From: Eric Dumazet <eduma...@google.com>
Date: Wed, 17 Jun 2020 22:23:25 -0700
> Back in commit f60e5990d9c1 ("ipv6: protect skb->sk accesses
> from recursive dereference inside the stack") Hannes added code
> so that IPv6 stack would not trust skb->sk for typical cases
> where packet goes through 'standard' xmit path (__dev_queue_xmit())
>
> Alas af_packet had a dev_direct_xmit() path that was not
> dealing yet with xmit_recursion level.
>
> Also change sk_mc_loop() to dump a stack once only.
>
> Without this patch, syzbot was able to trigger :
...
> f60e5990d9c1 ("ipv6: protect skb->sk accesses from recursive dereference
> inside the stack")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: syzbot <syzkal...@googlegroups.com>
Applied and queued up for -stable.
I only noticed after pushing this out the missing "Fixes: " prefix, but not
much I can do about this now sorry :-/
