* [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
@ 2023-05-08 6:30 Mirsad Goran Todorovac
2023-05-08 6:51 ` Greg Kroah-Hartman
0 siblings, 1 reply; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-08 6:30 UTC (permalink / raw)
To: linux-usb, linux-kernel, linux-input
Cc: Greg Kroah-Hartman, Benjamin Tissoires, Jiri Kosina
[-- Attachment #1: Type: text/plain, Size: 9959 bytes --]
Hi,
There seems to be a kernel memory leak in the USB keyboard driver.
The leaked memory allocs are 96 and 512 bytes.
The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E
PG Lightning mobo,
and Genius SlimStar i220 GK-080012 keyboard.
(Logitech M100 HID mouse is not affected by the bug.)
BIOS is:
*-firmware
description: BIOS
vendor: American Megatrends International, LLC.
physical id: 0
version: 1.21
date: 04/26/2023
size: 64KiB
The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
The keyboard is recognised as Chicony:
*-usb
description: Keyboard
product: CHICONY USB Keyboard
vendor: CHICONY
physical id: 2
bus info: usb@5:2
logical name: input35
logical name: /dev/input/event4
logical name: input35::capslock
logical name: input35::numlock
logical name: input35::scrolllock
logical name: input36
logical name: /dev/input/event5
logical name: input37
logical name: /dev/input/event6
logical name: input38
logical name: /dev/input/event8
version: 2.30
capabilities: usb-2.00 usb
configuration: driver=usbhid maxpower=100mA
speed=1Mbit/s
The bug is easily reproduced by unplugging the USB keyboard, waiting
about a couple of seconds,
and then reconnect and scan for memory leaks twice.
The kmemleak log is as follows [edited privacy info]:
root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8dd020037c00 (size 96):
comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
hex dump (first 32 bytes):
5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb87543d9>] class_create+0x29/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb8752748>] __driver_attach+0xe8/0x1e0
[<ffffffffb874f8ee>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb8751822>] driver_attach+0x22/0x30
[<ffffffffb8750e70>] bus_add_driver+0x120/0x220
unreferenced object 0xffff8dd015653e00 (size 512):
comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
hex dump (first 32 bytes):
00 3e 65 15 d0 8d ff ff 00 3e 65 15 d0 8d ff ff .>e......>e.....
00 00 00 00 00 00 00 00 5d 8e 4e b9 ff ff ff ff ........].N.....
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb8754292>] class_register+0x32/0x140
[<ffffffffb87543f4>] class_create+0x44/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb8752748>] __driver_attach+0xe8/0x1e0
[<ffffffffb874f8ee>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb8751822>] driver_attach+0x22/0x30
unreferenced object 0xffff8dd020037f60 (size 96):
comm "kworker/0:2", pid 496256, jiffies 4295987055 (age 4531.432s)
hex dump (first 32 bytes):
5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb87543d9>] class_create+0x29/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
[<ffffffffb8752ed7>] device_initial_probe+0x17/0x20
unreferenced object 0xffff8dd07df25a00 (size 512):
comm "kworker/0:2", pid 496256, jiffies 4295987055 (age 4531.500s)
hex dump (first 32 bytes):
00 5a f2 7d d0 8d ff ff 00 5a f2 7d d0 8d ff ff .Z.}.....Z.}....
00 00 00 00 00 00 00 00 5d 8e 4e b9 ff ff ff ff ........].N.....
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb8754292>] class_register+0x32/0x140
[<ffffffffb87543f4>] class_create+0x44/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
unreferenced object 0xffff8dd015e66e40 (size 96):
comm "kworker/1:0", pid 487844, jiffies 4296102566 (age 4069.472s)
hex dump (first 32 bytes):
5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb87543d9>] class_create+0x29/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
[<ffffffffb8752ed7>] device_initial_probe+0x17/0x20
unreferenced object 0xffff8dd0caffe800 (size 512):
comm "kworker/1:0", pid 487844, jiffies 4296102566 (age 4069.472s)
hex dump (first 32 bytes):
00 e8 ff ca d0 8d ff ff 00 e8 ff ca d0 8d ff ff ................
00 00 00 00 00 00 00 00 5d 8e 4e b9 ff ff ff ff ........].N.....
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb8754292>] class_register+0x32/0x140
[<ffffffffb87543f4>] class_create+0x44/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
root@hostname:/home/username#
Best regards,
Mirsad
[-- Attachment #2: config-6.3.0-torvalds-13466-gfc4354c6e5c2.xz --]
[-- Type: application/x-xz, Size: 56828 bytes --]
[-- Attachment #3: hid-kmemleak.log --]
[-- Type: text/x-log, Size: 4728 bytes --]
unreferenced object 0xffff8dd020037c00 (size 96):
comm "systemd-udevd", pid 435, jiffies 4294892550 (age 5113.548s)
hex dump (first 32 bytes):
5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb87543d9>] class_create+0x29/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb8752748>] __driver_attach+0xe8/0x1e0
[<ffffffffb874f8ee>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb8751822>] driver_attach+0x22/0x30
[<ffffffffb8750e70>] bus_add_driver+0x120/0x220
unreferenced object 0xffff8dd015653e00 (size 512):
comm "systemd-udevd", pid 435, jiffies 4294892550 (age 5113.548s)
hex dump (first 32 bytes):
00 3e 65 15 d0 8d ff ff 00 3e 65 15 d0 8d ff ff .>e......>e.....
00 00 00 00 00 00 00 00 5d 8e 4e b9 ff ff ff ff ........].N.....
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb8754292>] class_register+0x32/0x140
[<ffffffffb87543f4>] class_create+0x44/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb8752748>] __driver_attach+0xe8/0x1e0
[<ffffffffb874f8ee>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb8751822>] driver_attach+0x22/0x30
unreferenced object 0xffff8dd020037f60 (size 96):
comm "kworker/0:2", pid 496256, jiffies 4295987055 (age 735.632s)
hex dump (first 32 bytes):
5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb87543d9>] class_create+0x29/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
[<ffffffffb8752ed7>] device_initial_probe+0x17/0x20
unreferenced object 0xffff8dd07df25a00 (size 512):
comm "kworker/0:2", pid 496256, jiffies 4295987055 (age 735.704s)
hex dump (first 32 bytes):
00 5a f2 7d d0 8d ff ff 00 5a f2 7d d0 8d ff ff .Z.}.....Z.}....
00 00 00 00 00 00 00 00 5d 8e 4e b9 ff ff ff ff ........].N.....
backtrace:
[<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb8754292>] class_register+0x32/0x140
[<ffffffffb87543f4>] class_create+0x44/0x80
[<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc03d7bab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc03b6d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc03b724c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc0388092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc03b7450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb8752082>] really_probe+0x1b2/0x420
[<ffffffffb875237e>] __driver_probe_device+0x7e/0x170
[<ffffffffb87524a3>] driver_probe_device+0x23/0xa0
[<ffffffffb87525c2>] __device_attach_driver+0x92/0x120
[<ffffffffb874f9da>] bus_for_each_drv+0x8a/0xe0
[<ffffffffb8752ad1>] __device_attach+0xc1/0x1f0
[-- Attachment #4: lshw.txt --]
[-- Type: text/plain, Size: 58238 bytes --]
defiant
description: Desktop Computer
product: X670E PG Lightning (Default string)
vendor: ASRock
version: Default string
serial: Default string
width: 64 bits
capabilities: smbios-3.4.0 dmi-3.4.0 smp vsyscall32
configuration: boot=normal chassis=desktop family=Default string sku=Default string uuid=01006b9c-80fb-0000-0000-000000000000
*-core
description: Motherboard
product: X670E PG Lightning
vendor: ASRock
physical id: 0
version: Default string
serial: M80-FA012800404
slot: Default string
*-firmware
description: BIOS
vendor: American Megatrends International, LLC.
physical id: 0
version: 1.21
date: 04/26/2023
size: 64KiB
capacity: 32MiB
capabilities: pci upgrade shadowing cdboot bootselect socketedrom edd int13floppynec int13floppytoshiba int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int14serial int17printer int10video usb biosbootspecification uefi
*-cache:0
description: L1 cache
physical id: 29
slot: L1 - Cache
size: 1MiB
capacity: 1MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=1
*-cache:1
description: L2 cache
physical id: 2a
slot: L2 - Cache
size: 16MiB
capacity: 16MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=2
*-cache:2
description: L3 cache
physical id: 2b
slot: L3 - Cache
size: 64MiB
capacity: 64MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=3
*-cpu
description: CPU
product: AMD Ryzen 9 7950X 16-Core Processor
vendor: Advanced Micro Devices [AMD]
physical id: 2c
bus info: cpu@0
version: 25.97.2
serial: Unknown
slot: AM5
size: 4500MHz
capacity: 5879MHz
width: 64 bits
clock: 100MHz
capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp x86-64 constant_tsc rep_good amd_lbr_v2 nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba perfmon_v2 ibrs ibpb stibp ibrs_enhanced vmmcall fsgsbase bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local avx512_bf16 clzero irperf xsaveerptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif x2avic v_spec_ctrl vnmi avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq rdpid overflow_recov succor smca fsrm flush_l1d cpufreq
configuration: cores=16 enabledcores=16 microcode=174068227 threads=32
*-memory
description: System Memory
physical id: 2e
slot: System board or motherboard
size: 64GiB
*-bank:0
description: [empty]
product: Unknown
vendor: Unknown
physical id: 0
serial: Unknown
slot: DIMM 0
*-bank:1
description: DIMM Synchronous Unbuffered (Unregistered) 4800 MHz (0,2 ns)
product: KF560C40-32
vendor: Kingston
physical id: 1
serial: 6F1AAEED
slot: DIMM 1
size: 32GiB
width: 64 bits
clock: 505MHz (2.0ns)
*-bank:2
description: [empty]
product: Unknown
vendor: Unknown
physical id: 2
serial: Unknown
slot: DIMM 0
*-bank:3
description: DIMM Synchronous Unbuffered (Unregistered) 4800 MHz (0,2 ns)
product: KF560C40-32
vendor: Kingston
physical id: 3
serial: 3C1AA6CB
slot: DIMM 1
size: 32GiB
width: 64 bits
clock: 505MHz (2.0ns)
*-pci:0
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 100
bus info: pci@0000:00:00.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:0
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 1.1
bus info: pci@0000:00:01.1
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi ht normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:27 ioport:f000(size=4096) memory:fcb00000-fcdfffff ioport:fa00000000(size=8858370048)
*-pci
description: PCI bridge
product: Navi 10 XL Upstream Port of PCI Express Switch
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0
bus info: pci@0000:01:00.0
version: c7
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:32 memory:fcd00000-fcd03fff ioport:f000(size=4096) memory:fcb00000-fccfffff ioport:fa00000000(size=8858370048)
*-pci
description: PCI bridge
product: Navi 10 XL Downstream Port of PCI Express Switch
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0
bus info: pci@0000:02:00.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:33 ioport:f000(size=4096) memory:fcb00000-fccfffff ioport:fa00000000(size=8858370048)
*-display
description: VGA compatible controller
product: Navi 23 [Radeon RX 6600/6600 XT/6600M]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0
bus info: pci@0000:03:00.0
logical name: /dev/fb0
version: c7
width: 64 bits
clock: 33MHz
capabilities: pm pciexpress msi vga_controller bus_master cap_list rom fb
configuration: depth=32 driver=amdgpu latency=0 mode=1920x1080 resolution=1920,1080 visual=truecolor xres=1920 yres=1080
resources: iomemory:fa0-f9f iomemory:fc0-fbf irq:117 memory:fa00000000-fbffffffff memory:fc00000000-fc0fffffff ioport:f000(size=256) memory:fcb00000-fcbfffff memory:fcc00000-fcc1ffff
*-multimedia
description: Audio device
product: Navi 21 HDMI Audio [Radeon RX 6800/6800 XT / 6900 XT]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0.1
bus info: pci@0000:03:00.1
logical name: card0
logical name: /dev/snd/controlC0
logical name: /dev/snd/hwC0D0
logical name: /dev/snd/pcmC0D10p
logical name: /dev/snd/pcmC0D3p
logical name: /dev/snd/pcmC0D7p
logical name: /dev/snd/pcmC0D8p
logical name: /dev/snd/pcmC0D9p
version: 00
width: 32 bits
clock: 33MHz
capabilities: pm pciexpress msi bus_master cap_list
configuration: driver=snd_hda_intel latency=0
resources: irq:116 memory:fcc20000-fcc23fff
*-input:0
product: HDA ATI HDMI HDMI/DP,pcm=7
physical id: 0
logical name: input10
logical name: /dev/input/event14
*-input:1
product: HDA ATI HDMI HDMI/DP,pcm=8
physical id: 1
logical name: input11
logical name: /dev/input/event15
*-input:2
product: HDA ATI HDMI HDMI/DP,pcm=9
physical id: 2
logical name: input12
logical name: /dev/input/event16
*-input:3
product: HDA ATI HDMI HDMI/DP,pcm=10
physical id: 3
logical name: input13
logical name: /dev/input/event17
*-input:4
product: HDA ATI HDMI HDMI/DP,pcm=3
physical id: 4
logical name: input9
logical name: /dev/input/event13
*-pci:1
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 2.1
bus info: pci@0000:00:02.1
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi ht normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:28 ioport:e000(size=4096) memory:80000000-804fffff
*-pci
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:04:00.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:e1e10-e1e0f irq:24 ioport:e000(size=4096) memory:80000000-804fffff
*-pci:0
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:05:00.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:34
*-pci:1
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 4
bus info: pci@0000:05:04.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:35
*-pci:2
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 5
bus info: pci@0000:05:05.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:37
*-pci:3
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 6
bus info: pci@0000:05:06.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:39
*-pci:4
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 7
bus info: pci@0000:05:07.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:41
*-pci:5
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 8
bus info: pci@0000:05:08.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:42 ioport:e000(size=4096) memory:80000000-802fffff
*-pci
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:0b:00.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:24 ioport:e000(size=4096) memory:80000000-802fffff
*-pci:0
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:0c:00.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:43
*-pci:1
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 1
bus info: pci@0000:0c:01.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:44
*-pci:2
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 2
bus info: pci@0000:0c:02.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:45
*-pci:3
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 3
bus info: pci@0000:0c:03.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:e1e10-e1e0f irq:46 ioport:e000(size=4096) memory:80000000-800fffff
*-network
description: Ethernet interface
product: RTL8125 2.5GbE Controller
vendor: Realtek Semiconductor Co., Ltd.
