Observation: It seems to be starting to synthesize packets sent to the wireguard socket. These aren't the proper handshake packets generated internally by that triangle commit, but rather ones that syzkaller creates itself. That's why we have coverage on wg_receive, which otherwise wouldn't be called from a userspace process, since syzbot is sending its own packets to that function.
However, the packets it generates aren't getting very far, failing all of the tests in validate_header_len. None of those checks are at all cryptographic, which means it should be able to hit those eventually. Anything we should be doing to help it out? After it gets past that check, it'll wind up in the handshake queue or the data queue, and then (in theory) it should be rejected on a cryptographic basis. But maybe syzbot will figure out how to crash it instead :-P. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard