Re: [Patch net] llc: hold llc_sap before release_sock()

From: Cong Wang Date: Wed, 18 Apr 2018 11:51:56 -0700 > @@ -199,9 +200,15 @@ static int llc_ui_release(struct socket *sock) > llc->laddr.lsap, llc->daddr.lsap); > if (!llc_send_disc(sk)) > llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo); > +

[Patch net] llc: hold llc_sap before release_sock()

syzbot reported we still access llc->sap in llc_backlog_rcv() after it is freed in llc_sap_remove_socket(): Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error