All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bernard Pidoux <bernard.f6bvp@gmail.com>
To: Eric Dumazet <edumazet@google.com>
Cc: netdev <netdev@vger.kernel.org>,
	linux-hams@vger.kernel.org,
	Francois Romieu <romieu@fr.zoreil.com>
Subject: [AX25] [ROSE] refcount_t: decrement hit 0; leaking memory
Date: Sun, 4 Sep 2022 12:37:59 +0200	[thread overview]
Message-ID: <9090eda2-5ab2-9d7e-2d41-f21db2a90573@gmail.com> (raw)
In-Reply-To: <CANn89iJRppvogY5FFp5cACd4yZCp000EqjU5_-KqStH55METCg@mail.gmail.com>

refcount warning when a rose connection is performed from remote node:

[26215.100860] NET: Registered PF_AX25 protocol family

[26215.108188] mkiss: AX.25 Multikiss, Hans Albas PE1AYX

[26215.108896] mkiss: ax0: crc mode is auto.

[26215.109078] IPv6: ADDRCONF(NETDEV_CHANGE): ax0: link becomes ready

[26219.157349] NET: Registered PF_ROSE protocol family

[26226.215278] mkiss: ax0: Trying crc-smack

[26226.215429] mkiss: ax0: Trying crc-flexnet

[26442.283263] ------------[ cut here ]------------

[26442.283282] refcount_t: decrement hit 0; leaking memory.

[26442.283309] WARNING: CPU: 3 PID: 5541 at lib/refcount.c:31 
refcount_warn_saturate+0x4c/0x150

[26442.283333] Modules linked in: rose mkiss ax25 rfcomm 
snd_hda_codec_hdmi cmac algif_hash algif_skcipher af_alg bnep i915 
nls_iso8859_1 x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
snd_hda_codec_realtek snd_hda_codec_generic rtw88_8821ce ledtrig_audio 
kvm i2c_algo_bit rtw88_8821c drm_buddy snd_hda_intel rtw88_pci btusb 
drm_display_helper snd_intel_dspcfg btrtl rtw88_core snd_hda_codec 
crct10dif_pclmul snd_hwdep crc32_pclmul snd_hda_core ghash_clmulni_intel 
btbcm aesni_intel drm_kms_helper btintel snd_pcm mei_hdcp btmtk 
crypto_simd intel_rapl_msr mac80211 syscopyarea snd_seq cryptd 
sysfillrect bluetooth sysimgblt fb_sys_fops cec 
processor_thermal_device_pci_legacy rapl snd_timer intel_soc_dts_iosf 
libarc4 rc_core at24 input_leds joydev processor_thermal_device 
intel_cstate cfg80211 snd_seq_device processor_thermal_rfim ecdh_generic 
ttm snd processor_thermal_mbox processor_thermal_rapl mei_me 
intel_pch_thermal ecc mei intel_rapl_common soundcore

[26442.283525]  int340x_thermal_zone acpi_pad video mac_hid ipmi_devintf 
ipmi_msghandler drm msr parport_pc ppdev lp ramoops parport pstore_blk 
reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs 
blake2b_generic libcrc32c xor raid6_pq zstd_compress dm_mirror 
dm_region_hash dm_log hid_generic usbhid hid i2c_i801 ahci r8169 
i2c_smbus libahci lpc_ich xhci_pci realtek xhci_pci_renesas

[26442.283644] CPU: 3 PID: 5541 Comm: kworker/u8:2 Not tainted 
6.0.0-rc3-DEBUG+ #5

[26442.283655] Hardware name: To be filled by O.E.M. To be filled by 
O.E.M./CK3, BIOS 5.011 09/16/2020

[26442.283663] Workqueue: events_unbound flush_to_ldisc

[26442.283686] RIP: 0010:refcount_warn_saturate+0x4c/0x150

[26442.283711] Code: 00 00 0f b6 1d 6c 10 52 01 80 fb 01 0f 87 3a 04 6c 
00 83 e3 01 75 34 48 c7 c7 70 bc 21 bb c6 05 50 10 52 01 01 e8 59 0c 68 
00 <0f> 0b eb 1d 85 f6 74 4f 0f b6 1d 3f 10 52 01 80 fb 01 0f 87 f6 03

[26442.283723] RSP: 0018:ffffa20940174ad8 EFLAGS: 00010286

[26442.283734] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 
0000000000000000

[26442.283742] RDX: 0000000000000504 RSI: ffffffffbb1cdaf1 RDI: 
00000000ffffffff

[26442.283750] RBP: ffffa20940174ae0 R08: 0000000000000003 R09: 
3b30207469682074

[26442.283758] R10: 203a745f746e756f R11: 746e756f63666572 R12: 
ffff92316c140490

[26442.283766] R13: 0000000000000000 R14: 0000000000000001 R15: 
ffff92316b561800

