Re: [PATCH net] net/packet: fix use-after-free

From: Eric Dumazet Date: Thu, 21 Jun 2018 14:16:02 -0700 > We should put copy_skb in receive_queue only after > a successful call to virtio_net_hdr_from_skb(). > > syzbot report : ... > Fixes: 58d19b19cd99 ("packet: vnet_hdr support for tpacket_rcv") > Signed-off-by: Eric Dumazet > Reported-by

[PATCH net] net/packet: fix use-after-free

We should put copy_skb in receive_queue only after a successful call to virtio_net_hdr_from_skb(). syzbot report : BUG: KASAN: use-after-free in __skb_unlink include/linux/skbuff.h:1843 [inline] BUG: KASAN: use-after-free in __skb_dequeue include/linux/skbuff.h:1863 [inline] BUG: KASAN: use-after