From: David Howells <dhowe...@redhat.com>
Date: Fri, 19 Jun 2020 23:38:16 +0100
> When preallocated service calls are being discarded, they're passed to
> ->discard_new_call() to have the caller clean up any attached higher-layer
> preallocated pieces before being marked completed. However, the act of
> marking them completed now invokes the call's notification function - which
> causes a problem because that function might assume that the previously
> freed pieces of memory are still there.
>
> Fix this by setting a dummy notification function on the socket after
> calling ->discard_new_call().
>
> This results in the following kasan message when the kafs module is
> removed.
...
> Reported-by: syzbot+d3eccef36ddbd0271...@syzkaller.appspotmail.com
> Fixes: 5ac0d62226a0 ("rxrpc: Fix missing notification")
> Signed-off-by: David Howells <dhowe...@redhat.com>
Applied, thanks David.
