xdp->txq was uninitialized and could be used from within a bpf program. https://syzkaller.appspot.com/bug?id=a6e53f8e9044ea456ea1636be970518ae6ba7f62 Signed-off-by: Paul Hollinsky <phollinsky@xxxxxxxxxxxxxx> --- net/core/dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 7df6c9617321..12be8fef8b7e 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -4649,6 +4649,8 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb, rxqueue = netif_get_rxqueue(skb); xdp->rxq = &rxqueue->xdp_rxq; + xdp->txq = NULL; + act = bpf_prog_run_xdp(xdp_prog, xdp); /* check if bpf_xdp_adjust_head was used */ -- 2.25.1
