From: Eric Dumazet <eduma...@google.com> Date: Fri, 15 Mar 2019 10:41:14 -0700
> rose_write_internal() uses a temp buffer of 100 bytes, but a manual > inspection showed that given arbitrary input, rose_create_facilities() > can fill up to 110 bytes. > > Lets use a tailroom of 256 bytes for peace of mind, and remove > the bounce buffer : we can simply allocate a big enough skb > and adjust its length as needed. > > syzbot report : ... > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: syzbot <syzkal...@googlegroups.com> Applied, thanks Eric.
