On Tue, Nov 22, 2016 at 2:23 AM, Andrey Konovalov <andreyk...@google.com> wrote:
> Hi,
>
> I've got the following error report while fuzzing the kernel with syzkaller.
>
> It seems that skb_dst(skb) may end up being NULL.
>
> As far as I can see the bug was introduced in commit 5d41ce29e ("net:
> icmp6_send should use dst dev to determine L3 domain").
> ICMP v4 probaly has similar issue due to 9d1a6c4ea ("net:
> icmp_route_lookup should use rt dev to determine L3 domain").ipv6_parse_hopopts() is called before NF_INET_PRE_ROUTING, so the skb_dst could be NULL. I have no idea what commit 5d41ce29e tried to fix, but we already use skb->dev a few lines before l3mdev_master_ifindex(), so I don't understand why skb->dev could be NULL, maybe just for vrf dev?
