On Tue, Feb 09, 2021 at 11:08:09PM +0100, Alexander Bluhm wrote: > Hi, > > Next try to fix syzkaller crash > https://syzkaller.appspot.com/bug?id=54e16dc5bce6929e14b42e2f1379f1c18f62be43 > > Interface group names must fit into IFNAMSIZ and be unique. But > the kernel makes the unique check before trunkating with strlcpy(). > So there can be two interfaces groups with the same name. The kif > is created by a name lookup. The trunkated names are equal so there > is only one kif owned by both groups. When both groups are destroyed, > the single kif is removed twice from the RB tree. > > - Check length of group name before doing the unique check. > - The empty group name was allowed. That does not make much sense. > Does anyone use the empty interface group? > - Use the same check in kernel and ifconfig userland. > - ifconfig -group does not need name sanitation. The kernel will > just report that it does not exist. > > ok?
syzkaller was not able to trigger the panic using the syz reproducer with your diff applied: https://groups.google.com/g/syzkaller-openbsd-bugs/c/ZhqISaYBvVE/m/G-V3cB9OAgAJ ok anton@