Page MenuHomeFreeBSD
Differential D26269

Another syzkaller crash
ClosedPublic
Actions

Authored by rrs on Sep 1 2020, 12:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 13, 5:17 PM
Unknown Object (File)
Oct 17 2024, 2:48 AM
Unknown Object (File)
Sep 22 2024, 5:28 PM
Unknown Object (File)
Sep 16 2024, 2:35 AM
Unknown Object (File)
Sep 16 2024, 2:35 AM
Unknown Object (File)
Sep 16 2024, 2:34 AM
Unknown Object (File)
Sep 16 2024, 2:34 AM
Unknown Object (File)
Sep 16 2024, 2:25 AM
View All 51 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
Group Reviewers
transport
Commits
rS365501: So it turns out that syzkaller hit another crash. It has to do with switching
Summary

So it turns out that syzkaller hit another crash. It has to do with switching
stacks with a SENT_FIN outstanding. Both rack and bbr will only send a
FIN if all data is ack'd so this must be enforced. Also if the previous stack
sent the FIN we need to make sure in rack that when we manufacture the
"unknown" sends that we include the proper HAS_FIN bits.

Note for BBR we take a simpler approach and just refuse to switch.

Test Plan

Run the syzkaller reproducer and verify that we no longer crash

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

rrs created this revision.Sep 1 2020, 12:09 PM
Herald added 1 blocking reviewer(s): transport. · View Herald TranscriptSep 1 2020, 12:09 PM
Herald added a subscriber: melifaro. · View Herald Transcript
rrs requested review of this revision.Sep 1 2020, 12:09 PM
rrs edited the summary of this revision. (Show Details)
rrs updated this revision to Diff 76472.Sep 1 2020, 12:14 PM

Fix the typo's in the comment that Michael pointed out!

tuexen accepted this revision.Sep 1 2020, 10:28 PM
tuexen retitled this revision from Another skyzall crash to Another syzkaller crash.
tuexen edited the summary of this revision. (Show Details)
tuexen edited the test plan for this revision. (Show Details)

I ran the reproducers for RAVK and BBR and the problem does not show up anymore.

This revision is now accepted and ready to land.Sep 1 2020, 10:29 PM
Closed by commit rS365501: So it turns out that syzkaller hit another crash. It has to do with switching (authored by rrs). · Explain WhySep 9 2020, 11:12 AM
This revision was automatically updated to reflect the committed changes.
rrs added a commit: rS365501: So it turns out that syzkaller hit another crash. It has to do with switching.
Herald added a subscriber: imp. · View Herald TranscriptSep 9 2020, 11:12 AM

Revision Contents
Changeset List

PathSize
head/
sys/
netinet/
tcp_stacks/
2 lines
24 lines

Diff 76804

View Options

head/sys/netinet/tcp_stacks/bbr.c

Loading...
View Options

head/sys/netinet/tcp_stacks/rack.c

Loading...