Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > > + nf_queue_sock_put(state->sk); > > #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) > > dev_put(entry->physin); > > > OK but it looks like there might be an orthogonal bug. > > The sock_hold() side seems suspect, because there is no guarantee > > that sk_refcnt is not already 0. Ugh. Looks like we also need skb_sk_is_prefetched() check and then take care of skb->sk too if its not owned by skb destructor. > Not sure how netfilter would react with stats->sk set to NULL ? Its passed as arg to dst_output() later so I think its fine.
