Re: [syzbot] WARNING in sk_stream_kill_queues (8)
From: Cong Wang
Date: Thu Jul 07 2022 - 14:39:15 EST
On Wed, Jul 6, 2022 at 9:40 AM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
>
> I will look into this tonight.
The following patch could work. It uncharges the sk mem before passing skb
to recv actor but still keeps skb->sk.
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 9d2fd3ced21b..c6b1effb2afd 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1749,6 +1749,7 @@ int tcp_read_skb(struct sock *sk,
skb_read_actor_t recv_actor)
int used;
__skb_unlink(skb, &sk->sk_receive_queue);
+ WARN_ON(!skb_set_owner_sk_safe(skb, sk));
used = recv_actor(sk, skb);
if (used <= 0) {
if (!copied)