test KMSAN: uninit-value in cfg80211_classify8021d
1 view
Skip to first unread message
syzbot
Nov 11, 2025, 2:55:02 PM (3 days ago) Nov 11
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, vnranga...@gmail.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/wireless/util.c
Hunk #1 FAILED at 963.
1 out of 1 hunk FAILED
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=17c3b0b4580000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/wireless/util.c
Hunk #1 FAILED at 963.
1 out of 1 hunk FAILED
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=17c3b0b4580000
Ranganath V N
Nov 12, 2025, 8:09:52 AM (2 days ago) Nov 12
to syzbot+878ddc...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 23bca5e687c1..c310876c6c72 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -963,13 +963,23 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
switch (skb->protocol) {
case htons(ETH_P_IP):
- if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+ struct iphdr iph, *ip;
+
+ ip = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip), &iph);
+ if (!ip)
return 0;
+
dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_IPV6):
- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+ struct ip6hdr ip6h, *ip6;
+
+ ip6 = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip6), &ip6h);
+ if (!ip6)
return 0;
+
dscp = ipv6_get_dsfield(ipv6_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_MPLS_UC):
On Wed, Nov 12, 2025 at 12:48 AM Ranganath V N <vnranga...@gmail.com> wrote:
>
> #syz test
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 23bca5e687c1..c310876c6c72 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -963,13 +963,23 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
switch (skb->protocol) {
case htons(ETH_P_IP):
- if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+ struct iphdr iph, *ip;
+
+ ip = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip), &iph);
+ if (!ip)
return 0;
+
dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_IPV6):
- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+ struct ip6hdr ip6h, *ip6;
+
+ ip6 = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip6), &ip6h);
+ if (!ip6)
return 0;
+
dscp = ipv6_get_dsfield(ipv6_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_MPLS_UC):
On Wed, Nov 12, 2025 at 12:48 AM Ranganath V N <vnranga...@gmail.com> wrote:
>
> #syz test
syzbot
Nov 12, 2025, 9:02:11 AM (2 days ago) Nov 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, vnranga...@gmail.com
Ranganath V N
Nov 12, 2025, 9:49:56 AM (2 days ago) Nov 12
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 23bca5e687c1..150c5c632c54 100644
diff --git a/net/wireless/util.c b/net/wireless/util.c
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -963,13 +963,23 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
switch (skb->protocol) {
case htons(ETH_P_IP):
- if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+ struct iphdr iph, *ip;
+
+ ip = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip), &iph);
+ if (!ip)
return 0;
+
dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_IPV6):
- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+ struct ipv6hdr ip6h, *ip6;
+++ b/net/wireless/util.c
@@ -963,13 +963,23 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
switch (skb->protocol) {
case htons(ETH_P_IP):
- if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+ struct iphdr iph, *ip;
+
+ ip = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip), &iph);
+ if (!ip)
return 0;
+
dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_IPV6):
- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+
+ ip6 = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip6), &ip6h);
+ if (!ip6)
return 0;
+
dscp = ipv6_get_dsfield(ipv6_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_MPLS_UC):
+ ip6 = skb_header_pointer(skb, sizeof(struct ethhdr),
+ sizeof(*ip6), &ip6h);
+ if (!ip6)
return 0;
+
dscp = ipv6_get_dsfield(ipv6_hdr(skb)) & 0xfc;
break;
case htons(ETH_P_MPLS_UC):
syzbot
Nov 12, 2025, 10:33:04 AM (2 days ago) Nov 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, vnranga...@gmail.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/wireless/util.c
Hunk #1 FAILED at 963.
1 out of 1 hunk FAILED
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=12614658580000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/wireless/util.c
Hunk #1 FAILED at 963.
1 out of 1 hunk FAILED
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler:
syzbot
Nov 12, 2025, 11:22:08 AM (2 days ago) Nov 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, vnranga...@gmail.com
syzbot
Nov 12, 2025, 1:16:06 PM (2 days ago) Nov 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, vnranga...@gmail.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+878ddc...@syzkaller.appspotmail.com
Tested-by: syzbot+878ddc...@syzkaller.appspotmail.com
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12156b42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1eab7413851950f4
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=11238212580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+878ddc...@syzkaller.appspotmail.com
Tested-by: syzbot+878ddc...@syzkaller.appspotmail.com
Tested on:
commit: 24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=1eab7413851950f4
dashboard link: https://syzkaller.appspot.com/bug?extid=878ddc3962f792e9af59
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=11238212580000
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages