| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Mar 2020 12:35:13 -0700
From: syzbot <syzbot+6a6bca8169ffda8ce77b@...kaller.appspotmail.com>
To: bp@...en8.de, davem@...emloft.net, elver@...gle.com,
herbert@...dor.apana.org.au, hpa@...or.com,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
mingo@...hat.com, syzkaller-bugs@...glegroups.com,
tglx@...utronix.de, x86@...nel.org
Subject: KCSAN: data-race in glue_cbc_decrypt_req_128bit / glue_cbc_decrypt_req_128bit
Hello,
syzbot found the following crash on:
HEAD commit: b12d66a6 mm, kcsan: Instrument SLAB free with ASSERT_EXCLU..
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=111f0865e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=10bc0131c4924ba9
dashboard link: https://syzkaller.appspot.com/bug?extid=6a6bca8169ffda8ce77b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a6bca8169ffda8ce77b@...kaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in glue_cbc_decrypt_req_128bit / glue_cbc_decrypt_req_128bit
write to 0xffff88809966e128 of 8 bytes by task 24119 on cpu 0:
u128_xor include/crypto/b128ops.h:67 [inline]
glue_cbc_decrypt_req_128bit+0x396/0x460 arch/x86/crypto/glue_helper.c:144
cbc_decrypt+0x26/0x40 arch/x86/crypto/serpent_avx2_glue.c:152
crypto_skcipher_decrypt+0x65/0x90 crypto/skcipher.c:652
_skcipher_recvmsg crypto/algif_skcipher.c:142 [inline]
skcipher_recvmsg+0x7fa/0x8c0 crypto/algif_skcipher.c:161
skcipher_recvmsg_nokey+0x5e/0x80 crypto/algif_skcipher.c:279
sock_recvmsg_nosec net/socket.c:886 [inline]
sock_recvmsg net/socket.c:904 [inline]
sock_recvmsg+0x92/0xb0 net/socket.c:900
____sys_recvmsg+0x167/0x3a0 net/socket.c:2566
___sys_recvmsg+0xb2/0x100 net/socket.c:2608
__sys_recvmsg+0x9d/0x160 net/socket.c:2642
__do_sys_recvmsg net/socket.c:2652 [inline]
__se_sys_recvmsg net/socket.c:2649 [inline]
__x64_sys_recvmsg+0x51/0x70 net/socket.c:2649
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff88809966e128 of 8 bytes by task 24118 on cpu 1:
u128_xor include/crypto/b128ops.h:67 [inline]
glue_cbc_decrypt_req_128bit+0x37c/0x460 arch/x86/crypto/glue_helper.c:144
cbc_decrypt+0x26/0x40 arch/x86/crypto/serpent_avx2_glue.c:152
crypto_skcipher_decrypt+0x65/0x90 crypto/skcipher.c:652
_skcipher_recvmsg crypto/algif_skcipher.c:142 [inline]
skcipher_recvmsg+0x7fa/0x8c0 crypto/algif_skcipher.c:161
skcipher_recvmsg_nokey+0x5e/0x80 crypto/algif_skcipher.c:279
sock_recvmsg_nosec net/socket.c:886 [inline]
sock_recvmsg net/socket.c:904 [inline]
sock_recvmsg+0x92/0xb0 net/socket.c:900
____sys_recvmsg+0x167/0x3a0 net/socket.c:2566
___sys_recvmsg+0xb2/0x100 net/socket.c:2608
__sys_recvmsg+0x9d/0x160 net/socket.c:2642
__do_sys_recvmsg net/socket.c:2652 [inline]
__se_sys_recvmsg net/socket.c:2649 [inline]
__x64_sys_recvmsg+0x51/0x70 net/socket.c:2649
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 24118 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists