Am Dienstag, 10. April 2018, 17:23:46 CEST schrieb Dmitry Vyukov: Hi Dmitry, > Stephan, > > Do you have any hypothesis as to why this is not detected by KASAN and > causes silent corruptions? > We generally try to understand such cases and improve KASAN so that it > catches such cases more reliably and they do not cause splashes of > random crashes on syzbot. I do not have any hypothesis at this point. I know that you induce some fault. As you mentioned the drbg_kcapi_seed function, I was looking through the error code paths to see whether some error handlers trip over each other. But all is guesswork so far. And I am not even sure whether the bug is in the DRBG code base. Looking into the trace you sent, I see a NULL pointer dereference. At one point there is also the drbg_init_hash_kernel that is called. But nowhere I see any smoking gun. Could you please give me a description of the fault you are inducing? Ciao Stephan
