From: Michal Hocko <mhocko@kernel.org>
To: Thomas Lindroth <thomas.lindroth@gmail.com>
Cc: linux-mm@kvack.org, stable@vger.kernel.org
Subject: Re: [BUG] Early OOM and kernel NULL pointer dereference in 4.19.69
Date: Tue, 3 Sep 2019 09:41:32 +0200 [thread overview]
Message-ID: <20190903074132.GM14028@dhcp22.suse.cz> (raw)
In-Reply-To: <a07da432-1fc1-67de-ae35-93f157bf9a7d@gmail.com>
On Mon 02-09-19 21:34:29, Thomas Lindroth wrote:
> On 9/2/19 9:16 AM, Michal Hocko wrote:
> > On Sun 01-09-19 22:43:05, Thomas Lindroth wrote:
> > > After upgrading to the 4.19 series I've started getting problems with
> > > early OOM.
> >
> > What is the kenrel you have updated from? Would it be possible to try
> > the current Linus' tree?
>
> I did some more testing and it turns out this is not a regression after all.
>
> I followed up on my hunch and monitored memory.kmem.max_usage_in_bytes while
> running cgexec -g memory:12G bash -c 'find / -xdev -type f -print0 | \
> xargs -0 -n 1 -P 8 stat > /dev/null'
>
> Just as memory.kmem.max_usage_in_bytes = memory.kmem.limit_in_bytes the OOM
> killer kicked in and killed my X server.
>
> Using the find|stat approach it was easy to test the problem in a testing VM.
> I was able to reproduce the problem in all these kernels:
> 4.9.0
> 4.14.0
> 4.14.115
> 4.19.0
> 5.2.11
>
> 5.3-rc6 didn't build in the VM. The build environment is too old probably.
>
> I was curious why I initially couldn't reproduce the problem in 4.14 by
> building chromium. I was again able to successfully build chromium using
> 4.14.115. Turns out memory.kmem.max_usage_in_bytes was 1015689216 after
> building and my limit is set to 1073741824. I guess some unrelated change in
> memory management raised that slightly for 4.19 triggering the problem.
>
> If you want to reproduce for yourself here are the steps:
> 1. build any kernel above 4.9 using something like my .config
> 2. setup a v1 memory cgroup with memory.kmem.limit_in_bytes lower than
> memory.limit_in_bytes. I used 100M in my testing VM.
> 3. Run "find / -xdev -type f -print0 | xargs -0 -n 1 -P 8 stat > /dev/null"
> in the cgroup.
> 4. Assuming there is enough inodes on the rootfs the global OOM killer
> should kick in when memory.kmem.max_usage_in_bytes =
> memory.kmem.limit_in_bytes and kill something outside the cgroup.
This is certainly a bug. Is this still an OOM triggered from
pagefault_out_of_memory? Since 4.19 (29ef680ae7c21) the memcg charge
path should invoke the memcg oom killer directly from the charge path.
If that doesn't happen then the failing charge is either GFP_NOFS or a
large allocation.
The former has been fixed just recently by http://lkml.kernel.org/r/cbe54ed1-b6ba-a056-8899-2dc42526371d@i-love.sakura.ne.jp
and I suspect this is a fix you are looking for. Although it is curious
that you can see a global oom even before because the charge path would
mark an oom situation even for NOFS context and it should trigger the
memcg oom killer on the way out from the page fault path. So essentially
the same call trace except the oom killer should be constrained to the
memcg context.
Could you try the above patch please?
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2019-09-03 7:41 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-01 20:43 [BUG] Early OOM and kernel NULL pointer dereference in 4.19.69 Thomas Lindroth
2019-09-02 7:16 ` Michal Hocko
2019-09-02 7:27 ` Michal Hocko
2019-09-02 19:34 ` Thomas Lindroth
2019-09-03 7:41 ` Michal Hocko [this message]
2019-09-03 12:01 ` Thomas Lindroth
2019-09-03 12:05 ` Andrey Ryabinin
2019-09-03 12:22 ` Michal Hocko
2019-09-03 18:20 ` Thomas Lindroth
2019-09-03 19:36 ` Michal Hocko
[not found] ` <666dbcde-1b8a-9e2d-7d1f-48a117c78ae1@I-love.SAKURA.ne.jp>
2019-09-03 18:25 ` Thomas Lindroth
[not found] ` <4d0eda9a-319d-1a7d-1eed-71da90902367@i-love.sakura.ne.jp>
2019-09-04 11:25 ` [BUG] kmemcg limit defeats __GFP_NOFAIL allocation Michal Hocko
[not found] ` <4d87d770-c110-224f-6c0c-d6fada90417d@i-love.sakura.ne.jp>
2019-09-04 11:59 ` Michal Hocko
[not found] ` <0056063b-46ff-0ebd-ff0d-c96a1f9ae6b1@i-love.sakura.ne.jp>
2019-09-04 14:29 ` Michal Hocko
[not found] ` <405ce28b-c0b4-780c-c883-42d741ec60e0@i-love.sakura.ne.jp>
2019-09-05 23:11 ` Thomas Lindroth
2019-09-06 7:27 ` Michal Hocko
2019-09-06 10:54 ` Andrey Ryabinin
2019-09-06 11:29 ` Michal Hocko
2019-09-06 12:56 ` [PATCH] memcg, kmem: do not fail __GFP_NOFAIL charges Michal Hocko
2019-09-06 18:24 ` Shakeel Butt
2019-09-06 18:24 ` Shakeel Butt
2019-09-09 11:22 ` Michal Hocko
2019-09-11 12:00 ` Michal Hocko
2019-09-11 14:37 ` Andrew Morton
2019-09-11 15:16 ` Michal Hocko
2019-09-13 2:46 ` Shakeel Butt
2019-09-13 2:46 ` Shakeel Butt
2019-09-24 10:53 ` Michal Hocko
2019-09-24 23:06 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190903074132.GM14028@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=linux-mm@kvack.org \
--cc=stable@vger.kernel.org \
--cc=thomas.lindroth@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.