From: David Howells <dhowe...@redhat.com> Date: Thu, 10 Oct 2019 15:52:34 +0100
> If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as > the UDP socket is being shut down, rxrpc_error_report() may get called to > deal with it after sk_user_data on the UDP socket has been cleared, leading > to a NULL pointer access when this local endpoint record gets accessed. > > Fix this by just returning immediately if sk_user_data was NULL. > > The oops looks like the following: ... > Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by > userspace and kernel both") > Reported-by: syzbot+611164843bd48cc21...@syzkaller.appspotmail.com > Signed-off-by: David Howells <dhowe...@redhat.com> Applied and queued up for -stable, thanks.