lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20190625055019.GD17703@sol.localdomain>
Date:   Mon, 24 Jun 2019 22:50:19 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     netdev@...r.kernel.org, Boris Pismenny <borisp@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        Dave Watson <davejwatson@...com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        "David S. Miller" <davem@...emloft.net>,
        Vakul Garg <vakul.garg@....com>
Cc:     linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Reminder: 17 open syzbot bugs in "net/tls" subsystem

[This email was generated by a script.  Let me know if you have any suggestions
to make it better.]

Of the currently open syzbot reports against the upstream kernel, I've manually
marked 17 of them as possibly being bugs in the "net/tls" subsystem.  I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.

Of these 17 bugs, 7 were seen in mainline in the last week.

Of these 17 bugs, 6 were bisected to commits from the following people:

	Dave Watson <davejwatson@...com>
	Vakul Garg <vakul.garg@....com>
	Boris Pismenny <borisp@...lanox.com>
	Daniel Borkmann <daniel@...earbox.net>

If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status

If you believe I misattributed a bug to the "net/tls" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.

Here are the bugs:

--------------------------------------------------------------------------------
Title:              KASAN: use-after-free Read in tls_write_space
Last occurred:      0 days ago
Reported:           353 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=3ff26cb6000860a73428556d7df314541369c939
Original thread:    https://lkml.kernel.org/lkml/0000000000003dab1605704fb71d@google.com/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+2134b6b74dec9f8c760f@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003dab1605704fb71d@google.com

--------------------------------------------------------------------------------
Title:              KMSAN: uninit-value in gf128mul_4k_lle (3)
Last occurred:      0 days ago
Reported:           213 days ago
Branches:           Mainline (with KMSAN patches)
Dashboard link:     https://syzkaller.appspot.com/bug?id=a01db4c67933e9e4be8e721a8ee15a9530f1ac04
Original thread:    https://lkml.kernel.org/lkml/000000000000bf2457057b5ccda3@google.com/T/#u

This bug has a C reproducer.

The original thread for this bug received 2 replies; the last was 208 days ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+f8495bff23a879a6d0bd@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000bf2457057b5ccda3@google.com

--------------------------------------------------------------------------------
Title:              INFO: task hung in tls_sw_free_resources_tx
Last occurred:      6 days ago
Reported:           202 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=44ae4b4fa7e6c6e92aa921d2ec20ce9fbee97939
Original thread:    https://lkml.kernel.org/lkml/000000000000cab053057c2e5202@google.com/T/#u

This bug has a C reproducer.

This bug was bisected to:

	commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
	Author: Dave Watson <davejwatson@...com>
	Date:   Wed Jun 14 18:37:39 2017 +0000

	  tls: kernel TLS support

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+503339bf3c9053b8a7fc@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cab053057c2e5202@google.com

--------------------------------------------------------------------------------
Title:              INFO: task hung in __flush_work
Last occurred:      0 days ago
Reported:           128 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=9613d8dffb5c6cc39da8ec290cb8f3eb62bdf21f
Original thread:    https://lkml.kernel.org/lkml/0000000000008f9c780581fd7417@google.com/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+aa0b64a57e300a1c6bcc@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008f9c780581fd7417@google.com

--------------------------------------------------------------------------------
Title:              kernel BUG at include/linux/scatterlist.h:LINE!
Last occurred:      1 day ago
Reported:           33 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=effb623cefb879664122cc47df3af728957eb279
Original thread:    https://lkml.kernel.org/lkml/000000000000f41cd905897c075e@google.com/T/#u

This bug has a C reproducer.

This bug was bisected to:

	commit f295b3ae9f5927e084bd5decdff82390e3471801
	Author: Vakul Garg <vakul.garg@....com>
	Date:   Wed Mar 20 02:03:36 2019 +0000

	  net/tls: Add support of AES128-CCM based ciphers

The original thread for this bug has received 1 reply, 14 days ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+df0d4ec12332661dd1f9@...kaller.appspotmail.com

If you send any email or patch for this bug, please reply to the original
thread, which had activity only 14 days ago.  For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/000000000000f41cd905897c075e@google.com

--------------------------------------------------------------------------------
Title:              kernel BUG at ./include/linux/scatterlist.h:LINE!
Last occurred:      5 days ago
Reported:           4 days ago
Branches:           Mainline
Dashboard link:     https://syzkaller.appspot.com/bug?id=3008161aab5958fe4125a4cae3e4b7ad3ea50a26
Original thread:    https://lkml.kernel.org/lkml/000000000000417551058bc0bef9@google.com/T/#u

This bug has a C reproducer.

This bug was bisected to:

	commit f295b3ae9f5927e084bd5decdff82390e3471801
	Author: Vakul Garg <vakul.garg@....com>
	Date:   Wed Mar 20 02:03:36 2019 +0000

	  net/tls: Add support of AES128-CCM based ciphers

No one has replied to the original thread for this bug yet.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+ef0daa6ce95facb233c1@...kaller.appspotmail.com

If you send any email or patch for this bug, please reply to the original
thread.  For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000417551058bc0bef9@google.com

--------------------------------------------------------------------------------
Title:              kernel BUG at include/linux/mm.h:LINE! (5)
Last occurred:      42 days ago
Reported:           112 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=c14d620a28ea77843c2632f5b05b315c44a2dd06
Original thread:    https://lkml.kernel.org/lkml/00000000000054cc6d05834c33d7@google.com/T/#u

This bug has a C reproducer.

This bug was bisected to:

	commit 94850257cf0f88b20db7644f28bfedc7d284de15
	Author: Boris Pismenny <borisp@...lanox.com>
	Date:   Wed Feb 27 15:38:03 2019 +0000

	  tls: Fix tls_device handling of partial records

The original thread for this bug received 1 reply, 111 days ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+5013d47539cdd43e7098@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000054cc6d05834c33d7@google.com

--------------------------------------------------------------------------------
Title:              WARNING: ODEBUG bug in tls_sw_free_resources_tx
Last occurred:      7 days ago
Reported:           230 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=f4b5189b77d5defcd01b7177411ebb8717b7ca45
Original thread:    https://lkml.kernel.org/lkml/00000000000062c5c3057a095d25@google.com/T/#u

Unfortunately, this bug does not have a reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+70ab6a1f8151888c4ea0@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000062c5c3057a095d25@google.com

--------------------------------------------------------------------------------
Title:              memory leak in create_ctx
Last occurred:      16 days ago
Reported:           16 days ago
Branches:           Mainline
Dashboard link:     https://syzkaller.appspot.com/bug?id=3497d93558e378dec6f6583bedd163778c79d0dd
Original thread:    https://lkml.kernel.org/lkml/000000000000a420af058ad4bca2@google.com/T/#u

This bug has a syzkaller reproducer only.

The original thread for this bug has received 5 replies; the last was 10 days
ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+06537213db7ba2745c4a@...kaller.appspotmail.com

If you send any email or patch for this bug, please reply to the original
thread, which had activity only 10 days ago.  For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/000000000000a420af058ad4bca2@google.com

--------------------------------------------------------------------------------
Title:              WARNING in sk_stream_kill_queues (3)
Last occurred:      16 days ago
Reported:           375 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=1557fb40b5ed0a1ed2ba18268e04da194674d770
Original thread:    https://lkml.kernel.org/lkml/000000000000013b0d056e997fec@google.com/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+13e1ee9caeab5a9abc62@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000013b0d056e997fec@google.com

--------------------------------------------------------------------------------
Title:              KASAN: use-after-free Read in generic_gcmaes_encrypt
Last occurred:      145 days ago
Reported:           271 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=27ba7fbc34f9b61adecf2615022db00a6fb61211
Original thread:    https://lkml.kernel.org/lkml/000000000000d014010576cc00f4@google.com/T/#u

This bug has a C reproducer.

This bug was bisected to:

	commit a42055e8d2c30d4decfc13ce943d09c7b9dad221
	Author: Vakul Garg <vakul.garg@....com>
	Date:   Fri Sep 21 04:16:13 2018 +0000

	  net/tls: Add support for async encryption of records for performance

The original thread for this bug received 2 replies; the last was 270 days ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+6d3612ba5e254e387153@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d014010576cc00f4@google.com

--------------------------------------------------------------------------------
Title:              general protection fault in tcp_cleanup_ulp
Last occurred:      276 days ago
Reported:           291 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=24f95d3de36dd102ee36510385eec785fe08ad0d
Original thread:    https://lkml.kernel.org/lkml/00000000000006602605752ffa1a@google.com/T/#u

This bug has a syzkaller reproducer only.

This bug was bisected to:

	commit 90545cdc3f2b2ea700e24335610cd181e73756da
	Author: Daniel Borkmann <daniel@...earbox.net>
	Date:   Thu Aug 16 19:49:07 2018 +0000

	  tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+0b3ccd4f62dac2cf3a7d@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000006602605752ffa1a@google.com

--------------------------------------------------------------------------------
Title:              INFO: task hung in tls_sw_sendmsg
Last occurred:      5 days ago
Reported:           105 days ago
Branches:           net and net-next
Dashboard link:     https://syzkaller.appspot.com/bug?id=706f5d1339aa1c10348c96d852da1c1e34e5b7bd
Original thread:    https://lkml.kernel.org/lkml/0000000000006a71990583cd3d9c@google.com/T/#u

Unfortunately, this bug does not have a reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+8a6df99c3b1812093b70@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006a71990583cd3d9c@google.com

--------------------------------------------------------------------------------
Title:              KASAN: use-after-free Read in crypto_gcm_init_common
Last occurred:      165 days ago
Reported:           230 days ago
Branches:           Mainline and others
Dashboard link:     https://syzkaller.appspot.com/bug?id=979d00397272e11bc334ec842074d314bde41b90
Original thread:    https://lkml.kernel.org/lkml/00000000000060e0ae057a092be8@google.com/T/#u

This bug has a C reproducer.

syzbot has bisected this bug, but I think the bisection result is incorrect.

The original thread for this bug received 2 replies; the last was 62 days ago.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+e736399a2c4054612307@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000060e0ae057a092be8@google.com

--------------------------------------------------------------------------------
Title:              KASAN: use-after-free Read in timer_is_static_object (2)
Last occurred:      14 days ago
Reported:           40 days ago
Branches:           net-next
Dashboard link:     https://syzkaller.appspot.com/bug?id=aa9951fb518f1e883b28a0675789ff2fc82c8bf5
Original thread:    https://lkml.kernel.org/lkml/000000000000f29ffd0588e669d4@google.com/T/#u

Unfortunately, this bug does not have a reproducer.

No one has replied to the original thread for this bug yet.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+81215bf96c82318c7e74@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f29ffd0588e669d4@google.com

--------------------------------------------------------------------------------
Title:              KASAN: use-after-free Read in tls_push_sg
Last occurred:      38 days ago
Reported:           38 days ago
Branches:           net-next
Dashboard link:     https://syzkaller.appspot.com/bug?id=244990e1ccfdb940c14114668b0a967198582f04
Original thread:    https://lkml.kernel.org/lkml/0000000000000d1491058919b662@google.com/T/#u

Unfortunately, this bug does not have a reproducer.

No one has replied to the original thread for this bug yet.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+66fbe4719f6ef22754ee@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000d1491058919b662@google.com

--------------------------------------------------------------------------------
Title:              KASAN: slab-out-of-bounds Read in tls_write_space
Last occurred:      272 days ago
Reported:           272 days ago
Branches:           linux-next and net-next
Dashboard link:     https://syzkaller.appspot.com/bug?id=748ab8de777f23e8265027741072c68feb62a527
Original thread:    https://lkml.kernel.org/lkml/0000000000000a5b840576bad225@google.com/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
    Reported-by: syzbot+12638b747fd208f6cff0@...kaller.appspotmail.com

If you send any email or patch for this bug, please consider replying to the
original thread.  For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000a5b840576bad225@google.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