From: Toshiaki Makita
Date: Tue, 17 Apr 2018 18:46:14 +0900
> Syzkaller spotted an old bug which leads to reading skb beyond tail by 4
> bytes on vlan tagged packets.
> This is caused because skb_vlan_tagged_multi() did not check
> skb_headlen.
...
> Fixes:
Syzkaller spotted an old bug which leads to reading skb beyond tail by 4
bytes on vlan tagged packets.
This is caused because skb_vlan_tagged_multi() did not check
skb_headlen.
BUG: KMSAN: uninit-value in eth_type_vlan include/linux/if_vlan.h:283 [inline]
BUG: KMSAN: uninit-value in