On Wed, Mar 14, 2018 at 6:48 PM Eric Dumazet <eduma...@google.com> wrote:
> syzbot reported one use-after-free in pfifo_fast_enqueue() [1] > Issue here is that we can not reuse skb after a successful skb_array_produce() > since another cpu might have consumed it already. > I believe a similar problem exists in try_bulk_dequeue_skb_slow() > in case we put an skb into qdisc_enqueue_skb_bad_txq() for lockless qdisc. > [1] > ================================================================== I sent a V2 without this ====== line that is fooling patchwork, sorry for the noise.
