On Thu, 20 Jun 2019, Roman Gushchin wrote:
> As a result of reparenting a kmem_cache might belong to the root
> memory cgroup. It happens when a top-level memory cgroup is removed,
> and all associated kmem_caches are reparented to the root memory
> cgroup.
>
> The root memory cgroup is special, and requires a special handling.
> Let's make sure that we don't try to charge or uncharge it,
> and we handle system-wide vmstats exactly as for root kmem_caches.
>
> Note, that we still need to alter the kmem_cache reference counter,
> so that the kmem_cache can be released properly.
>
> The issue was discovered by running CRIU tests; the following warning
> did appear:
>
> [ 381.345960] WARNING: CPU: 0 PID: 11655 at mm/page_counter.c:62
> page_counter_cancel+0x26/0x30
> [ 381.345992] Modules linked in:
> [ 381.345998] CPU: 0 PID: 11655 Comm: kworker/0:8 Not tainted
> 5.2.0-rc5-next-20190618+ #1
> [ 381.346001] Hardware name: Google Google Compute Engine/Google
> Compute Engine, BIOS Google 01/01/2011
> [ 381.346010] Workqueue: memcg_kmem_cache kmemcg_workfn
> [ 381.346013] RIP: 0010:page_counter_cancel+0x26/0x30
> [ 381.346017] Code: 1f 44 00 00 0f 1f 44 00 00 48 89 f0 53 48 f7 d8
> f0 48 0f c1 07 48 29 f0 48 89 c3 48 89 c6 e8 61 ff ff ff 48 85 db 78
> 02 5b c3 <0f> 0b 5b c3 66 0f 1f 44 00 00 0f 1f 44 00 00 48 85 ff 74 41
> 41 55
> [ 381.346019] RSP: 0018:ffffb3b34319f990 EFLAGS: 00010086
> [ 381.346022] RAX: fffffffffffffffc RBX: fffffffffffffffc RCX: 0000000000000004
> [ 381.346024] RDX: 0000000000000000 RSI: fffffffffffffffc RDI: ffff9c2cd7165270
> [ 381.346026] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000001
> [ 381.346028] R10: 00000000000000c8 R11: ffff9c2cd684e660 R12: 00000000fffffffc
> [ 381.346030] R13: 0000000000000002 R14: 0000000000000006 R15: ffff9c2c8ce1f200
> [ 381.346033] FS: 0000000000000000(0000) GS:ffff9c2cd8200000(0000)
> knlGS:0000000000000000
> [ 381.346039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 381.346041] CR2: 00000000007be000 CR3: 00000001cdbfc005 CR4: 00000000001606f0
> [ 381.346043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 381.346045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 381.346047] Call Trace:
> [ 381.346054] page_counter_uncharge+0x1d/0x30
> [ 381.346065] __memcg_kmem_uncharge_memcg+0x39/0x60
> [ 381.346071] __free_slab+0x34c/0x460
> [ 381.346079] deactivate_slab.isra.80+0x57d/0x6d0
> [ 381.346088] ? add_lock_to_list.isra.36+0x9c/0xf0
> [ 381.346095] ? __lock_acquire+0x252/0x1410
> [ 381.346106] ? cpumask_next_and+0x19/0x20
> [ 381.346110] ? slub_cpu_dead+0xd0/0xd0
> [ 381.346113] flush_cpu_slab+0x36/0x50
> [ 381.346117] ? slub_cpu_dead+0xd0/0xd0
> [ 381.346125] on_each_cpu_mask+0x51/0x70
> [ 381.346131] ? ksm_migrate_page+0x60/0x60
> [ 381.346134] on_each_cpu_cond_mask+0xab/0x100
> [ 381.346143] __kmem_cache_shrink+0x56/0x320
> [ 381.346150] ? ret_from_fork+0x3a/0x50
> [ 381.346157] ? unwind_next_frame+0x73/0x480
> [ 381.346176] ? __lock_acquire+0x252/0x1410
> [ 381.346188] ? kmemcg_workfn+0x21/0x50
> [ 381.346196] ? __mutex_lock+0x99/0x920
> [ 381.346199] ? kmemcg_workfn+0x21/0x50
> [ 381.346205] ? kmemcg_workfn+0x21/0x50
> [ 381.346216] __kmemcg_cache_deactivate_after_rcu+0xe/0x40
> [ 381.346220] kmemcg_cache_deactivate_after_rcu+0xe/0x20
> [ 381.346223] kmemcg_workfn+0x31/0x50
> [ 381.346230] process_one_work+0x23c/0x5e0
> [ 381.346241] worker_thread+0x3c/0x390
> [ 381.346248] ? process_one_work+0x5e0/0x5e0
> [ 381.346252] kthread+0x11d/0x140
> [ 381.346255] ? kthread_create_on_node+0x60/0x60
> [ 381.346261] ret_from_fork+0x3a/0x50
> [ 381.346275] irq event stamp: 10302
> [ 381.346278] hardirqs last enabled at (10301): [<ffffffffb2c1a0b9>]
> _raw_spin_unlock_irq+0x29/0x40
> [ 381.346282] hardirqs last disabled at (10302): [<ffffffffb2182289>]
> on_each_cpu_mask+0x49/0x70
> [ 381.346287] softirqs last enabled at (10262): [<ffffffffb2191f4a>]
> cgroup_idr_replace+0x3a/0x50
> [ 381.346290] softirqs last disabled at (10260): [<ffffffffb2191f2d>]
> cgroup_idr_replace+0x1d/0x50
> [ 381.346293] ---[ end trace b324ba73eb3659f0 ]---
>
> v2: fixed return value from memcg_charge_slab(), spotted by Shakeel
>
> Reported-by: Andrei Vagin <[email protected]>
> Signed-off-by: Roman Gushchin <[email protected]>
> Cc: Christoph Lameter <[email protected]>
> Cc: Johannes Weiner <[email protected]>
> Cc: Michal Hocko <[email protected]>
> Cc: Shakeel Butt <[email protected]>
> Cc: Vladimir Davydov <[email protected]>
> Cc: Waiman Long <[email protected]>
> Cc: David Rientjes <[email protected]>
> Cc: Joonsoo Kim <[email protected]>
> Cc: Pekka Enberg <[email protected]>
Acked-by: David Rientjes <[email protected]>