From: Cong Wang <xiyou.wangc...@gmail.com> Date: Thu, 11 Oct 2018 11:15:13 -0700
> WHen an llc sock is added into the sk_laddr_hash of an llc_sap, > it is not marked with SOCK_RCU_FREE. > > This causes that the sock could be freed while it is still being > read by __llc_lookup_established() with RCU read lock. sock is > refcounted, but with RCU read lock, nothing prevents the readers > getting a zero refcnt. > > Fix it by setting SOCK_RCU_FREE in llc_sap_add_socket(). > > Reported-by: syzbot+11e05f04c15e03be5...@syzkaller.appspotmail.com > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> Applied and queued up for -stable.
