On Mon, Nov 27, 2017 at 10:56:46AM -0800, syzbot wrote:
> ==
> BUG: KASAN: use-after-free in skcipher_request_set_tfm
> include/crypto/skcipher.h:499 [inline]
> BUG: KASAN: use-after-free in crypto_aead_copy_sgl
> crypto/algif_aead.c:8
On Mon, Nov 27, 2017 at 11:29:44PM -0800, Eric Biggers wrote:
>
> >From 453b54793e843c0d5b8fd2d5e33fcc5427ec038e Mon Sep 17 00:00:00 2001
> From: Eric Biggers
> Date: Mon, 27 Nov 2017 23:23:05 -0800
> Subject: [PATCH] crypto: algif_aead - fix reference counting of null skcipher
>
> In the AEAD in
Am Dienstag, 28. November 2017, 08:29:44 CET schrieb Eric Biggers:
Hi Eric,
>
> Sometimes you have to reboot to get the reproducer to work, because the bug
> has to do with referencing counting of the "null skcipher" which is a
> global resource. Here's a patch that fixes it, it seems:
>
> ---
On Tue, Nov 28, 2017 at 07:30:46AM +0100, Stephan Mueller wrote:
> Am Montag, 27. November 2017, 23:43:08 CET schrieb Eric Biggers:
>
> Hi Eric,
>
> > No, that doesn't help. I tested v4.15-rc1 with all the extra commits from
> > crypto-2.6.git/master applied:
> >
> > crypto: algif_aead - sk
Am Montag, 27. November 2017, 23:43:08 CET schrieb Eric Biggers:
Hi Eric,
> No, that doesn't help. I tested v4.15-rc1 with all the extra commits from
> crypto-2.6.git/master applied:
>
> crypto: algif_aead - skip SGL entries with NULL page
> crypto: af_alg - remove locking in async
On Mon, Nov 27, 2017 at 11:02:08PM +0100, Stephan Müller wrote:
> Am Montag, 27. November 2017, 19:56:46 CET schrieb syzbot:
>
> Hi,
>
> > Hello,
> >
> > syzkaller hit the following crash on
> > 6fc478f80f6809cc4b1a4230f47a62d3b7378dc0
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux
Am Montag, 27. November 2017, 19:56:46 CET schrieb syzbot:
Hi,
> Hello,
>
> syzkaller hit the following crash on
> 6fc478f80f6809cc4b1a4230f47a62d3b7378dc0
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw
