Re: [syzbot] [can?] memory leak in j1939_netdev_start

From: Edward Adam Davis
Date: Tue Jan 23 2024 - 04:43:19 EST


please test memory leak in j1939_netdev_start

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index 14c431663233..1d1f1348eeca 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -141,6 +141,7 @@ static void j1939_sk_queue_drop_all(struct j1939_priv *priv,
sk_session_queue_entry) {
list_del_init(&session->sk_session_queue_entry);
session->err = err;
+ printk("s: %p, %s\n", session, __func__);
j1939_session_put(session);
}
spin_unlock_bh(&jsk->sk_session_queue_lock);
diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c
index fe3df23a2595..0b09bf60b08b 100644
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -278,6 +278,7 @@ static void j1939_session_destroy(struct j1939_session *session)

while ((skb = skb_dequeue(&session->skb_queue)) != NULL) {
/* drop ref taken in j1939_session_skb_queue() */
+ printk("s: %p, skb: %p, %s\n", session, skb, __func__);
skb_unref(skb);
kfree_skb(skb);
}
@@ -1552,6 +1553,7 @@ j1939_session *j1939_session_fresh_new(struct j1939_priv *priv,
/* alloc data area */
skb_put(skb, size);
/* skb is recounted in j1939_session_new() */
+ printk("s: %p, skb: %p, %s\n", session, skb, __func__);
return session;
}

@@ -1758,6 +1760,7 @@ static void j1939_xtp_rx_rts(struct j1939_priv *priv, struct sk_buff *skb,
j1939_tp_set_rxtimeout(session, 1250);
}

+ printk("s: %p, %s\n", session, __func__);
j1939_session_put(session);
}