Re: [syzbot] [net?] possible deadlock in unix_del_edges
From: Kuniyuki Iwashima
Date: Fri Apr 05 2024 - 01:29:09 EST
From: syzbot <syzbot+7f7f201cc2668a8fd169@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Apr 2024 09:13:26 -0700
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2b3d5988ae2c Add linux-next specific files for 20240404
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=13114d8d180000
> kernel config: https://syzkaller.appspot.com/x/.config?x=9c48fd2523cdee5e
> dashboard link: https://syzkaller.appspot.com/bug?extid=7f7f201cc2668a8fd169
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113c7103180000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1133aaa9180000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/136270ed2c7b/disk-2b3d5988.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/466d2f7c1952/vmlinux-2b3d5988.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/7dfaf3959891/bzImage-2b3d5988.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+7f7f201cc2668a8fd169@xxxxxxxxxxxxxxxxxxxxxxxxx
The boot failure for the previous patch is not related to the patch.
Probably I should've specified the gc commit.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git 4090fa373f0e763c43610853d2774b5979915959
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 61ecfa9c9c6b..d3bf9f49012d 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2619,7 +2619,9 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
}
} else if (!(flags & MSG_PEEK)) {
skb_unlink(skb, &sk->sk_receive_queue);
- consume_skb(skb);
+ WRITE_ONCE(u->oob_skb, NULL);
+ kfree_skb(skb);
+ kfree_skb(skb);
skb = skb_peek(&sk->sk_receive_queue);
}
}