| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADCV8sqoW31YqwXdbZNhbeDOwYP3NStwZsnRWhCYkSUSfrJsuQ@mail.gmail.com> Date: Tue, 28 Jan 2025 20:07:49 +0800 From: Liebes Wang <wanghaichi0403@...il.com> To: linux-bcachefs@...r.kernel.org, kent.overstreet@...ux.dev, linux-kernel@...r.kernel.org Cc: syzkaller@...glegroups.com Subject: Linux kernel bug report: "general protection fault in crypto_skcipher_encrypt" Dear Linux maintainers and reviewers: We are reporting a Linux kernel bug titled **general protection fault in crypto_skcipher_encrypt**, discovered using a modified version of Syzkaller. Linux version: 2144da25584eb10b84252230319b5783f6a83041 (6.13-rc6) The bisection log shows the first introduced commit is 03ef80b469d5d83530ce1ce15be78a40e5300f9b. 03ef80b469d5 bcachefs: Ignore unknown mount options The test case, kernel config and full bisection log are attached. The report is (The full report is attached): bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.13: inode_has_child_snapshots running recovery passes: check_allocations,check_inodes bcachefs: bch2_fs_get_tree() error: fsck_errors_not_fixed Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 UID: 0 PID: 10753 Comm: syz.4.760 Not tainted 6.12.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:crypto_skcipher_alg include/crypto/skcipher.h:375 [inline] RIP: 0010:crypto_skcipher_encrypt+0x48/0x170 crypto/skcipher.c:637 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 40 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 48 8d 7b 04 4c 8b 63 18 48 b8 00 00 loop1: detected capacity change from 0 to 32768 RSP: 0018:ff11000120e96840 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000008 RCX: ffa00000028b7000 RDX: 0000000000000004 RSI: ffffffff836396b0 RDI: 0000000000000020 RBP: ff11000120e968b0 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000000c0 R12: 0000000000000008 R13: ff11000120e96b78 R14: 0000000000000020 R15: ff11000120e96d58 FS: 00007f1ff7870700(0000) GS:ff110004ca800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f535ba2e000 CR3: 000000011da18006 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 80000000 Call Trace: <TASK> do_encrypt_sg+0xdf/0x170 fs/bcachefs/checksum.c:108 bcachefs (/dev/loop1): error validating superblock: Invalid time precision: 0 (min 1, max 1000000000) bcachefs: bch2_fs_get_tree() error: invalid_sb_time_precision do_encrypt+0x742/0x910 fs/bcachefs/checksum.c:124 gen_poly_key.isra.0+0x144/0x310 fs/bcachefs/checksum.c:200 bch2_checksum+0x1c4/0x2a0 fs/bcachefs/checksum.c:236 bch2_btree_node_read_done+0x75a/0x4e70 fs/bcachefs/btree_io.c:1060 btree_node_read_work+0x63e/0xf70 fs/bcachefs/btree_io.c:1327 bch2_btree_node_read+0x76c/0xdf0 fs/bcachefs/btree_io.c:1712 loop2: detected capacity change from 0 to 256 exfat: Unknown parameter 'Ø' __bch2_btree_root_read fs/bcachefs/btree_io.c:1753 [inline] bch2_btree_root_read+0x2c5/0x460 fs/bcachefs/btree_io.c:1775 read_btree_roots fs/bcachefs/recovery.c:523 [inline] bch2_fs_recovery+0x1db7/0x3c60 fs/bcachefs/recovery.c:853 bch2_fs_start+0x2d8/0x610 fs/bcachefs/super.c:1036 bch2_fs_get_tree+0xfda/0x15d0 fs/bcachefs/fs.c:2170 vfs_get_tree+0x94/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3507 [inline] path_mount+0x6b2/0x1eb0 fs/namespace.c:3834 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount fs/namespace.c:4034 [inline] __x64_sys_mount+0x283/0x300 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Content of type "text/html" skipped Download attachment "kconfig" of type "application/octet-stream" (149021 bytes) Download attachment "report0" of type "application/octet-stream" (5795 bytes) Download attachment "bisect 2.log" of type "application/octet-stream" (51489 bytes) Download attachment "repro 2.cprog" of type "application/octet-stream" (340341 bytes)
Powered by blists - more mailing lists