When search the first skb to collapse,the condition of overlap to the next one have been reached,but the start is less than TCP_SKB_CB(skb)->seq at this time, then followed process will trigger the BUG_ON of the offset(start - TCP_SKB_CB(skb)->seq). So this patch add one check (! before(start,TCP_SKB_CB(skb)->seq)) to avoid this ipanic.
Signed-off-by: Chen Jun <jun.d.c...@intel.com> --- net/ipv4/tcp_input.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 9c62257..4c745c5 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4465,7 +4465,8 @@ restart: * overlaps to the next one. */ if (!tcp_hdr(skb)->syn && !tcp_hdr(skb)->fin && - (tcp_win_from_space(skb->truesize) > skb->len || + ((tcp_win_from_space(skb->truesize) > skb->len && + !before(start, TCP_SKB_CB(skb)->seq)) || before(TCP_SKB_CB(skb)->seq, start))) { end_of_skbs = false; break; -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/