Re: general protection fault in sctp_stream_free (2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 19, 2019 at 07:45:09PM -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    6fa9a115 Merge branch 'stmmac-fixes'
> git tree:       net
> console output: https://syzkaller.appspot.com/x/log.txt?x=10c4fe99e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=216dca5e1758db87
> dashboard link: https://syzkaller.appspot.com/bug?extid=9a1bc632e78a1a98488b
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=178ada71e00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=144f23a6e00000
> 
> The bug was bisected to:
> 
> commit 951c6db954a1adefab492f6da805decacabbd1a7
> Author: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
> Date:   Tue Dec 17 01:01:16 2019 +0000
> 
>     sctp: fix memleak on err handling of stream initialization

Ouch... this wasn't a good fix.
When called from sctp_stream_init(), it is doing the right thing.
But when called from sctp_send_add_streams(), it can't free the
genradix. Ditto from sctp_process_strreset_addstrm_in().




[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux