From: "hch@lst.de" <hch@lst.de>
To: Bart Van Assche <Bart.VanAssche@sandisk.com>
Cc: linux-scsi@vger.kernel.org, linux-acpi@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak
Date: Thu, 26 Jan 2017 15:36:14 +0100 [thread overview]
Message-ID: <20170126143614.GA19849@lst.de> (raw)
In-Reply-To: <1485359225.3093.3.camel@sandisk.com>
On Wed, Jan 25, 2017 at 03:47:20PM +0000, Bart Van Assche wrote:
> =============================================================================
> BUG kmalloc-16 (Not tainted): Redzone overwritten
> -----------------------------------------------------------------------------
>
> Disabling lock debugging due to kernel taint
> INFO: 0xffff880030bacc78-0xffff880030bacc7f. First byte 0xf instead of 0xcc
> INFO: Allocated in irq_create_affinity_masks+0x5f/0x260 age=0 cpu=3 pid=812
> ___slab_alloc.constprop.79+0x482/0x4f0
> __slab_alloc.isra.75.constprop.78+0x55/0xa0
> __kmalloc+0x27c/0x310
> irq_create_affinity_masks+0x5f/0x260
This is the normal affinity mask allocation.
> __pci_enable_msix+0x314/0x4c0
> pci_alloc_irq_vectors_affinity+0xb7/0x140
> qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
> qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> bus_for_each_dev+0x66/0xa0
> driver_attach+0x1e/0x20
> bus_add_driver+0x200/0x270
> driver_register+0x60/0xe0
> __pci_register_driver+0x5d/0x60
> INFO: Freed in acpi_ns_get_node_unlocked+0x90/0xa4 age=0 cpu=3 pid=812
> __slab_free+0x176/0x310
> kfree+0x25e/0x2d0
> acpi_ns_get_node_unlocked+0x90/0xa4
> acpi_ns_get_node+0x3d/0x52
> acpi_get_handle+0x82/0x96
This on the other hand I don't understand acpi_ns_get_node_unlocked
only frees the object it allocated in the ACPI code using
acpi_ns_internalize_name. I can't really see any relation to the
affinity mask allocation.
> acpi_pci_irq_find_prt_entry+0x26e/0x2ae
> acpi_pci_irq_lookup+0x28/0x135
> acpi_pci_irq_enable+0x60/0x1f8
> pcibios_enable_device+0x2d/0x30
> do_pci_enable_device+0x64/0xf0
> pci_enable_device_flags+0xc5/0x110
> pci_enable_device_mem+0x13/0x20
> qla2x00_probe_one+0x14b/0x25f0 [qla2xxx]
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> INFO: Slab 0xffffea0000c2eb00 objects=23 used=21 fp=0xffff880030bacdc8 flags=0x4000000000008101
> INFO: Object 0xffff880030bacc68 @offset=3176 fp=0xffff880030bacf28
>
> Redzone ffff880030bacc60: cc cc cc cc cc cc cc cc ........
> Object ffff880030bacc68: ff 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 ................
> Redzone ffff880030bacc78: 0f 00 00 00 00 00 00 00 ........
> Padding ffff880030bacdb8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
> CPU: 3 PID: 812 Comm: modprobe Tainted: G B 4.10.0-rc5-dbg+ #9
> Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> Call Trace:
> dump_stack+0x85/0xc2
> print_trailer+0x162/0x260
> check_bytes_and_report+0xc5/0x110
> check_object+0x1da/0x2a0
> free_debug_processing+0x161/0x3d0
> ? debug_lockdep_rcu_enabled+0x1d/0x20
> ? __pci_enable_msix+0x41c/0x4c0
> __slab_free+0x176/0x310
> ? __pci_enable_msix+0x41c/0x4c0
> ? call_rcu+0x17/0x20
> ? kfree+0xe7/0x2d0
> ? __pci_enable_msix+0x41c/0x4c0
> ? __pci_enable_msix+0x41c/0x4c0
> kfree+0x25e/0x2d0
> __pci_enable_msix+0x41c/0x4c0
> pci_alloc_irq_vectors_affinity+0xb7/0x140
> qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
> qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
> ? __pm_runtime_resume+0x40/0x80
> ? trace_hardirqs_on_caller+0x128/0x1b0
> ? trace_hardirqs_on+0xd/0x10
> ? _raw_spin_unlock_irqrestore+0x4a/0x80
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> ? driver_probe_device+0x450/0x450
> bus_for_each_dev+0x66/0xa0
> driver_attach+0x1e/0x20
> bus_add_driver+0x200/0x270
> ? 0xffffffffa04eb000
> driver_register+0x60/0xe0
> ? 0xffffffffa04eb000
> __pci_register_driver+0x5d/0x60
> qla2x00_module_init+0x1c9/0x217 [qla2xxx]
> do_one_initcall+0x44/0x180
> ? rcu_read_lock_sched_held+0x72/0x80
> ? kmem_cache_alloc_trace+0x25b/0x2c0
> ? do_init_module+0x27/0x1f9
> do_init_module+0x5f/0x1f9
> load_module+0x2582/0x2a00
> ? __symbol_put+0x70/0x70
> ? kernel_read_file+0x10a/0x1a0
> ? kernel_read_file_from_fd+0x49/0x80
> SYSC_finit_module+0xbc/0xf0
> SyS_finit_module+0xe/0x10
> entry_SYSCALL_64_fastpath+0x23/0xc6
> RIP: 0033:0x7f05711388e9
> RSP: 002b:00007fff51d4a0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f05711388e9
> RDX: 0000000000000000 RSI: 000055c17ab4f720 RDI: 0000000000000004
> RBP: 00007fff51d49100 R08: 0000000000000000 R09: 0000000000000019
> R10: 0000000000000004 R11: 0000000000000246 R12: 000055c17ab4f570
> R13: 00007fff51d490e0 R14: 0000000000000005 R15: 0000000000040000
> FIX kmalloc-16: Restoring 0xffff880030bacc78-0xffff880030bacc7f=0xcc
>
> FIX kmalloc-16: Object at 0xffff880030bacc68 not freed
> scsi host2: qla2xxx
> qla2xxx [0000:00:09.0]-00fb:2: QLogic QLE2460 - QLogic 4GB FC Single-Port PCI-E HBA for IBM System x.
