lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Jan 2019 15:20:50 +0100
From:   Florian Westphal <fw@...len.de>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Florian Westphal <fw@...len.de>,
        syzbot <syzbot+e6e1fe9148cffa18cf97@...kaller.appspotmail.com>,
        David Miller <davem@...emloft.net>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: general protection fault in __xfrm_policy_bysel_ctx

Dmitry Vyukov <dvyukov@...gle.com> wrote:
> > syzbot <syzbot+e6e1fe9148cffa18cf97@...kaller.appspotmail.com> wrote:
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit:    085c4c7dd2b6 net: lmc: remove -I. header search path
> > > git tree:       net-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=12347128c00000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=505743eba4e4f68
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=e6e1fe9148cffa18cf97
> > > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > >
> > > Unfortunately, I don't have any reproducer for this crash yet.
> >
> > net-next doesn't contain the fixes for the rbtree fallout yet, so
> > this might already be fixed (fingers crossed).
> 
> Hi Florian,
> 
> What is that fix for the record?

I don't know.  I managed to add every bug class imagineable in that series 8-(

The last (most recent) fix from the 'fallout cleanup' is:
12750abad517a991c4568969bc748db302ab52cd
("xfrm: policy: fix infinite loop when merging src-nodes")

so if syzkaller can generate a splat with that change present
something is still broken.

> We will need to close this later. Or perhaps we can already mark this
> as fixed by that patch with "#syz fix:" command?

There are a lot of open xfrm related splats that could all be explained
by the rbtree bugs (one had a reproducer, the fix has appropriate
reported-by tag).

It would be great if there was a way to tell syzkaller to report those
again if they still appear.
I could pretend and claim above commit as "sys-fix", but it seems fishy.

Let me know and I can tag all of them.

Powered by blists - more mailing lists