From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C965C4332B for ; Fri, 20 Mar 2020 23:36:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2F22520714 for ; Fri, 20 Mar 2020 23:36:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jIglHsdB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727766AbgCTXgj (ORCPT ); Fri, 20 Mar 2020 19:36:39 -0400 Received: from mail-io1-f67.google.com ([209.85.166.67]:38976 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727631AbgCTXgh (ORCPT ); Fri, 20 Mar 2020 19:36:37 -0400 Received: by mail-io1-f67.google.com with SMTP id c19so7865543ioo.6; Fri, 20 Mar 2020 16:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=r56c2sC6zamlywNB9189icYDyAGKVdxKEKYyEkkrtbs=; b=jIglHsdBBqGfP+iZRD+xmqhg6u0oes4iqVrlOxhxfrU1/HvYH5tqBY70q8K1GaW7F7 QU2tfM/SHKVZDjBBz0r9YusVGDwACXLU1bCYVNAGidoXju78eb+xAUbeE2VgD2zpqIfb yBDLxS6nFFsQsbfOUo83L8DO4uPPdW9djOvDu0oi1szuCKH2KlxqCk+jCRWDJqmwxcvr 78m1MAonXVES7tNbLechb9RFdd55Dh00aS2rycxffXWNAbZDp//pD7nCLeo3IJPjn+wk rSaw8qk9RS+22pcZEz+ee24ZRKw6DO0N6p+m1nqrdzOFbGfCRk938uF18LUKYL9jcdpz dnoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r56c2sC6zamlywNB9189icYDyAGKVdxKEKYyEkkrtbs=; b=o/m21ztVyO/AkF/nmBdH7SFF+R8pmzEA7CdUcKJ/43h5bjG3MAQShq2endrTJ1u/XR OGzryo7e/OlMnVKbyzbFgKWkkoqHYZseE7Dig0OV6grCutaP2jmifnHwe5Z4sHs+T9d+ mAWg63dJxlSw3kboStnLrsvKKdwmcSC05dQbiVgM8i9v3ZfZtUL0Lr0KadcEbWgn/+6U vwAFHJ4XTUfEbbAy4Dr0tX4tohO/QIaRKVZIoIulzmw72nTRmFP9DrucElyJ73ls3Irn YcpMTyih/aDU2jCv48AiyOj/H0Md8YTaFQpQzAmL2IVYwiQwBXImB1qVMWqQz1uW4ODU LZJg== X-Gm-Message-State: ANhLgQ2vgZ9gIaXyXga+IIomuyw4pu/r9QIP4qadXaku96dcADA7XXOz SfT189UBAv221mcT/4RZoFO/X1g2dhtR6YZRw7U= X-Google-Smtp-Source: ADFU+vswMWOI+4/lmZP7NubSfTT4Gc+zjPJx/vu+4CB9gKmAIL7r/Cx3A4SqMr8iKsJ4UneSjQvw0JrHpgMFITL80rY= X-Received: by 2002:a02:1683:: with SMTP id a125mr2499634jaa.61.1584747396297; Fri, 20 Mar 2020 16:36:36 -0700 (PDT) MIME-Version: 1.0 References: <20200320110959.2114-1-hqjagain@gmail.com> <2dc8673f-a46d-1438-95a8-cfb455bbea57@gmail.com> In-Reply-To: <2dc8673f-a46d-1438-95a8-cfb455bbea57@gmail.com> From: Qiujun Huang Date: Sat, 21 Mar 2020 07:36:24 +0800 Message-ID: Subject: Re: [PATCH v3] sctp: fix refcount bug in sctp_wfree To: Eric Dumazet Cc: Marcelo Ricardo Leitner , "David S. Miller" , vyasevich@gmail.com, nhorman@tuxdriver.com, Jakub Kicinski , linux-sctp@vger.kernel.org, netdev , LKML , anenbupt@gmail.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 21, 2020 at 1:10 AM Eric Dumazet wrote: > > > > > This does not really solve the issue. > > Even if the particular syzbot repro is now fine. > > Really, having anything _after_ the sock_wfree(skb) is the bug, since the current thread no longer > own a reference on a socket. I get it, thanks. > > > > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Qiujun Huang Date: Fri, 20 Mar 2020 23:36:24 +0000 Subject: Re: [PATCH v3] sctp: fix refcount bug in sctp_wfree Message-Id: List-Id: References: <20200320110959.2114-1-hqjagain@gmail.com> <2dc8673f-a46d-1438-95a8-cfb455bbea57@gmail.com> In-Reply-To: <2dc8673f-a46d-1438-95a8-cfb455bbea57@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Eric Dumazet Cc: Marcelo Ricardo Leitner , "David S. Miller" , vyasevich@gmail.com, nhorman@tuxdriver.com, Jakub Kicinski , linux-sctp@vger.kernel.org, netdev , LKML , anenbupt@gmail.com On Sat, Mar 21, 2020 at 1:10 AM Eric Dumazet wrote: > > > > > This does not really solve the issue. > > Even if the particular syzbot repro is now fine. > > Really, having anything _after_ the sock_wfree(skb) is the bug, since the current thread no longer > own a reference on a socket. I get it, thanks. > > > >