Re: [PATCH net] tcp: fix TCP_REPAIR_QUEUE bound checking

From: Eric Dumazet Date: Sun, 29 Apr 2018 18:55:20 -0700 > syzbot is able to produce a nasty WARN_ON() in tcp_verify_left_out() > with following C-repro : > > socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 > setsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0 > setsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE,

[PATCH net] tcp: fix TCP_REPAIR_QUEUE bound checking

syzbot is able to produce a nasty WARN_ON() in tcp_verify_left_out() with following C-repro : socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 setsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [-1], 4) = 0 bind(3, {sa_family=AF_INET, sin_port=htons(20002), sin_ad