Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1614751pxp; Sat, 12 Mar 2022 16:01:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJwiWu5z3c10VZqzkE82XCWIfHsj9Chw+y4pP1tliVq0pQTXn7JUKKYvtXVQvPgez3/xL18W X-Received: by 2002:a17:90a:9ac:b0:1bf:a3e2:3f5c with SMTP id 41-20020a17090a09ac00b001bfa3e23f5cmr17899106pjo.105.1647129709877; Sat, 12 Mar 2022 16:01:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1647129709; cv=none; d=google.com; s=arc-20160816; b=izU9RgkJGTtyWqkWsdOsFMNqPJKtPCeVuG1mBYjh6DCviBghyNcVP/MUx7VfMCMyBd biVy/f/XHUlBlboeYzPOPDH3zXKQ7D8k2QMLzmy04GtjZoHuo9816nfWkoKJTEwbAoUi j9UG1Fry7SXuUt6RBCBLYWgW6t6B8w1sFE0ZcetzWGE8caSn0jJkHMF7mGRcGDI0Ic7P dA4iGsyxrnpWLs8fpr9qOr78H+9oKzaDjn77Kb15yJ/Wlwzx+HLC8AHEohwApWDtfGDg U3qWxattAPSyVAiX9fIU9n0+c3Vdq5UpVNzZtuXI+gktXSSlzj1POyrkZhaPKJqtlCY9 0V9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=K98030A73zLeeoJmJeXlU5g/68giFukC00BYhoPQePQ=; b=m8mEGHWmCNIB/IFHoPN+kM0forUB0vo/ic+ESbUohEGwAMDwaTuOLShjy06XzwBiEc D16UxYsun9eW05FjNtw/3W9su6OQSdaKaGV8seqoJOIq/NxPSrV8tu/QQeMcpXOWRduv QAtKwu0a9PvnLbwI8zXpZJsSXPIk5XT+0mYyRWhF5uvQCk7eYXNh2yn6V6SpFyCKDXxW k5RC24yShXOdTyugfwuMebhqiq9O6EwLoZFoEVtDFtP5niQne9ajRdgtVYb4YnqgdoqD hkcqK8RpILIUBaVDwKH7Fx0t3A43SYYV0VhFp1lLb6IDtM4ltyrkhV/tqQQF6wTifoMB +Q1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=PJWpgYp3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b16-20020a170902b61000b0014fdfe42e17si11123618pls.202.2022.03.12.16.01.36; Sat, 12 Mar 2022 16:01:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=PJWpgYp3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231520AbiCLPM6 (ORCPT + 99 others); Sat, 12 Mar 2022 10:12:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230322AbiCLPM4 (ORCPT ); Sat, 12 Mar 2022 10:12:56 -0500 Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14D3A986C9; Sat, 12 Mar 2022 07:11:51 -0800 (PST) Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-2e2ca8d7812so61141417b3.13; Sat, 12 Mar 2022 07:11:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K98030A73zLeeoJmJeXlU5g/68giFukC00BYhoPQePQ=; b=PJWpgYp3y0X47kmD0RbKsQsv50e9EHMwVHy1fGRT7+xPaXqBBTyb8WJlhz4aXeUmX+ i/3bK+Je/HlZShOGXMYLYxN8oXmb99quNJJx73gq2YNhS/zrIYHouDgIdJbmubBv3OuI CmqGu9lIl7ghHJWkSKX9hghFz17XkbYgrbjZwN4adnQB6VYn2hZxYkf3esSi2cizPCYO x/lxj1iA4z9/8HKKCZ0vJ44SQwHL6aPsIBD+vkNEzWVlYfPHTyph1K/kXboaRa1azVti dKpzLi75jl/Y9F8YUU0blFYSbja9ClzAVi4UWckQF+sgJUsoCyJRwIVjr3Uow+TxaeAz O32Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K98030A73zLeeoJmJeXlU5g/68giFukC00BYhoPQePQ=; b=18osgWswvog/8QmBv4l5Ub1ZOGv2t20r2nO15Q/9UESbAGClJtBvrECsHA0ozj0jaw /TmYgyygyDzZhWvVKQ9mCSM1a07z6RmnwQUwMj7Pjt0pi2MNJJvZ5ybien0iGQ1eD64d CznLyNid9e3EKxByw34U904WcRR+Ya6UXPwUxVDFakLwdgm/eJxtioAQBWywrgEXJ5eq PsZF3YDDRNmTNlqyEaiYuY0ABVXXyxEv96Or1EUy7ItsEBXHX9SvdQQcxoa3avcM/9Ae