Re: [PATCH] sock: Fix sk_sleep return invalid pointer
From: <hidden>
Date: 2023-08-23 00:19:18
Also in:
linux-hams
From: <hidden>
Date: 2023-08-23 00:19:18
Also in:
linux-hams
From: Edward AD <redacted> On Tue, 22 Aug 2023 17:31:00 +0200, pabeni@redhat.com wrote:
quoted
From: Edward AD <redacted> The parameter sk_sleep(sk) passed in when calling prepare_to_wait may return an invalid pointer due to nr-release reclaiming the sock. Here, schedule_timeout_interruptible is used to replace the combination of 'prepare_to_wait, schedule, finish_wait' to solve the problem. Reported-and-tested-by: syzbot+666c97e4686410e79649@syzkaller.appspotmail.com Signed-off-by: Edward AD <redacted>This looks wrong. No syscall should race with sock_release(). It looks like you are papering over the real issue. As the reproducer shows a disconnect on an connected socket, I'm wild guessing something alike 4faeee0cf8a5d88d63cdbc3bab124fb0e6aed08c should be more appropriate.
There is insufficient evidence to prove where the current report provided by syz caused 'sk_sleep()' to return an invalid pointer. So, the above statement is my guess.