Re: [PATCH v2] ipv6: fix memory leak in __ip6_make_skb() when queue is empty

[syzbot]

> Mingyu Wang wrote:
>> During fuzzing with failslab enabled, a memory leak was observed in the
>> IPv6 UDP send path.
>> 
>> The root cause resides in __ip6_make_skb(). In extremely rare cases
>> (such as fault injection or specific empty payload conditions),
>
> Can you elaborate on this? Which fault injection lets
> __ip6_append_data succeed without writing data?
>
>> __ip6_append_data() may succeed but leave the socket's write queue
>> empty.
>> 
>> When __ip6_make_skb() is subsequently called, __skb_dequeue(queue)
>> returns NULL. The previous logic handled this by executing a 'goto out;',
>> which completely bypassed the call to ip6_cork_release(cork).
>> 
>> Since the 'cork' structure actively holds a reference to the routing
>> entry (dst_entry) and potentially other allocated options, skipping
>> the release cleanly leaks these resources.
>> 
>> Fix this by introducing an 'out_cork_release' label and jumping to it
>> when skb is NULL, ensuring the cork state is always properly cleaned up.
>> The now-unused 'out' label is also removed to prevent compiler warnings.
>> 
>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>
> I think this is 
>
> Fixes: 6422398c2ab0 ("ipv6: introduce ipv6_make_skb")
>
>> Reported-by: syzbot+e5d6936b9f4545fd88ab@xxxxxxxxxxxxxxxxxxxxxxxxx
>> Signed-off-by: Mingyu Wang <25181214217@xxxxxxxxxxxxxxxxx>

I see the command but can't find the corresponding bug.
The email is sent to  syzbot+HASH@xxxxxxxxxxxxxxxxxxxxxxxxx address
but the HASH does not correspond to any known bug.
Please double check the address.