From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: KASAN: stack-out-of-bounds Read in __nla_put Date: Wed, 17 Jan 2018 08:59:01 -0800 Message-ID: <7b70f69c-2b8c-f031-83d8-d53b96164d12@gmail.com> References: <94eb2c05e11ee0eb8a0562e878e9@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Jason@zx2c4.com, Andrey Vagin , davem , dwindsor@gmail.com, elena.reshetova@intel.com, Herbert Xu , johannes.berg@intel.com, LKML , network dev , syzkaller-bugs@googlegroups.com, =?UTF-8?Q?Am=c3=a9rico_Wang?= To: Xin Long , syzbot Return-path: Received: from mail-pl0-f49.google.com ([209.85.160.49]:45430 "EHLO mail-pl0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754312AbeAQQ7I (ORCPT ); Wed, 17 Jan 2018 11:59:08 -0500 In-Reply-To: Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 1/17/18 2:39 AM, Xin Long wrote: > I guess you need to move up your memset(0) a little bit: > > @@ -2427,6 +2443,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int > (*cb)(struct sk_buff *, > nlh = nlmsg_hdr(skb); > err = 0; > > + memset(&extack, 0, sizeof(extack)); > if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len) > return 0; > > @@ -2438,7 +2455,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int > (*cb)(struct sk_buff *, > if (nlh->nlmsg_type < NLMSG_MIN_TYPE) > goto ack; > > - memset(&extack, 0, sizeof(extack)); > err = cb(skb, nlh, &extack); > > So that 'goto ack's won't skip it. :-) > you are correct. Can you submit a patch to do that?