From 333669e0168381066da37821a56d772726369b4d Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sun, 10 Feb 2019 08:28:56 +0000
Subject: [PATCH] Fix locking for IPPROTO_SCTP level SCTP_DEFAULT_PRINFO socket
 option. This problem occurred when calling setsockopt() will invalid
 parameters.

This issue was found by running syzkaller.

MFC after:		3 days
---
 sys/netinet/sctp_usrreq.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 27863c60e91e..9fd698af0c53 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -6209,6 +6209,9 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 			SCTP_FIND_STCB(inp, stcb, info->pr_assoc_id);
 
 			if (info->pr_policy > SCTP_PR_SCTP_MAX) {
+				if (stcb) {
+					SCTP_TCB_UNLOCK(stcb);
+				}
 				SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL);
 				error = EINVAL;
 				break;