From: Eric Dumazet
Date: Fri, 21 Dec 2018 07:47:51 -0800
> xfrm6_policy_check() might have re-allocated skb->head, we need
> to reload ipv6 header pointer.
>
> sysbot reported :
...
> Fixes: 0d3c703a9d17 ("ipv6: Cleanup IPv6 tunnel receive path")
> Fixes: ed1efb2aefbb ("ipv6: Add support for IP
xfrm6_policy_check() might have re-allocated skb->head, we need
to reload ipv6 header pointer.
sysbot reported :
BUG: KASAN: use-after-free in __ipv6_addr_type+0x302/0x32f
net/ipv6/addrconf_core.c:40
Read of size 4 at addr 888191b8cb70 by task syz-executor2/1304
CPU: 0 PID: 1304 Comm: syz-e
