From: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Thu, 3 May 2018 09:39:20 -0700
> syzbot reported a crash in tasklet_action_common() caused by dccp.
>
> dccp needs to make sure socket wont disappear before tasklet handler
> has completed.
>
> This patch takes a reference on the socket when arming the tasklet,
> and moves the sock_put() from dccp_write_xmit_timer() to dccp_write_xmitlet()
...
> Fixes: dc841e30eaea ("dccp: Extend CCID packet dequeueing interface")
> Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
Applied and queued up for -stable, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