> qla2xxx [0000:00:09.0]-00fc:2: ISP2432: PCIe (2.5GT/s x4) @ 0000:00:09.0 hdma- host#=2 fw=8.03.00 (9496).
> qla2xxx [0000:00:0a.0]-001d: : Found an ISP2432 irq 10 iobase 0xffffc900000ad000.
> =============================================================================
> BUG kmalloc-16 (Tainted: G B ): Redzone overwritten
> -----------------------------------------------------------------------------
>
> INFO: 0xffff88006ff18dd8-0xffff88006ff18ddf. First byte 0xf instead of 0xcc
> INFO: Allocated in irq_create_affinity_masks+0x5f/0x260 age=0 cpu=2 pid=812
> ___slab_alloc.constprop.79+0x482/0x4f0
> __slab_alloc.isra.75.constprop.78+0x55/0xa0
> __kmalloc+0x27c/0x310
> irq_create_affinity_masks+0x5f/0x260
> __pci_enable_msix+0x314/0x4c0
> pci_alloc_irq_vectors_affinity+0xb7/0x140
> qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
> qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> bus_for_each_dev+0x66/0xa0
> driver_attach+0x1e/0x20
> bus_add_driver+0x200/0x270
> driver_register+0x60/0xe0
> __pci_register_driver+0x5d/0x60
> INFO: Freed in acpi_ns_get_node_unlocked+0x90/0xa4 age=1 cpu=2 pid=812
> __slab_free+0x176/0x310
> kfree+0x25e/0x2d0
> acpi_ns_get_node_unlocked+0x90/0xa4
> acpi_ns_get_node+0x3d/0x52
> acpi_get_handle+0x82/0x96
> acpi_pci_irq_find_prt_entry+0x26e/0x2ae
> acpi_pci_irq_lookup+0x28/0x135
> acpi_pci_irq_enable+0x60/0x1f8
> pcibios_enable_device+0x2d/0x30
> do_pci_enable_device+0x64/0xf0
> pci_enable_device_flags+0xc5/0x110
> pci_enable_device_mem+0x13/0x20
> qla2x00_probe_one+0x14b/0x25f0 [qla2xxx]
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> INFO: Slab 0xffffea0001bfc600 objects=23 used=22 fp=0xffff88006ff18f28 flags=0x4000000000008101
> INFO: Object 0xffff88006ff18dc8 @offset=3528 fp=0xffff88006ff18f28
>
> Redzone ffff88006ff18dc0: cc cc cc cc cc cc cc cc ........
> Object ffff88006ff18dc8: ff 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 ................
> Redzone ffff88006ff18dd8: 0f 00 00 00 00 00 00 00 ........
