[bug report] kmemleak observed during blktests nvme-tcp

[Yi Zhang]

oops, the kmemleak still exists:

# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8882a4cc6000 (size 4096):
  comm "kworker/u32:6", pid 116, jiffies 4294699939 (age 1614.355s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 03 10 03 1f 00 00 00  ................
  backtrace:
    [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
    [<ffffffffc08cc68e>] nvme_identify_ns+0xae/0x230 [nvme_core]
    [<ffffffffc08cc8b9>] nvme_ns_info_from_identify+0x99/0x4a0 [nvme_core]
    [<ffffffffc08e0696>] nvme_scan_ns+0x1b6/0x460 [nvme_core]
    [<ffffffffc08e0ae2>] nvme_scan_ns_list+0x192/0x4f0 [nvme_core]
    [<ffffffffc08e1271>] nvme_scan_work+0x2f1/0xa30 [nvme_core]
    [<ffffffff85e98629>] process_one_work+0x8b9/0x1550
    [<ffffffff85e9987c>] worker_thread+0x5ac/0xed0
    [<ffffffff85eb2902>] kthread+0x2a2/0x340
    [<ffffffff85c062cc>] ret_from_fork+0x2c/0x50
unreferenced object 0xffff88829782bc00 (size 512):
  comm "nvme", pid 1539, jiffies 4294914967 (age 1399.449s)
  hex dump (first 32 bytes):
    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
    ff ff ff ff ff ff ff ff a0 73 bf 8d ff ff ff ff  .........s......
  backtrace:
    [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
    [<ffffffff873658c5>] device_add+0x645/0x12f0
    [<ffffffff867c38e3>] cdev_device_add+0xf3/0x230
    [<ffffffffc08c77c6>] nvme_init_ctrl+0xbe6/0x1140 [nvme_core]
    [<ffffffffc1ab0e0c>] 0xffffffffc1ab0e0c
    [<ffffffffc0d38177>] 0xffffffffc0d38177
    [<ffffffffc0d38613>] 0xffffffffc0d38613
    [<ffffffff867b5056>] vfs_write+0x216/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff88824216a880 (size 96):
  comm "nvme", pid 1539, jiffies 4294914968 (age 1399.448s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
    [<ffffffff87395fa0>] dev_pm_qos_update_user_latency_tolerance+0xe0/0x200
    [<ffffffffc08c783c>] nvme_init_ctrl+0xc5c/0x1140 [nvme_core]
    [<ffffffffc1ab0e0c>] 0xffffffffc1ab0e0c
    [<ffffffffc0d38177>] 0xffffffffc0d38177
    [<ffffffffc0d38613>] 0xffffffffc0d38613
    [<ffffffff867b5056>] vfs_write+0x216/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff8881b00f4900 (size 64):
  comm "check", pid 1587, jiffies 4294922730 (age 1391.686s)
  hex dump (first 32 bytes):
    44 48 48 43 2d 31 3a 30 30 3a 79 68 33 70 6f 45  DHHC-1:00:yh3poE
    61 47 37 31 68 45 69 2f 33 42 41 75 54 2f 61 6c  aG71hEi/3BAuT/al
  backtrace:
    [<ffffffff86564d3b>] __kmalloc+0x4b/0x190
    [<ffffffffc08d5841>] nvme_ctrl_dhchap_secret_store+0x111/0x360 [nvme_core]
    [<ffffffff869ce038>] kernfs_fop_write_iter+0x358/0x530
    [<ffffffff867b5642>] vfs_write+0x802/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff8882b4567700 (size 64):
  comm "check", pid 1587, jiffies 4294922738 (age 1391.678s)
  hex dump (first 32 bytes):
    44 48 48 43 2d 31 3a 30 30 3a 79 68 33 70 6f 45  DHHC-1:00:yh3poE
    61 47 37 31 68 45 69 2f 33 42 41 75 54 2f 61 6c  aG71hEi/3BAuT/al
  backtrace:
    [<ffffffff86564d3b>] __kmalloc+0x4b/0x190
    [<ffffffffc08d5841>] nvme_ctrl_dhchap_secret_store+0x111/0x360 [nvme_core]
    [<ffffffff869ce038>] kernfs_fop_write_iter+0x358/0x530
    [<ffffffff867b5642>] vfs_write+0x802/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff8882b6fbe000 (size 512):
  comm "nvme", pid 1934, jiffies 4294932235 (age 1382.239s)
  hex dump (first 32 bytes):
    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
    ff ff ff ff ff ff ff ff a0 73 bf 8d ff ff ff ff  .........s......
  backtrace:
    [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
    [<ffffffff873658c5>] device_add+0x645/0x12f0
    [<ffffffff867c38e3>] cdev_device_add+0xf3/0x230
    [<ffffffffc08c77c6>] nvme_init_ctrl+0xbe6/0x1140 [nvme_core]
    [<ffffffffc1ab0e0c>] 0xffffffffc1ab0e0c
    [<ffffffffc0d38177>] 0xffffffffc0d38177
    [<ffffffffc0d38613>] 0xffffffffc0d38613
    [<ffffffff867b5056>] vfs_write+0x216/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff888288a53b80 (size 96):
  comm "nvme", pid 1934, jiffies 4294932237 (age 1382.237s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
    [<ffffffff87395fa0>] dev_pm_qos_update_user_latency_tolerance+0xe0/0x200
    [<ffffffffc08c783c>] nvme_init_ctrl+0xc5c/0x1140 [nvme_core]
    [<ffffffffc1ab0e0c>] 0xffffffffc1ab0e0c
    [<ffffffffc0d38177>] 0xffffffffc0d38177
    [<ffffffffc0d38613>] 0xffffffffc0d38613
    [<ffffffff867b5056>] vfs_write+0x216/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff88829e6a3b80 (size 64):
  comm "check", pid 1981, jiffies 4294936167 (age 1378.307s)
  hex dump (first 32 bytes):
    44 48 48 43 2d 31 3a 30 30 3a 61 56 6f 56 44 4f  DHHC-1:00:aVoVDO
    79 69 31 6c 59 33 74 79 77 47 33 6a 4f 6e 37 33  yi1lY3tywG3jOn73
  backtrace:
    [<ffffffff86564d3b>] __kmalloc+0x4b/0x190
    [<ffffffffc08d5841>] nvme_ctrl_dhchap_secret_store+0x111/0x360 [nvme_core]
    [<ffffffff869ce038>] kernfs_fop_write_iter+0x358/0x530
    [<ffffffff867b5642>] vfs_write+0x802/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff88829e6a3a80 (size 64):
  comm "check", pid 1981, jiffies 4294936885 (age 1377.589s)
  hex dump (first 32 bytes):
    44 48 48 43 2d 31 3a 30 30 3a 61 56 6f 56 44 4f  DHHC-1:00:aVoVDO
    79 69 31 6c 59 33 74 79 77 47 33 6a 4f 6e 37 33  yi1lY3tywG3jOn73
  backtrace:
    [<ffffffff86564d3b>] __kmalloc+0x4b/0x190
    [<ffffffffc08d5841>] nvme_ctrl_dhchap_secret_store+0x111/0x360 [nvme_core]
    [<ffffffff869ce038>] kernfs_fop_write_iter+0x358/0x530
    [<ffffffff867b5642>] vfs_write+0x802/0xc60
    [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
    [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
    [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc


