On Fri, Feb 15, 2019 at 4:36 PM Eric Dumazet <eduma...@google.com> wrote: > > soukjin bae reported a crash in tcp_v4_err() handling > ICMP_DEST_UNREACH after tcp_write_queue_head(sk) > returned a NULL pointer. > > Current logic should have prevented this : > > if (seq != tp->snd_una || !icsk->icsk_retransmits || > !icsk->icsk_backoff || fastopen) > break; > > Problem is the write queue might have been purged > and icsk_backoff has not been cleared. > > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: soukjin bae <soukjin....@samsung.com> > --- > net/ipv4/tcp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Neal Cardwell <ncardw...@google.com> Thanks! neal
