In the Linux kernel, the following vulnerability has been resolved:
tls: get psock ref after taking rxlock to avoid leak
At the start of tlsswrecvmsg, we take a reference on the psock, and then call tlsrxreader_lock. If that fails, we return directly without releasing the reference.
Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.