* [PATCH] memset skb to zero to avoid uninit value error from KMSAN
@ 2025-12-07 16:20 Syed Tayyab Farooq
2025-12-07 16:21 ` syzbot
2025-12-07 17:54 ` David Laight
0 siblings, 2 replies; 3+ messages in thread
From: Syed Tayyab Farooq @ 2025-12-07 16:20 UTC (permalink / raw)
To: netdev; +Cc: syzbot+0e665e4b99cb925286a0, syedtayyabfarooq08,
Syed Tayyab Farooq
Signed-off-by: Syed Tayyab Farooq <tayyabfarooq1997@outlook.com>
---
Hi syzbot,
Please test this patch.
#syz test: https://syzkaller.appspot.com/bug?extid=0e665e4b99cb925286a0
Thanks,
Tayyab
net/phonet/af_phonet.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index a27efa4faa4e..9279decd680b 100644
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -208,6 +208,8 @@ static int pn_raw_send(const void *data, int len, struct net_device *dev,
if (skb == NULL)
return -ENOMEM;
+ memset(skb, 0, MAX_PHONET_HEADER + len);
+
if (phonet_address_lookup(dev_net(dev), pn_addr(dst)) == 0)
skb->pkt_type = PACKET_LOOPBACK;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] memset skb to zero to avoid uninit value error from KMSAN
2025-12-07 16:20 [PATCH] memset skb to zero to avoid uninit value error from KMSAN Syed Tayyab Farooq
@ 2025-12-07 16:21 ` syzbot
2025-12-07 17:54 ` David Laight
1 sibling, 0 replies; 3+ messages in thread
From: syzbot @ 2025-12-07 16:21 UTC (permalink / raw)
To: syedtayyabfarooq08
Cc: netdev, syedtayyabfarooq08, tayyabfarooq1997, linux-kernel,
syzkaller-bugs
> Signed-off-by: Syed Tayyab Farooq <tayyabfarooq1997@outlook.com>
> ---
>
> Hi syzbot,
>
> Please test this patch.
>
> #syz test: https://syzkaller.appspot.com/bug?extid=0e665e4b99cb925286a0
This crash does not have a reproducer. I cannot test it.
>
> Thanks,
> Tayyab
>
>
> net/phonet/af_phonet.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
> index a27efa4faa4e..9279decd680b 100644
> --- a/net/phonet/af_phonet.c
> +++ b/net/phonet/af_phonet.c
> @@ -208,6 +208,8 @@ static int pn_raw_send(const void *data, int len, struct net_device *dev,
> if (skb == NULL)
> return -ENOMEM;
>
> + memset(skb, 0, MAX_PHONET_HEADER + len);
> +
> if (phonet_address_lookup(dev_net(dev), pn_addr(dst)) == 0)
> skb->pkt_type = PACKET_LOOPBACK;
>
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] memset skb to zero to avoid uninit value error from KMSAN
2025-12-07 16:20 [PATCH] memset skb to zero to avoid uninit value error from KMSAN Syed Tayyab Farooq
2025-12-07 16:21 ` syzbot
@ 2025-12-07 17:54 ` David Laight
1 sibling, 0 replies; 3+ messages in thread
From: David Laight @ 2025-12-07 17:54 UTC (permalink / raw)
To: Syed Tayyab Farooq
Cc: netdev, syzbot+0e665e4b99cb925286a0, Syed Tayyab Farooq
On Mon, 8 Dec 2025 00:20:52 +0800
Syed Tayyab Farooq <syedtayyabfarooq08@gmail.com> wrote:
> Signed-off-by: Syed Tayyab Farooq <tayyabfarooq1997@outlook.com>
> ---
>
> Hi syzbot,
>
> Please test this patch.
>
> #syz test: https://syzkaller.appspot.com/bug?extid=0e665e4b99cb925286a0
>
> Thanks,
> Tayyab
>
>
> net/phonet/af_phonet.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
> index a27efa4faa4e..9279decd680b 100644
> --- a/net/phonet/af_phonet.c
> +++ b/net/phonet/af_phonet.c
> @@ -208,6 +208,8 @@ static int pn_raw_send(const void *data, int len, struct net_device *dev,
> if (skb == NULL)
> return -ENOMEM;
>
> + memset(skb, 0, MAX_PHONET_HEADER + len);
That looks entirely broken.
Did you try running it?
David
> +
> if (phonet_address_lookup(dev_net(dev), pn_addr(dst)) == 0)
> skb->pkt_type = PACKET_LOOPBACK;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-12-07 17:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-07 16:20 [PATCH] memset skb to zero to avoid uninit value error from KMSAN Syed Tayyab Farooq
2025-12-07 16:21 ` syzbot
2025-12-07 17:54 ` David Laight
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).