Re: [BUG RESEND] [BISECTED]: selftest: ftracetest: memleak in vfs_write()

[Steven Rostedt]

On Tue, 4 Apr 2023 18:24:28 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

> On Tue, 4 Apr 2023 15:07:44 -0700
> Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> 
> > This looks like an issue with the tracing subsystem.  I appreciate that you've
> > now added the tracing maintainers to Cc.  I don't think your bisection to commit
> > 71946a25f357 ("Merge tag 'mmc-v6.2' ...") is correct; that looks unrelated.  
> 
> No that is not the correct commit. I think I see the issue. The error log
> of a tracing instance doesn't seem to be freed if the instance is removed.
> 
> I'm guessing this can cause the bug:
> 
>  # cd /sys/kernel/tracincg
>  # mkdir instances/foo
>  # echo 'p:nothing no_function_here' > instances/foo/dynamic_events

OK, it required me to touch a trigger as dynamic_events only exists in the
top level (and the bug report shows a filter):

 # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger

>  # rmdir instances/foo
> 

Anyway, I was able to reproduce the leak. Can you test this patch?

-- Steve

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8ae51f1dea8e..352a804b016d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -9516,6 +9516,7 @@ static int __remove_instance(struct trace_array *tr)
 	tracefs_remove(tr->dir);
 	free_percpu(tr->last_func_repeats);
 	free_trace_buffers(tr);
+	clear_tracing_err_log(tr);
 
 	for (i = 0; i < tr->nr_topts; i++) {
 		kfree(tr->topts[i].topts);