On Fri, Feb 15, 2019 at 4:36 PM Eric Dumazet <[email protected]> wrote: > > soukjin bae reported a crash in tcp_v4_err() handling > ICMP_DEST_UNREACH after tcp_write_queue_head(sk) > returned a NULL pointer. > > Current logic should have prevented this : > > if (seq != tp->snd_una || !icsk->icsk_retransmits || > !icsk->icsk_backoff || fastopen) > break; > > Problem is the write queue might have been purged > and icsk_backoff has not been cleared. > > Signed-off-by: Eric Dumazet <[email protected]> > Reported-by: soukjin bae <[email protected]> > --- > net/ipv4/tcp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Neal Cardwell <[email protected]> Thanks! neal
