Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3498303pxp; Tue, 8 Mar 2022 16:00:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJyExRALp6oG8y/X54qnBKxJekh5wk9712rehHhmPwsPZf5oqU0I0fAnnqBk0ONcoW5xqpN8 X-Received: by 2002:a65:4c47:0:b0:37d:5eea:232d with SMTP id l7-20020a654c47000000b0037d5eea232dmr16494286pgr.536.1646784043130; Tue, 08 Mar 2022 16:00:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646784043; cv=none; d=google.com; s=arc-20160816; b=Lwp+FObsIbb8HYbnoLi5kMg3rdV+dM/XubDTFNT8yExoThUxg20YZK7Dn5bk0n6Utm MDLuIHnh43nMkE+UBYV084Vlb4PcOpxVYb3ONBDk4575n7z1pJkUvh8vzFsRMnVyVHQz EkGlmhj24CwxvZrsHtCQZt7+d6CiD8d7fmSjN55plC9Z8P2wArVI7XZGGlHEaFPyOud+ pOnEfdi8Egbtq4s9VqwDDuu9bMLmMj3AInP29Z1PTK7U6hOJsdJnoQy1id4w3lxAmf2f eec0DmmxcxJy0Ru+xyEzOxQaZd0BALTN1/A9CmSfOd0yN2xbCwH0FRSG5dKSgzzqQYAe Jtyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=yCgLkIUzX0S1MPQ66B3UsRJrG7vCxhG0ViRgp3VSlm0=; b=kMIG3blsij2vXhER2ZwOf5Epawqn1As5xR3e7cq2Oh8vMUzQkYFjBpD9Mix1lNMogN 7NFIJbY/+qdo/cnjpfjCR38bqY9pk/4cNkAeF0Oj4q2jDnzK/opX0Vu3yq4VXsPEvejx Wpy/FZ2f+DHVHXW2ww+/OkZSqYM0J4M6Ffau8cIyIl3sS3thBY5SSZ1lghcZImPkQnPp p2Eqy7rUee39T7H8ViuV9/cfKOrn/aWNg0HJEu6e6xJTW4YRiPDipbUcYM70Noe1Xvq7 1xygYE5PC9Znwhtnh9dkWGrWZ1/iFvWMqJ+zK+rUc2uraBKOTf0L3l9r4V7AYwz7atEP xgCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=OOjEXZgz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id bj15-20020a056a02018f00b003800141d42esi278047pgb.471.2022.03.08.16.00.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Mar 2022 16:00:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=OOjEXZgz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1B3D5D7624; Tue, 8 Mar 2022 15:35:49 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344334AbiCHCX3 (ORCPT + 99 others); Mon, 7 Mar 2022 21:23:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244874AbiCHCX1 (ORCPT ); Mon, 7 Mar 2022 21:23:27 -0500 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9471CD7B; Mon, 7 Mar 2022 18:22:31 -0800 (PST) Received: by mail-ej1-x634.google.com with SMTP id bi12so22912723ejb.3; Mon, 07 Mar 2022 18:22:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yCgLkIUzX0S1MPQ66B3UsRJrG7vCxhG0ViRgp3VSlm0=; b=OOjEXZgzwjFsdIbhqzzjlQxzSofhD9Ic2WaeB89faJvEAV21gIEOg92lH3wimqZre2 gsgtouroJceNsyvuB4ou4TNXRIclfarYt8jHLu+LONKYM5gMrFlj04fWFnWDr9Igwlfz wiFg8pGrwhXMOQDs/QX7yjeK6qd+DhiTzLrrt6dq+UXwKzgSZOyeseT2h2OwrWUxognA tTj4KfDr6/W4y/npmQkbR8vDnizc8ailpW8oEwZdrUSAh9W6K+gNPML9YpCL7j8LgV9T bhwjUriPORy0lg9s1TTQsXgn0Vn7z4XLB1p7xlWFgGRdWnLHiFF3Y6jPxLbpB5PbwdBT HRfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yCgLkIUzX0S1MPQ66B3UsRJrG7vCxhG0ViRgp3VSlm0=; b=Wp5LN2EmWbtI2hSz33NYRdK7sexNssQMux+myRPQDPHCG41+pk3yS33PnMpAcNJYr4 oF0TQ6RLul6eA9HEqp1UasAcKPUaxgLmO0rIgtGm7BfNrONKWreT66x7SFHMZKYCfDIm 4p6Klimwfu+miplknjzD78Uzj5C1/NQ7C3Gh5A/zUGDXn6ZQTvm+D90iFxzCHdjHeZtH f8wZjaJ5GdBKwaXB4vjRDDLCHS7U5FsYZbYgCaIyFrkbe4C4HWh04sgzfJ+neTn3195V inZR3WYk007QvxiGN8d3wAqTY8yeju9xsiQSJwFGzws0yHwqxsQFuwD2fud7wUWR7k8L jsTw== X-Gm-Message-State: AOAM530oBva2PWLgu9cQn0H0QLXhXDAYqD6U2wcezR5umt4im8qPEXMm vLy3r2YkmtIo8oXmSRMCMLypYAinQGmxgqjawu0YgQCrGwU= X-Received: by 2002:a17:907:9956:b0:6cf:cd25:c5a7 with SMTP id kl22-20020a170907995600b006cfcd25c5a7mr11163191ejc.635.1646706148785; Mon, 07 Mar 2022 18:22:28 -0800 (PST) MIME-Version: 1.0 References: <3192BC90-D082-472B-B310-6E09A14A77C6@hust.edu.cn> In-Reply-To: From: Dongliang Mu Date: Tue, 8 Mar 2022 10:22:02 +0800 Message-ID: Subject: Re: Fw:Re: [PATCH] fs: nilfs2: fix memory leak in nilfs sysfs create device group To: Ryusuke Konishi Cc: Pavel Skripkin , Andrew Morton , linux-nilfs , LKML , Nanyong Sun , =?UTF-8?B?5oWV5Yas5Lqu?