CVE-2026-31691

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock occurs in the igb driver when an AF XDP zero-copy application terminates abruptly. In this scenario, the XSK buffer pool is destroyed while NAPI polling continues, causing igb clean rx irq zc() to repeatedly return the full budget. This prevents napi complete done() from clearing the NAPI STATE SCHED state. Consequently, the napi synchronize() function called within igb down() spins indefinitely waiting for NAPI STATE SCHED to clear, which blocks igb down() and causes the TX watchdog to fire, leaving the TX queue permanently stalled.

Recommendations Remove the napi synchronize() call in igb down() and reorder napi disable() to occur before igb set queue napi() to ensure the queue-to-NAPI mapping is cleared only after polling has fully stopped.