From: Eric Dumazet <eric.duma...@gmail.com>
Date: Tue, 15 Aug 2017 05:26:17 -0700
> From: Eric Dumazet <eduma...@google.com>
>
> If fi->fib_metrics could not be allocated in fib_create_info()
> we attempt to dereference a NULL pointer in free_fib_info_rcu() :
>
> m = fi->fib_metrics;
> if (m != &dst_default_metrics && atomic_dec_and_test(&m->refcnt))
> kfree(m);
>
> Before my recent patch, we used to call kfree(NULL) and nothing wrong
> happened.
>
> Instead of using RCU to defer freeing while we are under memory stress,
> it seems better to take immediate action.
>
> This was reported by syzkaller team.
>
> Fixes: 3fb07daff8e9 ("ipv4: add reference counting to metrics")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Dmitry Vyukov <dvyu...@google.com>
Applied and queued up for -stable.
