-
由 Jon Maloy 提交于
When an item of struct tipc_subscription is created, we fail to initialize the two lists aggregated into the struct. This has so far never been a problem, since the items are just added to a root object by list_add(), which does not require the addee list to be pre-initialized. However, syzbot is provoking situations where this addition fails, whereupon the attempted removal if the item from the list causes a crash. This problem seems to always have been around, despite that the code for creating this object was rewritten in commit 242e82cc ("tipc: collapse subscription creation functions"), which is still in net-next. We fix this for that commit by initializing the two lists properly. Fixes: 242e82cc ("tipc: collapse subscription creation functions") Reported-by: syzbot+0bb443b74ce09197e970@syzkaller.appspotmail.com Signed-off-by: NJon Maloy <jon.maloy@ericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
b714295a