From: Eric Dumazet <eric.duma...@gmail.com> Date: Fri, 03 Mar 2017 14:08:21 -0800
> From: Eric Dumazet <eduma...@google.com> > > Dmitry Vyukov reported a divide by 0 triggered by syzkaller, exploiting > tcp_disconnect() path that was never really considered and/or used > before syzkaller ;) > > I was not able to reproduce the bug, but it seems issues here are the > three possible actions that assumed they would never trigger on a > listener. > > 1) tcp_write_timer_handler > 2) tcp_delack_timer_handler > 3) MTU reduction > > Only IPv6 MTU reduction was properly testing TCP_CLOSE and TCP_LISTEN > states from tcp_v6_mtu_reduced() > > > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: Dmitry Vyukov <dvyu...@google.com> Applied and queued up for -stable.
