Hello Boris Sukholitko,
The patch c0bbbdc32feb: "__netif_receive_skb_core: pass skb by
reference" from May 19, 2020, leads to the following static checker
warning:
net/core/dev.c:5256 __netif_receive_skb_core()
warn: 'skb' was already freed.
net/core/dev.c
5230 }
5231
5232 if (pt_prev) {
5233 if (unlikely(skb_orphan_frags_rx(skb, GFP_ATOMIC)))
5234 goto drop;
5235 *ppt_prev = pt_prev;
5236 } else {
5237 drop:
5238 if (!deliver_exact)
5239 atomic_long_inc(&skb->dev->rx_dropped);
5240 else
5241 atomic_long_inc(&skb->dev->rx_nohandler);
5242 kfree_skb(skb);
^^^
5243 /* Jamal, now you will not able to escape explaining
5244 * me how you were going to use this. :-)
5245 */
5246 ret = NET_RX_DROP;
5247 }
5248
5249 out:
5250 /* The invariant here is that if *ppt_prev is not NULL
5251 * then skb should also be non-NULL.
5252 *
5253 * Apparently *ppt_prev assignment above holds this invariant due to
5254 * skb dereferencing near it.
5255 */
5256 *pskb = skb;
^^^^^^^^^^^^
Freed and also used in the caller.
5257 return ret;
5258 }
regards,
dan carpenter
