[BUG] systemd-devd triggers kernel memleak apparently in drivers/core/dd.c: driver_register()

From: Mirsad Todorovac
Date: Tue Mar 28 2023 - 07:13:46 EST

Next message: Kloudifold: "[PATCH v5] staging: sm750: Rename sm750_hw_cursor_* functions to snake_case"
Previous message: Thierry Reding: "Re: [PATCH] dt-bindings: reserved-memory: Drop unneeded quotes"
Next in thread: Greg Kroah-Hartman: "Re: [BUG] systemd-devd triggers kernel memleak apparently in drivers/core/dd.c: driver_register()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

Here is another kernel memory leak report, just as I thought we have done with
them by the xhci patch by Mathias.

The memory leaks were caught on an AlmaLinux 8.7 (CentOS) fork system, running
on a Lenovo desktop box (see lshw.txt) and the newest Linux kernel 6.3-rc4 commit
g3a93e40326c8 with Mathias' patch for a xhci systemd-devd triggered leak.

See: <20230327095019.1017159-1-mathias.nyman@xxxxxxxxxxxxxxx> on LKML.

This leak is also systemd-devd triggered, except for the memstick_check() leaks
which I was unable to bisect due to the box not booting older kernels (work in
progress).

unreferenced object 0xffff88ad12392710 (size 96):
comm "systemd-udevd", pid 735, jiffies 4294896759 (age 2257.568s)
hex dump (first 32 bytes):
53 65 72 69 61 6c 50 6f 72 74 31 41 64 64 72 65 SerialPort1Addre
73 73 2c 33 46 38 2f 49 52 51 34 3b 5b 4f 70 74 ss,3F8/IRQ4;[Opt
backtrace:
[<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
[<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
[<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
[<ffffffffae866a1a>] kstrdup+0x3a/0x70
[<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
[<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
[<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
[<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
[<ffffffffaef987eb>] really_probe+0x17b/0x3d0
[<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
[<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
[<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
[<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
[<ffffffffaef97c62>] driver_attach+0x22/0x30
[<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
[<ffffffffaef9a0a2>] driver_register+0x62/0x120
unreferenced object 0xffff88ad0845a840 (size 64):
comm "systemd-udevd", pid 735, jiffies 4294896783 (age 2257.488s)
hex dump (first 32 bytes):
55 53 42 50 6f 72 74 41 63 63 65 73 73 2c 45 6e USBPortAccess,En
61 62 6c 65 64 3b 5b 4f 70 74 69 6f 6e 61 6c 3a abled;[Optional:
backtrace:
[<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
[<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
[<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
[<ffffffffae866a1a>] kstrdup+0x3a/0x70
[<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
[<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
[<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
[<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
[<ffffffffaef987eb>] really_probe+0x17b/0x3d0
[<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
[<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
[<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
[<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
[<ffffffffaef97c62>] driver_attach+0x22/0x30
[<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
[<ffffffffaef9a0a2>] driver_register+0x62/0x120
unreferenced object 0xffff88ad069f5e40 (size 64):
comm "systemd-udevd", pid 735, jiffies 4294896822 (age 2257.332s)
hex dump (first 32 bytes):
55 53 42 42 49 4f 53 53 75 70 70 6f 72 74 2c 45 USBBIOSSupport,E
6e 61 62 6c 65 64 3b 5b 4f 70 74 69 6f 6e 61 6c nabled;[Optional
backtrace:
[<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
[<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
[<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
[<ffffffffae866a1a>] kstrdup+0x3a/0x70
[<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
[<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
[<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
[<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
[<ffffffffaef987eb>] really_probe+0x17b/0x3d0
[<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
[<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
[<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
[<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
[<ffffffffaef97c62>] driver_attach+0x22/0x30
[<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
[<ffffffffaef9a0a2>] driver_register+0x62/0x120
[snip]

Please see build config and the more verbose debug output at the URL:

https://domac.alu.hr/~mtodorov/linux/bugreports/driver_register/

I hope this helps someone.

This one is way too complex to even attempt guessing what went wrong,
with my current knowledge of the Linux kernel internals.

Please contact me for any additional required information.

As usual, I have Cc:-ed all maintainers as per get_maintainers.pl script.

Thank you very much for your patience.

Best regards,
Mirsad

--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu

System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia

Next message: Kloudifold: "[PATCH v5] staging: sm750: Rename sm750_hw_cursor_* functions to snake_case"
Previous message: Thierry Reding: "Re: [PATCH] dt-bindings: reserved-memory: Drop unneeded quotes"
Next in thread: Greg Kroah-Hartman: "Re: [BUG] systemd-devd triggers kernel memleak apparently in drivers/core/dd.c: driver_register()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]