[26442.283774] FS:  0000000000000000(0000) GS:ffff92328f380000(0000) 
knlGS:0000000000000000

[26442.283783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[26442.283791] CR2: 00005634bae01a08 CR3: 0000000166410006 CR4: 
00000000001706e0

[26442.283801] Call Trace:

[26442.283807]  <IRQ>

[26442.283816]  ref_tracker_free+0x181/0x1c0

[26442.283836]  rose_route_frame+0x298/0x740 [rose]

[26442.283856]  ? pollwake+0x72/0x90

[26442.283869]  ? wake_up_q+0x90/0x90

[26442.283884]  ? __wake_up_common+0x7d/0x140

[26442.283896]  ? rose_link_device_down+0x50/0x50 [rose]

[26442.283916]  ax25_rx_iframe.part.0+0x8a/0x340 [ax25]

[26442.283937]  ax25_rx_iframe+0x13/0x20 [ax25]

[26442.283957]  ax25_std_frame_in+0x7ae/0x810 [ax25]

[26442.283979]  ax25_rcv.constprop.0+0x5ee/0x880 [ax25]

[26442.284002]  ? __netif_receive_skb_core.constprop.0+0x725/0x10b0

[26442.284021]  ax25_kiss_rcv+0x6c/0x90 [ax25]

[26442.284041]  __netif_receive_skb_one_core+0x91/0xa0

[26442.284054]  __netif_receive_skb+0x15/0x60

[26442.284066]  process_backlog+0x96/0x140

[26442.284079]  __napi_poll+0x33/0x190

[26442.284091]  net_rx_action+0x19f/0x300

[26442.284105]  __do_softirq+0x103/0x366

[26442.284123]  do_softirq.part.0+0xa4/0xd0

[26442.284138]  </IRQ>

[26442.284145]  <TASK>

[26442.284152]  __local_bh_enable_ip+0x87/0x90

[26442.284166]  _raw_spin_unlock_bh+0x1d/0x30

[26442.284178]  mkiss_receive_buf+0x330/0x3d0 [mkiss]

[26442.284195]  tty_ldisc_receive_buf+0x4b/0x60

[26442.284209]  tty_port_default_receive_buf+0x42/0x70

[26442.284225]  flush_to_ldisc+0xb8/0x1b0

[26442.284240]  process_one_work+0x21f/0x3f0

[26442.284257]  worker_thread+0x50/0x3e0

[26442.284271]  ? process_one_work+0x3f0/0x3f0

[26442.284326]  kthread+0xfd/0x130

[26442.284345]  ? kthread_complete_and_exit+0x20/0x20

[26442.284365]  ret_from_fork+0x22/0x30

[26442.284393]  </TASK>

[26442.284404] ---[ end trace 0000000000000000 ]---

[26442.284494] ------------[ cut here ]------------

[26442.284508] refcount_t: saturated; leaking memory.

[26442.284537] WARNING: CPU: 3 PID: 34 at lib/refcount.c:22 
refcount_warn_saturate+0x144/0x150

[26442.284564] Modules linked in: rose mkiss ax25 rfcomm 
snd_hda_codec_hdmi cmac algif_hash algif_skcipher af_alg bnep i915 
nls_iso8859_1 x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
snd_hda_codec_realtek snd_hda_codec_generic rtw88_8821ce ledtrig_audio 
kvm i2c_algo_bit rtw88_8821c drm_buddy snd_hda_intel rtw88_pci btusb 
drm_display_helper snd_intel_dspcfg btrtl rtw88_core snd_hda_codec 
crct10dif_pclmul snd_hwdep crc32_pclmul snd_hda_core ghash_clmulni_intel 
btbcm aesni_intel drm_kms_helper btintel snd_pcm mei_hdcp btmtk 
crypto_simd intel_rapl_msr mac80211 syscopyarea snd_seq cryptd 
sysfillrect bluetooth sysimgblt fb_sys_fops cec 
processor_thermal_device_pci_legacy rapl snd_timer intel_soc_dts_iosf 
libarc4 rc_core at24 input_leds joydev processor_thermal_device 
intel_cstate cfg80211 snd_seq_device processor_thermal_rfim ecdh_generic 
ttm snd processor_thermal_mbox processor_thermal_rapl mei_me 
intel_pch_thermal ecc mei intel_rapl_common soundcore

[26442.284833]  int340x_thermal_zone acpi_pad video mac_hid ipmi_devintf 
ipmi_msghandler drm msr parport_pc ppdev lp ramoops parport pstore_blk 
reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs 
blake2b_generic libcrc32c xor raid6_pq zstd_compress dm_mirror 
dm_region_hash dm_log hid_generic usbhid hid i2c_i801 ahci r8169 
i2c_smbus libahci lpc_ich xhci_pci realtek xhci_pci_renesas

[26442.284958] CPU: 3 PID: 34 Comm: ksoftirqd/3 Tainted: G        W 
      6.0.0-rc3-DEBUG+ #5

