On Wed 17-06-15 11:57:07, Jesper Dangaard Brouer wrote: > On Wed, 17 Jun 2015 10:13:19 +0200 > Jan Kara <jack@xxxxxxx> wrote: > > > On Tue 16-06-15 22:22:34, Jesper Dangaard Brouer wrote: > > > > > > On Tue, 16 Jun 2015 15:52:09 +0200 Jan Kara <jack@xxxxxxx> wrote: > > > > > > > On Tue 16-06-15 13:33:18, Jesper Dangaard Brouer wrote: > > > > > Caught by kmemcheck. > > > > > > > > > > Don't know the fix... just pointed at the bug. > > > > > > > > > > Introduced in commit 7053aee26a3 ("fsnotify: do not share > > > > > events between notification groups"). > > > > > --- > > > > > fs/notify/inotify/inotify_fsnotify.c | 3 ++- > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c > > > > > index 2cd900c2c737..370d66dc4ddb 100644 > > > > > --- a/fs/notify/inotify/inotify_fsnotify.c > > > > > +++ b/fs/notify/inotify/inotify_fsnotify.c > > > > > @@ -96,11 +96,12 @@ int inotify_handle_event(struct fsnotify_group *group, > > > > > i_mark = container_of(inode_mark, struct inotify_inode_mark, > > > > > fsn_mark); > > > > > > > > > > + // new object alloc here > > > > > event = kmalloc(alloc_len, GFP_KERNEL); > > > > > if (unlikely(!event)) > > > > > return -ENOMEM; > > > > > > > > > > - fsn_event = &event->fse; > > > > > + fsn_event = &event->fse; // This looks wrong!?! read from un-init mem? > > > > > > > > Where is here any read? This is just a pointer arithmetics where we add > > > > offset of 'fse' entry to 'event' address. > > > > > > I was kmemcheck that complained, perhaps it is a false-positive? > > > > May be. What was the kmemcheck warning you saw? > > Kernel logmsg: > kernel: WARNING: kmemcheck: Caught 64-bit read from freed memory (ffff8800c8de7bc0) > kernel: 807bdec80088ffffc07bdec80088ffff588a508b0388ffff020000080000adde > kernel: f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f > kernel: ^ > kernel: RIP: 0010:[<ffffffff8116148a>] [<ffffffff8116148a>] __kmalloc+0x7a/0x1c0 Hum, but this one rather seems as a problem / false positive in __kmalloc() itself, not in the inotify code... > kernel: RSP: 0018:ffff88038b47fc88 EFLAGS: 00010286 > kernel: RAX: 0000000000000000 RBX: ffff88038b5df138 RCX: 0000000000012e2b > kernel: RDX: 0000000000012e2a RSI: 0000000000000000 RDI: ffffffff811aef8a > kernel: RBP: ffff88038b47fcb8 R08: 00000000000217f0 R09: ffff88038b508cd8 > kernel: R10: 0000000000000000 R11: ffff88038b6ede00 R12: ffff88038f803b00 > kernel: R13: ffff8800c8de7bc0 R14: 000000000000003f R15: 00000000000000d0 > kernel: FS: 0000000000000000(0000) GS:ffff88038fd40000(0000) knlGS:0000000000000000 > kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > kernel: CR2: ffff8800c8feaab0 CR3: 000000038c424000 CR4: 00000000001407e0 > kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > kernel: DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 > kernel: [<ffffffff811aef8a>] inotify_handle_event+0x6a/0x180 > kernel: [<ffffffff811acd0d>] fsnotify+0x2cd/0x480 > kernel: [<ffffffff811ad0dd>] __fsnotify_parent+0xdd/0xf0 > kernel: [<ffffffff8118f49f>] notify_change+0x26f/0x3a0 > kernel: [<ffffffff81172378>] do_truncate+0x68/0xa0 > kernel: [<ffffffff811726dc>] do_sys_ftruncate.constprop.16+0xfc/0x150 > kernel: [<ffffffff81172759>] SyS_ftruncate+0x9/0x10 > kernel: [<ffffffff81658117>] system_call_fastpath+0x12/0x6a > kernel: [<ffffffffffffffff>] 0xffffffffffffffff > > > And can you also attach disassembly of inotify_handle_event() from > > your kernel? > > No, it was many kernel compile since... > > I tried to reproduce on my current kernel, and now I don't hit it. But > I hit this instead (which is NOT related to your code): > > kernel: WARNING: kmemcheck: Caught 64-bit read from uninitialized memory (ffff8800371df628) > kernel: 189626090488ffff60351f370088ffffb50300000000000038f61d370088ffff > kernel: u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u > kernel: ^ > kernel: RIP: 0010:[<ffffffff8110d9a6>] [<ffffffff8110d9a6>] vma_interval_tree_remove+0x1c6/0x240 > kernel: RSP: 0018:ffff880408a2fd30 EFLAGS: 00010286 > kernel: RAX: ffff8800371df618 RBX: ffff8804092fb700 RCX: 0000000000000000 > kernel: RDX: ffff8800371df619 RSI: ffff88040d05b6b8 RDI: ffff8800371f3508 > kernel: RBP: ffff880408a2fd38 R08: 00007f556712a000 R09: ffff880000000000 > kernel: R10: ffff8800371f3560 R11: 0000000000000000 R12: ffff8800371f3508 > kernel: R13: ffff88040d05b6c0 R14: ffff88040d05b698 R15: ffff8800371f3508 > kernel: FS: 0000000000000000(0000) GS:ffff88041dc40000(0000) knlGS:0000000000000000 > kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > kernel: CR2: ffff8800c6865540 CR3: 00000000018bb000 CR4: 00000000001407e0 > kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > kernel: DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 > kernel: [<ffffffff8111738b>] unlink_file_vma+0x3b/0x50 > kernel: [<ffffffff81110e20>] free_pgtables+0xb0/0x120 > kernel: [<ffffffff8111a1d7>] exit_mmap+0xd7/0x150 > kernel: [<ffffffff81053cd0>] mmput+0x50/0xe0 > kernel: [<ffffffff811182de>] SyS_mmap_pgoff+0x10e/0x210 > kernel: [<ffffffff8100796d>] SyS_mmap+0x1d/0x20 > kernel: [<ffffffff815fabd7>] system_call_fastpath+0x12/0x6a > kernel: [<ffffffffffffffff>] 0xffffffffffffffff > > $ addr2line -e vmlinux -i ffffffff8110d9a6 > /home/jbrouer/git/kernel/net-next-mm/include/linux/rbtree_augmented.h:125 > /home/jbrouer/git/kernel/net-next-mm/include/linux/rbtree_augmented.h:154 > /home/jbrouer/git/kernel/net-next-mm/include/linux/rbtree_augmented.h:237 > /home/jbrouer/git/kernel/net-next-mm/mm/interval_tree.c:24 > > $ gdb vmlinux > (gdb) list *(vma_interval_tree_remove)+0x1c6 > 0xffffffff8110d9a6 is in vma_interval_tree_remove (include/linux/rbtree_augmented.h:125). > 120 static inline void > 121 __rb_change_child(struct rb_node *old, struct rb_node *new, > 122 struct rb_node *parent, struct rb_root *root) > 123 { > 124 if (parent) { > 125 if (parent->rb_left == old) > 126 parent->rb_left = new; > 127 else > 128 parent->rb_right = new; > 129 } else Hum, the data looks correct from the first look and the stack trace doesn't show anything unusual either so it looks like a false positive to me. It may deserve a closer investigation though. Honza -- Jan Kara <jack@xxxxxxx> SUSE Labs, CR -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>