lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 21 Aug 2020 19:00:18 +0300
From:   Nikolay Aleksandrov <>
To:     syzbot <>,,,,,,,,
Subject: Re: general protection fault in fib_dump_info (2)

On 8/21/20 6:27 PM, syzbot wrote:
> Hello,
> syzbot found the following issue on:
> HEAD commit:    da2968ff Merge tag 'pci-v5.9-fixes-1' of git://git.kernel...
> git tree:       upstream
> console output:
> kernel config:
> dashboard link:
> compiler:       gcc (GCC) 10.1.0-syz 20200507
> userspace arch: i386
> syz repro:
> C reproducer:
> The issue was bisected to:
> commit 0b5e2e39739e861fa5fc84ab27a35dbe62a15330
> Author: David Ahern <>
> Date:   Tue May 26 18:56:16 2020 +0000
>      nexthop: Expand nexthop_is_multipath in a few places

This seems like a much older bug to me, the code allows to pass 0 groups and
thus we end up without any nh_grp_entry pointers. I reproduced it with a
modified iproute2 that sends an empty NHA_GROUP and then just uses the new
nexthop in any way (e.g. add a route with it). This is the same bug as the
earlier report for: "general protection fault in fib_check_nexthop"

I have a patch but I'll be able to send it tomorrow.


Powered by blists - more mailing lists