[26442.284976] Hardware name: To be filled by O.E.M. To be filled by 
O.E.M./CK3, BIOS 5.011 09/16/2020

[26442.284987] RIP: 0010:refcount_warn_saturate+0x144/0x150

[26442.285008] Code: a0 bc 21 bb c6 05 71 0f 52 01 01 e8 7b 0b 68 00 0f 
0b e9 3c ff ff ff 48 c7 c7 f0 bb 21 bb c6 05 5b 0f 52 01 01 e8 61 0b 68 
00 <0f> 0b e9 22 ff ff ff 0f 1f 44 00 00 8b 07 3d 00 00 00 c0 74 12 83

[26442.285024] RSP: 0018:ffffa2094015f990 EFLAGS: 00010286

[26442.285042] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 
0000000000000000

[26442.285056] RDX: 0000000000000503 RSI: ffffffffbb1cdaf1 RDI: 
00000000ffffffff

[26442.285070] RBP: ffffa2094015f998 R08: 0000000000000003 R09: 
3b64657461727574

[26442.285086] R10: 00000000756f6366 R11: 0000000063666572 R12: 
ffff92316c140490

[26442.285100] R13: 0000000000000a20 R14: 0000000000000000 R15: 
0000000000000000

[26442.285114] FS:  0000000000000000(0000) GS:ffff92328f380000(0000) 
knlGS:0000000000000000

[26442.285123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[26442.285131] CR2: 00005634bae01a08 CR3: 0000000166410006 CR4: 
00000000001706e0

[26442.285140] Call Trace:

[26442.285146]  <TASK>

[26442.285155]  ref_tracker_alloc+0x170/0x220

[26442.285169]  ? __smp_call_single_queue+0x59/0x90

[26442.285184]  ? ttwu_queue_wakelist+0xff/0x1d0

[26442.285196]  ? _raw_spin_unlock_irqrestore+0x27/0x50

[26442.285210]  rose_dev_get+0x8a/0xa0 [rose]

[26442.285228]  rose_route_frame+0x267/0x740 [rose]

[26442.285245]  ? pollwake+0x72/0x90

[26442.285255]  ? wake_up_q+0x90/0x90

[26442.285268]  ? __wake_up_common+0x7d/0x140

[26442.285279]  ? rose_link_device_down+0x50/0x50 [rose]

[26442.285294]  ax25_rx_iframe.part.0+0x8a/0x340 [ax25]

[26442.285313]  ax25_rx_iframe+0x13/0x20 [ax25]

[26442.285330]  ax25_std_frame_in+0x7ae/0x810 [ax25]

[26442.285350]  ax25_rcv.constprop.0+0x5ee/0x880 [ax25]

[26442.285369]  ? __netif_receive_skb_core.constprop.0+0x725/0x10b0

[26442.285385]  ax25_kiss_rcv+0x6c/0x90 [ax25]

[26442.285402]  __netif_receive_skb_one_core+0x91/0xa0

[26442.285414]  __netif_receive_skb+0x15/0x60

[26442.285424]  process_backlog+0x96/0x140

[26442.285436]  __napi_poll+0x33/0x190

[26442.285447]  net_rx_action+0x19f/0x300

[26442.285460]  __do_softirq+0x103/0x366

[26442.285475]  run_ksoftirqd+0x39/0x50

[26442.285488]  smpboot_thread_fn+0x193/0x230

[26442.285500]  ? sort_range+0x30/0x30

[26442.285509]  kthread+0xfd/0x130

[26442.285521]  ? kthread_complete_and_exit+0x20/0x20

[26442.285534]  ret_from_fork+0x22/0x30

[26442.285551]  </TASK>

[26442.285557] ---[ end trace 0000000000000000 ]---

[26442.286648] ROSE: unknown 0F in state 3

[26442.287419] ROSE: unknown 17 in state 3

root@bernard-f6bvp:/home/bernard#




      reply	other threads:[~2022-09-04 10:38 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-28  5:18 [PATCH net] ax25: fix incorrect dev_tracker usage Eric Dumazet
2022-07-29  5:30 ` patchwork-bot+netdevbpf
2022-07-29 17:32 ` Matthieu Baerts
2022-08-03  6:23 ` Paolo Abeni
2022-08-03  6:46   ` Eric Dumazet
2022-08-03  7:03     ` Paolo Abeni
2022-08-03  7:15       ` Eric Dumazet
2022-09-03  8:56         ` Bernard Pidoux
2022-09-03 16:47           ` Eric Dumazet
2022-09-04 10:37             ` Bernard Pidoux [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9090eda2-5ab2-9d7e-2d41-f21db2a90573@gmail.com \
    --to=bernard.f6bvp@gmail.com \
    --cc=edumazet@google.com \
    --cc=linux-hams@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=romieu@fr.zoreil.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.