lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6926ea46.a70a0220.d98e3.00d3.GAE@google.com>
Date: Wed, 26 Nov 2025 03:53:42 -0800
From: syzbot <syzbot+3a92d359bc2ec6255a33@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Forwarded: Re: [syzbot] [net?] divide error in __tcp_select_window (4)

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.

***

Subject: Re: [syzbot] [net?] divide error in __tcp_select_window (4)
Author: matttbe@...nel.org

On 26/11/2025 12:51, syzbot wrote:
>> Hello,
>>
>> (+cc Paolo)
>>
>> On 26/11/2025 12:28, Matthieu Baerts wrote:
>>> Hello,
>>>
>>> (Without other ML's to test a different fix)
>>>
>>> On 25/11/2025 20:50, syzbot wrote:
>>>> Hello,
>>>>
>>>> syzbot found the following issue on:
>>>>
>>>> HEAD commit:    e2c20036a887 Merge branch 'devlink-net-mlx5-implement-swp_..
>>>> git tree:       net-next
>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=1164c484580000
>>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=a881ccda32df4e75
>>>> dashboard link: https://syzkaller.appspot.com/bug?extid=3a92d359bc2ec6255a33
>>>> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
>>>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13f8fa12580000
>>>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=113a5a12580000
>>>>
>>>> Downloadable assets:
>>>> disk image: https://storage.googleapis.com/syzbot-assets/07279e689a07/disk-e2c20036.raw.xz
>>>> vmlinux: https://storage.googleapis.com/syzbot-assets/b13e2e59c1ed/vmlinux-e2c20036.xz
>>>> kernel image: https://storage.googleapis.com/syzbot-assets/f6f519394597/bzImage-e2c20036.xz
>>>>
>>>> The issue was bisected to:
>>>>
>>>> commit ae155060247be8dcae3802a95bd1bdf93ab3215d
>>>> Author: Paolo Abeni <pabeni@...hat.com>
>>>> Date:   Tue Nov 18 07:20:24 2025 +0000
>>>>
>>>>     mptcp: fix duplicate reset on fastclose
>>>>
>>>> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11f698b4580000
>>>> final oops:     https://syzkaller.appspot.com/x/report.txt?x=13f698b4580000
>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=15f698b4580000
>>>>
>>>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>>>> Reported-by: syzbot+3a92d359bc2ec6255a33@...kaller.appspotmail.com
>>>> Fixes: ae155060247b ("mptcp: fix duplicate reset on fastclose")
>>>
>>> I *think* this issue might have been fixed by another patch that has
>>> been sent recently, see "mptcp: clear scheduled subflows on retransmit":
>>>
>>>
>>> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/matttbe/net-next.git b4/net-mptcp-clear-sched-rtx
>>
>>
>> Mmh, sorry for the noise, I just noticed the reproducers were apparently
>> only working on top of net-next, and my branch was on top of 'net'.
>> Sending the patch with net-next as base then.
>>
>> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
> 
> "Cheers," does not look like a valid git branch or commit.

Picky :)

Sorry, new attempt including the branch name (and the patch):


#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main


Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