Re: general protection fault in __xfrm_policy_bysel_ctx
From: Florian Westphal
Date: Wed Jan 30 2019 - 09:21:00 EST
Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> > syzbot <syzbot+e6e1fe9148cffa18cf97@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit: 085c4c7dd2b6 net: lmc: remove -I. header search path
> > > git tree: net-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=12347128c00000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=505743eba4e4f68
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=e6e1fe9148cffa18cf97
> > > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > >
> > > Unfortunately, I don't have any reproducer for this crash yet.
> >
> > net-next doesn't contain the fixes for the rbtree fallout yet, so
> > this might already be fixed (fingers crossed).
>
> Hi Florian,
>
> What is that fix for the record?
I don't know. I managed to add every bug class imagineable in that series 8-(
The last (most recent) fix from the 'fallout cleanup' is:
12750abad517a991c4568969bc748db302ab52cd
("xfrm: policy: fix infinite loop when merging src-nodes")
so if syzkaller can generate a splat with that change present
something is still broken.
> We will need to close this later. Or perhaps we can already mark this
> as fixed by that patch with "#syz fix:" command?
There are a lot of open xfrm related splats that could all be explained
by the rbtree bugs (one had a reproducer, the fix has appropriate
reported-by tag).
It would be great if there was a way to tell syzkaller to report those
again if they still appear.
I could pretend and claim above commit as "sys-fix", but it seems fishy.
Let me know and I can tag all of them.