[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZrMqFN4vE7WHRBjE@gmail.com>
Date: Wed, 7 Aug 2024 01:02:28 -0700
From: Breno Leitao <leitao@...ian.org>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+ad601904231505ad6617@...kaller.appspotmail.com,
davem@...emloft.net, edumazet@...gle.com, kernel@...gutronix.de,
kuba@...nel.org, linux-can@...r.kernel.org,
linux-kernel@...r.kernel.org, mkl@...gutronix.de,
netdev@...r.kernel.org, o.rempel@...gutronix.de, pabeni@...hat.com,
robin@...tonic.nl, socketcan@...tkopp.net,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [can?] WARNING: refcount bug in j1939_session_put
Hello Edward,
On Wed, Aug 07, 2024 at 09:42:40AM +0800, Edward Adam Davis wrote:
> Fixes: c9c0ee5f20c5 ("net: skbuff: Skip early return in skb_unref when debugging")
>
> Root cause: In commit c9c0ee5f20c5, There are following rules:
> In debug builds (CONFIG_DEBUG_NET set), the reference count is always decremented, even when it's 1
That is the goal, to pick problems like the one reported here. I.e, the
reference shouldn't be negative. If that is the case, it means that
there is a bug, and the skb is being unreferenced more than what it
needs to.
> This rule will cause the reference count to be 0 after calling skc_unref,
> which will affect the release of skb.
>
> The solution I have proposed is:
> Before releasing the SKB during session destroy, check the CONFIG_DEBUG_NET
> and skb_unref return values to avoid reference count errors caused by a
> reference count of 0 when releasing the SKB.
I am not sure this is the best approach. I would sugest finding where
the skb is being unreferenced first, so, it doesn't need to be
unreferenced again.
This suggestion is basically working around the findings.
Thanks for looking at this problem.
--breno
Powered by blists - more mailing lists