[bug report] kmemleak osberved during blktests nvme/fc test
Daniel Wagner
dwagner at suse.de
Mon Jun 2 08:06:55 PDT 2025
Hi,
On Sat, May 31, 2025 at 10:08:40AM +0800, Yi Zhang wrote:
> Hello
> I found the following kmemleak issue during blktests nvme/fc with the
> latest linux-block/for-next, please help check it and let me know if you
> need any test/info for it, thanks.
I've tried to reproduce the kmemleaks by enabling
CONFIG_DEBUG_KMEMLEAK and
echo scan > /sys/kernel/debug/kmemleak
echo check > /sys/kernel/debug/kmemleak
but I don't get any reports. I've used 3bc1b5c03cbd ("Merge branch
'io_uring-6.16' into for-next")
> unreferenced object 0xffff88816cd58400 (size 192):
> comm "check", pid 24201, jiffies 4302692431
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 01 00 00 aa 00 11 00 10 ................
> 01 00 00 aa 00 11 00 20 b8 84 d5 6c 81 88 ff ff ....... ...l....
> backtrace (crc 9556a114):
> __kmalloc_noprof+0x442/0x5e0
> trace_raw_output_nvmet_req_init+0x3b3/0x450 [nvmet]
So that would be something in nvmet_req_init:
trace_nvmet_req_init(req, req->cmd);
though I can't spot it.
> fcloop_fcp_copy_data+0x6b5/0x770 [nvme_fcloop]
> kernfs_fop_write_iter+0x357/0x530
this looks really strange. No idea how we can end up from
kernfd_fop_write_iter to fcloop_fcp_copy_data.
> vfs_write+0x9bc/0xf60
> ksys_write+0xf3/0x1d0
> do_syscall_64+0x8c/0x3d0
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
> unreferenced object 0xffff888224353800 (size 1024):
> comm "check", pid 24479, jiffies 4302692654
> hex dump (first 32 bytes):
> 00 00 00 00 60 00 00 00 01 00 00 ab 00 11 00 10 ....`...........
> 01 00 00 ab 00 11 00 20 00 84 d5 6c 81 88 ff ff ....... ...l....
> backtrace (crc 9aae07c2):
> __kmalloc_noprof+0x442/0x5e0
> nvmet_ns_device_uuid_store+0x4c/0xf0 [nvmet]
> 0xffffffffc33aca5a
> kernfs_fop_write_iter+0x357/0x530
> vfs_write+0x9bc/0xf60
> ksys_write+0xf3/0x1d0
> do_syscall_64+0x8c/0x3d0
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
I don't see any allocation happening in nvmet_ns_device_uuid_store, the
code is just parsing the string into a fixed sized buffer.
> unreferenced object 0xffff88811e90ed00 (size 64):
> comm "kworker/u67:8", pid 24542, jiffies 4303041902
> hex dump (first 32 bytes):
> 00 38 35 24 82 88 ff ff 08 8d 53 40 81 88 ff ff .85$......S at ....
> 00 a8 8f e1 82 88 ff ff 00 19 5f b3 82 88 ff ff .........._.....
> backtrace (crc 45d8e045):
> __kmalloc_cache_noprof+0x411/0x4e0
> nvmet_ns_device_path_store+0x12/0x180 [nvmet]
> fcloop_create_remote_port+0x5d3/0x640 [nvme_fcloop]
> nvme_fc_handle_ls_rqst_work+0x77c/0xfe0 [nvme_fc]
> nvme_fc_fcpio_done+0x715/0xfb0 [nvme_fc]
> __nvme_fc_send_ls_req+0x750/0x1010 [nvme_fc]
> process_one_work+0x8cd/0x1950
> worker_thread+0x58d/0xcf0
> kthread+0x3d8/0x7a0
> ret_from_fork+0x406/0x510
> ret_from_fork_asm+0x1a/0x30
nvmet_ns_device_patch_store is not called from
fcloop_create_remote_port.
> unreferenced object 0xffff88846c4ac700 (size 128):
> comm "kworker/u65:101", pid 4587, jiffies 4296544937
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 20 00 00 00 01 00 00 00 08 ....... ........
> 05 00 00 00 00 00 00 00 00 00 00 02 00 00 00 08 ................
> backtrace (crc d98f69c0):
> __kmalloc_cache_noprof+0x411/0x4e0
> nvme_fc_rcv_ls_req+0x370/0x1080 [nvme_fc]
> fcloop_t2h_ls_req+0x173/0x3f0 [nvme_fcloop]
> __nvmet_fc_send_ls_req.constprop.0+0x5dc/0xee0 [nvmet_fc]
> nvmet_fc_target_assoc_free+0x675/0xab0 [nvmet_fc]
> nvmet_fc_delete_assoc_work+0x300/0x400 [nvmet_fc]
> process_one_work+0x8cd/0x1950
> worker_thread+0x58d/0xcf0
> kthread+0x3d8/0x7a0
> ret_from_fork+0x406/0x510
> ret_from_fork_asm+0x1a/0x30
This stack trace looks more reasonable and I thought I fixed this one
already. I'll double check.
> unreferenced object 0xffff888454806400 (size 192):
> comm "check", pid 2795, jiffies 4295104867
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 01 00 00 aa 00 11 00 10 ................
> 01 00 00 aa 00 11 00 20 b8 64 80 54 84 88 ff ff ....... .d.T....
> backtrace (crc 47ccaf54):
> __kmalloc_noprof+0x442/0x5e0
> nvme_fc_register_localport+0x453/0x1440 [nvme_fc]
> fcloop_create_local_port+0x265/0x520 [nvme_fcloop]
> kernfs_fop_write_iter+0x357/0x530
> vfs_write+0x9bc/0xf60
> ksys_write+0xf3/0x1d0
> do_syscall_64+0x8c/0x3d0
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
This looks like a localport is leaked and it should be fairly simple to
reproduce it for me...
> unreferenced object 0xffff8883f6377800 (size 1024):
> comm "check", pid 3079, jiffies 4295105085
> hex dump (first 32 bytes):
> 00 00 00 00 60 00 00 00 01 00 00 ab 00 11 00 10 ....`...........
> 01 00 00 ab 00 11 00 20 00 64 80 54 84 88 ff ff ....... .d.T....
> backtrace (crc 8e00bf47):
> __kmalloc_noprof+0x442/0x5e0
> nvme_fc_register_remoteport+0x2ec/0x1360 [nvme_fc]
> fcloop_create_remote_port+0x19a/0x640 [nvme_fcloop]
> kernfs_fop_write_iter+0x357/0x530
> vfs_write+0x9bc/0xf60
> ksys_write+0xf3/0x1d0
> do_syscall_64+0x8c/0x3d0
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
Same here.
Can you share a bit more how to you test for mem leaks?
Thanks,
Daniel
More information about the Linux-nvme
mailing list