Re: [PATCH] flow_dissector: fix uninit-value in __skb_flow_dissect() for ETH_ADDRS

Next message: Kyrie Wu: "[PATCH v5 01/14] media: mediatek: vcodec: support vcp architecture"
Previous message: Tomeu Vizoso: "Re: [PATCH 02/15] accel/qda: Add QDA driver documentation"
In reply to: Eric Dumazet: "Re: [PATCH] flow_dissector: fix uninit-value in __skb_flow_dissect() for ETH_ADDRS"
Next in thread: Zhou, Yun: "Re: [PATCH] flow_dissector: fix uninit-value in __skb_flow_dissect() for ETH_ADDRS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Wed Jun 03 2026 - 04:57:49 EST

On 6/3/26 4:33 PM, Eric Dumazet wrote:

On Wed, Jun 3, 2026 at 1:16 AM Zhou, Yun <yun.zhou@xxxxxxxxxxxxx> wrote:

On 6/3/26 13:44, Eric Dumazet wrote:

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Tue, Jun 2, 2026 at 8:08 PM Yun Zhou <yun.zhou@xxxxxxxxxxxxx> wrote:
Please add a Closes: tag

I will add a Closes link in v2.
Closes: https://syzkaller.appspot.com/bug?extid=fa2f5b1fb06147be5e16

I found some not relevant syzbot report :

https://lore.kernel.org/netdev/6a196faf.c16d89a8.217f2c.0002.GAE@xxxxxxxxxx/

This should be the same issue. And it can be reproduced by
https://syzkaller.appspot.com/text?tag=ReproC&x=12924152580000

Please investigate which device allowed to send an Ethernet packet
smaller than the ethernet header.

We do not want to add tests all over the places, we should fix the origin.

Look for dev->min_header_len

Thanks.

It's TUN.

I think we should reject loading "tc filter ... flower eth_dst aa:bb:cc:dd:ee:ff ... " if dev->hard_header_len < sizeof(flow_dissector_key_eth_addrs)