All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers3@gmail.com>
To: syzbot
	<bot+e73a4dea901456e1260a0ac63aac133495835be2@syzkaller.appspotmail.com>
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: general protection fault in __crypto_alg_lookup
Date: Tue, 16 Jan 2018 22:42:54 -0800	[thread overview]
Message-ID: <20180117064254.GF15527@zzz.localdomain> (raw)
In-Reply-To: <94eb2c19e7562b0ed30560c0d1f8@google.com>

On Tue, Dec 19, 2017 at 11:49:02PM -0800, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> 
> Unfortunately, I don't have any reproducer for this bug yet.
> 
> 
> SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256
> sclass=netlink_route_socket pig=17315 comm=syz-executor6
> SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256
> sclass=netlink_route_socket pig=17326 comm=syz-executor6
> general protection fault: 0000 [#1] SMP
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Modules linked in:
> CPU: 1 PID: 17336 Comm: syz-executor7 Not tainted 4.15.0-rc3-next-20171214+
> #67
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:__crypto_alg_lookup+0x43/0x190 crypto/api.c:63
> RSP: 0018:ffffc90000d7fcb8 EFLAGS: 00010216
> RAX: 0000000000010000 RBX: 623e2d6261746826 RCX: ffffffff816741f3
> RDX: 00000000000000d9 RSI: ffffc90001a01000 RDI: ffff8801f9d11891
> RBP: ffffc90000d7fd00 R08: 0000000000000001 R09: 0000000000000001
> R10: ffffc90000d7fc80 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000072612f66 R14: 000000000000240e R15: 000000000000040f
> FS:  00007ff6c7ec5700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020f35000 CR3: 00000001fce0e004 CR4: 00000000001606e0
> Call Trace:
>  crypto_alg_lookup+0x31/0x50 crypto/api.c:201
>  crypto_larval_lookup.part.8+0x34/0x1c0 crypto/api.c:218
>  crypto_larval_lookup crypto/api.c:212 [inline]
>  crypto_alg_mod_lookup+0x77/0x120 crypto/api.c:271
>  crypto_find_alg crypto/api.c:501 [inline]
>  crypto_alloc_tfm+0x67/0x180 crypto/api.c:534
>  crypto_alloc_ahash+0x2c/0x40 crypto/ahash.c:540
>  hash_bind+0x51/0x90 crypto/algif_hash.c:422
>  alg_bind+0x94/0x180 crypto/af_alg.c:179
>  SYSC_bind+0xa8/0x130 net/socket.c:1454
>  SyS_bind+0x24/0x30 net/socket.c:1440
>  entry_SYSCALL_64_fastpath+0x1f/0x96
> RIP: 0033:0x452a09
> RSP: 002b:00007ff6c7ec4c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000031
> RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452a09
> RDX: 0000000000000058 RSI: 0000000020f35000 RDI: 0000000000000013
> RBP: 0000000000000554 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f5080
> R13: 00000000ffffffff R14: 00007ff6c7ec56d4 R15: 0000000000000000
> Code: 89 7d d0 e8 70 61 c4 ff 48 8b 1d 89 df a6 01 48 81 fb 60 21 0e 83 0f
> 84 4c 01 00 00 c7 45 c4 fe ff ff ff 45 31 e4 e8 4d 61 c4 ff <44> 8b 6b 20 41
> f6 c5 60 0f 85 03 01 00 00 e8 3a 61 c4 ff 44 89
> RIP: __crypto_alg_lookup+0x43/0x190 crypto/api.c:63 RSP: ffffc90000d7fcb8
> ---[ end trace 17ac9655be6571e5 ]---
> Kernel panic - not syncing: Fatal exception
> netlink: 5 bytes leftover after parsing attributes in process
> `syz-executor6'.
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
> 

Invalidating this bug now that a similar one has been fixed; we'll see if it
happens again...

#syz invalid

       reply	other threads:[~2018-01-17  6:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <94eb2c19e7562b0ed30560c0d1f8@google.com>
2018-01-17  6:42 ` Eric Biggers [this message]
2018-01-17  6:42   ` general protection fault in __crypto_alg_lookup Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180117064254.GF15527@zzz.localdomain \
    --to=ebiggers3@gmail.com \
    --cc=bot+e73a4dea901456e1260a0ac63aac133495835be2@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.