Then, dst->xfrm is used on line 3840: xfrm_state_mtu(dst->xfrm, mtu); if (x->km.state != XFRM_STATE_VALID...) aead = x->data;
Thus, possible null-pointer dereferences may occur. These bugs are found by a static analysis tool STCheck written by us. I do not know how to correctly fix these bugs, so I only report them. Best wishes, Jia-Ju Bai
