Created attachment 299823 [details] kmemleak output (5.16-rc3, AMD FX-8370) The memleak seems to stem from rtl8723be driver: [...] unreferenced object 0xffff8881ecc01840 (size 216): comm "NetworkManager", pid 506, jiffies 4295033807 (age 10395.817s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34e302>] rtnl_newlink+0xf3e/0x133b [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6 [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98 unreferenced object 0xffff8881ecdf1000 (size 4096): comm "NetworkManager", pid 506, jiffies 4295033807 (age 10395.817s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace: [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91 [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34e302>] rtnl_newlink+0xf3e/0x133b [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6 unreferenced object 0xffff8881ce5c9cc0 (size 216): comm "iwd", pid 875, jiffies 4295034039 (age 10395.047s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5 [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6 [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98 unreferenced object 0xffff88820ddd4000 (size 4096): comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace: [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91 [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5 [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6 unreferenced object 0xffff8881ce5c90c0 (size 216): comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffbb2b8a54>] __alloc_skb+0xa6/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5 [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6 [<ffffffffbb42ae02>] netlink_sendmsg+0x725/0xa98 unreferenced object 0xffff88825a144000 (size 4096): comm "iwd", pid 875, jiffies 4295034039 (age 10395.160s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace: [<ffffffffbb2b8dbd>] kmalloc_reserve+0x23/0x91 [<ffffffffbb2b8a82>] __alloc_skb+0xd4/0x2d8 [<ffffffffbb2b8f88>] __netdev_alloc_skb+0x15d/0x2db [<ffffffffc20a4639>] rtl8xxxu_submit_rx_urb+0xba/0x2eb [rtl8xxxu] [<ffffffffc20a2079>] rtl8xxxu_start+0x7aa/0xa08 [rtl8xxxu] [<ffffffffc277ffa6>] drv_start+0xa6/0x124 [mac80211] [<ffffffffc27c76c8>] ieee80211_do_open+0x221/0x16ac [mac80211] [<ffffffffc27cee04>] ieee80211_open+0x10f/0x1ab [mac80211] [<ffffffffbb2fe4a5>] __dev_open+0x1dd/0x2fa [<ffffffffbb315c36>] __dev_change_flags+0x136/0x581 [<ffffffffbb31634b>] dev_change_flags+0x73/0x172 [<ffffffffbb35ab15>] do_setlink+0x996/0x2d82 [<ffffffffbb34d333>] rtnl_setlink+0x234/0x2c5 [<ffffffffbb3595ec>] rtnetlink_rcv_msg+0x501/0xb11 [<ffffffffbb426285>] netlink_rcv_skb+0x154/0x319 [<ffffffffbb4218ec>] netlink_unicast+0x423/0x5c6
Created attachment 299825 [details] kernel .config (5.16-rc3, AMD FX-8370)
Created attachment 299827 [details] kernel dmesg (5.16-rc3, AMD FX-8370)
Created attachment 299829 [details] kernel netconsole.log (5.16-rc3, AMD FX-8370)
Still a problem on v6.0-rc4: # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8b7b18611bc0 (size 216): comm "iwd", pid 1992, jiffies 4294908755 (age 2333.527s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff9d294858>] kmem_cache_alloc+0x288/0x380 [<ffffffff9d7f161a>] __alloc_skb+0x8a/0x250 [<ffffffff9d7f18cc>] __netdev_alloc_skb+0xec/0x190 [<ffffffffc17f2f1f>] rtl8xxxu_submit_rx_urb+0x4f/0xf0 [rtl8xxxu] [<ffffffffc17f0641>] rtl8xxxu_start+0x321/0x8b0 [rtl8xxxu] [<ffffffffc16910dd>] drv_start+0x6d/0x120 [mac80211] [<ffffffffc16af3e2>] ieee80211_do_open+0x142/0x9c0 [mac80211] [<ffffffffc16b2279>] ieee80211_open+0x59/0x80 [mac80211] [<ffffffff9d80ad72>] __dev_open+0x122/0x1f0 [<ffffffff9d815daa>] __dev_change_flags+0xaa/0x200 [<ffffffff9d81613c>] dev_change_flags+0x1c/0x60 [<ffffffff9d83575b>] do_setlink+0x4ab/0x10e0 [<ffffffff9d82f808>] rtnl_setlink+0x218/0x260 [<ffffffff9d834dbf>] rtnetlink_rcv_msg+0x32f/0x5e0 [<ffffffff9d880291>] netlink_rcv_skb+0x101/0x130 [<ffffffff9d87df33>] netlink_unicast+0x1d3/0x2d0 unreferenced object 0xffff8b7b18729a80 (size 216): comm "iwd", pid 1992, jiffies 4294997204 (age 2038.757s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [...]
Created attachment 301807 [details] kmemleak output (6.0-rc4, AMD FX-8370)
Created attachment 301808 [details] kernel .config (6.0-rc4, AMD FX-8370)
Created attachment 301809 [details] kernel dmesg (6.0-r43, AMD FX-8370)
Hi! Can you check if this 100% untested patch fixes the leak? diff --git a/rtl8xxxu_core.c b/rtl8xxxu_core.c index 39f43c0..b60cc31 100644 --- a/rtl8xxxu_core.c +++ b/rtl8xxxu_core.c @@ -5805,10 +5805,11 @@ static void rtl8xxxu_c2hcmd_callback(struct work_struct *work) default: break; } + + dev_kfree_skb(skb); } out: - dev_kfree_skb(skb); } static void rtl8723bu_handle_c2h(struct rtl8xxxu_priv *priv,
Thanks! I can test in about 3 weeks and will report back. The machine & stick in question are not at my place.
(In reply to rtl8821cerfe2 from comment #8) > Hi! > > Can you check if this 100% untested patch fixes the leak? Checked it out today. Seems you nailed it with your 100% untested patch! :) I needed to take a small modification however or else I get a "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c:5609:1: error: expected statement" at building. The ';' before the function end needs to stay as 'out:' expects a statement next. Sure ugly as hell but so is the accompanying goto a few lines above. --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c 2022-12-09 01:51:56.213989176 +0100 +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.cn 2022-12-09 01:56:35.543654839 +0100 @@ -5601,10 +5601,12 @@ default: break; } + + dev_kfree_skb(skb); } out: - dev_kfree_skb(skb); + ; } static void rtl8723bu_handle_c2h(struct rtl8xxxu_priv *priv, Patch applies on v6.1-rc8 and with this small modification building succeeds. With the patch applied I have not seen the memleak since, even when taking actions provoking it faster (e.g. unplugging and re-plugging the USB adapter while playing sound). Without the patch v6.1-rc8 still shows the leak. And so far I have not noticed any side effects of the patch in kernel dmesg.
Thanks for testing. Can I say "Tested-by: Erhard F. <your email>" in the commit message when I send the patch upstream? And also "Reported-by: ..." I'll remove the goto because it causes memory leaks with the RTL8192EU.
Yes you can. And thanks for your work on the patch!
Seems the fix has found upstream meanwhile. At least I can no longer reproduce the issue on current kernels. Closing as obsolete.