From: David Howells <dhowe...@redhat.com>
Date: Thu, 10 Oct 2019 15:52:34 +0100
> If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as
> the UDP socket is being shut down, rxrpc_error_report() may get called to
> deal with it after sk_user_data on the UDP socket has been cleared, leading
> to a NULL pointer access when this local endpoint record gets accessed.
>
> Fix this by just returning immediately if sk_user_data was NULL.
>
> The oops looks like the following:
...
> Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by
> userspace and kernel both")
> Reported-by: syzbot+611164843bd48cc21...@syzkaller.appspotmail.com
> Signed-off-by: David Howells <dhowe...@redhat.com>
Applied and queued up for -stable, thanks.
