netfilter: nf_queue: fix possible use-after-free

stable inclusion
from linux-4.19.233
commit 34dc4a6a7f261736ef7183868a5bddad31c7f9e3
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5646A


CVE: NA

--------------------------------

commit c3873070 upstream.

Eric Dumazet says:
  The sock_hold() side seems suspect, because there is no guarantee
  that sk_refcnt is not already 0.

On failure, we cannot queue the packet and need to indicate an
error.  The packet will be dropped by the caller.

v2: split skb prefetch hunk into separate change

Fixes: 271b72c7 ("udp: RCU handling for Unicast packets.")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>