physical id: 0
bus info: pci@0000:10:00.0
logical name: enp16s0
version: 05
serial: 9c:6b:00:01:fb:80
size: 1Gbit/s
capacity: 1Gbit/s
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=6.3.0-torvalds-notpm-13466-gfc4 duplex=full firmware=rtl8125b-2_0.0.2 07/13/20 ip=192.168.1.6 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
resources: irq:40 ioport:e000(size=256) memory:80000000-8000ffff memory:80010000-80013fff
*-pci:4
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 4
bus info: pci@0000:0c:04.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:47
*-pci:5
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 8
bus info: pci@0000:0c:08.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:48
*-pci:6
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: a
bus info: pci@0000:0c:0a.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:49
*-pci:7
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: b
bus info: pci@0000:0c:0b.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:1f10-1f0f irq:50
*-pci:8
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: c
bus info: pci@0000:0c:0c.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:f00-eff irq:24 memory:80100000-801fffff
*-usb
description: USB controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:15:00.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: msi msix pm pciexpress xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:24 memory:80100000-80107fff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 0
bus info: usb@1
logical name: usb1
version: 6.03
capabilities: usb-2.00
configuration: driver=hub slots=12 speed=480Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 1
bus info: usb@2
logical name: usb2
version: 6.03
capabilities: usb-3.10
configuration: driver=hub slots=5 speed=10000Mbit/s
*-pci:9
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: d
bus info: pci@0000:0c:0d.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: iomemory:f00-eff irq:36 memory:80200000-802fffff
*-sata
description: SATA controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:16:00.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: sata msi pm pciexpress ahci_1.0 bus_master cap_list rom
configuration: driver=ahci latency=0
resources: irq:93 memory:80280000-802803ff memory:80200000-8027ffff
*-pci:6
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: c
bus info: pci@0000:05:0c.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:24 memory:80300000-803fffff
*-usb
description: USB controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:17:00.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: msi msix pm pciexpress xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:24 memory:80300000-80307fff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 0
bus info: usb@3
logical name: usb3
version: 6.03
capabilities: usb-2.00
configuration: driver=hub slots=12 speed=480Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 1
bus info: usb@4
logical name: usb4
version: 6.03
capabilities: usb-3.10
configuration: driver=hub slots=5 speed=10000Mbit/s
*-pci:7
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: d
bus info: pci@0000:05:0d.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pci msi pm pciexpress normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:36 memory:80400000-804fffff
*-sata
description: SATA controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:18:00.0
logical name: scsi6
version: 01
width: 32 bits
clock: 33MHz
capabilities: sata msi pm pciexpress ahci_1.0 bus_master cap_list rom emulated
configuration: driver=ahci latency=0
resources: irq:95 memory:80480000-804803ff memory:80400000-8047ffff
*-disk
description: ATA Disk
product: ST2000DM008-2UB1
physical id: 0.0.0
bus info: scsi@6:0.0.0
logical name: /dev/sda
version: 0001
serial: ZK30FG74
size: 1863GiB (2TB)
capabilities: gpt-1.00 partitioned partitioned:gpt
configuration: ansiversion=5 guid=29f39dc2-d8c3-d545-8b64-faffe5410d9e logicalsectorsize=512 sectorsize=4096
*-volume:0
description: swap partition
vendor: Linux
physical id: 1
bus info: scsi@6:0.0.0,1
logical name: /dev/sda1
serial: 872163a6-51e8-a549-94e2-916ea5259fd5
capacity: 95GiB
capabilities: nofs
*-volume:1
description: EFI partition
physical id: 2
bus info: scsi@6:0.0.0,2
logical name: /dev/sda2
logical name: /cache
serial: 590bafdc-12b8-9443-aa0c-dc876bb12230
capacity: 511GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-volume:2
description: EFI partition
physical id: 3
bus info: scsi@6:0.0.0,3
logical name: /dev/sda3
logical name: /archive
serial: c6013753-d6e9-ba41-aa54-afb3ea3069cf
capacity: 1255GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-pci:2
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 2.2
bus info: pci@0000:00:02.2
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi ht normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:29 memory:fcf00000-fcffffff
*-nvme
description: NVMe device
product: Samsung SSD 980 1TB
vendor: Samsung Electronics Co Ltd
physical id: 0
bus info: pci@0000:19:00.0
logical name: /dev/nvme0
version: 3B4QFXO7
serial: S649NL0TC79124F
width: 64 bits
clock: 33MHz
capabilities: nvme pm msi pciexpress msix nvm_express bus_master cap_list
configuration: driver=nvme latency=0 nqn=nqn.1994-11.com.samsung:nvme:980M.2:S649NL0TC79124F state=live
resources: irq:24 memory:fcf00000-fcf03fff
*-namespace:0
description: NVMe disk
physical id: 0
logical name: /dev/ng0n1
*-namespace:1
description: NVMe disk
physical id: 1
bus info: nvme@0:1
logical name: /dev/nvme0n1
size: 931GiB (1TB)
capabilities: gpt-1.00 partitioned partitioned:gpt
configuration: guid=8ffb1787-5e1a-4fdd-abd3-80ef8eafec9a logicalsectorsize=512 sectorsize=512 wwid=eui.002538dc21a74668
*-volume:0
description: EXT4 volume
vendor: Linux
physical id: 1
bus info: nvme@0:1,1
logical name: /dev/nvme0n1p1
logical name: /boot
version: 1.0
serial: a4814207-8827-4b89-adcd-21899f72071b
size: 3905MiB
capabilities: journaled extended_attributes large_files huge_files dir_nlink 64bit extents ext4 ext2 initialized
configuration: created=2023-05-03 21:23:01 filesystem=ext4 lastmountpoint=/boot modified=2023-05-07 20:26:26 mount.fstype=ext4 mount.options=rw,relatime,stripe=32 mounted=2023-05-07 19:56:09 state=mounted
*-volume:1
description: Linux swap volume
vendor: Linux
physical id: 2
bus info: nvme@0:1,2
logical name: /dev/nvme0n1p2
version: 1
serial: 47e2238b-aa16-47c7-b96e-275b16dfc265
size: 30GiB
capacity: 30GiB
capabilities: nofs swap initialized
configuration: filesystem=swap pagesize=4095
*-volume:2
description: EFI partition
physical id: 3
bus info: nvme@0:1,3
logical name: /dev/nvme0n1p3
logical name: /usr
logical name: /var/snap/firefox/common/host-hunspell
serial: d18d3275-7ca3-4db8-863a-f6a36fb63304
capacity: 30GiB
configuration: mount.fstype=btrfs mount.options=ro,noexec,noatime,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-volume:3
description: EFI partition
physical id: 4
bus info: nvme@0:1,4
logical name: /dev/nvme0n1p4
logical name: /usr/local
serial: a7018558-b67d-4807-bb5e-f65af509c34f
capacity: 30GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-volume:4
description: EXT4 volume
vendor: Linux
physical id: 5
bus info: nvme@0:1,5
logical name: /dev/nvme0n1p5
logical name: /var
version: 1.0
serial: 8f6cf2e5-aa47-49bc-b50f-fa8023306013
size: 15GiB
capabilities: journaled extended_attributes large_files huge_files dir_nlink recover 64bit extents ext4 ext2 initialized
configuration: created=2023-05-03 21:23:01 filesystem=ext4 lastmountpoint=/var modified=2023-05-07 20:26:53 mount.fstype=ext4 mount.options=rw,relatime,stripe=32 mounted=2023-05-07 20:26:53 state=mounted
*-volume:5
description: EXT4 volume
vendor: Linux
physical id: 6
bus info: nvme@0:1,6
logical name: /dev/nvme0n1p6
logical name: /tmp
version: 1.0
serial: 1beece94-f1c3-4a45-afed-d33c35c04617
size: 15GiB
capabilities: journaled extended_attributes large_files huge_files dir_nlink recover 64bit extents ext4 ext2 initialized
configuration: created=2023-05-03 21:23:01 filesystem=ext4 lastmountpoint=/tmp modified=2023-05-07 20:26:53 mount.fstype=ext4 mount.options=rw,relatime,stripe=32 mounted=2023-05-07 20:26:53 state=mounted
*-volume:6
description: EFI partition
physical id: 7
bus info: nvme@0:1,7
logical name: /dev/nvme0n1p7
logical name: /home
serial: 39002ad8-36a0-4a01-97d4-7d8cbd94b8e4
capacity: 122GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,ssd,discard=async,space_cache=v2,subvolid=256,subvol=/@home state=mounted
*-volume:7
description: EFI partition
physical id: 8
bus info: nvme@0:1,8
logical name: /dev/nvme0n1p8
logical name: /
serial: d7bccd5b-1070-40a4-824c-7f33e4ff440e
capacity: 7812MiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,ssd,discard=async,space_cache=v2,subvolid=256,subvol=/@ state=mounted
*-volume:8
description: EFI partition
physical id: 9
bus info: nvme@0:1,9
logical name: /dev/nvme0n1p9
logical name: /srv
serial: a87e71fd-11e9-4ef3-a1b7-a4966f65ecc9
capacity: 30GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-volume:9
description: EFI partition
physical id: a
bus info: nvme@0:1,10
logical name: /dev/nvme0n1p10
logical name: /opt
serial: ffcf44ce-12e0-42e7-9c50-01f2aa257914
capacity: 30GiB
configuration: mount.fstype=btrfs mount.options=rw,relatime,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ state=mounted
*-volume:10
description: EXT4 volume
vendor: Linux
physical id: b
bus info: nvme@0:1,11
logical name: /dev/nvme0n1p11
logical name: /var/log
version: 1.0
serial: bb53eb49-b161-4879-82c2-ab28079074f0
size: 30GiB
capabilities: journaled extended_attributes large_files huge_files dir_nlink recover 64bit extents ext4 ext2 initialized
configuration: created=2023-05-03 21:23:01 filesystem=ext4 lastmountpoint=/var/log modified=2023-05-07 20:26:53 mount.fstype=ext4 mount.options=rw,relatime,stripe=32 mounted=2023-05-07 20:26:53 state=mounted
*-volume:11
description: Windows FAT volume
vendor: mkfs.fat
physical id: c
bus info: nvme@0:1,12
logical name: /dev/nvme0n1p12
logical name: /boot/efi
version: FAT32
serial: 4951-9e27
size: 963MiB
capacity: 976MiB
capabilities: boot fat initialized
configuration: FATs=2 filesystem=fat mount.fstype=vfat mount.options=rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro state=mounted
*-pci:3
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 8.1
bus info: pci@0000:00:08.1
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:30 ioport:d000(size=4096) memory:fc700000-fcafffff ioport:fc20000000(size=270532608)
*-display
description: VGA compatible controller
product: Advanced Micro Devices, Inc. [AMD/ATI]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0
bus info: pci@0000:1a:00.0
version: c1
width: 64 bits
clock: 33MHz
capabilities: pm pciexpress msi msix vga_controller bus_master cap_list
configuration: driver=amdgpu latency=0
resources: iomemory:fc0-fbf iomemory:fc0-fbf irq:76 memory:fc20000000-fc2fffffff memory:fc30000000-fc301fffff ioport:d000(size=256) memory:fca00000-fca7ffff
*-multimedia:0
description: Audio device
product: Advanced Micro Devices, Inc. [AMD/ATI]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
physical id: 0.1
bus info: pci@0000:1a:00.1
logical name: card1
logical name: /dev/snd/controlC1
logical name: /dev/snd/hwC1D0
logical name: /dev/snd/pcmC1D3p
logical name: /dev/snd/pcmC1D7p
logical name: /dev/snd/pcmC1D8p
logical name: /dev/snd/pcmC1D9p
version: 00
width: 32 bits
clock: 33MHz
capabilities: pm pciexpress msi bus_master cap_list
configuration: driver=snd_hda_intel latency=0
resources: irq:115 memory:fca88000-fca8bfff
*-input:0
product: HD-Audio Generic HDMI/DP,pcm=3
physical id: 0
logical name: input14
logical name: /dev/input/event9
*-input:1
product: HD-Audio Generic HDMI/DP,pcm=7
physical id: 1
logical name: input15
logical name: /dev/input/event10
*-input:2
product: HD-Audio Generic HDMI/DP,pcm=8
physical id: 2
logical name: input16
logical name: /dev/input/event11
*-input:3
product: HD-Audio Generic HDMI/DP,pcm=9
physical id: 3
logical name: input17
logical name: /dev/input/event12
*-generic
description: Encryption controller
product: VanGogh PSP/CCP
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0.2
bus info: pci@0000:1a:00.2
version: 00
width: 32 bits
clock: 33MHz
capabilities: pm pciexpress msi msix bus_master cap_list
configuration: driver=ccp latency=0
resources: irq:109 memory:fc900000-fc9fffff memory:fca8c000-fca8dfff
*-usb:0
description: USB controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0.3
bus info: pci@0000:1a:00.3
version: 00
width: 64 bits
clock: 33MHz
capabilities: pm pciexpress msi msix xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:67 memory:fc800000-fc8fffff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 0
bus info: usb@5
logical name: usb5
version: 6.03
capabilities: usb-2.00
configuration: driver=hub slots=2 speed=480Mbit/s
*-usb
description: Keyboard
product: CHICONY USB Keyboard
vendor: CHICONY
physical id: 2
bus info: usb@5:2
logical name: input35
logical name: /dev/input/event4
logical name: input35::capslock
logical name: input35::numlock
logical name: input35::scrolllock
logical name: input36
logical name: /dev/input/event5
logical name: input37
logical name: /dev/input/event6
logical name: input38
logical name: /dev/input/event8
version: 2.30
capabilities: usb-2.00 usb
configuration: driver=usbhid maxpower=100mA speed=1Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 1
bus info: usb@6
logical name: usb6
version: 6.03
capabilities: usb-3.10
configuration: driver=hub slots=2 speed=10000Mbit/s
*-usb:1
description: USB controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0.4
bus info: pci@0000:1a:00.4
version: 00
width: 64 bits
clock: 33MHz
capabilities: pm pciexpress msi msix xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:76 memory:fc700000-fc7fffff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 0
bus info: usb@7
logical name: usb7
version: 6.03
capabilities: usb-2.00
configuration: driver=hub slots=2 speed=480Mbit/s
*-usb
description: Mouse
product: Logitech USB Optical Mouse
vendor: Logitech
physical id: 1
bus info: usb@7:1
logical name: input34
