[rds-devel] [BUG] net: rds: rds_send_probe memory leak

[Santosh Shilimkar]

On Mar 14, 2021, at 12:23 AM, Fatih Yildirim <yildirim.fatih at gmail.com<mailto:yildirim.fatih at gmail.com>> wrote:

Hi Santosh,

I've been working on a memory leak bug reported by syzbot.

https://syzkaller.appspot.com/bug?id=39b72114839a6dbd66c1d2104522698a813f9ae2

It seems that memory allocated in rds_send_probe function is not freed.

Let me share my observations.
rds_message is allocated at the beginning of rds_send_probe function.
Then it is added to cp_send_queue list of rds_conn_path and refcount
is increased by one.
Next, in rds_send_xmit function it is moved from cp_send_queue list to
cp_retrans list, and again refcount is increased by one.
Finally in rds_loop_xmit function refcount is increased by one.
So, total refcount is 4.
However, rds_message_put is called three times, in rds_send_probe,
rds_send_remove_from_sock and rds_send_xmit functions. It seems that
one more rds_message_put is needed.
Would you please check and share your comments on this issue?


Based on the call trace its possible. I haven’t looked into details but feel
free to post a patch if you have one to fix this. Thanks for
reporting.

Regards,
Santosh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/rds-devel/attachments/20210314/d4e3317d/attachment.html