On 2022/7/9 10:46 am, Hawkins Jiawei wrote:
syzbot is try to setup TLS on a SMC socket. During SMC fallback process in connect syscall, kernel will sets the smc->sk.sk_socket->file->private_data to smc->clcsock in smc_switch_to_fallback(), and set smc->clcsock->sk_user_data to origin smc in smc_fback_replace_callbacks().
Later, sk_psock_get() will treat the smc->clcsock->sk_user_data as sk_psock type, which triggers the refcnt warning.
Thanks for your analysis. Although syzbot found this issue in SMC, seems that it is a generic issue about sk_user_data usage? Fixing it from SK_USER_DATA_PTRMASK as you plan should be a right way.
