Commit 6c37dde54e88 ("mm/memcg: improve mem_cgroup_dcache_is_low()
performance.") didn't destroy percpu_counter's on deletion of the memcg.
This is not just memleak but a memory corruption, because global
'percpu_counters' list will conatin pointers to the freed memory:
------------[ cut here ]------------
WARNING: at lib/debugobjects.c:260 debug_print_object+0x17d/0x210()
ODEBUG: free active (active state 0) object type: percpu_counter hint:
(null)
Call Trace:
dump_stack+0x1e/0x20
warn_slowpath_common+0x9f/0x100
warn_slowpath_fmt+0xc4/0x100
debug_print_object+0x17d/0x210
debug_check_no_obj_freed+0x500/0x920
kfree+0xd6/0x300
__mem_cgroup_free+0x37e/0x4e0
mem_cgroup_css_free+0x81/0xa0
cgroup_free_fn+0xc9/0x4e0
process_one_work+0x740/0x1910
worker_thread+0x413/0xbf0
kthread+0x1e6/0x250
ret_from_fork+0x58/0x90
Call percpu_counter_destroy() from ___mem_cgroup_free() to fix this.
https://jira.sw.ru/browse/PSBM-69145
Fixes: 6c37dde54e88 ("mm/memcg: improve mem_cgroup_dcache_is_low()
performance.")
Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com>
---
mm/memcontrol.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 7264c05d610..4e14af2cadb 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -5947,6 +5947,7 @@ out_free:
static void __mem_cgroup_free(struct mem_cgroup *memcg)
{
int node;
+ int i;
mem_cgroup_remove_from_trees(memcg);
free_css_id(&mem_cgroup_subsys, &memcg->css);
@@ -5954,6 +5955,9 @@ static void __mem_cgroup_free(struct mem_cgroup *memcg)
for_each_node(node)
free_mem_cgroup_per_zone_info(memcg, node);
+ for (i = 0; i < MEM_CGROUP_STAT2_NSTATS; i++)
+ percpu_counter_destroy(&memcg->stat2.counters[i]);
+
free_percpu(memcg->stat);
/*
--
2.13.0
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
