From: Oleksij Rempel <o.rempel@pengutronix.de>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: linux-can@vger.kernel.org,
Network Development <netdev@vger.kernel.org>,
Marc Kleine-Budde <mkl@pengutronix.de>
Subject: Re: [can/j1939] unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
Date: Fri, 21 Nov 2025 10:06:25 +0100 [thread overview]
Message-ID: <aSArkb7-JNW-BjrG@pengutronix.de> (raw)
In-Reply-To: <d2be2d6a-6cbb-4b13-9f86-a6b7fe94983a@I-love.SAKURA.ne.jp>
Hello Tetsuo,
On Thu, Nov 20, 2025 at 07:11:22PM +0900, Tetsuo Handa wrote:
> Hello.
>
> I am using a debug printk() patch for j1939_priv which records/counts where
> refcount for j1939_priv has changed, and syzbot succeeded to record/count a
> j1939_priv leak in next-20251119
> ( https://syzkaller.appspot.com/bug?extid=881d65229ca4f9ae8c84 ).
>
> The output from the debug printk() patch is shown below. I think that
> understanding what actions have been taken on this j1939_priv object will
> help you finding the cause of j1939_priv leak bug.
Hm, looks like we have a race where new session is created in
j1939_xtp_rx_rts(), just at the moment where we call
j1939_can_rx_unregister().
Haw about following change:
--- a/net/can/j1939/main.c
+++ b/net/can/j1939/main.c
@@ -214,6 +214,7 @@ static void __j1939_rx_release(struct kref *kref)
rx_kref);
j1939_can_rx_unregister(priv);
+ j1939_cancel_active_session(priv, NULL);
j1939_ecu_unmap_all(priv);
j1939_priv_set(priv->ndev, NULL);
mutex_unlock(&j1939_netdev_lock);
Best Regards,
Oleksij
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-11-21 9:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-20 10:11 [can/j1939] unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 Tetsuo Handa
2025-11-21 9:06 ` Oleksij Rempel [this message]
2025-11-21 9:33 ` Tetsuo Handa
2025-11-21 10:00 ` Oleksij Rempel
2025-11-21 10:19 ` Tetsuo Handa
2025-11-21 10:31 ` Oleksij Rempel
2025-11-22 7:00 ` Tetsuo Handa
2025-11-22 13:03 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSArkb7-JNW-BjrG@pengutronix.de \
--to=o.rempel@pengutronix.de \
--cc=linux-can@vger.kernel.org \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox