From: Cong Wang <xiyou.wangc...@gmail.com> Date: Tue, 7 Aug 2018 12:41:38 -0700
> llc_sap_put() decreases the refcnt before deleting sap > from the global list. Therefore, there is a chance > llc_sap_find() could find a sap with zero refcnt > in this global list. > > Close this race condition by checking if refcnt is zero > or not in llc_sap_find(), if it is zero then it is being > removed so we can just treat it as gone. > > Reported-by: <syzbot+278893f3f7803871f...@syzkaller.appspotmail.com> > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> Applied and queued up for -stable, thanks.
