From: Xin Long <lucien.xin@xxxxxxxxx>
Date: Mon, 15 Jan 2018 17:01:36 +0800
> After commit cea0cc80a677 ("sctp: use the right sk after waking up from
> wait_buf sleep"), it may change to lock another sk if the asoc has been
> peeled off in sctp_wait_for_sndbuf.
>
> However, the asoc's new sk could be already closed elsewhere, as it's in
> the sendmsg context of the old sk that can't avoid the new sk's closing.
> If the sk's last one refcnt is held by this asoc, later on after putting
> this asoc, the new sk will be freed, while under it's own lock.
>
> This patch is to revert that commit, but fix the old issue by returning
> error under the old sk's lock.
>
> Fixes: cea0cc80a677 ("sctp: use the right sk after waking up from wait_buf sleep")
> Reported-by: syzbot+ac6ea7baa4432811eb50@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
Applied and queued up for -stable.
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
