Re: WARNING in try_charge

From: Michal Hocko
Date: Mon Aug 06 2018 - 14:56:01 EST


The debugging patch was wrong but I guess I see it finally.
It's a race

: [ 72.901666] Memory cgroup out of memory: Kill process 6584 (syz-executor1) score 550000 or sacrifice child
: [ 72.917037] Killed process 6584 (syz-executor1) total-vm:37704kB, anon-rss:2140kB, file-rss:0kB, shmem-rss:0kB
: [ 72.927256] task=syz-executor5 pid=6581 charge bypass
: [ 72.928046] oom_reaper: reaped process 6584 (syz-executor1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
: [ 72.932818] task=syz-executor6 pid=6576 invoked memcg oom killer. oom_victim=1
: [ 72.942790] task=syz-executor5 pid=6581 charge for nr_pages=1
: [ 72.949769] syz-executor6 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0
: [ 72.955606] task=syz-executor5 pid=6581 charge bypass
: [ 72.967394] syz-executor6 cpuset=/ mems_allowed=0
: [ 72.973175] task=syz-executor5 pid=6581 charge for nr_pages=1
: [...]
: [ 73.534865] Task in /ile0 killed as a result of limit of /ile0
: [ 73.540865] memory: usage 76kB, limit 0kB, failcnt 260
: [ 73.546142] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
: [ 73.552898] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
: [ 73.559051] Memory cgroup stats for /ile0: cache:0KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:0KB inactive_file:0KB active_file:0KB unevictable:0KB
: [ 73.578533] Tasks state (memory values in pages):
: [ 73.583404] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
: [ 73.592277] [ 6569] 0 6562 9427 1 53248 0 0 syz-executor0
: [ 73.601299] [ 6576] 0 6576 9426 0 61440 0 0 syz-executor6
: [ 73.610333] [ 6578] 0 6578 9426 534 61440 0 0 syz-executor4
: [ 73.619381] [ 6579] 0 6579 9426 0 57344 0 0 syz-executor5
: [ 73.628414] [ 6582] 0 6582 9426 0 61440 0 0 syz-executor7
: [ 73.637441] [ 6584] 0 6584 9426 0 57344 0 0 syz-executor1
: [ 73.646464] Memory cgroup out of memory: Kill process 6578 (syz-executor4) score 549000 or sacrifice child
: [ 73.656295] task=syz-executor6 pid=6576 is oom victim now

This should be 6578 but we at least know that we are running in 6576
context so the we are setting the state from a remote context which
itself has been killed already

: [ 73.661841] Killed process 6578 (syz-executor4) total-vm:37704kB, anon-rss:2136kB, file-rss:0kB, shmem-rss:0kB
: [ 73.672035] task=syz-executor6 pid=6576 charge bypass
: [ 73.672801] oom_reaper: reaped process 6578 (syz-executor4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
: [ 73.678829] task=syz-executor4 pid=6578 invoked memcg oom killer. oom_victim=1

and here the victim finally reached the oom path finally.

: [ 73.687453] task=syz-executor6 pid=6576 charge for nr_pages=1
: [ 73.694534] ------------[ cut here ]------------
: [ 73.700424] task=syz-executor6 pid=6576 charge bypass
: [ 73.705175] Memory cgroup charge failed because of no reclaimable memory! This looks like a misconfiguration or a kernel bug.
: [ 73.705321] WARNING: CPU: 1 PID: 6578 at mm/memcontrol.c:1707 try_charge+0xafa/0x1710

But there is nobody killable. So the oom kill happened _after_ our force
charge path. Therefore we should do the following regardless whether we
make tis warn or pr_$foo

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 116b181bb646afedd770985de20a68721bdb2648

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 4603ad75c9a9..1b6eed1bc404 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1703,7 +1703,8 @@ static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int
return OOM_ASYNC;
}

- if (mem_cgroup_out_of_memory(memcg, mask, order))
+ if (mem_cgroup_out_of_memory(memcg, mask, order) ||
+ tsk_is_oom_victim(current))
return OOM_SUCCESS;

WARN(1,"Memory cgroup charge failed because of no reclaimable memory! "
--
Michal Hocko
SUSE Labs