> Padding ffff88006ff18f18: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
> CPU: 2 PID: 812 Comm: modprobe Tainted: G B 4.10.0-rc5-dbg+ #9
> Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> Call Trace:
> dump_stack+0x85/0xc2
> print_trailer+0x162/0x260
> check_bytes_and_report+0xc5/0x110
> check_object+0x1da/0x2a0
> free_debug_processing+0x161/0x3d0
> ? __pci_enable_msix+0x41c/0x4c0
> __slab_free+0x176/0x310
> ? __pci_enable_msix+0x41c/0x4c0
> ? call_rcu+0x17/0x20
> ? put_object+0x2d/0x50
> ? __delete_object+0x3d/0x70
> ? __pci_enable_msix+0x41c/0x4c0
> kfree+0x25e/0x2d0
> __pci_enable_msix+0x41c/0x4c0
> pci_alloc_irq_vectors_affinity+0xb7/0x140
> qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
> qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
> ? __pm_runtime_resume+0x40/0x80
> ? trace_hardirqs_on+0xd/0x10
> ? _raw_spin_unlock_irqrestore+0x4a/0x80
> pci_device_probe+0x8a/0xf0
> driver_probe_device+0x1f5/0x450
> __driver_attach+0xe3/0xf0
> ? driver_probe_device+0x450/0x450
> bus_for_each_dev+0x66/0xa0
> driver_attach+0x1e/0x20
> bus_add_driver+0x200/0x270
> ? 0xffffffffa04eb000
> driver_register+0x60/0xe0
> ? 0xffffffffa04eb000
> __pci_register_driver+0x5d/0x60
> qla2x00_module_init+0x1c9/0x217 [qla2xxx]
> do_one_initcall+0x44/0x180
> ? rcu_read_lock_sched_held+0x72/0x80
> ? kmem_cache_alloc_trace+0x25b/0x2c0
> ? do_init_module+0x27/0x1f9
> do_init_module+0x5f/0x1f9
> load_module+0x2582/0x2a00
> ? __symbol_put+0x70/0x70
> ? kernel_read_file+0x10a/0x1a0
> ? kernel_read_file_from_fd+0x49/0x80
> SYSC_finit_module+0xbc/0xf0
> SyS_finit_module+0xe/0x10
> entry_SYSCALL_64_fastpath+0x23/0xc6
> RIP: 0033:0x7f05711388e9
> RSP: 002b:00007fff51d4a0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f05711388e9
> RDX: 0000000000000000 RSI: 000055c17ab4f720 RDI: 0000000000000004
> RBP: 00007fff51d49100 R08: 0000000000000000 R09: 0000000000000019
> R10: 0000000000000004 R11: 0000000000000246 R12: 000055c17ab4f570
> R13: 00007fff51d490e0 R14: 0000000000000005 R15: 0000000000040000
> FIX kmalloc-16: Restoring 0xffff88006ff18dd8-0xffff88006ff18ddf=0xcc
>
> FIX kmalloc-16: Object at 0xffff88006ff18dc8 not freed
> scsi host3: qla2xxx
> qla2xxx [0000:00:09.0]-500a:2: LOOP UP detected (4 Gbps).
> qla2xxx [0000:00:0a.0]-500a:3: LOOP UP detected (4 Gbps).
>
>
> (gdb) list *(__pci_enable_msix+0x314)
> 0xffffffff8131aa74 is in __pci_enable_msix (drivers/pci/msi.c:702).
> 697 struct msi_desc *entry;
> 698 int ret, i;
> 699
> 700 if (affd) {
> 701 masks = irq_create_affinity_masks(nvec, affd);
> 702 if (!masks)
> 703 pr_err("Unable to allocate affinity masks, ignoring\n");
> 704 }
> 705
> 706 for (i = 0, curmsk = masks; i < nvec; i++) {
> (gdb) list *(__pci_enable_msix+0x41c)
> 0xffffffff8131ab7c is in __pci_enable_msix (drivers/pci/msi.c:783).
> 778
> 779 ret = msix_setup_entries(dev, base, entries, nvec, affd);
> 780 if (ret)
> 781 return ret;
> 782
> 783 ret = pci_msi_setup_msi_irqs(dev, nvec, PCI_CAP_ID_MSIX);
> 784 if (ret)
> 785 goto out_avail;
> 786
> 787 /* Check if all MSI entries honor device restrictions */
> (gdb) quit---end quoted text---
next prev parent reply other threads:[~2017-01-26 14:36 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 16:34 [PATCH 0/2] qla2xxx: Two bug fixes Bart Van Assche
2017-01-23 16:34 ` [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 16:45 ` Christoph Hellwig
2017-01-23 17:04 ` Madhani, Himanshu
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-25 15:47 ` Bart Van Assche
2017-01-26 14:36 ` hch [this message]
2017-01-29 5:17 ` Bart Van Assche
2017-01-29 9:07 ` hch
2017-01-29 17:14 ` Bart Van Assche
2017-01-25 23:28 ` Martin K. Petersen
2017-01-25 23:28 ` Martin K. Petersen
2017-02-03 16:59 ` Bart Van Assche
2017-02-07 0:23 ` Martin K. Petersen
2017-01-23 16:34 ` [PATCH 2/2] qla2xxx: Avoid that issuing a LIP triggers a kernel crash Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 17:41 ` Madhani, Himanshu
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 14:59 ` Mauricio Faria de Oliveira
2017-01-25 22:05 ` Madhani, Himanshu
2017-01-25 23:29 ` Martin K. Petersen
2017-01-26 0:09 ` Mauricio Faria de Oliveira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170126143614.GA19849@lst.de \
--to=hch@lst.de \
--cc=Bart.VanAssche@sandisk.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.