On Wed, 2017-08-16 at 12:15 -0700, Eric Dumazet wrote: > On Wed, 2017-08-16 at 11:50 -0700, Cong Wang wrote: > > On Tue, Aug 15, 2017 at 4:09 AM, Eric Dumazet <eric.duma...@gmail.com> > > wrote: > > > From: Eric Dumazet <eduma...@google.com> > > > > > > Based on a syzkaller report [1], I found that a per cpu allocation > > > failure in snmp6_alloc_dev() would then lead to NULL dereference in > > > ip6_route_dev_notify(). > > > > > > It seems this is a very old bug, thus no Fixes tag in this submission. > > > > > > It should be introduced by my commit which introduces these > > in6_dev_put(). > > > > Sorry, which commit exactly ? > > I got the issue on 4.3 up to latest 4.12
Oh you're right, this was because I had backported 242d3a49a2a1a71d8eb9f953db1bcaa9d698ce00 into my trees a while back... So the bug was only added in 4.12
