From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net-next] tcp: do not release socket ownership in
 tcp_close()
Date: Tue, 02 Oct 2018 22:18:19 -0700 (PDT)
Message-ID: <20181002.221819.552910441499992415.davem@davemloft.net>
References: <20181002062426.140891-1-edumazet@google.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, eric.dumazet@gmail.com
To: edumazet@google.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([23.128.96.9]:54488 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726394AbeJCMFG (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 3 Oct 2018 08:05:06 -0400
In-Reply-To: <20181002062426.140891-1-edumazet@google.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Eric Dumazet <edumazet@google.com>
Date: Mon,  1 Oct 2018 23:24:26 -0700

> syzkaller was able to hit the WARN_ON(sock_owned_by_user(sk));
> in tcp_close()
> 
> While a socket is being closed, it is very possible other
> threads find it in rtnetlink dump.
> 
> tcp_get_info() will acquire the socket lock for a short amount
> of time (slow = lock_sock_fast(sk)/unlock_sock_fast(sk, slow);),
> enough to trigger the warning.
> 
> Fixes: 67db3e4bfbc9 ("tcp: no longer hold ehash lock while calling tcp_get_info()")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>

Applied.