Hi Edward, On Thu, Aug 08, 2024 at 07:08:49AM +0800, Edward Adam Davis wrote: > The root cause of this problem is when both of the following conditions > are met simultaneously: > [1] Introduced commit c9c0ee5f20c5, There are following rules: > In debug builds (CONFIG_DEBUG_NET set), the reference count is always > decremented, even when it's 1. > > [2] When executing sendmsg, the newly created session did not increase the > skb reference count, only added skb to the session's skb_queue. > > The solution is: > When creating a new session, do not add the skb to the skb_queue. > Instead, when using skb, uniformly use j1939_session_skb_queue to add > the skb to the queue and increase the skb reference count through it. > > Reported-and-tested-by: syzbot+ad601904231505ad6617@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=ad601904231505ad6617 > Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> This patch breaks j1939. The issue can be reproduced by running following commands: git clone git@xxxxxxxxxx:linux-can/can-tests.git cd can-tests/j1939/ ip link add type vcan ip l s dev vcan0 up ./run_all.sh vcan0 vcan0 Regards, Oleksij -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
