Re: [syzbot] WARNING in sk_stream_kill_queues (8)

From: Stanislav Fomichev
Date: Thu Jul 07 2022 - 14:50:17 EST

Next message: Jonathan Corbet: "Re: [PATCH 02/12] docs: tegra194-hte.rst: don't include gpiolib.c twice"
Previous message: Horatiu Vultur: "[PATCH 2/2] pinctrl: ocelot: Fix pincfg"
In reply to: Cong Wang: "Re: [syzbot] WARNING in sk_stream_kill_queues (8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 7, 2022 at 11:39 AM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
>
> On Wed, Jul 6, 2022 at 9:40 AM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
> >
> > I will look into this tonight.
>
> The following patch could work. It uncharges the sk mem before passing skb
> to recv actor but still keeps skb->sk.

This seems to make syzkaller happy.

Tested-by: Stanislav Fomichev <sdf@xxxxxxxxxx>

> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 9d2fd3ced21b..c6b1effb2afd 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -1749,6 +1749,7 @@ int tcp_read_skb(struct sock *sk,
> skb_read_actor_t recv_actor)
> int used;
>
> __skb_unlink(skb, &sk->sk_receive_queue);
> + WARN_ON(!skb_set_owner_sk_safe(skb, sk));
> used = recv_actor(sk, skb);
> if (used <= 0) {
> if (!copied)

Next message: Jonathan Corbet: "Re: [PATCH 02/12] docs: tegra194-hte.rst: don't include gpiolib.c twice"
Previous message: Horatiu Vultur: "[PATCH 2/2] pinctrl: ocelot: Fix pincfg"
In reply to: Cong Wang: "Re: [syzbot] WARNING in sk_stream_kill_queues (8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]