Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3519775pxp; Tue, 8 Mar 2022 16:29:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyG8dBTkpK9dMQIu2Ob1A4GeY5yVxneUFlFb8X6VQcBk/pYsHE18/ub5mt4UNbq1WnUecov X-Received: by 2002:a05:6a00:1902:b0:4f6:939d:179c with SMTP id y2-20020a056a00190200b004f6939d179cmr20748912pfi.43.1646785793107; Tue, 08 Mar 2022 16:29:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646785793; cv=none; d=google.com; s=arc-20160816; b=pOa16xMoD3nqONTxvwxO8YgO+mRhp4L1etaRvHHr9/xUa3Ak9P+xmd8ZSjMsHDVNPt jidanBDOgrBpVe9YsWW5vmOInWG2hH8ONi8L+EUAnMnS6dW8SnW7XIf3tT/9ovzxBPdK BRU1tvR3Hqw+TJoMg+1z9U//bCSYX9FoPHLHffWoJScw8r1RthKp/KLMrF6pMbiAb2hB qbl0ZSHqhmQAyC4iM75Fs1q/smmi9+rfuSF4LilN4opNqnVhsl/uxB6C73TmaMJMLUSO Mq57T86Rl4mTBJ7rpoI7bD9+Fd+q5R6IDFZMlu+BRE4Vp6u2oCZEgC4X9cEQ/A6JT6gD iGMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RJwREQe2rzsaUUGeqr/8vwfZc2NQhjWpufINTjklvZI=; b=KPxMk5eAF/KM+t5ZjEvPoAHvuKc7sWUWEGr+uvBY1ekHN5/wkdw7dxQuuCbfYLQRKs qHU2FK49DcowAIdutlZPXTqVcrKnaYgPWLu0dd7rETMlypc2sXjsSUSSeqIOSc8ru6eN Q82DS5RnKzV7Tnh7g7qDercWB6seroVbGOYQlumvjN71B6PDWi9YvJQ38/StFZSJmduQ a7LHwLtr5l13c2OxuTBiTqQhiN65ggg8yvq5j80im5Dt9qj5myG9o1ImSz8BA6isfLRz EYtPnpeyjI72Tgccz2OrLlLab0pXdsXvZDVwZK/v9Ze/j9EwL6gYhEagAG++CpgwHqM3 GC8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=GxdqOvf3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id o3-20020a656a43000000b00378bc8835c0si426966pgu.762.2022.03.08.16.29.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Mar 2022 16:29:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=GxdqOvf3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 44411C55B7; Tue, 8 Mar 2022 15:49:03 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345053AbiCHInp (ORCPT + 99 others); Tue, 8 Mar 2022 03:43:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232253AbiCHIno (ORCPT ); Tue, 8 Mar 2022 03:43:44 -0500 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14B18289B3; Tue, 8 Mar 2022 00:42:48 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id hw13so37399669ejc.9; Tue, 08 Mar 2022 00:42:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RJwREQe2rzsaUUGeqr/8vwfZc2NQhjWpufINTjklvZI=; b=GxdqOvf3fZbSHFWFsSAHXHL0EDWTrSTIrguz0lZMpsIB+QjCDpe+n163V35HQjJAND xwioITH8uAJa2NztY6Z4KaECyn5IymbrAeNjaqFI7LLGY4rMrePpNdXC0M1pX/LjwNs0 2KcgEuidjDEN30w8bKYiFJVecPqkfFeZhdn6OBkXDsGLv3QQo4/bG3wYgBqKob9sGDL+ Tu3xlNA9nSraytJ9BPpLPSzh0R/rjfAeclDT998z1bmhUQU70W/uVnRZ7coBFQA88z4l Hy9r0oDTJ2B4AWJRlHMSNvIuxKD1f1UIZkS5QB/APH8ZNGqGIKxnJO5ff54DM7mTtvZS YIXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RJwREQe2rzsaUUGeqr/8vwfZc2NQhjWpufINTjklvZI=; b=p1Z+1i2sPf5gDTrehHbknh+GPftUXyvVN6igSL4cQLx3PYEdtT/l6XisgTk9f13czi d9A2cwmEukL+Q1f2O9xN1xrvKTYJWg5RaaSe1g5V/TNdf3mbZ3JEA0B/FI6pIhlOVldD SpdCmTob05YsYMNjCOn0A+bNHFPkXE4L+ag8b2MfWt1btf4ktxFrimBMfeOvlQavw+0f 61srGRYlgPyhGloAgi8QL/bZHCeyivFsNA57Y6r1rAb9Mb/AHIfojKqYwaBlH4MD1eb2 ydG9j2CnsveHeS3naenc2I0IU07Lp5/JG6AeGERjy3sD0tG08R6BZfhG9fuQJX8BSrRI qH4g== X-Gm-Message-State: AOAM5303UsbVu8YmZnxXUOjAnneWwcqZTtKZ4BOx9yHU2xwufEZjL68h gwckxvH4Yf4kxo6b14rJB8dfpun8gYzeN3p2PDc= X-Received: by 2002:a17:907:9956:b0:6cf:cd25:c5a7 with SMTP id kl22-20020a170907995600b006cfcd25c5a7mr12074318ejc.635.1646728966454; Tue, 08 Mar 2022 00:42:46 -0800 (PST) MIME-Version: 1.0 References: <3192BC90-D082-472B-B310-6E09A14A77C6@hust.edu.cn> In-Reply-To: From: Dongliang Mu Date: Tue, 8 Mar 2022 16:42:20 +0800 Message-ID: Subject: Re: Fw:Re: [PATCH] fs: nilfs2: fix memory leak in nilfs sysfs create device group To: Ryusuke Konishi Cc: Pavel Skripkin , Andrew Morton , linux-nilfs , LKML , Nanyong Sun , =?UTF-8?B?5oWV5Yas5Lqu?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 8, 2022 at 4:31 PM Ryusuke Konishi wrote: > > Hi Dongliang, > > On Tue, Mar 8, 2022 at 11:22 AM Dongliang Mu wrote: > > > > On Sat, Jan 22, 2022 at 12:22 PM Ryusuke Konishi > > wrote: > > > > > > Hi Dongliang, > > > > > > On Sat, Jan 22, 2022 at 9:31 AM Dongliang Mu wrote: > > > > > (added Nanyong Sun to CC) > > > > > Hi Dongliang, > > > > > > > > > > On Thu, Jan 20, 2022 at 11:07 PM Pavel Skripkin wrote: > > > > > > > > > > > > > > > Hi Dongliang, > > > > > > > > > > On 1/20/22 16:44, Dongliang Mu wrote: > > > > > > > > > > The preivous commit 8fd0c1b0647a ("nilfs2: fix memory leak in > > > > > nilfs_sysfs_delete_device_group") only handles the memory leak in the > > > > > nilfs_sysfs_delete_device_group. However, the similar memory leak still > > > > > occurs in the nilfs_sysfs_create_device_group. > > > > > > > > > > Fix it by adding kobject_del when > > > > > kobject_init_and_add succeeds, but one of the following calls fails. > > > > > > > > > > Fixes: 8fd0c1b0647a ("nilfs2: fix memory leak in nilfs_sysfs_delete_device_group") > > > > > > > > > > > > > > > Why Fixes tag points to my commit? This issue was introduced before my patch > > > > > > > > > > > > > > > As Pavel pointed out, this patch is independent of his patch. > > > > > The following one ? > > > > > > > > Hi Pavel, > > > > > > > > This is an incorrect fixes tag. I need to dig more about `git log -p > > > > fs/nilfs2/sysfs.c`. > > > > > > > > I wonder if there are any automatic or semi-automatic ways to capture > > > > this fixes tag. Or how do you guys identify the fixes tag? > > > > > > I guess `git blame fs/nilfs2/sysfs.c` may help you to confirm where the change > > > came from. It shows information of commits for every line of the input file. > > > If you are using github, 'blame button' is available. > > > > > > If an issue is reproducible, we use `git bisect` to identify the patch > > > that caused the > > > issue, however, even then, try to understand why and how it affected > > > by looking at > > > source code and the commit. > > > > > > > > > > > > > > > > > 5f5dec07aca7 ("nilfs2: fix memory leak in nilfs_sysfs_create_device_group") > > > > > > > > > > Signed-off-by: Dongliang Mu > > > > > --- > > > > > fs/nilfs2/sysfs.c | 5 ++++- > > > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > > > > > > > > > > Can you describe what memory leak issue does this patch actually fix ? > > > > > > > > > > It looks like kobject_put() can call __kobject_del() unless circular > > > > > references exist. > > > > > > > > > > kobject_put() -> kref_put() -> kobject_release() -> > > > > > kobject_cleanup() -> __kobject_del() > > > > > > > > > > As explained in Documentation/core-api/kobject.rst, > > > > > > > > > > kobject_del() can be used to drop the reference to the parent object, if > > > > > circular references are constructed. > > > > > > > > > > But, at least, the parent object is NULL in this case. > > > > > I really want to understand what the real problem is. > > > > > > > > > > Thanks, > > > > > Ryusuke Konishi > > > > > > > > I know where my problem is. From the disconnect function, I think the > > > > kobject_del and kobject_put are both necessary without checking the > > > > documentation of kobjects. > > > > > > > > Then I think the current error handling may miss kobject_del, and this > > > > patch is generated. > > > > > > > > As a result, I think we can ignore this patch. Sorry for my false alarm. > > > > > > Okay, thank you for your reply. > > > If you notice anything we missed on this difference, please let us know. > > > > Hi Ryusuke, > > > > My local syzkaller instance always complains about the following crash > > report no matter how many times I clean up the generated crash > > reports. > > > > BUG: memory leak > > unreferenced object 0xffff88812e902be0 (size 32): > > comm "syz-executor.2", pid 25972, jiffies 4295025942 (age 12.490s) > > hex dump (first 32 bytes): > > 6c 6f 6f 70 32 00 00 00 00 00 00 00 00 00 00 00 loop2........... > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > backtrace: > > [] kstrdup+0x36/0x70 mm/util.c:60 > > [] kstrdup_const+0x53/0x80 mm/util.c:83 > > [] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48 > > [] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289 > > [] kobject_add_varg lib/kobject.c:384 [inline] > > [] kobject_init_and_add+0x6d/0xc0 lib/kobject.c:473 > > [] nilfs_sysfs_create_device_group+0x9a/0x3d0 > > fs/nilfs2/sysfs.c:991 > > [] init_nilfs+0x420/0x580 fs/nilfs2/the_nilfs.c:637 > > [] nilfs_fill_super fs/nilfs2/super.c:1046 [inline] > > [] nilfs_mount+0x532/0x8c0 fs/nilfs2/super.c:1316 > > [] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610 > > [] vfs_get_tree+0x28/0x100 fs/super.c:1497 > > [] do_new_mount fs/namespace.c:3024 [inline] > > [] path_mount+0xb92/0xfe0 fs/namespace.c:3354 > > [] do_mount+0xa1/0xc0 fs/namespace.c:3367 > > [] __do_sys_mount fs/namespace.c:3575 [inline] > > [] __se_sys_mount fs/namespace.c:3552 [inline] > > [] __x64_sys_mount+0xf4/0x160 fs/namespace.c:3552 > > [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 > > [] entry_SYSCALL_64_after_hwframe+0x44/0xae > > > > Unfortunately, there is no reproducer attached to the crash report. > > But I still think there should be another issue in the code. > > The bug is happening in the call to kobject_init_and_add() in > nilfs_sysfs_create_device_group(). > So, it looks like a separate issue from your original patch. Is this right ? Yes, it may not be related to my patch. But it makes me confusing about the bug. > > Which version of kernel does this bug occur on ? > (Are you testing against the latest mainline kernel or some stable version?) I always test against the latest mainline kernel. Now I am checking the log and trying to find error injection in the log file, as said by Pavel. > > Thanks, > Ryusuke Konishi