Re: [Patch net] netrom: hold sock when setting skb->destructor

David Miller Wed, 24 Jul 2019 15:50:38 -0700

From: Cong Wang <xiyou.wangc...@gmail.com>
Date: Mon, 22 Jul 2019 20:41:22 -0700


> sock_efree() releases the sock refcnt, if we don't hold this refcnt
> when setting skb->destructor to it, the refcnt would not be balanced.
> This leads to several bug reports from syzbot.
> 
> I have checked other users of sock_efree(), all of them hold the
> sock refcnt.
> 
> Fixes: c8c8218ec5af ("netrom: fix a memory leak in nr_rx_frame()")
> Reported-and-tested-by: 
> <syzbot+622bdabb128acc334...@syzkaller.appspotmail.com>
> Reported-and-tested-by: 
> <syzbot+6eaef7158b19e3fec...@syzkaller.appspotmail.com>
> Reported-and-tested-by: 
> <syzbot+9399c158fcc09b21d...@syzkaller.appspotmail.com>
> Reported-and-tested-by: 
> <syzbot+a34e5f3d0300163f0...@syzkaller.appspotmail.com>
> Cc: Ralf Baechle <r...@linux-mips.org>
> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>

Applied and queued up for -stable.

Re: [Patch net] netrom: hold sock when setting skb->destructor

Reply via email to