From: Eric Dumazet <[email protected]>
Date: Fri, 7 Jun 2019 12:23:48 -0700
> syzbot found a crash in tcp_v6_send_reset() caused by my latest
> change.
>
> Problem is that if an skb has been queued to socket prequeue,
> skb_dst(skb)->dev can not anymore point to the device.
>
> Fortunately in this case the socket pointer is not NULL.
>
> A similar issue has been fixed in commit 0f85feae6b71 ("tcp: fix
> more NULL deref after prequeue changes"), I should have known better.
>
> Fixes: 323a53c41292 ("ipv6: tcp: enable flowlabel reflection in some RST
> packets")
> Signed-off-by: Eric Dumazet <[email protected]>
> Reported-by: syzbot <[email protected]>
Applied.
