Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp841729rdb;
        Wed, 6 Dec 2023 01:08:02 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFXhCx7IpEr/G5VHiKQVWAtOgfC+GaC/WRcePLGACTMZrSCfWTf6e2+8pgaarWK+Je20e55
X-Received: by 2002:a17:90a:198e:b0:286:99a5:9e83 with SMTP id 14-20020a17090a198e00b0028699a59e83mr423517pji.63.1701853682171;
        Wed, 06 Dec 2023 01:08:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701853682; cv=none;
        d=google.com; s=arc-20160816;
        b=k7bSxR6BtVWzUjv1yfLjzotweqPxLTd9ltlADcjZsVKpt7s7/rFaHh5uDCwvYBA0N9
         Z1psWJhbWwfXs4uoXMiv3LsHP8v2Az7q7QzwVCliZn3RUU7lsTqmUNmYZdVdrxNUCNUe
         fl2g+TpWJHW9Q/gcJldjUhcSX+Vn+eX2cNYfYeeGqZWPxfMzM1zMcBD/GytqPOznPwy0
         aY7dLHFp/G3ecE4lR4JYjqQ2wNEV8ZGhLr6CYRqFVey/KW1855wEZCltddBflxf6NS2I
         mXvKfO0tUQfWsKqRtpNHU1smod6mtLyPNqDTXC+yItHHKr3/oGfmF9mFA2dFRl2AcIKJ
         wKgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:from:subject:message-id:in-reply-to:date
         :mime-version;
        bh=0zM+HO/CNAIOemtbijlOjCDoOsqDFzpSN4qUdV1TQLo=;
        fh=V9AeBafJgTW96HdC48wsxGAfd7Fe9P2uAL8tLCjpUN4=;
        b=wXWv3J6/JkPzqNqk9B4hF3/QdwVegcLD9+/ld5Pw/xuQffYNqQ6FRDa/QdKVOwcbpD
         jgZLdonK5N6wfO366yWmNMiSf1T7E09mtduJb61TZ5fZRKPDIbdRdZtQzSl8mBm+Re5p
         Rlr4zWoVuUmJ8kEUNIt8gW7AbY71vlEv/CEysXLx4qUZoF0ZliA2WT9gSFGFBIaENNiD
         UpbAKuwG1K38o2a9DMnZ/wgt5poXwEvoZ9wCsspV7/T8e/2/2agHfmanGodEWaZDqOOU
         wss6ewXiaJr+jTS2AmfHhYIAFZOo5mA1vsWnLcAJC8gM0Rtc+1SFfU38RBmMTaUJiVcu
         /6dA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2])
        by mx.google.com with ESMTPS id q2-20020a17090a9f4200b002865a80ceb3si8935709pjv.2.2023.12.06.01.08.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Dec 2023 01:08:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id 9E0EE8046A0F;
	Wed,  6 Dec 2023 01:07:59 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346685AbjLFJHn (ORCPT <rfc822;a.bouin@gmail.com> + 99 others);
        Wed, 6 Dec 2023 04:07:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45636 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1346664AbjLFJHm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Dec 2023 04:07:42 -0500
Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D1C7D59
        for <linux-kernel@vger.kernel.org>; Wed,  6 Dec 2023 01:07:48 -0800 (PST)
Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-58daf9b195cso819551eaf.0
        for <linux-kernel@vger.kernel.org>; Wed, 06 Dec 2023 01:07:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701853667; x=1702458467;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=0zM+HO/CNAIOemtbijlOjCDoOsqDFzpSN4qUdV1TQLo=;
        b=So85v3PQeJYajyeyKUxi6X4YOvRTbHwttH+oDd2jcCoCIElPNpvD9xlJ9D+9fAOKot
         44Hi8iExgBSWU8DOgu87x9EgTPao+O31jfhxEIKDNOYUOCnsWrUPhDreKdqvRNy32cGn
         9AcsQLL4o/u9hpKVgb+3roF2ijoyBOtOSoxuRz9+wGGb7zNsbxO9yaCygJkU7V9ybez8
         5kgQ6KChD5nlfpyBX1j60Oz3BLpCR8dcEh9XCFJtbhPYoTOg3AjBxeITEs1SMbd1ALw5
         dEFfKgyWXkple0gu2Nxhr7CuoaTScCANKpPgeElrnT4nHEArRMAUtgI75MUJmQnLgg5X
         ic3Q==
X-Gm-Message-State: AOJu0YxGVM2xhXIL1orzgLIPW3007dL3BIOrpD54qHsT9RyrfnjFNx0B
        XJ44O/RdHh4fWeXnPV3iPfoS3G9t8jX8j2Vo7pEa6YzsY9G9qZ0=
MIME-Version: 1.0
X-Received: by 2002:a05:6870:210e:b0:1fa:c4ca:d5e with SMTP id
 f14-20020a056870210e00b001fac4ca0d5emr674796oae.2.1701853667430; Wed, 06 Dec
 2023 01:07:47 -0800 (PST)
Date:   Wed, 06 Dec 2023 01:07:47 -0800
In-Reply-To: <0000000000001b9bed060bc75cbc@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <0000000000004e991c060bd3af6d@google.com>
Subject: Re: [syzbot] [net?] KMSAN: uninit-value in __llc_lookup_established
From:   syzbot <syzbot+b5ad66046b913bc04c6f@syzkaller.appspotmail.com>
To:     linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-0.4 required=5.0 tests=FROM_LOCAL_HEX,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 06 Dec 2023 01:07:59 -0800 (PST)

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: [net?] KMSAN: uninit-value in __llc_lookup_established
Author: eadavis@qq.com

please test uninit-value in __llc_lookup_established

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 1c41041124bd

diff --git a/include/net/llc_pdu.h b/include/net/llc_pdu.h
index 7e73f8e5e497..cba149476e41 100644
--- a/include/net/llc_pdu.h
+++ b/include/net/llc_pdu.h
@@ -262,7 +262,8 @@ static inline void llc_pdu_header_init(struct sk_buff *skb, u8 type,
  */
 static inline void llc_pdu_decode_sa(struct sk_buff *skb, u8 *sa)
 {
-	if (skb->protocol == htons(ETH_P_802_2))
+	if (skb->protocol == htons(ETH_P_802_2) || 
+	    skb->protocol == htons(ETH_P_TR_802_2))
 		memcpy(sa, eth_hdr(skb)->h_source, ETH_ALEN);
 }
 
@@ -275,7 +276,8 @@ static inline void llc_pdu_decode_sa(struct sk_buff *skb, u8 *sa)
  */
 static inline void llc_pdu_decode_da(struct sk_buff *skb, u8 *da)
 {
-	if (skb->protocol == htons(ETH_P_802_2))
+	if (skb->protocol == htons(ETH_P_802_2) || 
+	    skb->protocol == htons(ETH_P_TR_802_2))
 		memcpy(da, eth_hdr(skb)->h_dest, ETH_ALEN);
 }
 
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 7cac441862e2..f4f24b5d9eea 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -126,7 +126,8 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
 
 	skb->transport_header += llc_len;
 	skb_pull(skb, llc_len);
-	if (skb->protocol == htons(ETH_P_802_2)) {
+	if (skb->protocol == htons(ETH_P_802_2)
+	    skb->protocol == htons(ETH_P_TR_802_2)) {
 		__be16 pdulen = eth_hdr(skb)->h_proto;
 		s32 data_size = ntohs(pdulen) - llc_len;