Re: ip6_gre: paninc in ip6gre_header

From: Eric Dumazet
Date: Tue May 30 2023 - 02:58:04 EST


On Tue, May 30, 2023 at 5:22 AM gaoxingwang <gaoxingwang1@xxxxxxxxxx> wrote:
>
> >> Hello:
> >> I am doing some fuzz test for kernel, the following crash was triggered.
> >> My kernel version is 5.10.0.Have you encountered similar problems?
> >> If there is a fix, please let me know.
> >> Thank you very much.
> >
> >Please do not report fuzzer tests on old kernels.
> >
> >Yes, there is a fix already.
>
> I've found this commit 5796015fa968a(ipv6: allocate enough headroom in ip6_finish_output2()) that I didn't patch for my kernel.
> Is this the fix you have mentioned? I'm testing to see if it works, but it will take a few days.I'd appreciate it if you could reply.
>
> >
> >Make sure to use at least v5.10.180
> >
> >Thanks.

As I said, please upgrade to the latest v.5.10.X if you really need to
fuzz 5.10 based kernels.

We do not support 'your kernel', there is absolutely no way we can
know what is 'your kernel', unless you use a supported upstream one.

I will not give the list of fixes that went between 5.10 and 5.10.180,
you can use git log, information is already available there.

Probably not an exhaustive list (because some authors do not include
stack traces in their changelog),
or bugs can cause different crashes.

git log v5.10..v5.10.180 --oneline --grep mld_sendpack
be59b87ee4aed81db7c10e44f603866a0ac3ca5d net: tunnels: annotate
lockless accesses to dev->needed_headroom
8208d7e56b1e579320b9ff3712739ad2e63e1f86 ipv6: avoid use-after-free in
ip6_fragment()
7aa3d623c11b9ab60f86b7833666e5d55bac4be9 net: sched: fix race
condition in qdisc_graft()
49516e6ed91434d022a800321a8bc7d8054f62ac ipv6: make ip6_rt_gc_expire an atomic_t
797b380f0756354b39f7487c362ea203cf3e3e80 net: sched: limit TC_ACT_REPEAT loops
beb39adb150f8f3b516ddf7c39835a9788704d23 mld: fix panic in mld_newpack()
0414bde7796802753672700ff0c9d3909ef07bd7 net: sched: replaced invalid
qdisc tree flush helper in qdisc_replace


Thanks.