From 26b8986a18c1f8c277659340e59c59d5f17d927f Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Tue, 11 Nov 2025 15:12:35 +0000
Subject: [PATCH] net: clear skb->sk in skb_release_head_state()

skb_release_head_state() inlines skb_orphan().

We need to clear skb->sk otherwise we can freeze TCP flows
on a mostly idle host, because skb_fclone_busy() would
return true as long as the packet is not yet processed by
skb_defer_free_flush().

Fixes: 1fcf572211da ("net: allow skb_release_head_state() to be called multiple times")
Fixes: e20dfbad8aab ("net: fix napi_consume_skb() with alien skbs")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Aditya Garg <gargaditya@linux.microsoft.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20251111151235.1903659-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
 net/core/skbuff.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 4f4d7ab7057f1..f34372666e67c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1152,6 +1152,7 @@ void skb_release_head_state(struct sk_buff *skb)
 
 #endif
 		skb->destructor = NULL;
+		skb->sk = NULL;
 	}
 	nf_reset_ct(skb);
 	skb_ext_reset(skb);
-- 
2.47.3