Mon, Oct 07, 2019 at 04:19:09PM CEST, syzbot+9cb7edb2906ea1e83...@syzkaller.appspotmail.com wrote: >Hello, > >syzbot found the following crash on: > >HEAD commit: 056ddc38 Merge branch 'stmmac-next' >git tree: net-next >console output: https://syzkaller.appspot.com/x/log.txt?x=125aaafd600000 >kernel config: https://syzkaller.appspot.com/x/.config?x=d9be300620399522 >dashboard link: https://syzkaller.appspot.com/bug?extid=9cb7edb2906ea1e83006 >compiler: gcc (GCC) 9.0.0 20181231 (experimental) >syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1232bb3f600000 >C reproducer: https://syzkaller.appspot.com/x/repro.c?x=162d0d0b600000 > >The bug was bisected to: > >commit 75cdbdd089003cd53560ff87b690ae911fa7df8e >Author: Jiri Pirko <j...@mellanox.com> >Date: Sat Oct 5 18:04:37 2019 +0000 > > net: ieee802154: have genetlink code to parse the attrs during dumpit > >bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11be5d0b600000 >final crash: https://syzkaller.appspot.com/x/report.txt?x=13be5d0b600000 >console output: https://syzkaller.appspot.com/x/log.txt?x=15be5d0b600000 > >IMPORTANT: if you fix the bug, please add the following tag to the commit: >Reported-by: syzbot+9cb7edb2906ea1e83...@syzkaller.appspotmail.com >Fixes: 75cdbdd08900 ("net: ieee802154: have genetlink code to parse the attrs >during dumpit") > >netlink: 'syz-executor134': attribute type 6 has an invalid length. >================================================================== >BUG: KASAN: use-after-free in nla_memcpy+0xa2/0xb0 lib/nlattr.c:572
I'm on this.