WYGIEc+EXIWTEAaGvOVrFfbid7qu6u/tx//IU2tdI7wECXMc1BXUkisXjW5WyWSC1Hov rx/A== X-Gm-Message-State: AOAM53337sOGqRLiGxfjDicoh6liAadqGetdEsyS3Q0K/SbKaoiw6E3e Buxq5a5BUU6o6g/nZ/ARKHk841RWcmtlzdPm37DgmgKD1fM= X-Received: by 2002:a81:9844:0:b0:2db:db74:f7db with SMTP id p65-20020a819844000000b002dbdb74f7dbmr12407164ywg.359.1647097910104; Sat, 12 Mar 2022 07:11:50 -0800 (PST) MIME-Version: 1.0 References: <3192BC90-D082-472B-B310-6E09A14A77C6@hust.edu.cn> In-Reply-To: From: Ryusuke Konishi Date: Sun, 13 Mar 2022 00:11:38 +0900 Message-ID: Subject: Re: Fw:Re: [PATCH] fs: nilfs2: fix memory leak in nilfs sysfs create device group To: Pavel Skripkin , Dongliang Mu Cc: Andrew Morton , linux-nilfs , LKML , Nanyong Sun , =?UTF-8?B?5oWV5Yas5Lqu?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Pavel, On Sat, Mar 12, 2022 at 11:20 PM Pavel Skripkin wrote: > > Hi Dongliang, > > On 3/9/22 11:30, Dongliang Mu wrote: > >> Now I am checking the log and trying to find error injection in the > >> log file, as said by Pavel. > > > > Attached is the report and log file. > > > > @Pavel Skripkin I don't find any useful error injection in the log file. > > > > In case I made some mistakes, I will clean up my local crash reports, > > update to the latest upstream kernel and restart the syzkaller. Let's > > see if the crash still occurs. > > The execution path is clear from the logs. Quick grep for nilfs shows > these lines > > [ 886.701044][T25972] NILFS (loop2): broken superblock, retrying with > spare superblock (blocksize = 1024) > [ 886.703251][T25972] NILFS (loop2): broken superblock, retrying with > spare superblock (blocksize = 4096) > [ 886.706454][T25972] NILFS (loop2): error -4 creating segctord thread > > So here is calltrace: > > nilfs_fill_super > nilfs_attach_log_writer > nilfs_segctor_start_thread <- failed > > > In case of nilfs_attach_log_writer() error code jumps to > failed_checkpoint label and calls destroy_nilfs() which should call > nilfs_sysfs_delete_device_group(). nilfs_sysfs_delete_device_group() is called in destroy_nilfs() if nilfs->ns_flags has THE_NILFS_INIT flag -- nilfs_init() inline function tests this flag. The flag is set after init_nilfs() succeeded at the beginning of nilfs_fill_super() because the set_nilfs_init() inline in init_nilfs() sets it. So, nilfs_sysfs_delete_group() seems to be called in case of the above failure. Am I missing something? Thanks, Ryusuke Konishi > > So I can really see how this leak is possible on top of current Linus' HEAD. > > > Also in the log there are onlyh 4 syz_mount_image$nilfs2 programs, so > only one of them may be a reproducer. If you have spare time you can try > to execute them using syz-execprog and see if it works :)) > > > > With regards, > Pavel Skripkin