| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Nov 2017 00:57:47 -0800
From: Eric Biggers <ebiggers3@...il.com>
To: syzbot
<bot+257f413f0ea433750ffaa72b2748289380957904@...kaller.appspotmail.com>
Cc: davem@...emloft.net, herbert@...dor.apana.org.au,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in crypto_chacha20_crypt
On Tue, Nov 28, 2017 at 07:23:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 1ea8d039f9edcfefb20d8ddfe136930f6e551529
> git://git.cmpxchg.org/linux-mmots.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> ==================================================================
> BUG: KASAN: use-after-free in __le32_to_cpup
> include/uapi/linux/byteorder/little_endian.h:58 [inline]
> BUG: KASAN: use-after-free in le32_to_cpuvp crypto/chacha20_generic.c:19
> [inline]
> BUG: KASAN: use-after-free in crypto_chacha20_init
> crypto/chacha20_generic.c:58 [inline]
> BUG: KASAN: use-after-free in crypto_chacha20_crypt+0xaf1/0xbd0
> crypto/chacha20_generic.c:91
> Read of size 4 at addr ffff880100000006 by task syzkaller030711/3690
>
#syz dup: general protection fault in crypto_chacha20_crypt
Powered by blists - more mailing lists