From 6cf360772f9dd37a798bc768cbcc8d496be7ff35 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sun, 10 Feb 2019 10:42:16 +0000
Subject: [PATCH] Fix a locking bug in the IPPROTO_SCTP level SCTP_EVENT socket
 option. This occurs when call setsockopt() with invalid parameters.

This issue was found by syzkaller.

MFC after:		3 days
---
 sys/netinet/sctp_usrreq.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 9fd698af0c5..433d02a0898 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -6115,6 +6115,10 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 						SCTP_INP_RUNLOCK(inp);
 					}
 				}
+			} else {
+				if (stcb) {
+					SCTP_TCB_UNLOCK(stcb);
+				}
 			}
 			break;
 		}