From: Hillf Danton <hdanton@sina.com>
To: syzbot <syzbot+fa379358c28cc87cc307@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [net?] possible deadlock in __unix_gc
Date: Wed, 24 Apr 2024 06:34:58 +0800 [thread overview]
Message-ID: <20240423223458.3126-1-hdanton@sina.com> (raw)
In-Reply-To: <000000000000f1761a0616c5c629@google.com>
On Tue, 23 Apr 2024 09:09:22 -0700
> syzbot found the following issue on:
>
> HEAD commit: 4d2008430ce8 Merge tag 'docs-6.9-fixes2' of git://git.lwn...
> git tree: upstream
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17ceeb73180000
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d2008430ce8
--- x/net/unix/af_unix.c
+++ y/net/unix/af_unix.c
@@ -2646,7 +2646,7 @@ static int unix_stream_recv_urg(struct u
}
static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
- int flags, int copied)
+ int flags, int copied, struct sk_buff_head *qh)
{
struct unix_sock *u = unix_sk(sk);
@@ -2669,7 +2669,7 @@ static struct sk_buff *manage_oob(struct
skb_unlink(skb, &sk->sk_receive_queue);
WRITE_ONCE(u->oob_skb, NULL);
if (!WARN_ON_ONCE(skb_unref(skb)))
- kfree_skb(skb);
+ __skb_queue_tail(qh, skb);
skb = skb_peek(&sk->sk_receive_queue);
}
}
@@ -2703,6 +2703,9 @@ static int unix_stream_read_generic(stru
int skip;
size_t size = state->size;
unsigned int last_len;
+ struct sk_buff_head qh;
+
+ __skb_queue_head_init(&qh);
if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
err = -EINVAL;
@@ -2746,7 +2749,7 @@ redo:
again:
#if IS_ENABLED(CONFIG_AF_UNIX_OOB)
if (skb) {
- skb = manage_oob(skb, sk, flags, copied);
+ skb = manage_oob(skb, sk, flags, copied, &qh);
if (!skb && copied) {
unix_state_unlock(sk);
break;
@@ -2901,6 +2904,7 @@ unlock:
else
scm_destroy(&scm);
out:
+ __skb_queue_purge(&qh);
return copied ? : err;
}
--
next prev parent reply other threads:[~2024-04-23 22:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-23 16:09 [syzbot] [net?] possible deadlock in __unix_gc syzbot
2024-04-23 22:34 ` Hillf Danton [this message]
2024-04-23 23:11 ` syzbot
2024-04-24 0:43 ` Kuniyuki Iwashima
2024-04-24 1:11 ` syzbot
2024-04-24 2:01 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240423223458.3126-1-hdanton@sina.com \
--to=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+fa379358c28cc87cc307@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox