From: Catalin Marinas <catalin.marinas@arm.com>
To: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
"Linux Kernel, Mailing List" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: [BUG] kmemleak on __radix_tree_preload
Date: Wed, 7 May 2014 12:39:28 +0100 [thread overview]
Message-ID: <20140507113928.GB17253@arm.com> (raw)
In-Reply-To: <1399431488.13268.29.camel@kjgkr>
On Wed, May 07, 2014 at 03:58:08AM +0100, Jaegeuk Kim wrote:
> And then when I tested again with Catalin's patch, it still throws the
> following warning.
> Is it false alarm?
BTW, you can try this kmemleak branch:
git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64.git kmemleak
> unreferenced object 0xffff880004226da0 (size 576):
> comm "fsstress", pid 14590, jiffies 4295191259 (age 706.308s)
> hex dump (first 32 bytes):
> 01 00 00 00 81 ff ff ff 00 00 00 00 00 00 00 00 ................
> 50 89 34 81 ff ff ff ff b8 6d 22 04 00 88 ff ff P.4......m".....
> backtrace:
> [<ffffffff816c02e8>] kmemleak_update_trace+0x58/0x80
> [<ffffffff81349517>] radix_tree_node_alloc+0x77/0xa0
> [<ffffffff81349718>] __radix_tree_create+0x1d8/0x230
> [<ffffffff8113286c>] __add_to_page_cache_locked+0x9c/0x1b0
> [<ffffffff811329a8>] add_to_page_cache_lru+0x28/0x80
> [<ffffffff81132f58>] grab_cache_page_write_begin+0x98/0xf0
> [<ffffffffa02e4bf4>] f2fs_write_begin+0xb4/0x3c0 [f2fs]
> [<ffffffff81131b77>] generic_perform_write+0xc7/0x1c0
> [<ffffffff81133b7d>] __generic_file_aio_write+0x1cd/0x3f0
> [<ffffffff81133dfe>] generic_file_aio_write+0x5e/0xe0
> [<ffffffff81195c5a>] do_sync_write+0x5a/0x90
> [<ffffffff811968d2>] vfs_write+0xc2/0x1d0
> [<ffffffff81196daf>] SyS_write+0x4f/0xb0
> [<ffffffff816dead2>] system_call_fastpath+0x16/0x1b
> [<ffffffffffffffff>] 0xffffffffffffffff
OK, it shows that the allocation happens via add_to_page_cache_locked()
and I guess it's page_cache_tree_insert() which calls
__radix_tree_create() (the latter reusing the preloaded node). I'm not
familiar enough to this code (radix-tree.c and filemap.c) to tell where
the node should have been freed, who keeps track of it.
At a quick look at the hex dump (assuming that the above leak is struct
radix_tree_node):
.path = 1
.count = -0x7f (or 0xffffff81 as unsigned int)
union {
{
.parent = NULL
.private_data = 0xffffffff81348950
}
{
.rcu_head.next = NULL
.rcu_head.func = 0xffffffff81348950
}
}
The count is a bit suspicious.
>From the union, it looks most likely like rcu_head information. Is
radix_tree_node_rcu_free() function at the above rcu_head.func?
Could you please send us your .config file?
Also, if you run echo scan > /sys/kernel/debug/kmemleak a few times, do
any of the above leaks disappear (in case the above are some transient
rcu freeing reports; normally this shouldn't happen as the objects are
still referred but I'll look at the relevant code once I have your
.config).
Thanks.
--
Catalin
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
"Linux Kernel, Mailing List" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: [BUG] kmemleak on __radix_tree_preload
Date: Wed, 7 May 2014 12:39:28 +0100 [thread overview]
Message-ID: <20140507113928.GB17253@arm.com> (raw)
In-Reply-To: <1399431488.13268.29.camel@kjgkr>
On Wed, May 07, 2014 at 03:58:08AM +0100, Jaegeuk Kim wrote:
> And then when I tested again with Catalin's patch, it still throws the
> following warning.
> Is it false alarm?
BTW, you can try this kmemleak branch:
git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64.git kmemleak
> unreferenced object 0xffff880004226da0 (size 576):
> comm "fsstress", pid 14590, jiffies 4295191259 (age 706.308s)
> hex dump (first 32 bytes):
> 01 00 00 00 81 ff ff ff 00 00 00 00 00 00 00 00 ................
> 50 89 34 81 ff ff ff ff b8 6d 22 04 00 88 ff ff P.4......m".....
> backtrace:
> [<ffffffff816c02e8>] kmemleak_update_trace+0x58/0x80
> [<ffffffff81349517>] radix_tree_node_alloc+0x77/0xa0
> [<ffffffff81349718>] __radix_tree_create+0x1d8/0x230
> [<ffffffff8113286c>] __add_to_page_cache_locked+0x9c/0x1b0
> [<ffffffff811329a8>] add_to_page_cache_lru+0x28/0x80
> [<ffffffff81132f58>] grab_cache_page_write_begin+0x98/0xf0
> [<ffffffffa02e4bf4>] f2fs_write_begin+0xb4/0x3c0 [f2fs]
> [<ffffffff81131b77>] generic_perform_write+0xc7/0x1c0
> [<ffffffff81133b7d>] __generic_file_aio_write+0x1cd/0x3f0
> [<ffffffff81133dfe>] generic_file_aio_write+0x5e/0xe0
> [<ffffffff81195c5a>] do_sync_write+0x5a/0x90
> [<ffffffff811968d2>] vfs_write+0xc2/0x1d0
> [<ffffffff81196daf>] SyS_write+0x4f/0xb0
> [<ffffffff816dead2>] system_call_fastpath+0x16/0x1b
> [<ffffffffffffffff>] 0xffffffffffffffff
OK, it shows that the allocation happens via add_to_page_cache_locked()
and I guess it's page_cache_tree_insert() which calls
__radix_tree_create() (the latter reusing the preloaded node). I'm not
familiar enough to this code (radix-tree.c and filemap.c) to tell where
the node should have been freed, who keeps track of it.
At a quick look at the hex dump (assuming that the above leak is struct
radix_tree_node):
.path = 1
.count = -0x7f (or 0xffffff81 as unsigned int)
union {
{
.parent = NULL
.private_data = 0xffffffff81348950
}
{
.rcu_head.next = NULL
.rcu_head.func = 0xffffffff81348950
}
}
The count is a bit suspicious.
>From the union, it looks most likely like rcu_head information. Is
radix_tree_node_rcu_free() function at the above rcu_head.func?
Could you please send us your .config file?
Also, if you run echo scan > /sys/kernel/debug/kmemleak a few times, do
any of the above leaks disappear (in case the above are some transient
rcu freeing reports; normally this shouldn't happen as the objects are
still referred but I'll look at the relevant code once I have your
.config).
Thanks.
--
Catalin
next prev parent reply other threads:[~2014-05-07 11:40 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-25 1:45 [BUG] kmemleak on __radix_tree_preload Jaegeuk Kim
2014-04-25 1:45 ` Jaegeuk Kim
2014-05-01 17:06 ` Catalin Marinas
2014-05-01 17:06 ` Catalin Marinas
2014-05-01 18:41 ` Johannes Weiner
2014-05-01 18:41 ` Johannes Weiner
2014-05-07 2:58 ` Jaegeuk Kim
2014-05-07 2:58 ` Jaegeuk Kim
2014-05-07 11:39 ` Catalin Marinas [this message]
2014-05-07 11:39 ` Catalin Marinas
2014-05-08 9:16 ` Jaegeuk Kim
2014-05-08 9:16 ` Jaegeuk Kim
2014-05-08 9:26 ` Catalin Marinas
2014-05-08 9:26 ` Catalin Marinas
2014-05-08 9:37 ` Jaegeuk Kim
2014-05-08 9:37 ` Jaegeuk Kim
2014-05-08 10:24 ` Catalin Marinas
2014-05-08 10:24 ` Catalin Marinas
2014-05-08 15:00 ` Paul E. McKenney
2014-05-08 15:00 ` Paul E. McKenney
2014-05-08 15:29 ` Catalin Marinas
2014-05-08 15:29 ` Catalin Marinas
2014-05-08 15:53 ` Paul E. McKenney
2014-05-08 15:53 ` Paul E. McKenney
2014-05-08 16:52 ` Catalin Marinas
2014-05-08 16:52 ` Catalin Marinas
2014-05-09 0:06 ` Jaegeuk Kim
2014-05-09 0:06 ` Jaegeuk Kim
2014-05-08 17:52 ` Johannes Weiner
2014-05-08 17:52 ` Johannes Weiner
2014-05-08 21:40 ` Catalin Marinas
2014-05-08 21:40 ` Catalin Marinas
2014-05-09 0:01 ` Jaegeuk Kim
2014-05-09 0:01 ` Jaegeuk Kim
2014-05-09 9:45 ` Catalin Marinas
2014-05-09 9:45 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140507113928.GB17253@arm.com \
--to=catalin.marinas@arm.com \
--cc=hannes@cmpxchg.org \
--cc=jaegeuk.kim@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.