lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 May 2023 13:57:04 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     syzbot <syzbot+a6abcf08bad8b18fd198@...kaller.appspotmail.com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Taehee Yoo <ap420073@...il.com>
Cc:     bp@...en8.de, dave.hansen@...ux.intel.com, davem@...emloft.net,
        hpa@...or.com, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, mingo@...hat.com,
        syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: Re: [syzbot] [crypto?] general protection fault in
 __aria_aesni_avx_gfni_crypt_16way

On Sun, May 14, 2023 at 08:09:50PM -0700, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    31f4104e392a Merge tag 'locking_urgent_for_v6.4_rc2' of gi..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11768616280000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8bc832f563d8bf38
> dashboard link: https://syzkaller.appspot.com/bug?extid=a6abcf08bad8b18fd198
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: i386
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1737e3be280000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=149d4c06280000

...

> ----------------
> Code disassembly (best guess):
>    0:	d0 10                	rclb   (%rax)
>    2:	c4 e2 69 00 d7       	vpshufb %xmm7,%xmm2,%xmm2
>    7:	c5 11 ef ea          	vpxor  %xmm2,%xmm13,%xmm13
>    b:	c5 e9 72 d0 08       	vpsrld $0x8,%xmm0,%xmm2
>   10:	c4 e2 69 00 d7       	vpshufb %xmm7,%xmm2,%xmm2
>   15:	c5 09 ef f2          	vpxor  %xmm2,%xmm14,%xmm14
>   19:	c4 e2 79 00 d7       	vpshufb %xmm7,%xmm0,%xmm2
>   1e:	c5 01 ef fa          	vpxor  %xmm2,%xmm15,%xmm15
>   22:	c5 f9 6f 05 7a 15 c9 	vmovdqa 0xac9157a(%rip),%xmm0        # 0xac915a4
>   29:	0a
> * 2a:	c5 f9 6f 0d 6a 15 c9 	vmovdqa 0xac9156a(%rip),%xmm1        # 0xac9159c <-- trapping instruction
>   31:	0a
>   32:	c5 f9 6f 15 7a 15 c9 	vmovdqa 0xac9157a(%rip),%xmm2        # 0xac915b4
>   39:	0a
>   3a:	c5                   	.byte 0xc5
>   3b:	f9                   	stc
>   3c:	6f                   	outsl  %ds:(%rsi),(%dx)
>   3d:	1d                   	.byte 0x1d
>   3e:	52                   	push   %rdx
>   3f:	15                   	.byte 0x15

Ard, this looks like something that you recently touched.  Any
ideas what might be causing this?

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