Am Dienstag, 10. April 2018, 17:23:46 CEST schrieb Dmitry Vyukov:
> Do you have any hypothesis as to why this is not detected by KASAN and
> causes silent corruptions?
> We generally try to understand such cases and improve KASAN so that it
> catches such cases more reliably and they do not cause splashes of
> random crashes on syzbot.
I do not have any hypothesis at this point. I know that you induce some fault.
As you mentioned the drbg_kcapi_seed function, I was looking through the error
code paths to see whether some error handlers trip over each other. But all is
guesswork so far. And I am not even sure whether the bug is in the DRBG code
Looking into the trace you sent, I see a NULL pointer dereference. At one
point there is also the drbg_init_hash_kernel that is called. But nowhere I
see any smoking gun.
Could you please give me a description of the fault you are inducing?