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 22, 2022 at 12:22 PM Ryusuke Konishi wrote: > > Hi Dongliang, > > On Sat, Jan 22, 2022 at 9:31 AM Dongliang Mu wrote: > > > (added Nanyong Sun to CC) > > > Hi Dongliang, > > > > > > On Thu, Jan 20, 2022 at 11:07 PM Pavel Skripkin wrote: > > > > > > > > > Hi Dongliang, > > > > > > On 1/20/22 16:44, Dongliang Mu wrote: > > > > > > The preivous commit 8fd0c1b0647a ("nilfs2: fix memory leak in > > > nilfs_sysfs_delete_device_group") only handles the memory leak in the > > > nilfs_sysfs_delete_device_group. However, the similar memory leak still > > > occurs in the nilfs_sysfs_create_device_group. > > > > > > Fix it by adding kobject_del when > > > kobject_init_and_add succeeds, but one of the following calls fails. > > > > > > Fixes: 8fd0c1b0647a ("nilfs2: fix memory leak in nilfs_sysfs_delete_device_group") > > > > > > > > > Why Fixes tag points to my commit? This issue was introduced before my patch > > > > > > > > > As Pavel pointed out, this patch is independent of his patch. > > > The following one ? > > > > Hi Pavel, > > > > This is an incorrect fixes tag. I need to dig more about `git log -p > > fs/nilfs2/sysfs.c`. > > > > I wonder if there are any automatic or semi-automatic ways to capture > > this fixes tag. Or how do you guys identify the fixes tag? > > I guess `git blame fs/nilfs2/sysfs.c` may help you to confirm where the change > came from. It shows information of commits for every line of the input file. > If you are using github, 'blame button' is available. > > If an issue is reproducible, we use `git bisect` to identify the patch > that caused the > issue, however, even then, try to understand why and how it affected > by looking at > source code and the commit. > > > > > > > > > 5f5dec07aca7 ("nilfs2: fix memory leak in nilfs_sysfs_create_device_group") > > > > > > Signed-off-by: Dongliang Mu > > > --- > > > fs/nilfs2/sysfs.c | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > > > > Can you describe what memory leak issue does this patch actually fix ? > > > > > > It looks like kobject_put() can call __kobject_del() unless circular > > > references exist. > > > > > > kobject_put() -> kref_put() -> kobject_release() -> > > > kobject_cleanup() -> __kobject_del() > > > > > > As explained in Documentation/core-api/kobject.rst, > > > > > > kobject_del() can be used to drop the reference to the parent object, if > > > circular references are constructed. > > > > > > But, at least, the parent object is NULL in this case. > > > I really want to understand what the real problem is. > > > > > > Thanks, > > > Ryusuke Konishi > > > > I know where my problem is. From the disconnect function, I think the > > kobject_del and kobject_put are both necessary without checking the > > documentation of kobjects. > > > > Then I think the current error handling may miss kobject_del, and this > > patch is generated. > > > > As a result, I think we can ignore this patch. Sorry for my false alarm. > > Okay, thank you for your reply. > If you notice anything we missed on this difference, please let us know. Hi Ryusuke, My local syzkaller instance always complains about the following crash report no matter how many times I clean up the generated crash reports. BUG: memory leak unreferenced object 0xffff88812e902be0 (size 32): comm "syz-executor.2", pid 25972, jiffies 4295025942 (age 12.490s) hex dump (first 32 bytes): 6c 6f 6f 70 32 00 00 00 00 00 00 00 00 00 00 00 loop2........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kstrdup+0x36/0x70 mm/util.c:60 [] kstrdup_const+0x53/0x80 mm/util.c:83 [] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48 [] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289 [] kobject_add_varg lib/kobject.c:384 [inline] [] kobject_init_and_add+0x6d/0xc0 lib/kobject.c:473 [] nilfs_sysfs_create_device_group+0x9a/0x3d0 fs/nilfs2/sysfs.c:991 [] init_nilfs+0x420/0x580 fs/nilfs2/the_nilfs.c:637 [] nilfs_fill_super fs/nilfs2/super.c:1046 [inline] [] nilfs_mount+0x532/0x8c0 fs/nilfs2/super.c:1316 [] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610 [] vfs_get_tree+0x28/0x100 fs/super.c:1497 [] do_new_mount fs/namespace.c:3024 [inline] [] path_mount+0xb92/0xfe0 fs/namespace.c:3354 [] do_mount+0xa1/0xc0 fs/namespace.c:3367 [] __do_sys_mount fs/namespace.c:3575 [inline] [] __se_sys_mount fs/namespace.c:3552 [inline] [] __x64_sys_mount+0xf4/0x160 fs/namespace.c:3552 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae Unfortunately, there is no reproducer attached to the crash report. But I still think there should be another issue in the code. > > Regards, > Ryusuke Konishi