215197 – Memory leaks show up when using Edimax Wi-Fi N150 Bluetooth/Wireless USB Adapter (RTL8XXXU)

Bug 215197 - Memory leaks show up when using Edimax Wi-Fi N150 Bluetooth/Wireless USB Adapter (RTL8XXXU)

Summary: Memory leaks show up when using Edimax Wi-Fi N150 Bluetooth/Wireless USB Adap...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	network-wireless (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	linux-bluetooth@vger.kernel.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-02 00:03 UTC by Erhard F.
Modified:	2024-04-29 21:38 UTC (History)
CC List:	3 users (show)

See Also:
Kernel Version:	5.16-rc3
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
kmemleak output (5.16-rc3, AMD FX-8370) (6.97 KB, text/plain) 2021-12-02 00:03 UTC, Erhard F.	Details
kernel .config (5.16-rc3, AMD FX-8370) (108.79 KB, text/plain) 2021-12-02 00:04 UTC, Erhard F.	Details
kernel dmesg (5.16-rc3, AMD FX-8370) (80.43 KB, text/plain) 2021-12-02 00:07 UTC, Erhard F.	Details
kernel netconsole.log (5.16-rc3, AMD FX-8370) (38.09 KB, text/plain) 2021-12-02 00:08 UTC, Erhard F.	Details
kmemleak output (6.0-rc4, AMD FX-8370) (9.23 KB, text/plain) 2022-09-14 13:11 UTC, Erhard F.	Details
kernel .config (6.0-rc4, AMD FX-8370) (112.89 KB, text/plain) 2022-09-14 13:12 UTC, Erhard F.	Details
kernel dmesg (6.0-r43, AMD FX-8370) (70.90 KB, text/plain) 2022-09-14 13:13 UTC, Erhard F.	Details
Show Obsolete (2) Add an attachment (proposed patch, testcase, etc.)

Description Erhard F. 2021-12-02 00:03:17 UTC

Created attachment 299823 [details]
kmemleak output (5.16-rc3, AMD FX-8370)

The memleak seems to stem from rtl8723be driver:

[...]
unreferenced object 0xffff8881ecc01840 (size 216):
  comm "NetworkManager", pid 506, jiffies 4295033807 (age 10395.817s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34e302>] rtnl_newlink+0xf3e/0x133b
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
    [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98
unreferenced object 0xffff8881ecdf1000 (size 4096):
  comm "NetworkManager", pid 506, jiffies 4295033807 (age 10395.817s)
  hex dump (first 32 bytes):
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
  backtrace:
    [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91
    [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34e302>] rtnl_newlink+0xf3e/0x133b
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
unreferenced object 0xffff8881ce5c9cc0 (size 216):
  comm "iwd", pid 875, jiffies 4295034039 (age 10395.047s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
    [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98
unreferenced object 0xffff88820ddd4000 (size 4096):
  comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s)
  hex dump (first 32 bytes):
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
  backtrace:
    [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91
    [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
unreferenced object 0xffff8881ce5c90c0 (size 216):
  comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
    [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98
unreferenced object 0xffff88825a144000 (size 4096):
  comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s)
  hex dump (first 32 bytes):
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
    6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
  backtrace:
    [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91
    [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8
    [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db
    [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu]
    [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu]
    [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211]
    [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211]
    [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211]
    [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa
    [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581
    [<ffffffffbb31634b>] dev_change_flags+0x73/0x172
    [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82
    [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5
    [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11
    [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319
    [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6

Comment 1 Erhard F. 2021-12-02 00:04:07 UTC

Created attachment 299825 [details]
kernel .config (5.16-rc3, AMD FX-8370)

Comment 2 Erhard F. 2021-12-02 00:07:54 UTC

Created attachment 299827 [details]
kernel dmesg (5.16-rc3, AMD FX-8370)

Comment 3 Erhard F. 2021-12-02 00:08:24 UTC

Created attachment 299829 [details]
kernel netconsole.log (5.16-rc3, AMD FX-8370)

Comment 4 Erhard F. 2022-09-14 13:10:52 UTC

Still a problem on v6.0-rc4:

 # cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8b7b18611bc0 (size 216):
  comm "iwd", pid 1992, jiffies 4294908755 (age 2333.527s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff9d294858>] kmem_cache_alloc+0x288/0x380
    [<ffffffff9d7f161a>] __alloc_skb+0x8a/0x250
    [<ffffffff9d7f18cc>] __netdev_alloc_skb+0xec/0x190
    [<ffffffffc17f2f1f>] rtl8xxxu_submit_rx_urb+0x4f/0xf0 [rtl8xxxu]
    [<ffffffffc17f0641>] rtl8xxxu_start+0x321/0x8b0 [rtl8xxxu]
    [<ffffffffc16910dd>] drv_start+0x6d/0x120 [mac80211]
    [<ffffffffc16af3e2>] ieee80211_do_open+0x142/0x9c0 [mac80211]
    [<ffffffffc16b2279>] ieee80211_open+0x59/0x80 [mac80211]
    [<ffffffff9d80ad72>] __dev_open+0x122/0x1f0
    [<ffffffff9d815daa>] __dev_change_flags+0xaa/0x200
    [<ffffffff9d81613c>] dev_change_flags+0x1c/0x60
    [<ffffffff9d83575b>] do_setlink+0x4ab/0x10e0
    [<ffffffff9d82f808>] rtnl_setlink+0x218/0x260
    [<ffffffff9d834dbf>] rtnetlink_rcv_msg+0x32f/0x5e0
    [<ffffffff9d880291>] netlink_rcv_skb+0x101/0x130
    [<ffffffff9d87df33>] netlink_unicast+0x1d3/0x2d0
unreferenced object 0xffff8b7b18729a80 (size 216):
  comm "iwd", pid 1992, jiffies 4294997204 (age 2038.757s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
[...]

Comment 5 Erhard F. 2022-09-14 13:11:31 UTC

Created attachment 301807 [details]
kmemleak output (6.0-rc4, AMD FX-8370)

Comment 6 Erhard F. 2022-09-14 13:12:36 UTC

Created attachment 301808 [details]
kernel .config (6.0-rc4, AMD FX-8370)

Comment 7 Erhard F. 2022-09-14 13:13:36 UTC

Created attachment 301809 [details]
kernel dmesg (6.0-r43, AMD FX-8370)

Comment 8 rtl8821cerfe2 2022-11-17 21:22:50 UTC

Hi!

Can you check if this 100% untested patch fixes the leak?

diff --git a/rtl8xxxu_core.c b/rtl8xxxu_core.c
index 39f43c0..b60cc31 100644
--- a/rtl8xxxu_core.c
+++ b/rtl8xxxu_core.c
@@ -5805,10 +5805,11 @@ static void rtl8xxxu_c2hcmd_callback(struct work_struct *work)
 		default:
 			break;
 		}
+
+		dev_kfree_skb(skb);
 	}
 
 out:
-	dev_kfree_skb(skb);
 }
 
 static void rtl8723bu_handle_c2h(struct rtl8xxxu_priv *priv,

Comment 9 Erhard F. 2022-11-24 12:38:27 UTC

Thanks! I can test in about 3 weeks and will report back. The machine & stick in question are not at my place.

Comment 10 Erhard F. 2022-12-09 01:17:15 UTC

(In reply to rtl8821cerfe2 from comment #8)
> Hi!
> 
> Can you check if this 100% untested patch fixes the leak?
Checked it out today. Seems you nailed it with your 100% untested patch! :)

I needed to take a small modification however or else I get a "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c:5609:1: error: expected statement" at building.

The ';' before the function end needs to stay as 'out:' expects a statement next. Sure ugly as hell but so is the accompanying goto a few lines above.


--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c	2022-12-09 01:51:56.213989176 +0100
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.cn	2022-12-09 01:56:35.543654839 +0100
@@ -5601,10 +5601,12 @@
 		default:
 			break;
 		}
+
+		dev_kfree_skb(skb);
 	}
 
 out:
-	dev_kfree_skb(skb);
+	;
 }
 
 static void rtl8723bu_handle_c2h(struct rtl8xxxu_priv *priv,


Patch applies on v6.1-rc8 and with this small modification building succeeds. With the patch applied I have not seen the memleak since, even when taking actions provoking it faster (e.g. unplugging and re-plugging the USB adapter while playing sound). Without the patch v6.1-rc8 still shows the leak.

And so far I have not noticed any side effects of the patch in kernel dmesg.

Comment 11 rtl8821cerfe2 2022-12-09 11:29:57 UTC

Thanks for testing. Can I say "Tested-by: Erhard F. <your email>" in the commit message when I send the patch upstream? And also "Reported-by: ..."

I'll remove the goto because it causes memory leaks with the RTL8192EU.

Comment 12 Erhard F. 2022-12-09 11:32:54 UTC

Yes you can. And thanks for your work on the patch!

Comment 13 Erhard F. 2024-04-29 21:38:58 UTC

Seems the fix has found upstream meanwhile. At least I can no longer reproduce the issue on current kernels.

Closing as obsolete.

Note You need to log in before you can comment on or make changes to this bug.