From: Eric Dumazet <[email protected]> Date: Sun, 10 Mar 2019 09:07:14 -0700
> In case of failure x25_connect() does a x25_neigh_put(x25->neighbour) > but forgets to clear x25->neighbour pointer, thus triggering use-after-free. > > Since the socket is visible in x25_list, we need to hold x25_list_lock > to protect the operation. > > syzbot report : ... > Signed-off-by: Eric Dumazet <[email protected]> > Reported-by: [email protected] Applied and queued up for -stable.
