On Tue, 2025-01-14 at 13:38 +0100, Antoine Viallon wrote: > This was detected in production because it caused a continuous memory > growth, > eventually triggering kernel OOM and completely hard-locking the > kernel. > Does it exist any way to reproduce the issue in stable manner? Could you please share any steps to repeat it? It will be great to have this description in the patch comment. > Relevant kmemleak stacktrace: > > unreferenced object 0xffff888131e69900 (size 128): > comm "git", pid 66104, jiffies 4295435999 > hex dump (first 32 bytes): > 76 6f 6c 75 6d 65 73 2f 63 6f 6e 74 61 69 6e 65 > volumes/containe > 72 73 2f 67 69 74 65 61 2f 67 69 74 65 61 2f 67 > rs/gitea/gitea/g > backtrace (crc 2f3bb450): > [<ffffffffaa68fb49>] __kmalloc_noprof+0x359/0x510 > [<ffffffffc32bf1df>] ceph_mds_check_access+0x5bf/0x14e0 > [ceph] > [<ffffffffc3235722>] ceph_open+0x312/0xd80 [ceph] > [<ffffffffaa7dd786>] do_dentry_open+0x456/0x1120 > [<ffffffffaa7e3729>] vfs_open+0x79/0x360 > [<ffffffffaa832875>] path_openat+0x1de5/0x4390 > [<ffffffffaa834fcc>] do_filp_open+0x19c/0x3c0 > [<ffffffffaa7e44a1>] do_sys_openat2+0x141/0x180 > [<ffffffffaa7e4945>] __x64_sys_open+0xe5/0x1a0 > [<ffffffffac2cc2f7>] do_syscall_64+0xb7/0x210 > [<ffffffffac400130>] entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Signed-off-by: Antoine Viallon <antoine@xxxxxxxxxxxxx> > --- > fs/ceph/mds_client.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c > index 785fe489ef4b..89c69e9c03b9 100644 > --- a/fs/ceph/mds_client.c > +++ b/fs/ceph/mds_client.c > @@ -5702,6 +5702,9 @@ static int ceph_mds_auth_match(struct > ceph_mds_client *mdsc, > kfree(_tpath); > return 0; > } > + > + if (free_tpath) > + kfree(_tpath); As far as I can see, we have several kfree() calls in the logic of this method: (1) https://elixir.bootlin.com/linux/v6.13-rc3/source/fs/ceph/mds_client.c#L5697 (2) https://elixir.bootlin.com/linux/v6.13-rc3/source/fs/ceph/mds_client.c#L5703 And you are adding the third call. I believe that it will be much cleaner solution if we have only one kfree() call and goto from all other places. Could you please rework your fix? Thanks, Slava.