logical name: /dev/input/event23
logical name: /dev/input/mouse0
version: 72.00
capabilities: usb-2.00 usb
configuration: driver=usbhid maxpower=100mA speed=1Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 1
bus info: usb@8
logical name: usb8
version: 6.03
capabilities: usb-3.10
configuration: driver=hub slots=2 speed=10000Mbit/s
*-multimedia:1
description: Audio device
product: Family 17h (Models 10h-1fh) HD Audio Controller
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0.6
bus info: pci@0000:1a:00.6
logical name: card2
logical name: /dev/snd/controlC2
logical name: /dev/snd/hwC2D0
logical name: /dev/snd/pcmC2D0c
logical name: /dev/snd/pcmC2D0p
logical name: /dev/snd/pcmC2D2c
version: 00
width: 32 bits
clock: 33MHz
capabilities: pm pciexpress msi bus_master cap_list
configuration: driver=snd_hda_intel latency=0
resources: irq:94 memory:fca80000-fca87fff
*-input:0
product: HD-Audio Generic Front Mic
physical id: 0
logical name: input18
logical name: /dev/input/event18
*-input:1
product: HD-Audio Generic Rear Mic
physical id: 1
logical name: input19
logical name: /dev/input/event19
*-input:2
product: HD-Audio Generic Line
physical id: 2
logical name: input20
logical name: /dev/input/event20
*-input:3
product: HD-Audio Generic Line Out
physical id: 3
logical name: input21
logical name: /dev/input/event21
*-input:4
product: HD-Audio Generic Front Headphone
physical id: 4
logical name: input22
logical name: /dev/input/event22
*-pci:4
description: PCI bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 8.3
bus info: pci@0000:00:08.3
version: 00
width: 32 bits
clock: 33MHz
capabilities: pci pm pciexpress msi normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:31 memory:fce00000-fcefffff
*-usb
description: USB controller
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 0
bus info: pci@0000:1b:00.0
version: 00
width: 64 bits
clock: 33MHz
capabilities: pm pciexpress msi msix xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:24 memory:fce00000-fcefffff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 0
bus info: usb@9
logical name: usb9
version: 6.03
capabilities: usb-2.00
configuration: driver=hub slots=1 speed=480Mbit/s
*-usb
description: Human interface device
product: ASRock LED Controller
vendor: ASRock
physical id: 1
bus info: usb@9:1
logical name: input7
logical name: /dev/input/event7
logical name: /dev/input/js0
version: 0.00
serial: A02019100900
capabilities: usb-1.10 usb
configuration: driver=usbhid maxpower=100mA speed=12Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 6.3.0-torvalds-notpm-13466-gfc4354c6e5c2 xhci-hcd
physical id: 1
bus info: usb@10
logical name: usb10
version: 6.03
capabilities: usb-3.00
configuration: speed=5000Mbit/s
*-serial
description: SMBus
product: FCH SMBus Controller
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 14
bus info: pci@0000:00:14.0
version: 71
width: 32 bits
clock: 66MHz
configuration: driver=piix4_smbus latency=0
resources: irq:0
*-isa
description: ISA bridge
product: FCH LPC Bridge
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 14.3
bus info: pci@0000:00:14.3
version: 51
width: 32 bits
clock: 66MHz
capabilities: isa bus_master
configuration: latency=0
*-pnp00:00
product: PnP device PNP0c01
physical id: 0
capabilities: pnp
configuration: driver=system
*-pnp00:01
product: PnP device PNP0c02
physical id: 1
capabilities: pnp
configuration: driver=system
*-pnp00:02
product: PnP device PNP0c02
physical id: 2
capabilities: pnp
configuration: driver=system
*-pnp00:03
product: PnP device PNP0b00
physical id: 3
capabilities: pnp
configuration: driver=rtc_cmos
*-pnp00:04
product: PnP device PNP0c02
physical id: 4
capabilities: pnp
configuration: driver=system
*-pnp00:05
product: PnP device PNP0c02
physical id: 5
capabilities: pnp
configuration: driver=system
*-pci:1
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 101
bus info: pci@0000:00:01.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:2
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 102
bus info: pci@0000:00:02.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:3
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 103
bus info: pci@0000:00:03.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:4
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 104
bus info: pci@0000:00:04.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:5
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 105
bus info: pci@0000:00:08.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:6
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 106
bus info: pci@0000:00:18.0
version: 00
width: 32 bits
clock: 33MHz
*-pci:7
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 107
bus info: pci@0000:00:18.1
version: 00
width: 32 bits
clock: 33MHz
*-pci:8
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 108
bus info: pci@0000:00:18.2
version: 00
width: 32 bits
clock: 33MHz
*-pci:9
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 109
bus info: pci@0000:00:18.3
version: 00
width: 32 bits
clock: 33MHz
configuration: driver=k10temp
resources: irq:0
*-pci:10
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 10a
bus info: pci@0000:00:18.4
version: 00
width: 32 bits
clock: 33MHz
*-pci:11
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 10b
bus info: pci@0000:00:18.5
version: 00
width: 32 bits
clock: 33MHz
*-pci:12
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 10c
bus info: pci@0000:00:18.6
version: 00
width: 32 bits
clock: 33MHz
*-pci:13
description: Host bridge
product: Advanced Micro Devices, Inc. [AMD]
vendor: Advanced Micro Devices, Inc. [AMD]
physical id: 10d
bus info: pci@0000:00:18.7
version: 00
width: 32 bits
clock: 33MHz
*-input:0
product: Power Button
physical id: 1
logical name: input0
logical name: /dev/input/event0
capabilities: platform
*-input:1
product: Power Button
physical id: 2
logical name: input1
logical name: /dev/input/event1
capabilities: platform
*-input:2
product: Video Bus
physical id: 3
logical name: input2
logical name: /dev/input/event2
capabilities: platform
*-input:3
product: rc-core loopback device
physical id: 4
logical name: input23
logical name: /dev/input/event3
capabilities: virtual
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 6:30 [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2 Mirsad Goran Todorovac
@ 2023-05-08 6:51 ` Greg Kroah-Hartman
2023-05-08 7:40 ` Mirsad Todorovac
2023-05-08 14:01 ` Greg Kroah-Hartman
0 siblings, 2 replies; 15+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 6:51 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
> Hi,
>
> There seems to be a kernel memory leak in the USB keyboard driver.
>
> The leaked memory allocs are 96 and 512 bytes.
>
> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
> Lightning mobo,
> and Genius SlimStar i220 GK-080012 keyboard.
>
> (Logitech M100 HID mouse is not affected by the bug.)
>
> BIOS is:
>
> *-firmware
> description: BIOS
> vendor: American Megatrends International, LLC.
> physical id: 0
> version: 1.21
> date: 04/26/2023
> size: 64KiB
>
> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>
> The keyboard is recognised as Chicony:
>
> *-usb
> description: Keyboard
> product: CHICONY USB Keyboard
> vendor: CHICONY
> physical id: 2
> bus info: usb@5:2
> logical name: input35
> logical name: /dev/input/event4
> logical name: input35::capslock
> logical name: input35::numlock
> logical name: input35::scrolllock
> logical name: input36
> logical name: /dev/input/event5
> logical name: input37
> logical name: /dev/input/event6
> logical name: input38
> logical name: /dev/input/event8
> version: 2.30
> capabilities: usb-2.00 usb
> configuration: driver=usbhid maxpower=100mA
> speed=1Mbit/s
>
> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
> couple of seconds,
> and then reconnect and scan for memory leaks twice.
>
> The kmemleak log is as follows [edited privacy info]:
>
> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffff8dd020037c00 (size 96):
> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
> hex dump (first 32 bytes):
> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
> [<ffffffffb87543d9>] class_create+0x29/0x80
> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
As the call to class_create() in this path is now gone in 6.4-rc1, can
you retry that release to see if this is still there or not?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 6:51 ` Greg Kroah-Hartman
@ 2023-05-08 7:40 ` Mirsad Todorovac
2023-05-08 14:01 ` Greg Kroah-Hartman
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Todorovac @ 2023-05-08 7:40 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On 5/8/23 08:51, Greg Kroah-Hartman wrote:
> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>> Hi,
>>
>> There seems to be a kernel memory leak in the USB keyboard driver.
>>
>> The leaked memory allocs are 96 and 512 bytes.
>>
>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>> Lightning mobo,
>> and Genius SlimStar i220 GK-080012 keyboard.
>>
>> (Logitech M100 HID mouse is not affected by the bug.)
>>
>> BIOS is:
>>
>> *-firmware
>> description: BIOS
>> vendor: American Megatrends International, LLC.
>> physical id: 0
>> version: 1.21
>> date: 04/26/2023
>> size: 64KiB
>>
>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>
>> The keyboard is recognised as Chicony:
>>
>> *-usb
>> description: Keyboard
>> product: CHICONY USB Keyboard
>> vendor: CHICONY
>> physical id: 2
>> bus info: usb@5:2
>> logical name: input35
>> logical name: /dev/input/event4
>> logical name: input35::capslock
>> logical name: input35::numlock
>> logical name: input35::scrolllock
>> logical name: input36
>> logical name: /dev/input/event5
>> logical name: input37
>> logical name: /dev/input/event6
>> logical name: input38
>> logical name: /dev/input/event8
>> version: 2.30
>> capabilities: usb-2.00 usb
>> configuration: driver=usbhid maxpower=100mA
>> speed=1Mbit/s
>>
>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>> couple of seconds,
>> and then reconnect and scan for memory leaks twice.
>>
>> The kmemleak log is as follows [edited privacy info]:
>>
>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>> unreferenced object 0xffff8dd020037c00 (size 96):
>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>> hex dump (first 32 bytes):
>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>> backtrace:
>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>> [<ffffffffb87543d9>] class_create+0x29/0x80
>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>
> As the call to class_create() in this path is now gone in 6.4-rc1, can
> you retry that release to see if this is still there or not?
Certainly, but probably not before 6 PM UTC+02.
Best regards,
Mirsad
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
"What’s this thing suddenly coming towards me very fast? Very very fast.
... I wonder if it will be friends with me?"
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 6:51 ` Greg Kroah-Hartman
2023-05-08 7:40 ` Mirsad Todorovac
@ 2023-05-08 14:01 ` Greg Kroah-Hartman
2023-05-08 17:26 ` Mirsad Goran Todorovac
2023-05-08 23:51 ` Mirsad Goran Todorovac
1 sibling, 2 replies; 15+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-08 14:01 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
> > Hi,
> >
> > There seems to be a kernel memory leak in the USB keyboard driver.
> >
> > The leaked memory allocs are 96 and 512 bytes.
> >
> > The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
> > Lightning mobo,
> > and Genius SlimStar i220 GK-080012 keyboard.
> >
> > (Logitech M100 HID mouse is not affected by the bug.)
> >
> > BIOS is:
> >
> > *-firmware
> > description: BIOS
> > vendor: American Megatrends International, LLC.
> > physical id: 0
> > version: 1.21
> > date: 04/26/2023
> > size: 64KiB
> >
> > The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
> >
> > The keyboard is recognised as Chicony:
> >
> > *-usb
> > description: Keyboard
> > product: CHICONY USB Keyboard
> > vendor: CHICONY
> > physical id: 2
> > bus info: usb@5:2
> > logical name: input35
> > logical name: /dev/input/event4
> > logical name: input35::capslock
> > logical name: input35::numlock
> > logical name: input35::scrolllock
> > logical name: input36
> > logical name: /dev/input/event5
> > logical name: input37
> > logical name: /dev/input/event6
> > logical name: input38
> > logical name: /dev/input/event8
> > version: 2.30
> > capabilities: usb-2.00 usb
> > configuration: driver=usbhid maxpower=100mA
> > speed=1Mbit/s
> >
> > The bug is easily reproduced by unplugging the USB keyboard, waiting about a
> > couple of seconds,
> > and then reconnect and scan for memory leaks twice.
> >
> > The kmemleak log is as follows [edited privacy info]:
> >
> > root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
> > unreferenced object 0xffff8dd020037c00 (size 96):
> > comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
> > hex dump (first 32 bytes):
> > 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
> > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> > backtrace:
> > [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
> > [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
> > [<ffffffffb87543d9>] class_create+0x29/0x80
> > [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>
> As the call to class_create() in this path is now gone in 6.4-rc1, can
> you retry that release to see if this is still there or not?
No, wait, it's still there, I was looking at a development branch of
mine that isn't sent upstream yet. And syzbot just reported the same
thing:
https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
So something's wrong here, let me dig into it tomorrow when I get a
chance...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 14:01 ` Greg Kroah-Hartman
@ 2023-05-08 17:26 ` Mirsad Goran Todorovac
2023-05-08 23:51 ` Mirsad Goran Todorovac
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-08 17:26 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>> Hi,
>>>
>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>
>>> The leaked memory allocs are 96 and 512 bytes.
