From: Eric Dumazet <eduma...@google.com> Date: Sat, 7 Apr 2018 13:42:35 -0700
> It seems syzbot got new features enabled, and fired some interesting > reports. Oh well. Series applied, however in patch #7 the condition syzbot detects cannot happen. In all code paths that lead to __mkroute_output() with res->type uninitialized, __mkroute_output() will reassign the local variable 'type' before reading it. Furthermore, by doing a full structure initialization lots of unrelated things will be initialized now as well. We explicitly are only setting up the "inputs" of the fib_result object before we call fib_lookup(). The prefixlen and other members have no business being initialized there.
