From: Eric Dumazet <eric.duma...@gmail.com> Date: Wed, 02 Nov 2016 17:14:41 -0700
> From: Eric Dumazet <eduma...@google.com> > > Andrey Konovalov reported following error while fuzzing with syzkaller : ... > It turns out DCCP calls __sk_receive_skb(), and this broke when > lookups no longer took a reference on listeners. > > Fix this issue by adding a @refcounted parameter to __sk_receive_skb(), > so that sock_put() is used only when needed. > > Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under > synflood") > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: Andrey Konovalov <andreyk...@google.com> > Tested-by: Andrey Konovalov <andreyk...@google.com> Applied and queued up for -stable.