>>>
>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>> Lightning mobo,
>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>
>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>
>>> BIOS is:
>>>
>>> *-firmware
>>> description: BIOS
>>> vendor: American Megatrends International, LLC.
>>> physical id: 0
>>> version: 1.21
>>> date: 04/26/2023
>>> size: 64KiB
>>>
>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>
>>> The keyboard is recognised as Chicony:
>>>
>>> *-usb
>>> description: Keyboard
>>> product: CHICONY USB Keyboard
>>> vendor: CHICONY
>>> physical id: 2
>>> bus info: usb@5:2
>>> logical name: input35
>>> logical name: /dev/input/event4
>>> logical name: input35::capslock
>>> logical name: input35::numlock
>>> logical name: input35::scrolllock
>>> logical name: input36
>>> logical name: /dev/input/event5
>>> logical name: input37
>>> logical name: /dev/input/event6
>>> logical name: input38
>>> logical name: /dev/input/event8
>>> version: 2.30
>>> capabilities: usb-2.00 usb
>>> configuration: driver=usbhid maxpower=100mA
>>> speed=1Mbit/s
>>>
>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>> couple of seconds,
>>> and then reconnect and scan for memory leaks twice.
>>>
>>> The kmemleak log is as follows [edited privacy info]:
>>>
>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>> hex dump (first 32 bytes):
>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>> backtrace:
>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>> you retry that release to see if this is still there or not?
> No, wait, it's still there, I was looking at a development branch of
> mine that isn't sent upstream yet. And syzbot just reported the same
> thing:
> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>
> So something's wrong here, let me dig into it tomorrow when I get a
> chance...
Hi,
I can confirm that the leak is still present in 6.4-rc1:
root@host:/home/user# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff9e6b57bd8ea0 (size 96):
comm "systemd-udevd", pid 322, jiffies 4294892584 (age 123.516s)
hex dump (first 32 bytes):
a4 90 ee b6 ff ff ff ff 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb5ba74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb5b27b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb6154959>] class_create+0x29/0x80
[<ffffffffb62812a4>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc066ebab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc0629d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc062a24c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc05e8092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc062a450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb6152602>] really_probe+0x1b2/0x420
[<ffffffffb61528fe>] __driver_probe_device+0x7e/0x170
[<ffffffffb6152a23>] driver_probe_device+0x23/0xa0
[<ffffffffb6152cc8>] __driver_attach+0xe8/0x1e0
[<ffffffffb614fe6e>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb6151da2>] driver_attach+0x22/0x30
[<ffffffffb61513f0>] bus_add_driver+0x120/0x220
unreferenced object 0xffff9e6b58d75800 (size 512):
comm "systemd-udevd", pid 322, jiffies 4294892584 (age 123.516s)
hex dump (first 32 bytes):
00 58 d7 58 6b 9e ff ff 00 58 d7 58 6b 9e ff ff .X.Xk....X.Xk...
00 00 00 00 00 00 00 00 a4 90 ee b6 ff ff ff ff ................
backtrace:
[<ffffffffb5ba74be>] __kmem_cache_alloc_node+0x22e/0x2b0
[<ffffffffb5b27b6e>] kmalloc_trace+0x2e/0xa0
[<ffffffffb6154812>] class_register+0x32/0x140
[<ffffffffb6154974>] class_create+0x44/0x80
[<ffffffffb62812a4>] usb_register_dev+0x1d4/0x2e0
[<ffffffffc066ebab>] hiddev_connect+0x11b/0x1b0 [usbhid]
[<ffffffffc0629d4e>] hid_connect+0xde/0x580 [hid]
[<ffffffffc062a24c>] hid_hw_start+0x4c/0x70 [hid]
[<ffffffffc05e8092>] hid_generic_probe+0x32/0x40 [hid_generic]
[<ffffffffc062a450>] hid_device_probe+0x100/0x170 [hid]
[<ffffffffb6152602>] really_probe+0x1b2/0x420
[<ffffffffb61528fe>] __driver_probe_device+0x7e/0x170
[<ffffffffb6152a23>] driver_probe_device+0x23/0xa0
[<ffffffffb6152cc8>] __driver_attach+0xe8/0x1e0
[<ffffffffb614fe6e>] bus_for_each_dev+0x7e/0xd0
[<ffffffffb6151da2>] driver_attach+0x22/0x30
root@host:/home/user#
Would you need a bisect on this one? Maybe it would help.
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 14:01 ` Greg Kroah-Hartman
2023-05-08 17:26 ` Mirsad Goran Todorovac
@ 2023-05-08 23:51 ` Mirsad Goran Todorovac
2023-05-09 2:59 ` Greg Kroah-Hartman
1 sibling, 1 reply; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-08 23:51 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>> Hi,
>>>
>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>
>>> The leaked memory allocs are 96 and 512 bytes.
>>>
>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>> Lightning mobo,
>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>
>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>
>>> BIOS is:
>>>
>>> *-firmware
>>> description: BIOS
>>> vendor: American Megatrends International, LLC.
>>> physical id: 0
>>> version: 1.21
>>> date: 04/26/2023
>>> size: 64KiB
>>>
>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>
>>> The keyboard is recognised as Chicony:
>>>
>>> *-usb
>>> description: Keyboard
>>> product: CHICONY USB Keyboard
>>> vendor: CHICONY
>>> physical id: 2
>>> bus info: usb@5:2
>>> logical name: input35
>>> logical name: /dev/input/event4
>>> logical name: input35::capslock
>>> logical name: input35::numlock
>>> logical name: input35::scrolllock
>>> logical name: input36
>>> logical name: /dev/input/event5
>>> logical name: input37
>>> logical name: /dev/input/event6
>>> logical name: input38
>>> logical name: /dev/input/event8
>>> version: 2.30
>>> capabilities: usb-2.00 usb
>>> configuration: driver=usbhid maxpower=100mA
>>> speed=1Mbit/s
>>>
>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>> couple of seconds,
>>> and then reconnect and scan for memory leaks twice.
>>>
>>> The kmemleak log is as follows [edited privacy info]:
>>>
>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>> hex dump (first 32 bytes):
>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>> backtrace:
>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>
>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>> you retry that release to see if this is still there or not?
>
> No, wait, it's still there, I was looking at a development branch of
> mine that isn't sent upstream yet. And syzbot just reported the same
> thing:
> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>
> So something's wrong here, let me dig into it tomorrow when I get a
> chance...
If this could help, here is the bisect of the bug (I could not discern
what could possibly be wrong):
user@host:~/linux/kernel/linux_torvalds$ git bisect log
git bisect start
# bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
git bisect bad ac9a78681b921877518763ba0e89202254349d1b
# good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
# good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
'net-remove-some-rcu_bh-cruft'
git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
# good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc'
of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
git bisect good b68ee1c6131c540a62ecd443be89c406401df091
# bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag
'sysctl-6.4-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
# good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
# good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
'for-linus-2023042601' of
git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
# good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
'staging-6.4-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
# good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
memory region to avoid memory overlapping
git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
# bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure
due to sysfs 'bus_type' argument needing to be const
git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
# good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class:
use lock_class_key already present in struct subsys_private
git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
# bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
class_is_registered()
git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
# good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
comment to set_primary_fwnode() on nullifying
git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
# bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add
debug message with checksum for FW file
git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
# good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
implement class_get/put without the private pointer.
git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
# bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
machine name in soc_device_register if empty
git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
# bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
convert to only use class_to_subsys
git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
# first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver
core: class.c: convert to only use class_to_subsys
user@host:~/linux/kernel/linux_torvalds$
Have a nice day and God bless.
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-08 23:51 ` Mirsad Goran Todorovac
@ 2023-05-09 2:59 ` Greg Kroah-Hartman
2023-05-12 19:08 ` Mirsad Goran Todorovac
2023-05-12 21:33 ` [BUG][NEW DATA] " Mirsad Goran Todorovac
0 siblings, 2 replies; 15+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-09 2:59 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>
>
> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
> > On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
> > > On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
> > > > Hi,
> > > >
> > > > There seems to be a kernel memory leak in the USB keyboard driver.
> > > >
> > > > The leaked memory allocs are 96 and 512 bytes.
> > > >
> > > > The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
> > > > Lightning mobo,
> > > > and Genius SlimStar i220 GK-080012 keyboard.
> > > >
> > > > (Logitech M100 HID mouse is not affected by the bug.)
> > > >
> > > > BIOS is:
> > > >
> > > > *-firmware
> > > > description: BIOS
> > > > vendor: American Megatrends International, LLC.
> > > > physical id: 0
> > > > version: 1.21
> > > > date: 04/26/2023
> > > > size: 64KiB
> > > >
> > > > The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
> > > >
> > > > The keyboard is recognised as Chicony:
> > > >
> > > > *-usb
> > > > description: Keyboard
> > > > product: CHICONY USB Keyboard
> > > > vendor: CHICONY
> > > > physical id: 2
> > > > bus info: usb@5:2
> > > > logical name: input35
> > > > logical name: /dev/input/event4
> > > > logical name: input35::capslock
> > > > logical name: input35::numlock
> > > > logical name: input35::scrolllock
> > > > logical name: input36
> > > > logical name: /dev/input/event5
> > > > logical name: input37
> > > > logical name: /dev/input/event6
> > > > logical name: input38
> > > > logical name: /dev/input/event8
> > > > version: 2.30
> > > > capabilities: usb-2.00 usb
> > > > configuration: driver=usbhid maxpower=100mA
> > > > speed=1Mbit/s
> > > >
> > > > The bug is easily reproduced by unplugging the USB keyboard, waiting about a
> > > > couple of seconds,
> > > > and then reconnect and scan for memory leaks twice.
> > > >
> > > > The kmemleak log is as follows [edited privacy info]:
> > > >
> > > > root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
> > > > unreferenced object 0xffff8dd020037c00 (size 96):
> > > > comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
> > > > hex dump (first 32 bytes):
> > > > 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
> > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> > > > backtrace:
> > > > [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
> > > > [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
> > > > [<ffffffffb87543d9>] class_create+0x29/0x80
> > > > [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
> > >
> > > As the call to class_create() in this path is now gone in 6.4-rc1, can
> > > you retry that release to see if this is still there or not?
> >
> > No, wait, it's still there, I was looking at a development branch of
> > mine that isn't sent upstream yet. And syzbot just reported the same
> > thing:
> > https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
> >
> > So something's wrong here, let me dig into it tomorrow when I get a
> > chance...
>
> If this could help, here is the bisect of the bug (I could not discern what
> could possibly be wrong):
>
> user@host:~/linux/kernel/linux_torvalds$ git bisect log
> git bisect start
> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
> 'net-remove-some-rcu_bh-cruft'
> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
> 'for-linus-2023042601' of
> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
> 'staging-6.4-rc1' of
> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
> memory region to avoid memory overlapping
> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
> to sysfs 'bus_type' argument needing to be const
> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
> lock_class_key already present in struct subsys_private
> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
> class_is_registered()
> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
> comment to set_primary_fwnode() on nullifying
> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
> message with checksum for FW file
> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
> implement class_get/put without the private pointer.
> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
> machine name in soc_device_register if empty
> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
> convert to only use class_to_subsys
> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
> class.c: convert to only use class_to_subsys
> user@host:~/linux/kernel/linux_torvalds$
This helps a lot, thanks. I got the reference counting wrong somewhere
in here, I thought I tested this better, odd it shows up now...
I'll try to work on it this week.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-09 2:59 ` Greg Kroah-Hartman
@ 2023-05-12 19:08 ` Mirsad Goran Todorovac
2023-05-12 21:33 ` [BUG][NEW DATA] " Mirsad Goran Todorovac
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-12 19:08 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
Hi, Greg,
On 09. 05. 2023. 04:59, Greg Kroah-Hartman wrote:
> On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>>
>>
>> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
>>> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>>>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>>>> Hi,
>>>>>
>>>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>>>
>>>>> The leaked memory allocs are 96 and 512 bytes.
>>>>>
>>>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>>>> Lightning mobo,
>>>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>>>
>>>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>>>
>>>>> BIOS is:
>>>>>
>>>>> *-firmware
>>>>> description: BIOS
>>>>> vendor: American Megatrends International, LLC.
>>>>> physical id: 0
>>>>> version: 1.21
>>>>> date: 04/26/2023
>>>>> size: 64KiB
>>>>>
>>>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>>>
>>>>> The keyboard is recognised as Chicony:
>>>>>
>>>>> *-usb
>>>>> description: Keyboard
>>>>> product: CHICONY USB Keyboard
>>>>> vendor: CHICONY
>>>>> physical id: 2
>>>>> bus info: usb@5:2
>>>>> logical name: input35
>>>>> logical name: /dev/input/event4
>>>>> logical name: input35::capslock
>>>>> logical name: input35::numlock
>>>>> logical name: input35::scrolllock
>>>>> logical name: input36
>>>>> logical name: /dev/input/event5
>>>>> logical name: input37
>>>>> logical name: /dev/input/event6
>>>>> logical name: input38
>>>>> logical name: /dev/input/event8
>>>>> version: 2.30
>>>>> capabilities: usb-2.00 usb
>>>>> configuration: driver=usbhid maxpower=100mA
>>>>> speed=1Mbit/s
>>>>>
>>>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>>>> couple of seconds,
>>>>> and then reconnect and scan for memory leaks twice.
>>>>>
>>>>> The kmemleak log is as follows [edited privacy info]:
>>>>>
>>>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>>>> hex dump (first 32 bytes):
>>>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>>>> backtrace:
>>>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>>>
>>>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>>>> you retry that release to see if this is still there or not?
>>>
>>> No, wait, it's still there, I was looking at a development branch of
>>> mine that isn't sent upstream yet. And syzbot just reported the same
>>> thing:
>>> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>>>
>>> So something's wrong here, let me dig into it tomorrow when I get a
>>> chance...
>>
>> If this could help, here is the bisect of the bug (I could not discern what
>> could possibly be wrong):
>>
>> user@host:~/linux/kernel/linux_torvalds$ git bisect log
>> git bisect start
>> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
>> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
>> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
>> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
>> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
>> 'net-remove-some-rcu_bh-cruft'
>> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
>> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
>> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
>> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
>> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
>> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
>> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
>> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
>> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
>> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
>> 'for-linus-2023042601' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
>> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
>> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
>> 'staging-6.4-rc1' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
>> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
>> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
>> memory region to avoid memory overlapping
>> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
>> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
>> to sysfs 'bus_type' argument needing to be const
>> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
>> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
>> lock_class_key already present in struct subsys_private
>> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
>> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
>> class_is_registered()
>> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
>> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
>> comment to set_primary_fwnode() on nullifying
>> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
>> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
>> message with checksum for FW file
>> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
>> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
>> implement class_get/put without the private pointer.
>> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
>> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
>> machine name in soc_device_register if empty
>> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
>> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
>> convert to only use class_to_subsys
>> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
>> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
>> class.c: convert to only use class_to_subsys
>> user@host:~/linux/kernel/linux_torvalds$
>
> This helps a lot, thanks. I got the reference counting wrong somewhere
> in here, I thought I tested this better, odd it shows up now...
>
> I'll try to work on it this week.
>
> thanks,
>
> greg k-h
Not at all!
I hope you had better luck because this part of code still looks to me
like hieroglyphs.
Linux kernel rose to 10.9M lines, and it would take me thirty years to
just read it once, 1000 lines a day ... 6.7M lines are "just drivers".
# find . -name '*.c' -o -name '*.h' -print0 | wc --files0-from -
10913623 35587483 631377958 total
# find drivers -name '*.c' -o -name '*.h' -print0 | wc --files0-from -
6705084 19985060 495162001 total
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-09 2:59 ` Greg Kroah-Hartman
2023-05-12 19:08 ` Mirsad Goran Todorovac
@ 2023-05-12 21:33 ` Mirsad Goran Todorovac
2023-05-16 14:36 ` Greg Kroah-Hartman
1 sibling, 1 reply; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-12 21:33 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mirsad Goran Todorovac
Cc: linux-usb, linux-kernel, linux-input, Benjamin Tissoires, Jiri Kosina
Hi,
On 5/9/23 04:59, Greg Kroah-Hartman wrote:
> On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>>
>>
>> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
>>> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>>>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>>>> Hi,
>>>>>
>>>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>>>
>>>>> The leaked memory allocs are 96 and 512 bytes.
>>>>>
>>>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>>>> Lightning mobo,
>>>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>>>
>>>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>>>
>>>>> BIOS is:
>>>>>
>>>>> *-firmware
>>>>> description: BIOS
>>>>> vendor: American Megatrends International, LLC.
>>>>> physical id: 0
>>>>> version: 1.21
>>>>> date: 04/26/2023
>>>>> size: 64KiB
>>>>>
>>>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>>>
>>>>> The keyboard is recognised as Chicony:
>>>>>
>>>>> *-usb
>>>>> description: Keyboard
>>>>> product: CHICONY USB Keyboard
>>>>> vendor: CHICONY
>>>>> physical id: 2
>>>>> bus info: usb@5:2
>>>>> logical name: input35
>>>>> logical name: /dev/input/event4
>>>>> logical name: input35::capslock
>>>>> logical name: input35::numlock
>>>>> logical name: input35::scrolllock
>>>>> logical name: input36
>>>>> logical name: /dev/input/event5
>>>>> logical name: input37
>>>>> logical name: /dev/input/event6
>>>>> logical name: input38
>>>>> logical name: /dev/input/event8
>>>>> version: 2.30
>>>>> capabilities: usb-2.00 usb
>>>>> configuration: driver=usbhid maxpower=100mA
>>>>> speed=1Mbit/s
>>>>>
>>>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>>>> couple of seconds,
>>>>> and then reconnect and scan for memory leaks twice.
>>>>>
>>>>> The kmemleak log is as follows [edited privacy info]:
>>>>>
>>>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>>>> hex dump (first 32 bytes):
>>>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>>>> backtrace:
>>>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>>>
>>>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>>>> you retry that release to see if this is still there or not?
>>>
>>> No, wait, it's still there, I was looking at a development branch of
>>> mine that isn't sent upstream yet. And syzbot just reported the same
>>> thing:
>>> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>>>
>>> So something's wrong here, let me dig into it tomorrow when I get a
>>> chance...
>>
>> If this could help, here is the bisect of the bug (I could not discern what
>> could possibly be wrong):
>>
>> user@host:~/linux/kernel/linux_torvalds$ git bisect log
>> git bisect start
>> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
>> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
>> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
>> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
>> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
>> 'net-remove-some-rcu_bh-cruft'
>> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
>> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
>> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
>> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
>> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
>> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
>> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
>> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
>> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
>> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
>> 'for-linus-2023042601' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
>> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
>> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
>> 'staging-6.4-rc1' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
>> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
>> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
>> memory region to avoid memory overlapping
>> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
>> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
>> to sysfs 'bus_type' argument needing to be const
>> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
>> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
>> lock_class_key already present in struct subsys_private
>> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
>> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
>> class_is_registered()
>> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
>> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
>> comment to set_primary_fwnode() on nullifying
>> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
>> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
>> message with checksum for FW file
>> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
>> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
>> implement class_get/put without the private pointer.
>> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
>> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
>> machine name in soc_device_register if empty
>> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
>> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
>> convert to only use class_to_subsys
>> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
>> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
>> class.c: convert to only use class_to_subsys
>> user@host:~/linux/kernel/linux_torvalds$
>
> This helps a lot, thanks. I got the reference counting wrong somewhere
> in here, I thought I tested this better, odd it shows up now...
>
> I'll try to work on it this week.
I have figured out that the leak occurs on keyboard unplugging only, one
or two leaks (maybe a race condition?).
Please NOTE that the number of leaks is now odd:
root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
root@defiant:/home/marvin#
At one time unplugging keyboard generated only one leak, but only at one
time. As it requires manually unplugging keyboard, I didn't seem to find
a way to automate it, but it doesn't seem to require root access.
BTW, I've seen in syzbot output that kmemleak output has debug source
file names and line numbers. I couldn't make that work with the dbg .deb.
I will do some more homework, but this was a rough week.
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-12 21:33 ` [BUG][NEW DATA] " Mirsad Goran Todorovac
@ 2023-05-16 14:36 ` Greg Kroah-Hartman
2023-05-17 7:24 ` Mirsad Goran Todorovac
2023-05-17 16:10 ` Mirsad Goran Todorovac
0 siblings, 2 replies; 15+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-16 14:36 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On Fri, May 12, 2023 at 11:33:31PM +0200, Mirsad Goran Todorovac wrote:
> Hi,
>
> On 5/9/23 04:59, Greg Kroah-Hartman wrote:
> > On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
> > >
> > >
> > > On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
> > > > On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
> > > > > On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
> > > > > > Hi,
> > > > > >
> > > > > > There seems to be a kernel memory leak in the USB keyboard driver.
> > > > > >
> > > > > > The leaked memory allocs are 96 and 512 bytes.
> > > > > >
> > > > > > The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
> > > > > > Lightning mobo,
> > > > > > and Genius SlimStar i220 GK-080012 keyboard.
> > > > > >
> > > > > > (Logitech M100 HID mouse is not affected by the bug.)
> > > > > >
> > > > > > BIOS is:
> > > > > >
> > > > > > *-firmware
> > > > > > description: BIOS
> > > > > > vendor: American Megatrends International, LLC.
> > > > > > physical id: 0
> > > > > > version: 1.21
> > > > > > date: 04/26/2023
> > > > > > size: 64KiB
> > > > > >
> > > > > > The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
> > > > > >
> > > > > > The keyboard is recognised as Chicony:
> > > > > >
> > > > > > *-usb
> > > > > > description: Keyboard
> > > > > > product: CHICONY USB Keyboard
> > > > > > vendor: CHICONY
> > > > > > physical id: 2
> > > > > > bus info: usb@5:2
> > > > > > logical name: input35
> > > > > > logical name: /dev/input/event4
> > > > > > logical name: input35::capslock
> > > > > > logical name: input35::numlock
> > > > > > logical name: input35::scrolllock
> > > > > > logical name: input36
> > > > > > logical name: /dev/input/event5
> > > > > > logical name: input37
> > > > > > logical name: /dev/input/event6
> > > > > > logical name: input38
> > > > > > logical name: /dev/input/event8
> > > > > > version: 2.30
> > > > > > capabilities: usb-2.00 usb
> > > > > > configuration: driver=usbhid maxpower=100mA
> > > > > > speed=1Mbit/s
> > > > > >
> > > > > > The bug is easily reproduced by unplugging the USB keyboard, waiting about a
> > > > > > couple of seconds,
> > > > > > and then reconnect and scan for memory leaks twice.
> > > > > >
> > > > > > The kmemleak log is as follows [edited privacy info]:
> > > > > >
> > > > > > root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
> > > > > > unreferenced object 0xffff8dd020037c00 (size 96):
> > > > > > comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
> > > > > > hex dump (first 32 bytes):
> > > > > > 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
> > > > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> > > > > > backtrace:
> > > > > > [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
> > > > > > [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
> > > > > > [<ffffffffb87543d9>] class_create+0x29/0x80
> > > > > > [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
> > > > >
> > > > > As the call to class_create() in this path is now gone in 6.4-rc1, can
> > > > > you retry that release to see if this is still there or not?
> > > >
> > > > No, wait, it's still there, I was looking at a development branch of
> > > > mine that isn't sent upstream yet. And syzbot just reported the same
> > > > thing:
> > > > https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
> > > >
> > > > So something's wrong here, let me dig into it tomorrow when I get a
> > > > chance...
> > >
> > > If this could help, here is the bisect of the bug (I could not discern what
> > > could possibly be wrong):
> > >
> > > user@host:~/linux/kernel/linux_torvalds$ git bisect log
> > > git bisect start
> > > # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
> > > git bisect bad ac9a78681b921877518763ba0e89202254349d1b
> > > # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
> > > git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
> > > # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
> > > 'net-remove-some-rcu_bh-cruft'
> > > git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
> > > # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
> > > git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
> > > git bisect good b68ee1c6131c540a62ecd443be89c406401df091
> > > # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
> > > of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
> > > git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
> > > # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
> > > 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
> > > git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
> > > # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
> > > 'for-linus-2023042601' of
> > > git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
> > > git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
> > > # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
> > > 'staging-6.4-rc1' of
> > > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
> > > git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
> > > # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
> > > memory region to avoid memory overlapping
> > > git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
> > > # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
> > > to sysfs 'bus_type' argument needing to be const
> > > git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
> > > # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
> > > lock_class_key already present in struct subsys_private
> > > git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
> > > # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
> > > class_is_registered()
> > > git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
> > > # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
> > > comment to set_primary_fwnode() on nullifying
> > > git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
> > > # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
> > > message with checksum for FW file
> > > git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
> > > # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
> > > implement class_get/put without the private pointer.
> > > git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
> > > # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
> > > machine name in soc_device_register if empty
> > > git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
> > > # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
> > > convert to only use class_to_subsys
> > > git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
> > > # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
> > > class.c: convert to only use class_to_subsys
> > > user@host:~/linux/kernel/linux_torvalds$
> >
> > This helps a lot, thanks. I got the reference counting wrong somewhere
> > in here, I thought I tested this better, odd it shows up now...
> >
> > I'll try to work on it this week.
>
> I have figured out that the leak occurs on keyboard unplugging only, one
> or two leaks (maybe a race condition?).
>
> Please NOTE that the number of leaks is now odd:
>
> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
> comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
> root@defiant:/home/marvin#
>
> At one time unplugging keyboard generated only one leak, but only at one
> time. As it requires manually unplugging keyboard, I didn't seem to find a
> way to automate it, but it doesn't seem to require root access.
>
> BTW, I've seen in syzbot output that kmemleak output has debug source file
> names and line numbers. I couldn't make that work with the dbg .deb.
>
> I will do some more homework, but this was a rough week.
I made up a patch based on code inspection alone, as I couldn't
reproduce this locally at all:
https://lore.kernel.org/r/2023051628-thumb-boaster-5680@gregkh
and it seemed to pass syzbot's tests.
I've included it here below, can you test it as well?
Hm, I only tested with a USB mouse unplug/plug cycle, maybe the issue is
a keyboard?
thanks,
greg k-h
-------------
diff --git a/drivers/base/class.c b/drivers/base/class.c
index ac1808d1a2e8..9b44edc8416f 100644
--- a/drivers/base/class.c
+++ b/drivers/base/class.c
@@ -320,6 +322,7 @@ void class_dev_iter_init(struct class_dev_iter *iter, const struct class *class,
start_knode = &start->p->knode_class;
klist_iter_init_node(&sp->klist_devices, &iter->ki, start_knode);
iter->type = type;
+ iter->sp = sp;
}
EXPORT_SYMBOL_GPL(class_dev_iter_init);
@@ -361,6 +364,7 @@ EXPORT_SYMBOL_GPL(class_dev_iter_next);
void class_dev_iter_exit(struct class_dev_iter *iter)
{
klist_iter_exit(&iter->ki);
+ subsys_put(iter->sp);
}
EXPORT_SYMBOL_GPL(class_dev_iter_exit);
diff --git a/include/linux/device/class.h b/include/linux/device/class.h
index 9deeaeb457bb..abf3d3bfb6fe 100644
--- a/include/linux/device/class.h
+++ b/include/linux/device/class.h
@@ -74,6 +74,7 @@ struct class {
struct class_dev_iter {
struct klist_iter ki;
const struct device_type *type;
+ struct subsys_private *sp;
};
int __must_check class_register(const struct class *class);
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-16 14:36 ` Greg Kroah-Hartman
@ 2023-05-17 7:24 ` Mirsad Goran Todorovac
2023-05-17 16:10 ` Mirsad Goran Todorovac
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-17 7:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On 16.5.2023. 16:36, Greg Kroah-Hartman wrote:
> On Fri, May 12, 2023 at 11:33:31PM +0200, Mirsad Goran Todorovac wrote:
>> Hi,
>>
>> On 5/9/23 04:59, Greg Kroah-Hartman wrote:
>>> On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>>>>
>>>>
>>>> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
>>>>> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>>>>>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>>>>>
>>>>>>> The leaked memory allocs are 96 and 512 bytes.
>>>>>>>
>>>>>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>>>>>> Lightning mobo,
>>>>>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>>>>>
>>>>>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>>>>>
>>>>>>> BIOS is:
>>>>>>>
>>>>>>> *-firmware
>>>>>>> description: BIOS
>>>>>>> vendor: American Megatrends International, LLC.
>>>>>>> physical id: 0
>>>>>>> version: 1.21
>>>>>>> date: 04/26/2023
>>>>>>> size: 64KiB
>>>>>>>
>>>>>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>>>>>
>>>>>>> The keyboard is recognised as Chicony:
>>>>>>>
>>>>>>> *-usb
>>>>>>> description: Keyboard
>>>>>>> product: CHICONY USB Keyboard
>>>>>>> vendor: CHICONY
>>>>>>> physical id: 2
>>>>>>> bus info: usb@5:2
>>>>>>> logical name: input35
>>>>>>> logical name: /dev/input/event4
>>>>>>> logical name: input35::capslock
>>>>>>> logical name: input35::numlock
>>>>>>> logical name: input35::scrolllock
>>>>>>> logical name: input36
>>>>>>> logical name: /dev/input/event5
>>>>>>> logical name: input37
>>>>>>> logical name: /dev/input/event6
>>>>>>> logical name: input38
>>>>>>> logical name: /dev/input/event8
>>>>>>> version: 2.30
>>>>>>> capabilities: usb-2.00 usb
>>>>>>> configuration: driver=usbhid maxpower=100mA
>>>>>>> speed=1Mbit/s
>>>>>>>
>>>>>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>>>>>> couple of seconds,
>>>>>>> and then reconnect and scan for memory leaks twice.
>>>>>>>
>>>>>>> The kmemleak log is as follows [edited privacy info]:
>>>>>>>
>>>>>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>>>>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>>>>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>>>>>> hex dump (first 32 bytes):
>>>>>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>>>>>> backtrace:
>>>>>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>>>>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>>>>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>>>>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>>>>>
>>>>>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>>>>>> you retry that release to see if this is still there or not?
>>>>>
>>>>> No, wait, it's still there, I was looking at a development branch of
>>>>> mine that isn't sent upstream yet. And syzbot just reported the same
>>>>> thing:
>>>>> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>>>>>
>>>>> So something's wrong here, let me dig into it tomorrow when I get a
>>>>> chance...
>>>>
>>>> If this could help, here is the bisect of the bug (I could not discern what
>>>> could possibly be wrong):
>>>>
>>>> user@host:~/linux/kernel/linux_torvalds$ git bisect log
>>>> git bisect start
>>>> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
>>>> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
>>>> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
>>>> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
>>>> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
>>>> 'net-remove-some-rcu_bh-cruft'
>>>> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
>>>> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
>>>> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
>>>> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
>>>> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
>>>> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
>>>> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
>>>> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
>>>> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
>>>> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
>>>> 'for-linus-2023042601' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
>>>> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
>>>> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
>>>> 'staging-6.4-rc1' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
>>>> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
>>>> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
>>>> memory region to avoid memory overlapping
>>>> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
>>>> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
>>>> to sysfs 'bus_type' argument needing to be const
>>>> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
>>>> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
>>>> lock_class_key already present in struct subsys_private
>>>> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
>>>> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
>>>> class_is_registered()
>>>> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
>>>> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
>>>> comment to set_primary_fwnode() on nullifying
>>>> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
>>>> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
>>>> message with checksum for FW file
>>>> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
>>>> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
>>>> implement class_get/put without the private pointer.
>>>> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
>>>> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
>>>> machine name in soc_device_register if empty
>>>> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
>>>> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
>>>> convert to only use class_to_subsys
>>>> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
>>>> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
>>>> class.c: convert to only use class_to_subsys
>>>> user@host:~/linux/kernel/linux_torvalds$
>>>
>>> This helps a lot, thanks. I got the reference counting wrong somewhere
>>> in here, I thought I tested this better, odd it shows up now...
>>>
>>> I'll try to work on it this week.
>>
>> I have figured out that the leak occurs on keyboard unplugging only, one
>> or two leaks (maybe a race condition?).
>>
>> Please NOTE that the number of leaks is now odd:
>>
>> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
>> comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
>> root@defiant:/home/marvin#
>>
>> At one time unplugging keyboard generated only one leak, but only at one
>> time. As it requires manually unplugging keyboard, I didn't seem to find a
>> way to automate it, but it doesn't seem to require root access.
>>
>> BTW, I've seen in syzbot output that kmemleak output has debug source file
>> names and line numbers. I couldn't make that work with the dbg .deb.
>>
>> I will do some more homework, but this was a rough week.
>
> I made up a patch based on code inspection alone, as I couldn't
> reproduce this locally at all:
> https://lore.kernel.org/r/2023051628-thumb-boaster-5680@gregkh
> and it seemed to pass syzbot's tests.
>
> I've included it here below, can you test it as well?
>
> Hm, I only tested with a USB mouse unplug/plug cycle, maybe the issue is
> a keyboard?
>
> thanks,
>
> greg k-h
Hi, Greg,
Yes, the problem was with the keyboard, and with unplugging, mouse unplugged
w/o problems.
I will test the patch in the afternoon, as the issue did not appear on the
work computer. Probably it is for the best that the exact environment is
reproduced for the test.
Best regards,
Mirsad
> -------------
>
> diff --git a/drivers/base/class.c b/drivers/base/class.c
> index ac1808d1a2e8..9b44edc8416f 100644
> --- a/drivers/base/class.c
> +++ b/drivers/base/class.c
> @@ -320,6 +322,7 @@ void class_dev_iter_init(struct class_dev_iter *iter, const struct class *class,
> start_knode = &start->p->knode_class;
> klist_iter_init_node(&sp->klist_devices, &iter->ki, start_knode);
> iter->type = type;
> + iter->sp = sp;
> }
> EXPORT_SYMBOL_GPL(class_dev_iter_init);
>
> @@ -361,6 +364,7 @@ EXPORT_SYMBOL_GPL(class_dev_iter_next);
> void class_dev_iter_exit(struct class_dev_iter *iter)
> {
> klist_iter_exit(&iter->ki);
> + subsys_put(iter->sp);
> }
> EXPORT_SYMBOL_GPL(class_dev_iter_exit);
>
> diff --git a/include/linux/device/class.h b/include/linux/device/class.h
> index 9deeaeb457bb..abf3d3bfb6fe 100644
> --- a/include/linux/device/class.h
> +++ b/include/linux/device/class.h
> @@ -74,6 +74,7 @@ struct class {
> struct class_dev_iter {
> struct klist_iter ki;
> const struct device_type *type;
> + struct subsys_private *sp;
> };
>
> int __must_check class_register(const struct class *class);
--
Mirsad Todorovac
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-16 14:36 ` Greg Kroah-Hartman
2023-05-17 7:24 ` Mirsad Goran Todorovac
@ 2023-05-17 16:10 ` Mirsad Goran Todorovac
2023-05-17 18:57 ` Greg Kroah-Hartman
1 sibling, 1 reply; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-17 16:10 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On 5/16/23 16:36, Greg Kroah-Hartman wrote:
> On Fri, May 12, 2023 at 11:33:31PM +0200, Mirsad Goran Todorovac wrote:
>> Hi,
>>
>> On 5/9/23 04:59, Greg Kroah-Hartman wrote:
>>> On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>>>>
>>>>
>>>> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
>>>>> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>>>>>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>>>>>
>>>>>>> The leaked memory allocs are 96 and 512 bytes.
>>>>>>>
>>>>>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>>>>>> Lightning mobo,
>>>>>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>>>>>
>>>>>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>>>>>
>>>>>>> BIOS is:
>>>>>>>
>>>>>>> *-firmware
>>>>>>> description: BIOS
>>>>>>> vendor: American Megatrends International, LLC.
>>>>>>> physical id: 0
>>>>>>> version: 1.21
>>>>>>> date: 04/26/2023
>>>>>>> size: 64KiB
>>>>>>>
>>>>>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>>>>>
>>>>>>> The keyboard is recognised as Chicony:
>>>>>>>
>>>>>>> *-usb
>>>>>>> description: Keyboard
>>>>>>> product: CHICONY USB Keyboard
>>>>>>> vendor: CHICONY
>>>>>>> physical id: 2
>>>>>>> bus info: usb@5:2
>>>>>>> logical name: input35
>>>>>>> logical name: /dev/input/event4
>>>>>>> logical name: input35::capslock
>>>>>>> logical name: input35::numlock
>>>>>>> logical name: input35::scrolllock
>>>>>>> logical name: input36
>>>>>>> logical name: /dev/input/event5
>>>>>>> logical name: input37
>>>>>>> logical name: /dev/input/event6
>>>>>>> logical name: input38
>>>>>>> logical name: /dev/input/event8
>>>>>>> version: 2.30
>>>>>>> capabilities: usb-2.00 usb
>>>>>>> configuration: driver=usbhid maxpower=100mA
>>>>>>> speed=1Mbit/s
>>>>>>>
>>>>>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>>>>>> couple of seconds,
>>>>>>> and then reconnect and scan for memory leaks twice.
>>>>>>>
>>>>>>> The kmemleak log is as follows [edited privacy info]:
>>>>>>>
>>>>>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>>>>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>>>>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>>>>>> hex dump (first 32 bytes):
>>>>>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>>>>>> backtrace:
>>>>>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>>>>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>>>>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>>>>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>>>>>
>>>>>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>>>>>> you retry that release to see if this is still there or not?
>>>>>
>>>>> No, wait, it's still there, I was looking at a development branch of
>>>>> mine that isn't sent upstream yet. And syzbot just reported the same
>>>>> thing:
>>>>> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>>>>>
>>>>> So something's wrong here, let me dig into it tomorrow when I get a
>>>>> chance...
>>>>
>>>> If this could help, here is the bisect of the bug (I could not discern what
>>>> could possibly be wrong):
>>>>
>>>> user@host:~/linux/kernel/linux_torvalds$ git bisect log
>>>> git bisect start
>>>> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
>>>> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
>>>> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
>>>> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
>>>> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
>>>> 'net-remove-some-rcu_bh-cruft'
>>>> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
>>>> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
>>>> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
>>>> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
>>>> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
>>>> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
>>>> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
>>>> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
>>>> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
>>>> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
>>>> 'for-linus-2023042601' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
>>>> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
>>>> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
>>>> 'staging-6.4-rc1' of
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
>>>> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
>>>> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
>>>> memory region to avoid memory overlapping
>>>> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
>>>> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
>>>> to sysfs 'bus_type' argument needing to be const
>>>> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
>>>> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
>>>> lock_class_key already present in struct subsys_private
>>>> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
>>>> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
>>>> class_is_registered()
>>>> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
>>>> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
>>>> comment to set_primary_fwnode() on nullifying
>>>> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
>>>> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
>>>> message with checksum for FW file
>>>> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
>>>> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
>>>> implement class_get/put without the private pointer.
>>>> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
>>>> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
>>>> machine name in soc_device_register if empty
>>>> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
>>>> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
>>>> convert to only use class_to_subsys
>>>> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
>>>> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
>>>> class.c: convert to only use class_to_subsys
>>>> user@host:~/linux/kernel/linux_torvalds$
>>>
>>> This helps a lot, thanks. I got the reference counting wrong somewhere
>>> in here, I thought I tested this better, odd it shows up now...
>>>
>>> I'll try to work on it this week.
>>
>> I have figured out that the leak occurs on keyboard unplugging only, one
>> or two leaks (maybe a race condition?).
>>
>> Please NOTE that the number of leaks is now odd:
>>
>> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
>> comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
>> root@defiant:/home/marvin#
>>
>> At one time unplugging keyboard generated only one leak, but only at one
>> time. As it requires manually unplugging keyboard, I didn't seem to find a
>> way to automate it, but it doesn't seem to require root access.
>>
>> BTW, I've seen in syzbot output that kmemleak output has debug source file
>> names and line numbers. I couldn't make that work with the dbg .deb.
>>
>> I will do some more homework, but this was a rough week.
>
> I made up a patch based on code inspection alone, as I couldn't
> reproduce this locally at all:
> https://lore.kernel.org/r/2023051628-thumb-boaster-5680@gregkh
> and it seemed to pass syzbot's tests.
>
> I've included it here below, can you test it as well?
>
> Hm, I only tested with a USB mouse unplug/plug cycle, maybe the issue is
> a keyboard?
