MCP2515 SPI CAN Kernel Warning mit v5.4.105
According to @RTurner there is a kernel warning when cansend can0 123#DEADBEEF
is executed for the first time on a BL i.MX8MM board with Kernel v5.4.105.
Log
[ 916.775650] ------------[ cut here ]------------
[ 916.780503] refcount_t: increment on 0; use-after-free.
[ 916.785797] WARNING: CPU: 1 PID: 33 at lib/refcount.c:156 refcount_inc_checked+0x40/0x48
[ 916.795729] Modules linked in: ipv6 crct10dif_ce smsc95xx usbnet
[ 916.801744] CPU: 1 PID: 33 Comm: kworker/1:1 Not tainted 5.4.105-ktn #1
[ 916.808356] Hardware name: Kontron i.MX8MM N801X S (DT)
[ 916.813585] Workqueue: mcp251x_wq mcp251x_tx_work_handler
[ 916.818984] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 916.823774] pc : refcount_inc_checked+0x40/0x48
[ 916.828303] lr : refcount_inc_checked+0x40/0x48
[ 916.832830] sp : ffff8000113cbcf0
[ 916.836142] x29: ffff8000113cbcf0 x28: ffff0000f9f687c0
[ 916.841452] x27: 0000000000000000 x26: ffff0000f9f68000
[ 916.846762] x25: 000000000000000a x24: ffff0000f884f800
[ 916.852073] x23: ffff0000fa1b7f00 x22: 0000000000000000
[ 916.857384] x21: ffff0000f9f687c0 x20: ffff0000f9f68000
[ 916.862695] x19: ffff0000fa1b7800 x18: 0000000000000010
[ 916.868006] x17: 0000000000000000 x16: 0000000000000000
[ 916.873316] x15: ffff0000fa952e70 x14: ffffffffffffffff
[ 916.878627] x13: ffff8000913cba47 x12: ffff8000113cba4f
[ 916.883936] x11: ffff800011072000 x10: ffff80001111f5f8
[ 916.889247] x9 : 0000000000000000 x8 : ffff800011120000
[ 916.894559] x7 : ffff8000105e5dc8 x6 : 000000000000014c
[ 916.899868] x5 : 0000000000000000 x4 : 0000000000000000
[ 916.905177] x3 : 00000000ffffffff x2 : ffff8000110725a8
[ 916.910487] x1 : 4e43b0a9b8ba9100 x0 : 0000000000000000
[ 916.915799] Call trace:
[ 916.918246] refcount_inc_checked+0x40/0x48
[ 916.922427] can_put_echo_skb+0x88/0x120
[ 916.926347] mcp251x_tx_work_handler+0x168/0x1f0
[ 916.930967] process_one_work+0x1b4/0x328
[ 916.934975] worker_thread+0x48/0x420
[ 916.938638] kthread+0x138/0x158
[ 916.941867] ret_from_fork+0x10/0x1c
[ 916.945441] ---[ end trace 18ec4e7348824c18 ]---
[ 916.950203] ------------[ cut here ]------------
[ 916.954829] refcount_t: underflow; use-after-free.
[ 916.959655] WARNING: CPU: 1 PID: 15 at lib/refcount.c:190 refcount_sub_and_test_checked+0xb4/0xc0
[ 916.968524] Modules linked in: ipv6 crct10dif_ce smsc95xx usbnet
[ 916.974536] CPU: 1 PID: 15 Comm: ksoftirqd/1 Tainted: G W 5.4.105-ktn #1
[ 916.982535] Hardware name: Kontron i.MX8MM N801X S (DT)
[ 916.987757] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 916.992547] pc : refcount_sub_and_test_checked+0xb4/0xc0
[ 916.997856] lr : refcount_sub_and_test_checked+0xb4/0xc0
[ 917.003165] sp : ffff8000112e3af0
[ 917.006476] x29: ffff8000112e3af0 x28: ffff0000ff797bd0
[ 917.011787] x27: 0000000000000001 x26: 0000000000000060
[ 917.017100] x25: 00000000000000e0 x24: ffff0000ff797ccc
[ 917.022409] x23: ffff0000f9f68000 x22: 0000000000000000
[ 917.027720] x21: ffff8000110f09c0 x20: ffff0000fa34f900
[ 917.033031] x19: 0000000000000000 x18: 0000000000000010
[ 917.038341] x17: 0000000000000000 x16: 0000000000000000
[ 917.043652] x15: ffff0000fa8ff470 x14: ffffffffffffffff
[ 917.048963] x13: ffff8000912e3847 x12: ffff8000112e384f
[ 917.054273] x11: ffff800011072000 x10: ffff80001111f5f8
[ 917.059586] x9 : 0000000000000000 x8 : ffff800011120000
[ 917.064895] x7 : ffff8000105e5dc8 x6 : 000000000000016f
[ 917.070205] x5 : 0000000000000000 x4 : 0000000000000000
[ 917.075515] x3 : 00000000ffffffff x2 : ffff8000110725a8
[ 917.080824] x1 : 532c71a3baa73100 x0 : 0000000000000000
[ 917.086136] Call trace:
[ 917.088583] refcount_sub_and_test_checked+0xb4/0xc0
[ 917.093545] refcount_dec_and_test_checked+0x14/0x20
[ 917.098512] sock_efree+0x18/0x40
[ 917.101827] skb_release_head_state+0x40/0xc8
[ 917.106181] skb_release_all+0x14/0x30
[ 917.109931] consume_skb+0x2c/0x58
[ 917.113334] can_receive+0xb4/0xf8
[ 917.116735] can_rcv+0x3c/0xc0
[ 917.119789] __netif_receive_skb_one_core+0x50/0x78
[ 917.124664] __netif_receive_skb+0x14/0x60
[ 917.128757] process_backlog+0xbc/0x190
[ 917.132595] net_rx_action+0x114/0x340
[ 917.136343] __do_softirq+0x120/0x25c
[ 917.140006] run_ksoftirqd+0x3c/0x50
[ 917.143582] smpboot_thread_fn+0x1e4/0x2a8
[ 917.147679] kthread+0x138/0x158
[ 917.150907] ret_from_fork+0x10/0x1c
[ 917.154481] ---[ end trace 18ec4e7348824c19 ]---
Layer-Revisions
* meta-ktn Branch: dunfell Revision: <e8b80a5>
* meta-freescale Branch: dunfell Revision: <e4f86059>
* meta-ktn-imx Branch: dunfell Revision: <f616d71>
* meta-arm Branch: dunfell Revision: <02c6605>
* meta-qt5 Branch: dunfell Revision: <0d8eb95>
* meta-openembedded Branch: dunfell Revision: <346681e7b>
* meta-python2 Branch: dunfell Revision: <c96cfe30>
* poky Branch: dunfell Revision: <a13bda44fc>
Todo:
-
Reproduce -
Test latest Kernel 5.4.x -
If necessary test latest Kernel 5.x -
If necessary send report to ML