On Sat, 13 Dec 2025 08:37:17 +0900, Jakub Kicinski wrote: > > In zerocopy_fill_skb_from_iter(), if two copy operations are performed > > and the first one succeeds while the second one fails, it returns a > > failure but the count in iterator has already been decremented due to > > the first successful copy. This ultimately affects the local variable > > rest_len in virtio_transport_send_pkt_info(), causing the remaining > > count in rest_len to be greater than the actual iterator count. As a > > result, packet sending operations continue even when the iterator count > > is zero, which further leads to skb->len being 0 and triggers the warning > > reported by syzbot [1]. > > Please address the feedback from previous revision and when you repost > use net as the subject tag. I have added the following explanation in the comments: Regarding the judgment condition, I aligned it with the condition in skb_zerocopy_iter_stream().
syzbot reported the issue in the linux-next repository, and I also tested and created the patch using the linux-next source code repository. Therefore, I added the subject net-next tag. If you think adding the net subject tag directly is acceptable, I will adjust it in the next version of the patch.