>
> thanks,
>
> greg k-h
>
> -------------
>
> diff --git a/drivers/base/class.c b/drivers/base/class.c
> index ac1808d1a2e8..9b44edc8416f 100644
> --- a/drivers/base/class.c
> +++ b/drivers/base/class.c
> @@ -320,6 +322,7 @@ void class_dev_iter_init(struct class_dev_iter *iter, const struct class *class,
> start_knode = &start->p->knode_class;
> klist_iter_init_node(&sp->klist_devices, &iter->ki, start_knode);
> iter->type = type;
> + iter->sp = sp;
> }
> EXPORT_SYMBOL_GPL(class_dev_iter_init);
>
> @@ -361,6 +364,7 @@ EXPORT_SYMBOL_GPL(class_dev_iter_next);
> void class_dev_iter_exit(struct class_dev_iter *iter)
> {
> klist_iter_exit(&iter->ki);
> + subsys_put(iter->sp);
> }
> EXPORT_SYMBOL_GPL(class_dev_iter_exit);
>
> diff --git a/include/linux/device/class.h b/include/linux/device/class.h
> index 9deeaeb457bb..abf3d3bfb6fe 100644
> --- a/include/linux/device/class.h
> +++ b/include/linux/device/class.h
> @@ -74,6 +74,7 @@ struct class {
> struct class_dev_iter {
> struct klist_iter ki;
> const struct device_type *type;
> + struct subsys_private *sp;
> };
>
> int __must_check class_register(const struct class *class);
The build with the latest 6.4-rc2 and without this patch still leaked,
the build with the same commit and this patch applied was successful:
root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak
root@defiant:/home/marvin#
Tried three times, and it is a OK.
Congratulations! This had fixed the leak.
I wonder why it didn't show in the other contexts, hardware and archs?
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-17 16:10 ` Mirsad Goran Todorovac
@ 2023-05-17 18:57 ` Greg Kroah-Hartman
2023-05-17 19:41 ` Mirsad Goran Todorovac
2023-05-18 8:00 ` Mirsad Todorovac
0 siblings, 2 replies; 15+ messages in thread
From: Greg Kroah-Hartman @ 2023-05-17 18:57 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On Wed, May 17, 2023 at 06:10:54PM +0200, Mirsad Goran Todorovac wrote:
> On 5/16/23 16:36, Greg Kroah-Hartman wrote:
> > On Fri, May 12, 2023 at 11:33:31PM +0200, Mirsad Goran Todorovac wrote:
> > > Hi,
> > >
> > > On 5/9/23 04:59, Greg Kroah-Hartman wrote:
> > > > On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
> > > > >
> > > > >
> > > > > On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
> > > > > > On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
> > > > > > > On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > There seems to be a kernel memory leak in the USB keyboard driver.
> > > > > > > >
> > > > > > > > The leaked memory allocs are 96 and 512 bytes.
> > > > > > > >
> > > > > > > > The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
> > > > > > > > Lightning mobo,
> > > > > > > > and Genius SlimStar i220 GK-080012 keyboard.
> > > > > > > >
> > > > > > > > (Logitech M100 HID mouse is not affected by the bug.)
> > > > > > > >
> > > > > > > > BIOS is:
> > > > > > > >
> > > > > > > > *-firmware
> > > > > > > > description: BIOS
> > > > > > > > vendor: American Megatrends International, LLC.
> > > > > > > > physical id: 0
> > > > > > > > version: 1.21
> > > > > > > > date: 04/26/2023
> > > > > > > > size: 64KiB
> > > > > > > >
> > > > > > > > The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
> > > > > > > >
> > > > > > > > The keyboard is recognised as Chicony:
> > > > > > > >
> > > > > > > > *-usb
> > > > > > > > description: Keyboard
> > > > > > > > product: CHICONY USB Keyboard
> > > > > > > > vendor: CHICONY
> > > > > > > > physical id: 2
> > > > > > > > bus info: usb@5:2
> > > > > > > > logical name: input35
> > > > > > > > logical name: /dev/input/event4
> > > > > > > > logical name: input35::capslock
> > > > > > > > logical name: input35::numlock
> > > > > > > > logical name: input35::scrolllock
> > > > > > > > logical name: input36
> > > > > > > > logical name: /dev/input/event5
> > > > > > > > logical name: input37
> > > > > > > > logical name: /dev/input/event6
> > > > > > > > logical name: input38
> > > > > > > > logical name: /dev/input/event8
> > > > > > > > version: 2.30
> > > > > > > > capabilities: usb-2.00 usb
> > > > > > > > configuration: driver=usbhid maxpower=100mA
> > > > > > > > speed=1Mbit/s
> > > > > > > >
> > > > > > > > The bug is easily reproduced by unplugging the USB keyboard, waiting about a
> > > > > > > > couple of seconds,
> > > > > > > > and then reconnect and scan for memory leaks twice.
> > > > > > > >
> > > > > > > > The kmemleak log is as follows [edited privacy info]:
> > > > > > > >
> > > > > > > > root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
> > > > > > > > unreferenced object 0xffff8dd020037c00 (size 96):
> > > > > > > > comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
> > > > > > > > hex dump (first 32 bytes):
> > > > > > > > 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
> > > > > > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> > > > > > > > backtrace:
> > > > > > > > [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
> > > > > > > > [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
> > > > > > > > [<ffffffffb87543d9>] class_create+0x29/0x80
> > > > > > > > [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
> > > > > > >
> > > > > > > As the call to class_create() in this path is now gone in 6.4-rc1, can
> > > > > > > you retry that release to see if this is still there or not?
> > > > > >
> > > > > > No, wait, it's still there, I was looking at a development branch of
> > > > > > mine that isn't sent upstream yet. And syzbot just reported the same
> > > > > > thing:
> > > > > > https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
> > > > > >
> > > > > > So something's wrong here, let me dig into it tomorrow when I get a
> > > > > > chance...
> > > > >
> > > > > If this could help, here is the bisect of the bug (I could not discern what
> > > > > could possibly be wrong):
> > > > >
> > > > > user@host:~/linux/kernel/linux_torvalds$ git bisect log
> > > > > git bisect start
> > > > > # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
> > > > > git bisect bad ac9a78681b921877518763ba0e89202254349d1b
> > > > > # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
> > > > > git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
> > > > > # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
> > > > > 'net-remove-some-rcu_bh-cruft'
> > > > > git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
> > > > > # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
> > > > > git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
> > > > > git bisect good b68ee1c6131c540a62ecd443be89c406401df091
> > > > > # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
> > > > > of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
> > > > > git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
> > > > > # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
> > > > > 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
> > > > > git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
> > > > > # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
> > > > > 'for-linus-2023042601' of
> > > > > git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
> > > > > git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
> > > > > # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
> > > > > 'staging-6.4-rc1' of
> > > > > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
> > > > > git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
> > > > > # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
> > > > > memory region to avoid memory overlapping
> > > > > git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
> > > > > # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
> > > > > to sysfs 'bus_type' argument needing to be const
> > > > > git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
> > > > > # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
> > > > > lock_class_key already present in struct subsys_private
> > > > > git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
> > > > > # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
> > > > > class_is_registered()
> > > > > git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
> > > > > # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
> > > > > comment to set_primary_fwnode() on nullifying
> > > > > git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
> > > > > # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
> > > > > message with checksum for FW file
> > > > > git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
> > > > > # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
> > > > > implement class_get/put without the private pointer.
> > > > > git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
> > > > > # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
> > > > > machine name in soc_device_register if empty
> > > > > git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
> > > > > # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
> > > > > convert to only use class_to_subsys
> > > > > git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
> > > > > # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
> > > > > class.c: convert to only use class_to_subsys
> > > > > user@host:~/linux/kernel/linux_torvalds$
> > > >
> > > > This helps a lot, thanks. I got the reference counting wrong somewhere
> > > > in here, I thought I tested this better, odd it shows up now...
> > > >
> > > > I'll try to work on it this week.
> > >
> > > I have figured out that the leak occurs on keyboard unplugging only, one
> > > or two leaks (maybe a race condition?).
> > >
> > > Please NOTE that the number of leaks is now odd:
> > >
> > > root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
> > > comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
> > > comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
> > > comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
> > > comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
> > > comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
> > > comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
> > > comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
> > > root@defiant:/home/marvin#
> > >
> > > At one time unplugging keyboard generated only one leak, but only at one
> > > time. As it requires manually unplugging keyboard, I didn't seem to find a
> > > way to automate it, but it doesn't seem to require root access.
> > >
> > > BTW, I've seen in syzbot output that kmemleak output has debug source file
> > > names and line numbers. I couldn't make that work with the dbg .deb.
> > >
> > > I will do some more homework, but this was a rough week.
> >
> > I made up a patch based on code inspection alone, as I couldn't
> > reproduce this locally at all:
> > https://lore.kernel.org/r/2023051628-thumb-boaster-5680@gregkh
> > and it seemed to pass syzbot's tests.
> >
> > I've included it here below, can you test it as well?
> >
> > Hm, I only tested with a USB mouse unplug/plug cycle, maybe the issue is
> > a keyboard?
> >
> > thanks,
> >
> > greg k-h
> >
> > -------------
> >
> > diff --git a/drivers/base/class.c b/drivers/base/class.c
> > index ac1808d1a2e8..9b44edc8416f 100644
> > --- a/drivers/base/class.c
> > +++ b/drivers/base/class.c
> > @@ -320,6 +322,7 @@ void class_dev_iter_init(struct class_dev_iter *iter, const struct class *class,
> > start_knode = &start->p->knode_class;
> > klist_iter_init_node(&sp->klist_devices, &iter->ki, start_knode);
> > iter->type = type;
> > + iter->sp = sp;
> > }
> > EXPORT_SYMBOL_GPL(class_dev_iter_init);
> > @@ -361,6 +364,7 @@ EXPORT_SYMBOL_GPL(class_dev_iter_next);
> > void class_dev_iter_exit(struct class_dev_iter *iter)
> > {
> > klist_iter_exit(&iter->ki);
> > + subsys_put(iter->sp);
> > }
> > EXPORT_SYMBOL_GPL(class_dev_iter_exit);
> > diff --git a/include/linux/device/class.h b/include/linux/device/class.h
> > index 9deeaeb457bb..abf3d3bfb6fe 100644
> > --- a/include/linux/device/class.h
> > +++ b/include/linux/device/class.h
> > @@ -74,6 +74,7 @@ struct class {
> > struct class_dev_iter {
> > struct klist_iter ki;
> > const struct device_type *type;
> > + struct subsys_private *sp;
> > };
> > int __must_check class_register(const struct class *class);
>
> The build with the latest 6.4-rc2 and without this patch still leaked,
> the build with the same commit and this patch applied was successful:
>
> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak
> root@defiant:/home/marvin#
>
> Tried three times, and it is a OK.
>
> Congratulations! This had fixed the leak.
Wonderful, thanks for testing, can I add your "Tested-by:" to it?
> I wonder why it didn't show in the other contexts, hardware and archs?
It might depend on your keyboard if it has other things on it? I don't
know, sorry, I didn't spend much time digging after I found the "obvious
leak" based on the bisection you provided, which was very very helpful,
thanks for that.
And leaks are hard to notice, especially ones that only show up when you
remove a specific type of device.
thanks again for your help here,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-17 18:57 ` Greg Kroah-Hartman
@ 2023-05-17 19:41 ` Mirsad Goran Todorovac
2023-05-18 8:00 ` Mirsad Todorovac
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-17 19:41 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On 5/17/23 20:57, Greg Kroah-Hartman wrote:
> On Wed, May 17, 2023 at 06:10:54PM +0200, Mirsad Goran Todorovac wrote:
>> On 5/16/23 16:36, Greg Kroah-Hartman wrote:
>>> On Fri, May 12, 2023 at 11:33:31PM +0200, Mirsad Goran Todorovac wrote:
>>>> Hi,
>>>>
>>>> On 5/9/23 04:59, Greg Kroah-Hartman wrote:
>>>>> On Tue, May 09, 2023 at 01:51:35AM +0200, Mirsad Goran Todorovac wrote:
>>>>>>
>>>>>>
>>>>>> On 08. 05. 2023. 16:01, Greg Kroah-Hartman wrote:
>>>>>>> On Mon, May 08, 2023 at 08:51:55AM +0200, Greg Kroah-Hartman wrote:
>>>>>>>> On Mon, May 08, 2023 at 08:30:07AM +0200, Mirsad Goran Todorovac wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> There seems to be a kernel memory leak in the USB keyboard driver.
>>>>>>>>>
>>>>>>>>> The leaked memory allocs are 96 and 512 bytes.
>>>>>>>>>
>>>>>>>>> The platform is Ubuntu 22.04 LTS on a assembled AMD Ryzen 9 with X670E PG
>>>>>>>>> Lightning mobo,
>>>>>>>>> and Genius SlimStar i220 GK-080012 keyboard.
>>>>>>>>>
>>>>>>>>> (Logitech M100 HID mouse is not affected by the bug.)
>>>>>>>>>
>>>>>>>>> BIOS is:
>>>>>>>>>
>>>>>>>>> *-firmware
>>>>>>>>> description: BIOS
>>>>>>>>> vendor: American Megatrends International, LLC.
>>>>>>>>> physical id: 0
>>>>>>>>> version: 1.21
>>>>>>>>> date: 04/26/2023
>>>>>>>>> size: 64KiB
>>>>>>>>>
>>>>>>>>> The kernel is 6.3.0-torvalds-<id>-13466-gfc4354c6e5c2.
>>>>>>>>>
>>>>>>>>> The keyboard is recognised as Chicony:
>>>>>>>>>
>>>>>>>>> *-usb
>>>>>>>>> description: Keyboard
>>>>>>>>> product: CHICONY USB Keyboard
>>>>>>>>> vendor: CHICONY
>>>>>>>>> physical id: 2
>>>>>>>>> bus info: usb@5:2
>>>>>>>>> logical name: input35
>>>>>>>>> logical name: /dev/input/event4
>>>>>>>>> logical name: input35::capslock
>>>>>>>>> logical name: input35::numlock
>>>>>>>>> logical name: input35::scrolllock
>>>>>>>>> logical name: input36
>>>>>>>>> logical name: /dev/input/event5
>>>>>>>>> logical name: input37
>>>>>>>>> logical name: /dev/input/event6
>>>>>>>>> logical name: input38
>>>>>>>>> logical name: /dev/input/event8
>>>>>>>>> version: 2.30
>>>>>>>>> capabilities: usb-2.00 usb
>>>>>>>>> configuration: driver=usbhid maxpower=100mA
>>>>>>>>> speed=1Mbit/s
>>>>>>>>>
>>>>>>>>> The bug is easily reproduced by unplugging the USB keyboard, waiting about a
>>>>>>>>> couple of seconds,
>>>>>>>>> and then reconnect and scan for memory leaks twice.
