Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755171AbdCWTcd (ORCPT ); Thu, 23 Mar 2017 15:32:33 -0400 Received: from mail-pg0-f54.google.com ([74.125.83.54]:32802 "EHLO mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751159AbdCWTcb (ORCPT ); Thu, 23 Mar 2017 15:32:31 -0400 Message-ID: <1490297548.9687.0.camel@edumazet-glaptop3.roam.corp.google.com> Subject: Re: netlink: NULL timer crash From: Eric Dumazet To: David Miller Cc: edumazet@google.com, dvyukov@google.com, xiyou.wangcong@gmail.com, herbert@gondor.apana.org.au, ast@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com Date: Thu, 23 Mar 2017 12:32:28 -0700 In-Reply-To: <20170323.120035.1924712018254677829.davem@davemloft.net> References: <1490284858.16816.205.camel@edumazet-glaptop3.roam.corp.google.com> <20170323.120035.1924712018254677829.davem@davemloft.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 769 Lines: 29 On Thu, 2017-03-23 at 12:00 -0700, David Miller wrote: > From: Eric Dumazet > Date: Thu, 23 Mar 2017 09:00:58 -0700 > > > On Thu, 2017-03-23 at 07:53 -0700, Eric Dumazet wrote: > > > >> Nice ! > >> > >> Looks like neigh->ops->solicit is NULL > > > > Apparently we allow admins to do really stupid things with neighbours > > on tunnels. > > > > Following patch should avoid the crash. > > > > Anyone has better ideas ? > > This is probably good enough for now, but you need to also handle > dn_neigh_ops. > > Another way to solve this is to add a NULL method check to the > one spot where we invoke this method. That clearly shows that > the method is optional. Yes, this would be a one liner. I will post this in a minute. Thanks.