From: Eric Dumazet
Date: Thu, 21 Jun 2018 14:16:02 -0700
> We should put copy_skb in receive_queue only after
> a successful call to virtio_net_hdr_from_skb().
>
> syzbot report :
...
> Fixes: 58d19b19cd99 ("packet: vnet_hdr support for tpacket_rcv")
> Signed-off-by: Eric Dumazet
>
We should put copy_skb in receive_queue only after
a successful call to virtio_net_hdr_from_skb().
syzbot report :
BUG: KASAN: use-after-free in __skb_unlink include/linux/skbuff.h:1843 [inline]
BUG: KASAN: use-after-free in __skb_dequeue include/linux/skbuff.h:1863 [inline]
BUG: KASAN:
