lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 7 Nov 2019 15:05:18 -0500
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     syzbot <syzbot+e736399a2c4054612307@...kaller.appspotmail.com>
Cc:     Jason@...c4.com, ard.biesheuvel@...aro.org, aviadye@...lanox.com,
        borisp@...lanox.com, daniel@...earbox.net, davejwatson@...com,
        davem@...emloft.net, dhowells@...hat.com,
        dirk.vandermerwe@...ronome.com, ebiggers3@...il.com,
        herbert@...dor.apana.org.au, john.fastabend@...il.com,
        k.marinushkin@...il.com, keescook@...omium.org,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, security@...nel.org,
        steffen.klassert@...unet.com, syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in crypto_gcm_init_common

On Thu, 07 Nov 2019 05:42:07 -0800, syzbot wrote:
> syzbot suspects this bug was fixed by commit:
> 
> commit 9354544cbccf68da1b047f8fb7b47630e3c8a59d
> Author: Dirk van der Merwe <dirk.vandermerwe@...ronome.com>
> Date:   Mon Jun 24 04:26:58 2019 +0000
> 
>      net/tls: fix page double free on TX cleanup
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=168ad3c2600000
> start commit:   4710e789 Merge tag 'nfs-for-4.20-2' of git://git.linux-nfs..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9384ecb1c973baed
> dashboard link: https://syzkaller.appspot.com/bug?extid=e736399a2c4054612307
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17902f5b400000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=111377e5400000
> 
> If the result looks correct, please mark the bug fixed by replying with:
> 
> #syz fix: net/tls: fix page double free on TX cleanup
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

The bug report looks fairly strange and could indicate a double free,
but I don't see an entirely clear connection. We are double freeing a
record and its pages while the splat is from a slab-32.. Given the
bisection I think it's probably okay:

#syz fix: net/tls: fix page double free on TX cleanup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