From: Eric Dumazet <eduma...@google.com> Date: Mon, 2 Apr 2018 18:48:37 -0700
> Once dst has been cached in socket via sk_setup_caps(), > it is illegal to call ip_rt_put() (or dst_release()), > since sk_setup_caps() did not change dst refcount. > > We can still dereference it since we hold socket lock. > > Caugth by syzbot : ... > Signed-off-by: Eric Dumazet <eduma...@google.com> Applied and queued up for -stable, thanks Eric.