On Thu, Apr 27, 2023 at 3:24 PM Yi Zhang <yi.zhang at redhat.com> wrote:
>
> Hi Chaitanya
>
> The kmemleak in [1] is fixed by your patch, but there still has
> one[2], would you mind checking it, thanks.
>
> [1]
> nvme_ctrl_dhchap_secret_store
> cdev_device_add
>
> [2]
> unreferenced object 0xffff888288a53b80 (size 96):
>   comm "nvme", pid 1934, jiffies 4294932237 (age 237.359s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<ffffffff86564437>] kmalloc_trace+0x27/0xe0
>     [<ffffffff87395fa0>] dev_pm_qos_update_user_latency_tolerance+0xe0/0x200
>     [<ffffffffc08c783c>] nvme_init_ctrl+0xc5c/0x1140 [nvme_core]
>     [<ffffffffc1ab0e0c>] 0xffffffffc1ab0e0c
>     [<ffffffffc0d38177>] 0xffffffffc0d38177
>     [<ffffffffc0d38613>] 0xffffffffc0d38613
>     [<ffffffff867b5056>] vfs_write+0x216/0xc60
>     [<ffffffff867b62e9>] ksys_write+0xf9/0x1d0
>     [<ffffffff881adc4c>] do_syscall_64+0x5c/0x90
>     [<ffffffff882000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
>
> On Wed, Apr 26, 2023 at 4:34 PM Chaitanya Kulkarni
> <chaitanyak at nvidia.com> wrote:
> >
> > On 4/26/23 01:23, Chaitanya Kulkarni wrote:
> > >
> > >>>> [<ffffffff86f646ab>] __kmalloc+0x4b/0x190
> > >>>>       [<ffffffffc09fb710>]
> > >>>> nvme_ctrl_dhchap_secret_store+0x110/0x350 [nvme_core]
> > >>>>       [<ffffffff873cc848>] kernfs_fop_write_iter+0x358/0x530
> > >>>>       [<ffffffff871b47d2>] vfs_write+0x802/0xc60
> > >>>>       [<ffffffff871b5479>] ksys_write+0xf9/0x1d0
> > >>>>       [<ffffffff88ba8f9c>] do_syscall_64+0x5c/0x90
> > >>>>       [<ffffffff88c000aa>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
> > >
> > > can you check if following fixes your problem for dhchap ?
> > >
> > >
> > > linux-block (for-next) # git diff
> > > diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> > > index 1bfd52eae2ee..0e22d048de3c 100644
> > > --- a/drivers/nvme/host/core.c
> > > +++ b/drivers/nvme/host/core.c
> > > @@ -3825,8 +3825,10 @@ static ssize_t
> > > nvme_ctrl_dhchap_secret_store(struct device *dev,
> > >                 int ret;
> > >
> > >                 ret = nvme_auth_generate_key(dhchap_secret, &key);
> > > -               if (ret)
> > > +               if (ret) {
> > > +                       kfree(dhchap_secret);
> > >                         return ret;
> > > +               }
> > >                 kfree(opts->dhchap_secret);
> > >                 opts->dhchap_secret = dhchap_secret;
> > >                 host_key = ctrl->host_key;
> > > @@ -3879,8 +3881,10 @@ static ssize_t
> > > nvme_ctrl_dhchap_ctrl_secret_store(struct device *dev,
> > >                 int ret;
> > >
> > >                 ret = nvme_auth_generate_key(dhchap_secret, &key);
> > > -               if (ret)
> > > +               if (ret) {
> > > +                       kfree(dhchap_secret);
> > >                         return ret;
> > > +               }
> > >                 kfree(opts->dhchap_ctrl_secret);
> > >                 opts->dhchap_ctrl_secret = dhchap_secret;
> > >                 ctrl_key = ctrl->ctrl_key;
> > >
> > > -ck
> > >
> > >
> >
> > sorry my forget to add ida changes, plz ignore earlier and try this :-
> >
> > linux-block (for-next) # git diff
> > diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> > index 1bfd52eae2ee..bb376cc6a5a3 100644
> > --- a/drivers/nvme/host/core.c
> > +++ b/drivers/nvme/host/core.c
> > @@ -3825,8 +3825,10 @@ static ssize_t
> > nvme_ctrl_dhchap_secret_store(struct device *dev,
> >                  int ret;
> >
> >                  ret = nvme_auth_generate_key(dhchap_secret, &key);
> > -               if (ret)
> > +               if (ret) {
> > +                       kfree(dhchap_secret);
> >                          return ret;
> > +               }
> >                  kfree(opts->dhchap_secret);
> >                  opts->dhchap_secret = dhchap_secret;
> >                  host_key = ctrl->host_key;
> > @@ -3879,8 +3881,10 @@ static ssize_t
> > nvme_ctrl_dhchap_ctrl_secret_store(struct device *dev,
> >                  int ret;
> >
> >                  ret = nvme_auth_generate_key(dhchap_secret, &key);
> > -               if (ret)
> > +               if (ret) {
> > +                       kfree(dhchap_secret);
> >                          return ret;
> > +               }
> >                  kfree(opts->dhchap_ctrl_secret);
> >                  opts->dhchap_ctrl_secret = dhchap_secret;
> >                  ctrl_key = ctrl->ctrl_key;
> > @@ -4042,8 +4046,10 @@ int nvme_cdev_add(struct cdev *cdev, struct
> > device *cdev_device,
> >          cdev_init(cdev, fops);
> >          cdev->owner = owner;
> >          ret = cdev_device_add(cdev, cdev_device);
> > -       if (ret)
> > +       if (ret) {
> >                  put_device(cdev_device);
> > +               ida_free(&nvme_ns_chr_minor_ida, MINOR(cdev_device->devt));
> > +       }
> >
> >          return ret;
> >   }
> >
> >
> > with above patch I was able to get this :-
> >
> > blktests (master) # ./check nvme/044
> > nvme/044 (Test bi-directional authentication) [passed]
> >      runtime  1.729s  ...  1.892s
> > blktests (master) # ./check nvme/045
> > nvme/045 (Test re-authentication) [passed]
> >      runtime  4.798s  ...  6.303s
> >
> > -ck
> >
> >
>
>
> --
> Best Regards,
>   Yi Zhang



-- 
Best Regards,
  Yi Zhang