From: Paolo Abeni <[email protected]>
Date: Wed, 19 Sep 2018 15:02:07 +0200
> the ip6 tunnel xmit ndo assumes that the processed skb always
> contains an ip[v6] header, but syzbot has found a way to send
> frames that fall short of this assumption, leading to the following splat:
...
> This change addresses the issue adding the needed check before
> accessing the inner header.
>
> The ipv4 side of the issue is apparently there since the ipv4 over ipv6
> initial support, and the ipv6 side predates git history.
>
> Fixes: c4d3efafcc93 ("[IPV6] IP6TUNNEL: Add support to IPv4 over IPv6
> tunnel.")
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: [email protected]
> Tested-by: Alexander Potapenko <[email protected]>
> Signed-off-by: Paolo Abeni <[email protected]>
Applied and queued up for -stable.
