From: Ka-Cheong Poon <ka-cheong.p...@oracle.com> Date: Wed, 11 Sep 2019 02:58:05 -0700
> In rds_bind(), an rds_sock is added to the RDS bind hash table before > rs_transport is set. This means that the socket can be found by the > receive code path when rs_transport is NULL. And the receive code > path de-references rs_transport for congestion update check. This can > cause a panic. An rds_sock should not be added to the bind hash table > before all the needed fields are set. > > Reported-by: syzbot+4b4f8163c2e246df3...@syzkaller.appspotmail.com > Signed-off-by: Ka-Cheong Poon <ka-cheong.p...@oracle.com> Applied.
