[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <7EE30F16-A90B-47DC-A065-3C21881CD1CC@apple.com>
Date: Thu, 01 Aug 2019 18:08:42 -0700
From: Masoud Sharbiani <msharbiani@...le.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: mhocko@...nel.org, hannes@...xchg.org, vdavydov.dev@...il.com,
linux-mm@...ck.org, cgroups@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: Possible mem cgroup bug in kernels between 4.18.0 and 5.3-rc1.
> On Aug 1, 2019, at 11:19 AM, Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Thu, Aug 01, 2019 at 11:04:14AM -0700, Masoud Sharbiani wrote:
>> Hey folks,
>> I’ve come across an issue that affects most of 4.19, 4.20 and 5.2 linux-stable kernels that has only been fixed in 5.3-rc1.
>> It was introduced by
>>
>> 29ef680 memcg, oom: move out_of_memory back to the charge path
>>
>> The gist of it is that if you have a memory control group for a process that repeatedly maps all of the pages of a file with repeated calls to:
>>
>> mmap(NULL, pages * PAGE_SIZE, PROT_WRITE|PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0)
>>
>> The memory cg eventually runs out of memory, as it should. However,
>> prior to the 29ef680 commit, it would kill the running process with
>> OOM; After that commit ( and until 5.3-rc1; Haven’t pinpointed the
>> exact commit in between 5.2.0 and 5.3-rc1) the offending process goes
>> into %100 CPU usage, and doesn’t die (prior behavior) or fail the mmap
>> call (which is what happens if one runs the test program with a low
>> ulimit -v value).
>>
>> Any ideas on how to chase this down further?
>
> Finding the exact patch that fixes this would be great, as then I can
> add it to the 4.19 and 5.2 stable kernels (4.20 is long end-of-life, no
> idea why you are messing with that one...)
>
> thanks,
>
> greg k-h
Allow me to issue a correction:
Running this test on linux master <629f8205a6cc63d2e8e30956bad958a3507d018f> correctly terminates the leaker app with OOM.
However, running it a second time (after removing the memory cgroup, and allowing the test script to run it again), causes this:
kernel:watchdog: BUG: soft lockup - CPU#7 stuck for 22s! [leaker1:7193]
[ 202.511024] CPU: 7 PID: 7193 Comm: leaker1 Not tainted 5.3.0-rc2+ #8
[ 202.517378] Hardware name: <redacted>
[ 202.525554] RIP: 0010:lruvec_lru_size+0x49/0xf0
[ 202.530085] Code: 41 89 ed b8 ff ff ff ff 45 31 f6 49 c1 e5 03 eb 19 48 63 d0 4c 89 e9 48 8b 14 d5 20 b7 11 b5 48 03 8b 88 00 00 00 4c 03 34 11 <48> c7 c6 80 c5 40 b5 89 c7 e8 29 a7 6f 00 3b 05 57 9d 24 01 72 d1
[ 202.548831] RSP: 0018:ffffa7c5480df620 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 202.556398] RAX: 0000000000000000 RBX: ffff8f5b7a1af800 RCX: 00003859bfa03bc0
[ 202.563528] RDX: ffff8f5b7f800000 RSI: 0000000000000018 RDI: ffffffffb540c580
[ 202.570662] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000004
[ 202.577795] R10: ffff8f5b62548000 R11: 0000000000000000 R12: 0000000000000004
[ 202.584928] R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000
[ 202.592063] FS: 00007ff73d835740(0000) GS:ffff8f6b7f840000(0000) knlGS:0000000000000000
[ 202.600149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 202.605895] CR2: 00007f1b1c00e428 CR3: 0000001021d56006 CR4: 00000000001606e0
[ 202.613026] Call Trace:
[ 202.615475] shrink_node_memcg+0xdb/0x7a0
[ 202.619488] ? shrink_slab+0x266/0x2a0
[ 202.623242] ? mem_cgroup_iter+0x10a/0x2c0
[ 202.627337] shrink_node+0xdd/0x4c0
[ 202.630831] do_try_to_free_pages+0xea/0x3c0
[ 202.635104] try_to_free_mem_cgroup_pages+0xf5/0x1e0
[ 202.640068] try_charge+0x279/0x7a0
[ 202.643565] mem_cgroup_try_charge+0x51/0x1a0
[ 202.647925] __add_to_page_cache_locked+0x19f/0x330
[ 202.652800] ? __mod_lruvec_state+0x40/0xe0
[ 202.656987] ? scan_shadow_nodes+0x30/0x30
[ 202.661086] add_to_page_cache_lru+0x49/0xd0
[ 202.665361] iomap_readpages_actor+0xea/0x230
[ 202.669718] ? iomap_migrate_page+0xe0/0xe0
[ 202.673906] iomap_apply+0xb8/0x150
[ 202.677398] iomap_readpages+0xa7/0x1a0
[ 202.681237] ? iomap_migrate_page+0xe0/0xe0
[ 202.685424] read_pages+0x68/0x190
[ 202.688829] __do_page_cache_readahead+0x19c/0x1b0
[ 202.693622] ondemand_readahead+0x168/0x2a0
[ 202.697808] filemap_fault+0x32d/0x830
[ 202.701562] ? __mod_lruvec_state+0x40/0xe0
[ 202.705747] ? page_remove_rmap+0xcf/0x150
[ 202.709846] ? alloc_set_pte+0x240/0x2c0
[ 202.713775] __xfs_filemap_fault+0x71/0x1c0
[ 202.717963] __do_fault+0x38/0xb0
[ 202.721280] __handle_mm_fault+0x73f/0x1080
[ 202.725467] ? __switch_to_asm+0x34/0x70
[ 202.729390] ? __switch_to_asm+0x40/0x70
[ 202.733318] handle_mm_fault+0xce/0x1f0
[ 202.737158] __do_page_fault+0x231/0x480
[ 202.741083] page_fault+0x2f/0x40
[ 202.744404] RIP: 0033:0x400c20
[ 202.747461] Code: 45 c8 48 89 c6 bf 32 0e 40 00 b8 00 00 00 00 e8 76 fb ff ff c7 45 ec 00 00 00 00 eb 36 8b 45 ec 48 63 d0 48 8b 45 c8 48 01 d0 <0f> b6 00 0f be c0 01 45 e4 8b 45 ec 25 ff 0f 00 00 85 c0 75 10 8b
[ 202.766208] RSP: 002b:00007ffde95ae460 EFLAGS: 00010206
[ 202.771432] RAX: 00007ff71e855000 RBX: 0000000000000000 RCX: 000000000000001a
[ 202.778558] RDX: 0000000001dfd000 RSI: 000000007fffffe5 RDI: 0000000000000000
[ 202.785692] RBP: 00007ffde95af4b0 R08: 0000000000000000 R09: 00007ff73d2a520d
[ 202.792823] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000400850
[ 202.799949] R13: 00007ffde95af590 R14: 0000000000000000 R15: 0000000000000000
Further tests show that this also happens if one waits long enough on 5.3-rc1 as well.
So I don’t think we have a fix in tree yet.
Cheers,
Masoud
Powered by blists - more mailing lists