Re: [PATCH] memcg: fix slab accounting in refill_obj_stock() trylock path

[Vlastimil Babka]

On 2/27/26 02:01, Hao Li wrote:
> On Thu, Feb 26, 2026 at 02:44:02PM +0100, Vlastimil Babka wrote:
>> On 2/26/26 14:39, Shakeel Butt wrote:
>> > On Thu, Feb 26, 2026 at 07:51:37PM +0800, Hao Li wrote:
>> >> In the trylock path of refill_obj_stock(), mod_objcg_mlstate() should
>> >> use the real alloc/free bytes (i.e., nr_acct) for accounting, rather
>> >> than nr_bytes.
>> >> 
>> >> Fixes: 200577f69f29 ("memcg: objcg stock trylock without irq disabling")
>> >> Cc: stable@xxxxxxxxxxxxxxx
>> >> Signed-off-by: Hao Li <hao.li@xxxxxxxxx>
>> > 
>> > Thanks for the fix.
>> > 
>> > Acked-by: Shakeel Butt <shakeel.butt@xxxxxxxxx>
>> 
>> What are the user-visible effects of the bug?
> 
> The user-visible impact is that the NR_SLAB_RECLAIMABLE_B and
> NR_SLAB_UNRECLAIMABLE_B stats can end up being incorrect.
> 
> For example, if a user allocates a 6144-byte object, then before this fix
> refill_obj_stock() calls mod_objcg_mlstate(..., nr_bytes=2048), even though it
> should account for 6144 bytes (i.e., nr_acct).
> 
> When the user later frees the same object with kfree(), refill_obj_stock() calls
> mod_objcg_mlstate(..., nr_bytes=6144). This ends up adding 6144 to the stats,
> but it should be applying -6144 (i.e., nr_acct) since the object is being
> freed.

Thanks, I'm sure Andrew will amend the changelog with those useful details.

Weird that we went since 6.16 with nobody noticing the stats were off - it
sounds they could get really way off?