1 files changed, 6 insertions, 5 deletions

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 25baa3c8cdd2..870c8f19ce80 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6834,17 +6834,18 @@ next:
          * the state of the call instruction (with WRITTEN set), and r0 comes
          * from callee with its full parentage chain, anyway.
          */
-        for (j = 0; j <= cur->curframe; j++)
-                for (i = j < cur->curframe ? BPF_REG_6 : 0; i < BPF_REG_FP; i++)
-                        cur->frame[j]->regs[i].parent = &new->frame[j]->regs[i];
         /* clear write marks in current state: the writes we did are not writes
          * our child did, so they don't screen off its reads from us.
          * (There are no read marks in current state, because reads always mark
          * their parent and current state never has children yet.  Only
          * explored_states can get read marks.)
          */
-        for (i = 0; i < BPF_REG_FP; i++)
-                cur->frame[cur->curframe]->regs[i].live = REG_LIVE_NONE;
+        for (j = 0; j <= cur->curframe; j++) {
+                for (i = j < cur->curframe ? BPF_REG_6 : 0; i < BPF_REG_FP; i++)
+                        cur->frame[j]->regs[i].parent = &new->frame[j]->regs[i];
+                for (i = 0; i < BPF_REG_FP; i++)
+                        cur->frame[j]->regs[i].live = REG_LIVE_NONE;
+        }
 
         /* all stack frames are accessible from callee, clear them all */
         for (j = 0; j <= cur->curframe; j++) {