| PERFD-SERVER-1439 [004] 308947.779252: bprint: get_css_set: get_css_set: 0xffffff89e1984000x: ref 1a, Callers:(cgroup_migrate_add_src<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write<-ksys_write) PERFD-SERVER-1439 [004] 308947.779262: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref 2, Callers:(cgroup_migrate_add_src<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write<-ksys_write) PERFD-SERVER-1439 [004] 308947.779264: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref 3, Callers:(find_css_set<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) PERFD-SERVER-1439 [004] 308947.779266: bprint: put_css_set: put_css_set: 0xffffff87f3e92800x: ref 2, Callers:(cgroup_migrate_prepare_dst<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write<-ksys_write) PERFD-SERVER-1439 [004] 308947.779267: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref 3, Callers:(find_css_set<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) PERFD-SERVER-1439 [004] 308947.779268: bprint: put_css_set: put_css_set: 0xffffff87f3e92800x: ref 2, Callers:(cgroup_migrate_prepare_dst<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write<-ksys_write) PERFD-SERVER-1439 [004] 308947.779269: bprint: put_css_set: put_css_set: 0xffffff87f3e92800x: ref 1, Callers:(cgroup_migrate_prepare_dst<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write<-ksys_write) | 1. (1) Then userspace want to migrate one group tasks. It has two tasks. Task 1 belong to src_cset 0xffffff89e1984000, task 2 belong to src_cset 0xffffff87f3e92800, current cset only has one task (task 2), so it’s cset 0xffffff87f3e92800 refcount =1. It get these tasks’ src_cset -> mg_preload_node insert to mgctx->preloaded_src_csets. (2) Then it want to migrate this group’s two tasks. Task 1 get src_cset 0xffffff89e1984000, will make cset 0xffffff89e1984000 refcount to 1a which is not important. Task 2 get src_cset 0xffffff87f3e92800, will make cset 0xffffff87f3e92800 refcount = 2. (3) Then task 1 get dst_cset 0xffffff87f3e92800, cset 0xffffff87f3e92800 refcount = 3. But it run in following code LINE 2675-2679, it wrongly think dst_cset->mg_preload_node Has been in mgctx->preloaded_dst_csets. As we know, because src_cset and dst_cset has same variable mg_preload_node, to insert to mgctx->preloaded_src_csets, mgctx->preloaded_dst_csets. it wrongly think has another one has add this dst_cset to preloaded_dst_csets. So it call LINE 2679 wrongly put this cset, make cset 0xffffff87f3e92800 change to refcount = 2 (4) Then task 2 get dst_cset 0xffffff87f3e92800, will make cset 0xffffff87f3e92800 recount =3, then it find dst_cset and src_cset are same, it will put twice cset in LINE 2664-2669, So refcount = 1 2640 int cgroup_migrate_prepare_dst(struct cgroup_mgctx *mgctx) 2641 { 2642 struct css_set *src_cset, *tmp_cset; 2643 2644 lockdep_assert_held(&cgroup_mutex); 2645 2646 /* look up the dst cset for each src cset and link it to src */ 2647 list_for_each_entry_safe(src_cset, tmp_cset, &mgctx->preloaded_src_csets, 2648 mg_preload_node) { 2649 struct css_set *dst_cset; 2650 struct cgroup_subsys *ss; 2651 int ssid; 2652 2653 dst_cset = find_css_set(src_cset, src_cset->mg_dst_cgrp); 2654 if (!dst_cset) 2655 return -ENOMEM; 2656 2657 WARN_ON_ONCE(src_cset->mg_dst_cset || dst_cset->mg_dst_cset); 2658 2659 /* 2660 * If src cset equals dst, it's noop. Drop the src. 2661 * cgroup_migrate() will skip the cset too. Note that we 2662 * can't handle src == dst as some nodes are used by both. 2663 */ 2664 if (src_cset == dst_cset) { 2665 src_cset->mg_src_cgrp = NULL; 2666 src_cset->mg_dst_cgrp = NULL; 2667 list_del_init(&src_cset->mg_preload_node); 2668 put_css_set(src_cset); 2669 put_css_set(dst_cset); 2670 continue; 2671 } 2672 2673 src_cset->mg_dst_cset = dst_cset; 2674 2675 if (list_empty(&dst_cset->mg_preload_node)) 2676 list_add_tail(&dst_cset->mg_preload_node, 2677 &mgctx->preloaded_dst_csets); 2678 else 2679 put_css_set(dst_cset); 2680 2681 for_each_subsys(ss, ssid) 2682 if (src_cset->subsys[ssid] != dst_cset->subsys[ssid]) 2683 mgctx->ss_mask |= 1 << ssid; 2684 } 2685 2686 return 0; 2687 } 2688 |
| Line 370561: rcuop/1-28 [005] 308947.813103: bprint: cgroup_free: 3cgroup_free:[task]0xffffff87b6131f80x HwBinder:1371_3, gtask 0xffffff8786fa8000x composer-servic, [cset]0xffffff87f3e92800x, ref 1: Callers:(__put_task_struct<-rcu_do_batch<-nocb_cb_wait<-rcu_nocb_cb_kthread<-kthread<-ret_from_fork<-0x0) Line 370562: rcuop/1-28 [005] 308947.813116: bprint: put_css_set_locked: cset:refzero:put_css_set_locked: 0xffffff87f3e92800x: ref 0, Callers:(put_css_set<-__put_task_struct<-delayed_put_task_struct<-rcu_do_batch<-nocb_cb_wait<-rcu_nocb_cb_kthread<-kthread) | 2. Then second task 0xffffff87b6131f80x HwBinder:1371_3 which src_cset is 0xffffff87f3e92800, do exit and put cset refcount 0 and make this cset to free. |
| Line 370889: PERFD-SERVER-1439 [004] 308947.838144: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370907: PERFD-SERVER-1439 [004] 308947.842963: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370909: PERFD-SERVER-1439 [004] 308947.843105: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370911: PERFD-SERVER-1439 [004] 308947.843126: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370913: PERFD-SERVER-1439 [004] 308947.843132: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370915: PERFD-SERVER-1439 [004] 308947.843137: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370917: PERFD-SERVER-1439 [004] 308947.843142: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370919: PERFD-SERVER-1439 [004] 308947.843148: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370921: PERFD-SERVER-1439 [004] 308947.843154: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370923: PERFD-SERVER-1439 [004] 308947.843158: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370925: PERFD-SERVER-1439 [004] 308947.843164: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370927: PERFD-SERVER-1439 [004] 308947.843168: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370929: PERFD-SERVER-1439 [004] 308947.843173: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370931: PERFD-SERVER-1439 [004] 308947.843177: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370933: PERFD-SERVER-1439 [004] 308947.843183: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370935: PERFD-SERVER-1439 [004] 308947.843188: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370937: PERFD-SERVER-1439 [004] 308947.843194: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370939: PERFD-SERVER-1439 [004] 308947.843199: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370941: PERFD-SERVER-1439 [004] 308947.843203: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370943: PERFD-SERVER-1439 [004] 308947.843210: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370945: PERFD-SERVER-1439 [004] 308947.843216: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370947: PERFD-SERVER-1439 [004] 308947.843221: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370949: PERFD-SERVER-1439 [004] 308947.843226: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370951: PERFD-SERVER-1439 [004] 308947.843231: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) Line 370953: PERFD-SERVER-1439 [004] 308947.843235: bprint: get_css_set: get_css_set: 0xffffff87f3e92800x: ref c0000000, Callers:(cgroup_migrate_execute<-cgroup_attach_task<-__cgroup1_procs_write<-cgroup1_procs_write<-cgroup_file_write<-kernfs_fop_write_iter<-vfs_write) |
2411 static int cgroup_migrate_execute(struct cgroup_mgctx *mgctx) 2412 { 2413 struct cgroup_taskset *tset = &mgctx->tset; 2414 struct cgroup_subsys *ss; 2415 struct task_struct *task, *tmp_task; 2416 struct css_set *cset, *tmp_cset; 2417 int ssid, failed_ssid, ret; 2418 2419 /* check that we can legitimately attach to the cgroup */ 2420 if (tset->nr_tasks) { 2421 do_each_subsys_mask(ss, ssid, mgctx->ss_mask) { 2422 if (ss->can_attach) { 2423 tset->ssid = ssid; 2424 ret = ss->can_attach(tset); 2425 if (ret) { 2426 failed_ssid = ssid; 2427 goto out_cancel_attach; 2428 } 2429 } 2430 } while_each_subsys_mask(); 2431 } 2432 2433 /* 2434 * Now that we're guaranteed success, proceed to move all tasks to 2435 * the new cgroup. There are no failure cases after here, so this 2436 * is the commit point. 2437 */ 2438 spin_lock_irq(&css_set_lock); 2439 list_for_each_entry(cset, &tset->src_csets, mg_node) { 2440 list_for_each_entry_safe(task, tmp_task, &cset->mg_tasks, cg_list) { 2441 struct css_set *from_cset = task_css_set(task); 2442 struct css_set *to_cset = cset->mg_dst_cset; ---------------get first task’s dst_cset, but this cset has been freed. 2443 2444 get_css_set(to_cset); 2445 to_cset->nr_tasks++; 2446 css_set_move_task(task, from_cset, to_cset, true); 2447 from_cset->nr_tasks--; 2448 /* 2449 * If the source or destination cgroup is frozen, 2450 * the task might require to change its state. 2451 */ 2452 cgroup_freezer_migrate_task(task, from_cset->dfl_cgrp, 2453 to_cset->dfl_cgrp); 2454 put_css_set_locked(from_cset); 2455 2456 } 4. |
Cgroup patch and analysis process
最新推荐文章于 2024-07-14 09:37:06 发布
305
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
