From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: [PATCH net 4/8] net: initialize skb->peeked when cloning Date: Sat, 7 Apr 2018 13:42:39 -0700 Message-ID: <20180407204243.176626-5-edumazet@google.com> References: <20180407204243.176626-1-edumazet@google.com> Cc: netdev , Eric Dumazet , Eric Dumazet To: "David S . Miller" Return-path: Received: from mail-pl0-f68.google.com ([209.85.160.68]:37991 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752881AbeDGUne (ORCPT ); Sat, 7 Apr 2018 16:43:34 -0400 Received: by mail-pl0-f68.google.com with SMTP id k6-v6so2724056pls.5 for ; Sat, 07 Apr 2018 13:43:34 -0700 (PDT) In-Reply-To: <20180407204243.176626-1-edumazet@google.com> Sender: netdev-owner@vger.kernel.org List-ID: syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear it in __skb_clone() Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet Reported-by: syzbot --- net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 1bca1e0fc8f70eb394f63c995e06bbc5a9261e51..345b51837ca80bb709bfffe04d58eedbba0b9907 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -857,6 +857,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb) n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; n->cloned = 1; n->nohdr = 0; + n->peeked = 0; n->destructor = NULL; C(tail); C(end); -- 2.17.0.484.g0c8726318c-goog