From: Eric Dumazet <eduma...@google.com>
Date: Wed, 14 Mar 2018 18:53:00 -0700
> syzbot reported one use-after-free in pfifo_fast_enqueue() [1]
>
> Issue here is that we can not reuse skb after a successful skb_array_produce()
> since another cpu might have consumed it already.
>
> I believe a similar problem exists in try_bulk_dequeue_skb_slow()
> in case we put an skb into qdisc_enqueue_skb_bad_txq() for lockless qdisc.
...
> Fixes: c5ad119fb6c0 ("net: sched: pfifo_fast use skb_array")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: syzbot+ed43b6903ab968b16...@syzkaller.appspotmail.com
Applied, thanks a lot Eric.
