lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0c694353-2904-40c2-bf65-181fe4841ea0@free.fr>
Date: Tue, 26 Aug 2025 15:31:24 +0200
From: F6BVP <f6bvp@...e.fr>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: linux-hams@...r.kernel.org, netdev <netdev@...r.kernel.org>,
 Dan Cross <crossd@...il.com>, David Ranch <dranch@...nnet.net>,
 Eric Dumazet <edumazet@...gle.com>,
 Folkert van Heusden <folkert@...heusden.com>
Subject: Re: [ROSE] [AX25] 6.15.10 long term stable kernel oops

Dan, I thank you for explaining why the patch actually did not prevent 
the bug to be still present.

I captured via netconsole two occurence of kernel panic that did not 
follow exactly the same chain.

I hope these files may help to find where things go bad.

Bug is systematically triggered when running netromd daemon and 
performing a connexion using ax25_call()

[syzbot] mail reported KMSAN found uinit-value both in kiss_unesc 
(mkiss.c:303) and in mkiss_receive_buf() (mkiss.c:901).

However I did not identified the bug.

Regards,

Bernard

Le 25/08/2025 à 14:40, Dan Carpenter a écrit :
> No, this patch doesn't do anything.  "p" is never used without being
> initialized.  Plus, I bet that if you do:
> 
> 	grep CONFIG_INIT_STACK_ALL_ZERO .config
> 
> You will find it is set to =y which means the compiler is already
> initializing pointers to NULL anyway.
> 
> Perhaps you're worried that about this line:
> 
> 	p = kmalloc(struct_size(p, data, 2 * size), GFP_ATOMIC | __GFP_NOWARN);
> 
> where it seems to call "struct_size(p" where p is not initialized?  On
> that line the compiler is just doing a sizeof(*p) and not really using
> the value of p at all.
> 
> regards,
> dan carpenter
> 

View attachment "netconsole_1.log" of type "text/plain" (6970 bytes)

View attachment "netconsole_2.log" of type "text/plain" (7465 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