1. Patchew
  2. linux
  3. View series

Forwarded: Re: test KMSAN: uninit-value in cfg80211_classify8021d

syzbot posted 1 patch 2 months, 3 weeks ago
Forwarded: Re: test KMSAN: uninit-value in cfg80211_classify8021d
Posted by syzbot 2 months, 3 weeks ago 
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: Re: test KMSAN: uninit-value in cfg80211_classify8021d
Author: vnranganath.20@gmail.com

#syz test

diff --git a/net/wireless/util.c b/net/wireless/util.c
index 23bca5e687c1..c310876c6c72 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -963,13 +963,23 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,

        switch (skb->protocol) {
        case htons(ETH_P_IP):
-               if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+               struct iphdr iph, *ip;
+
+               ip = skb_header_pointer(skb, sizeof(struct ethhdr),
+                                       sizeof(*ip), &iph);
+               if (!ip)
                        return 0;
+
                dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
                break;
        case htons(ETH_P_IPV6):
-               if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+               struct ip6hdr ip6h, *ip6;
+
+               ip6 = skb_header_pointer(skb, sizeof(struct ethhdr),
+                                       sizeof(*ip6), &ip6h);
+               if (!ip6)
                        return 0;
+
                dscp = ipv6_get_dsfield(ipv6_hdr(skb)) & 0xfc;
                break;
        case htons(ETH_P_MPLS_UC):

On Wed, Nov 12, 2025 at 12:48 AM Ranganath V N <vnranganath.20@gmail.com> wrote:
>
> #syz test

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.