cgroup_usage_unregister_e=
vent+0xd7/0x1f0
> [=A0 138.927701] PGD 73bce067 PUD 76ff3067 PMD 0
> [=A0 138.928384] Oops: 0002 [#1] SMP
> [=A0 138.935218] CPU: 1 PID: 14 Comm: kworker/1:0 Not tainted 3.10.107-=
1-tlinux2-0047 #1

Also you seem to be running a very old kernel. Does the problem exist in
the current Vanilla kernel?
--=20
Michal Hocko
SUSE Labs