On Sun, Mar 14, 2021 at 11:23:10AM +0300, Fatih Yildirim wrote: > Hi Santosh, > > I've been working on a memory leak bug reported by syzbot. > https://syzkaller.appspot.com/bug?id=39b72114839a6dbd66c1d2104522698a813f9ae2 > > It seems that memory allocated in rds_send_probe function is not freed. > > Let me share my observations. > rds_message is allocated at the beginning of rds_send_probe function. > Then it is added to cp_send_queue list of rds_conn_path and refcount > is increased by one. > Next, in rds_send_xmit function it is moved from cp_send_queue list to > cp_retrans list, and again refcount is increased by one. > Finally in rds_loop_xmit function refcount is increased by one. > So, total refcount is 4. > However, rds_message_put is called three times, in rds_send_probe, > rds_send_remove_from_sock and rds_send_xmit functions. It seems that > one more rds_message_put is needed. > Would you please check and share your comments on this issue? Do you have a proposed patch that syzbot can test to verify if this is correct or not? thanks, gre gk-h
