Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp819039rdb;
        Wed, 6 Dec 2023 00:14:08 -0800 (PST)
X-Google-Smtp-Source: AGHT+IE/fSFORWmQNfS5FPZrb6iJr3SPJ4o5lngg+2y2deT7Man2BaiOB/zQo7wP3Bsvesp/9P+k
X-Received: by 2002:a17:90a:dc13:b0:286:6cc0:b910 with SMTP id i19-20020a17090adc1300b002866cc0b910mr237023pjv.71.1701850448360;
        Wed, 06 Dec 2023 00:14:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701850448; cv=none;
        d=google.com; s=arc-20160816;
        b=iwKJ2iiI9Oyw5V1IrcxNdFlCTPog/lZmDNzkgKfaMvd3392CwoyQR3JCeDAGKANVRO
         5jolIrnhgbE1g7gdLTBgUqkyPfCmCinu5J0tArG+XttFGuKBdc8QBslx0iMybMs5vY0o
         hN0MUMazupb/fPP+PXxQ2VfBwhiJCngOX74Jd1mW/YcIdmB+Uk4SkwNwB9WhkUo4/970
         CO3qXYHb2VtAKdHOKbWWSVEUIzIdQL9Bm/LWrSBIPHNSBF2Ixr+krl/4Imo00OApV6Bg
         qzsD2TQSt408pv9lQrQAz2hUFiAqyt5VNK8P39JNSrhuZ+Gcg5V8nwxenFj6Arij8JIH
         C6NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:from:subject:message-id:in-reply-to:date
         :mime-version;
        bh=OSxsGQPxko/ZMV5fKP+i5TD+skQG039q9/33pyBhqxM=;
        fh=V9AeBafJgTW96HdC48wsxGAfd7Fe9P2uAL8tLCjpUN4=;
        b=gRmk2kWw9n66DX521LHL5k1ndkYaHE57kkLQeosoUJrgW6QscVjKiUEmAczdeVY07+
         ikz1iABIruM0ZllswS7nGSsQHvkcds8z9iEuA+XNCuEnYPZQiR0jql0GmR8SoP7ScXp0
         UoVU6tCAoKVnkrcUmzetFUD7/8noZDaWjk7BcoAl/JU9B7me49eezhFpyyE5zneOb9n4
         gnrwVm4SnnexgQBIplXINIk9WjG8w15SdXbjo46Ohg1XgOlDw4ajjYqdrhtT4OxYJjvj
         UT/xnQh08z0r1deFv5SyRd2bWrgqUryn5vc6rJX273l5ch8aUJQA/wQrA/mvDQapqq+Q
         34hw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
        by mx.google.com with ESMTPS id ie2-20020a17090b400200b002886d6c7ea2si648143pjb.177.2023.12.06.00.14.07
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Dec 2023 00:14:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id C22DE8044398;
	Wed,  6 Dec 2023 00:14:04 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1376928AbjLFINp (ORCPT <rfc822;a.bouin@gmail.com> + 99 others);
        Wed, 6 Dec 2023 03:13:45 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33120 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231734AbjLFINn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Dec 2023 03:13:43 -0500
Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D99411BD
        for <linux-kernel@vger.kernel.org>; Wed,  6 Dec 2023 00:13:39 -0800 (PST)
Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-3b9ced51358so243138b6e.3
        for <linux-kernel@vger.kernel.org>; Wed, 06 Dec 2023 00:13:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701850419; x=1702455219;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=OSxsGQPxko/ZMV5fKP+i5TD+skQG039q9/33pyBhqxM=;
        b=bAcxncOXqa1VLd3Mt3M1dS3v7+Fkc4k206fitMsbMBleWlEP3NNZX6374YAC1EWb8u
         WX17Z/lfiz3HoDmS+PCnYhjGc2ikWsCItTeobYjnlR51IzjhRrdxBfUFC5qWFWjLqJxa
         g6Um8vKAv15hcVqvaJGh1EZAsGPr1ITwH36dNnoyrLzOcxA9CmsFv6p8z5F6mDN8JJK2
         V4HRykc7THF8hXoJifp6+/+JIqpDM8eHKk9RTIc7VU0ZMr/tn85NPHe3WKQI9zrl/Z8f
         iJlTpOAWHMOS0zU7Sce2/iPhBlOZ+06XJZunNzHA/gDvm3RDDWYvxQDILPZ4xe4ib8K3
         q87w==
X-Gm-Message-State: AOJu0YyYrlDZlE2l9RGMFZLEXcjEiW1wAInPqM+frjlbwqDSq/W27i1Q
        eeT+5aBjJW6WWam5iAEwmFAVbHRCfPs2u/M4rlPMGWTMBo0fl78=
MIME-Version: 1.0
X-Received: by 2002:a05:6808:1522:b0:3b9:b358:f21a with SMTP id
 u34-20020a056808152200b003b9b358f21amr571520oiw.9.1701850418784; Wed, 06 Dec
 2023 00:13:38 -0800 (PST)
Date:   Wed, 06 Dec 2023 00:13:38 -0800
In-Reply-To: <0000000000001b9bed060bc75cbc@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <000000000000ac31ef060bd2ed6f@google.com>
Subject: Re: [syzbot] [net?] KMSAN: uninit-value in __llc_lookup_established
From:   syzbot <syzbot+b5ad66046b913bc04c6f@syzkaller.appspotmail.com>
To:     linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=1.1 required=5.0 tests=FROM_LOCAL_HEX,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SORBS_WEB,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 06 Dec 2023 00:14:04 -0800 (PST)
X-Spam-Level: *

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: [net?] KMSAN: uninit-value in __llc_lookup_established
Author: eadavis@qq.com

please test uninit-value in __llc_lookup_established

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 1c41041124bd

diff --git a/include/net/llc_pdu.h b/include/net/llc_pdu.h
index 7e73f8e5e497..cba149476e41 100644
--- a/include/net/llc_pdu.h
+++ b/include/net/llc_pdu.h
@@ -262,7 +262,8 @@ static inline void llc_pdu_header_init(struct sk_buff *skb, u8 type,
  */
 static inline void llc_pdu_decode_sa(struct sk_buff *skb, u8 *sa)
 {
-	if (skb->protocol == htons(ETH_P_802_2))
+	if (skb->protocol == htons(ETH_P_802_2) || 
+	    skb->protocol == htons(ETH_P_TR_802_2))
 		memcpy(sa, eth_hdr(skb)->h_source, ETH_ALEN);
 }
 
@@ -275,7 +276,8 @@ static inline void llc_pdu_decode_sa(struct sk_buff *skb, u8 *sa)
  */
 static inline void llc_pdu_decode_da(struct sk_buff *skb, u8 *da)
 {
-	if (skb->protocol == htons(ETH_P_802_2))
+	if (skb->protocol == htons(ETH_P_802_2) || 
+	    skb->protocol == htons(ETH_P_TR_802_2))
 		memcpy(da, eth_hdr(skb)->h_dest, ETH_ALEN);
 }
 
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 51bccfb00a9c..ed1a2b59b40c 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -126,7 +126,8 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
 
 	skb->transport_header += llc_len;
 	skb_pull(skb, llc_len);
-	if (skb->protocol == htons(ETH_P_802_2)) {
+	if (skb->protocol == htons(ETH_P_802_2) || 
+	    skb->protocol == htons(ETH_P_TR_802_2)) {
 		__be16 pdulen;
 		s32 data_size;