On Wed, Mar 18, 2020 at 12:17:41PM +0200, Leon Romanovsky wrote:
> From: Avihai Horon <avihaih@xxxxxxxxxxxx>
>
> After a successful allocation of path_rec, num_paths is set to 1,
> but any error after such allocation will leave num_paths uncleared.
>
> This causes to de-referencing a NULL pointer later on. Hence,
> num_paths needs to be set back to 0 if such an error occurs.
>
> The following crash from syzkaller revealed it.
..
>
> Fixes: 3c86aa70bf67 ("RDMA/cm: Add RDMA CM support for IBoE devices")
> Signed-off-by: Avihai Horon <avihaih@xxxxxxxxxxxx>
> Reviewed-by: Maor Gottlieb <maorg@xxxxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Applied to for-next
Thanks,
Jason
