This is the fix, I think.
David
---
rxrpc: Fix call ref leak
When sendmsg() finds a call to continue on with, if the call is in an
inappropriate state, it doesn't release the ref it just got on that call
before returning an error.
This causes the following symptom to show up with kasan:
syzbot has found a reproducer for the following crash on:
HEAD commit:3120b9a6 Merge tag 'ipc-fixes' of git://git.kernel.org/pub..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=107d1ca560
kernel config:
syzbot has found a reproducer for the following crash on:
HEAD commit:ed2393ca Add linux-next specific files for 20190827
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=156adb1e60
kernel config:
Hello,
syzbot found the following crash on:
HEAD commit:b678c568 Merge tag 'nfs-for-5.3-2' of git://git.linux-nfs...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10ea5e3660
kernel config: https://syzkaller.appspot.com/x/.config?x=a4c9e9f08e9e8960
4 matches
Mail list logo
