From: Mahesh Bandewar <[email protected]>
Date: Fri, 11 Oct 2019 18:14:55 -0700
> While invalidating the dst, we assign backhole_netdev instead of
> loopback device. However, this device does not have idev pointer
> and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
> triggered the syzbot reported crash.
>
> The syzbot report does not have reproducer, however, this is the
> only device that doesn't have matching idev created.
>
> Crash instruction is :
>
> static inline bool ip6_ignore_linkdown(const struct net_device *dev)
> {
> const struct inet6_dev *idev = __in6_dev_get(dev);
>
> return !!idev->cnf.ignore_routes_with_linkdown; <= crash
> }
>
> Also ipv6 always assumes presence of idev and never checks for it
> being NULL (as does the above referenced code). So adding a idev
> for the blackhole_netdev to avoid this class of crashes in the future.
>
> ---
...
> Fixes: 8d7017fd621d ("blackhole_netdev: use blackhole_netdev to invalidate
> dst entries")
> Signed-off-by: Mahesh Bandewar <[email protected]>
Applied and queued up for -stable, thanks.