>>>>>>>>>
>>>>>>>>> The kmemleak log is as follows [edited privacy info]:
>>>>>>>>>
>>>>>>>>> root@hostname:/home/username# cat /sys/kernel/debug/kmemleak
>>>>>>>>> unreferenced object 0xffff8dd020037c00 (size 96):
>>>>>>>>> comm "systemd-udevd", pid 435, jiffies 4294892550 (age 8909.356s)
>>>>>>>>> hex dump (first 32 bytes):
>>>>>>>>> 5d 8e 4e b9 ff ff ff ff 00 00 00 00 00 00 00 00 ].N.............
>>>>>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>>>>>>>> backtrace:
>>>>>>>>> [<ffffffffb81a74be>] __kmem_cache_alloc_node+0x22e/0x2b0
>>>>>>>>> [<ffffffffb8127b6e>] kmalloc_trace+0x2e/0xa0
>>>>>>>>> [<ffffffffb87543d9>] class_create+0x29/0x80
>>>>>>>>> [<ffffffffb8880d24>] usb_register_dev+0x1d4/0x2e0
>>>>>>>>
>>>>>>>> As the call to class_create() in this path is now gone in 6.4-rc1, can
>>>>>>>> you retry that release to see if this is still there or not?
>>>>>>>
>>>>>>> No, wait, it's still there, I was looking at a development branch of
>>>>>>> mine that isn't sent upstream yet. And syzbot just reported the same
>>>>>>> thing:
>>>>>>> https://lore.kernel.org/r/00000000000058d15f05fb264013@google.com
>>>>>>>
>>>>>>> So something's wrong here, let me dig into it tomorrow when I get a
>>>>>>> chance...
>>>>>>
>>>>>> If this could help, here is the bisect of the bug (I could not discern what
>>>>>> could possibly be wrong):
>>>>>>
>>>>>> user@host:~/linux/kernel/linux_torvalds$ git bisect log
>>>>>> git bisect start
>>>>>> # bad: [ac9a78681b921877518763ba0e89202254349d1b] Linux 6.4-rc1
>>>>>> git bisect bad ac9a78681b921877518763ba0e89202254349d1b
>>>>>> # good: [c9c3395d5e3dcc6daee66c6908354d47bf98cb0c] Linux 6.2
>>>>>> git bisect good c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
>>>>>> # good: [85496c9b3bf8dbe15e2433d3a0197954d323cadc] Merge branch
>>>>>> 'net-remove-some-rcu_bh-cruft'
>>>>>> git bisect good 85496c9b3bf8dbe15e2433d3a0197954d323cadc
>>>>>> # good: [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of
>>>>>> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
>>>>>> git bisect good b68ee1c6131c540a62ecd443be89c406401df091
>>>>>> # bad: [888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0] Merge tag 'sysctl-6.4-rc1'
>>>>>> of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
>>>>>> git bisect bad 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0
>>>>>> # good: [34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag
>>>>>> 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
>>>>>> git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
>>>>>> # good: [34da76dca4673ab1819830b4924bb5b436325b26] Merge tag
>>>>>> 'for-linus-2023042601' of
>>>>>> git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
>>>>>> git bisect good 34da76dca4673ab1819830b4924bb5b436325b26
>>>>>> # good: [97b2ff294381d05e59294a931c4db55276470cb5] Merge tag
>>>>>> 'staging-6.4-rc1' of
>>>>>> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
>>>>>> git bisect good 97b2ff294381d05e59294a931c4db55276470cb5
>>>>>> # good: [2025b2ca8004c04861903d076c67a73a0ec6dfca] mcb-lpc: Reallocate
>>>>>> memory region to avoid memory overlapping
>>>>>> git bisect good 2025b2ca8004c04861903d076c67a73a0ec6dfca
>>>>>> # bad: [d06f5a3f7140921ada47d49574ae6fa4de5e2a89] cdx: fix build failure due
>>>>>> to sysfs 'bus_type' argument needing to be const
>>>>>> git bisect bad d06f5a3f7140921ada47d49574ae6fa4de5e2a89
>>>>>> # good: [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use
>>>>>> lock_class_key already present in struct subsys_private
>>>>>> git bisect good dcfbb67e48a2becfce7990386e985b9c45098ee5
>>>>>> # bad: [6f14c02220c791d5c46b0f965b9340c58f3d503d] driver core: create
>>>>>> class_is_registered()
>>>>>> git bisect bad 6f14c02220c791d5c46b0f965b9340c58f3d503d
>>>>>> # good: [2f9e87f5a2941b259336c7ea6c5a1499ede4554a] driver core: Add a
>>>>>> comment to set_primary_fwnode() on nullifying
>>>>>> git bisect good 2f9e87f5a2941b259336c7ea6c5a1499ede4554a
>>>>>> # bad: [02fe26f25325b547b7a31a65deb0326c04bb5174] firmware_loader: Add debug
>>>>>> message with checksum for FW file
>>>>>> git bisect bad 02fe26f25325b547b7a31a65deb0326c04bb5174
>>>>>> # good: [884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82] driver core: class:
>>>>>> implement class_get/put without the private pointer.
>>>>>> git bisect good 884f8ce42ccec9d0bf11d8bf9f111e5961ca1c82
>>>>>> # bad: [3f84aa5ec052dba960baca4ab8a352d43d47028e] base: soc: populate
>>>>>> machine name in soc_device_register if empty
>>>>>> git bisect bad 3f84aa5ec052dba960baca4ab8a352d43d47028e
>>>>>> # bad: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core: class.c:
>>>>>> convert to only use class_to_subsys
>>>>>> git bisect bad 7b884b7f24b42fa25e92ed724ad82f137610afaf
>>>>>> # first bad commit: [7b884b7f24b42fa25e92ed724ad82f137610afaf] driver core:
>>>>>> class.c: convert to only use class_to_subsys
>>>>>> user@host:~/linux/kernel/linux_torvalds$
>>>>>
>>>>> This helps a lot, thanks. I got the reference counting wrong somewhere
>>>>> in here, I thought I tested this better, odd it shows up now...
>>>>>
>>>>> I'll try to work on it this week.
>>>>
>>>> I have figured out that the leak occurs on keyboard unplugging only, one
>>>> or two leaks (maybe a race condition?).
>>>>
>>>> Please NOTE that the number of leaks is now odd:
>>>>
>>>> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak | grep comm
>>>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>>>> comm "systemd-udevd", pid 330, jiffies 4294892588 (age 715.772s)
>>>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.224s)
>>>> comm "kworker/6:0", pid 54, jiffies 4294907989 (age 654.272s)
>>>> comm "kworker/6:3", pid 3046, jiffies 4294935362 (age 544.780s)
>>>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.740s)
>>>> comm "kworker/6:0", pid 54, jiffies 4294964122 (age 429.784s)
>>>> root@defiant:/home/marvin#
>>>>
>>>> At one time unplugging keyboard generated only one leak, but only at one
>>>> time. As it requires manually unplugging keyboard, I didn't seem to find a
>>>> way to automate it, but it doesn't seem to require root access.
>>>>
>>>> BTW, I've seen in syzbot output that kmemleak output has debug source file
>>>> names and line numbers. I couldn't make that work with the dbg .deb.
>>>>
>>>> I will do some more homework, but this was a rough week.
>>>
>>> I made up a patch based on code inspection alone, as I couldn't
>>> reproduce this locally at all:
>>> https://lore.kernel.org/r/2023051628-thumb-boaster-5680@gregkh
>>> and it seemed to pass syzbot's tests.
>>>
>>> I've included it here below, can you test it as well?
>>>
>>> Hm, I only tested with a USB mouse unplug/plug cycle, maybe the issue is
>>> a keyboard?
>>>
>>> thanks,
>>>
>>> greg k-h
>>>
>>> -------------
>>>
>>> diff --git a/drivers/base/class.c b/drivers/base/class.c
>>> index ac1808d1a2e8..9b44edc8416f 100644
>>> --- a/drivers/base/class.c
>>> +++ b/drivers/base/class.c
>>> @@ -320,6 +322,7 @@ void class_dev_iter_init(struct class_dev_iter *iter, const struct class *class,
>>> start_knode = &start->p->knode_class;
>>> klist_iter_init_node(&sp->klist_devices, &iter->ki, start_knode);
>>> iter->type = type;
>>> + iter->sp = sp;
>>> }
>>> EXPORT_SYMBOL_GPL(class_dev_iter_init);
>>> @@ -361,6 +364,7 @@ EXPORT_SYMBOL_GPL(class_dev_iter_next);
>>> void class_dev_iter_exit(struct class_dev_iter *iter)
>>> {
>>> klist_iter_exit(&iter->ki);
>>> + subsys_put(iter->sp);
>>> }
>>> EXPORT_SYMBOL_GPL(class_dev_iter_exit);
>>> diff --git a/include/linux/device/class.h b/include/linux/device/class.h
>>> index 9deeaeb457bb..abf3d3bfb6fe 100644
>>> --- a/include/linux/device/class.h
>>> +++ b/include/linux/device/class.h
>>> @@ -74,6 +74,7 @@ struct class {
>>> struct class_dev_iter {
>>> struct klist_iter ki;
>>> const struct device_type *type;
>>> + struct subsys_private *sp;
>>> };
>>> int __must_check class_register(const struct class *class);
>>
>> The build with the latest 6.4-rc2 and without this patch still leaked,
>> the build with the same commit and this patch applied was successful:
>>
>> root@defiant:/home/marvin# cat /sys/kernel/debug/kmemleak
>> root@defiant:/home/marvin#
>>
>> Tried three times, and it is a OK.
>>
>> Congratulations! This had fixed the leak.
>
> Wonderful, thanks for testing, can I add your "Tested-by:" to it?
Don't mention it. Tested-by: is fine, certainly.
>> I wonder why it didn't show in the other contexts, hardware and archs?
>
> It might depend on your keyboard if it has other things on it? I don't
> know, sorry, I didn't spend much time digging after I found the "obvious
> leak" based on the bisection you provided, which was very very helpful,
> thanks for that.
It looks like a rather normal Genius keyboard, which the system detected
as "Chicony".
Maybe it is the motherboard or the controller? Did I send the lshw.txt?
Yes, I did.
I can't tell which one of these it is:
root@defiant:/home/marvin# lspci -k | grep -B2 xhci
15:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] Device 43f7
(rev 01)
Subsystem: ASMedia Technology Inc. Device 1142
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
--
17:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] Device 43f7
(rev 01)
Subsystem: ASMedia Technology Inc. Device 1142
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
--
1a:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15b6
Subsystem: ASRock Incorporation Device 15b6
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
1a:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15b7
Subsystem: ASRock Incorporation Device 15b6
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
--
1b:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15b8
Subsystem: ASRock Incorporation Device 15b6
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
root@defiant:/home/marvin#
Regarding the bisection, no need to thank, I was actually happy to test
the new hardware.
Before, it would take 15 hours for the bisect that big.
Though the box was slightly overheating (91 °C), and probably there
ought to be a way to recompile only changed sources after a
"git checkout" ... that would speed up many bisects, BTW.
> And leaks are hard to notice, especially ones that only show up when you
> remove a specific type of device.
Well, the leaks are rather harmless, but they show some inconsistency in
the code, so I took them seriously.
> thanks again for your help here,
Not at all, I hope to find some "real" bugs. :-)
> greg k-h
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [BUG][NEW DATA] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2
2023-05-17 18:57 ` Greg Kroah-Hartman
2023-05-17 19:41 ` Mirsad Goran Todorovac
@ 2023-05-18 8:00 ` Mirsad Todorovac
1 sibling, 0 replies; 15+ messages in thread
From: Mirsad Todorovac @ 2023-05-18 8:00 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Mirsad Goran Todorovac, linux-usb, linux-kernel, linux-input,
Benjamin Tissoires, Jiri Kosina
On 5/17/23 20:57, Greg Kroah-Hartman wrote:
> And leaks are hard to notice, especially ones that only show up when you
> remove a specific type of device.
>
> thanks again for your help here,
I feel like more of a hindrance from the real issues than being helpful.
Memory leaks seem easy to detect, however, building with KMEMLEAK
debugging on can take up to 50-67% of system time, as I've noticed
a couple of days ago ...
It is obviously incurring some overhead. I did not expect a kernel compilation
as computation-heavy process to have such an impact from memory object
debugging.
Best regards,
Mirsad
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
"What’s this thing suddenly coming towards me very fast? Very very fast.
... I wonder if it will be friends with me?"
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2023-05-18 8:01 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-08 6:30 [BUG] Kmemleak, possibly hiddev_connect(), in 6.3.0+ torvalds tree commit gfc4354c6e5c2 Mirsad Goran Todorovac
2023-05-08 6:51 ` Greg Kroah-Hartman
2023-05-08 7:40 ` Mirsad Todorovac
2023-05-08 14:01 ` Greg Kroah-Hartman
2023-05-08 17:26 ` Mirsad Goran Todorovac
2023-05-08 23:51 ` Mirsad Goran Todorovac
2023-05-09 2:59 ` Greg Kroah-Hartman
2023-05-12 19:08 ` Mirsad Goran Todorovac
2023-05-12 21:33 ` [BUG][NEW DATA] " Mirsad Goran Todorovac
2023-05-16 14:36 ` Greg Kroah-Hartman
2023-05-17 7:24 ` Mirsad Goran Todorovac
2023-05-17 16:10 ` Mirsad Goran Todorovac
2023-05-17 18:57 ` Greg Kroah-Hartman
2023-05-17 19:41 ` Mirsad Goran Todorovac
2023-05-18 8:00 ` Mirsad Todorovac
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.