Received: by 10.213.65.68 with SMTP id h4csp2307479imn; Mon, 9 Apr 2018 00:56:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/KoNZ5aA34W1tz9yAUAfiYXpguh1h0TVZcAOMERWEhBIQ73ZcpHjpvDMNMwHFJjdJisgCH X-Received: by 2002:a17:902:d20b:: with SMTP id t11-v6mr8160755ply.381.1523260562574; Mon, 09 Apr 2018 00:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523260562; cv=none; d=google.com; s=arc-20160816; b=S9DzSwEs3BkNmkMq/iBgF0Y1fA9Fmn/juoG436iJBzi6m+eshs4L0jbR/X1vPYx7zH nORj6vvXLcTc40ReWKQe7PzcPxFH1VcZyBPVQNm4pbAORz/efLpHwgiaeSsOgdk9n2gg WWERqu/6NOMW1sjIxwMJ38lHl5R+r1lIP4xQR5ALIY6w0x281tfchqeZoItnxpvbsYOc rvt+Rk6lnaweHMj2IQeXL50x9npXXsGjCxVfPfBV8467QKo9/n750M11loocL2qWl4WY sYZCxE9OSx1nmd89za2jwePKJJO/nWbXBZXfkAeO1vDltY205Uq+QSQ0ebiWwBKFvOQ8 8yWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=Yj3l46xd67MKUCJx1sr8IjdjmkBuK2LBymDkLAwlBIo=; b=F0IX5hT3qeXNFssa0ix7GayZmMewaZqr2ZxoXEKl8TwUa5wuvoAKCP5aiHWJvrGKXg PjKSCLv/MNkTjf7JGRn1Xy/tznv2hxdMB1DBr5tYuhsAjz9GFu5L8yMX8TkfTxSAQpYg 1pj8uGUnq0X5lepzXooQTX7QvKj0dDthjssm6igvB1Wr+PexpQSDqibNokN0v8wWtBpq hMIRpZPMfNRuuqvWxMmeDAsCBO/m5Gjd15MGxKjdA2oBnVD2yRst033DA2anRYdcMrSp Q1gEcQIZj/nqCbzFmcIkMpsr0cP766GAVc2QlzqkpTYBnzvkNr5xBtqcvQ7RkVzhYPf/ AuNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=QtC9Mp8+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n74si12137760pfk.51.2018.04.09.00.55.23; Mon, 09 Apr 2018 00:56:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=QtC9Mp8+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751799AbeDIHvg (ORCPT + 99 others); Mon, 9 Apr 2018 03:51:36 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:33803 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750759AbeDIHve (ORCPT ); Mon, 9 Apr 2018 03:51:34 -0400 Received: by mail-pf0-f195.google.com with SMTP id q9so5423127pff.1 for ; Mon, 09 Apr 2018 00:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Yj3l46xd67MKUCJx1sr8IjdjmkBuK2LBymDkLAwlBIo=; b=QtC9Mp8+ivaJmbcqDrFw5TplG/eSCHUqG1EnsE5fKZz7wKnz3QBO2GJd6ExO1oMxuv p/ZCUzthDEYM/uU0TeP/oPgzkH5d9PQnb+VFPTu+bX0LO5JuZqstDzEx1S3RU1jFdIe/ TxmwG3Jpnxp1wVJT+f2YKmql/b8Q03stu4T8dIpn54Scmi+5MrCsWJ9wmaIQZ/6T1OGg 70Q5GTKQ5+4k0zo50Jvj1LDh1zLK0srTTkGL50FP0Jm4QC0WuI4j9bh7F9p5ygvKMwqP Qg2U2fl7EeJIxRxmm4A+SFkgXvULv8gFpY1+LHXfrgi+povmzrs57zBuwI2YjuLtSMRs Yp/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Yj3l46xd67MKUCJx1sr8IjdjmkBuK2LBymDkLAwlBIo=; b=emCOBYBAFFxDLbPJ3MWjibx1Uh4G1JAnn5WlOxFvhx8cL3LQjAAWvJZgEV84YxsH1b /DKEP9HDn5p++1qPDMjl4dyGeNqVZNFvIrcA8iGrTZ5SkCzydnRcNLaECK5xQQXAHg9y t1W7LSvuZGbU9W5BfE2Czzoajdj9anFUh0DVyUjLK3QAkVooABBX0k078bS03dg9E8RM j0LPtA/2IoN/rGmkCUDQKNjej7DQyTA5vyI2U+XdIM6fNTvGMVxqyJmfKeQC/z1GB5nf f2xLERXvqFQJvz5ojECqgv6XVqSN3cZuUS2J9GlvIyT3nhkuG3w12hAEh15LLQph/yeA HmEw== X-Gm-Message-State: AElRT7FguM7xZTnnrOwWr2wvN2lRz6UGtwucVoAaIFkRnadA3dcSGXye oKYXhxoYi8aHaDzDRiD/uKHRV05Voji2X0R1nT6cXg== X-Received: by 10.99.106.202 with SMTP id f193mr24785864pgc.334.1523260293944; Mon, 09 Apr 2018 00:51:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.182.136 with HTTP; Mon, 9 Apr 2018 00:51:13 -0700 (PDT) In-Reply-To: <3337259.MW9pfDCdka@positron.chronox.de> References: <00000000000092ad87056950ef9e@google.com> <3337259.MW9pfDCdka@positron.chronox.de> From: Dmitry Vyukov Date: Mon, 9 Apr 2018 09:51:13 +0200 Message-ID: Subject: Re: [PATCH] AF_ALG: register completely initialized request in list To: =?UTF-8?Q?Stephan_M=C3=BCller?= Cc: syzbot , David Miller , Herbert Xu , linux-crypto@vger.kernel.org, LKML , syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 8, 2018 at 7:57 PM, Stephan M=C3=BCller w= rote: > Hi, > > May I ask to check whether this patch fixes the issue? I cannot re-create > the issue with the reproducter. Yet, as far as I understand, you try to > induce errors which shall validate whether the error code paths are corre= ct. You can ask syzbot to test by replying to its report email with a test command, see: https://github.com/google/syzkaller/blob/master/docs/syzbot.md#communicatio= n-with-syzbot Note that all testing of KMSAN bugs needs to go to KMSAN tree, for details = see: https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs > The fix below should ensure this now. > > Thanks a lot. > > ---8<--- > > From 8f083e7b0684a9f91c186d7b46eec34e439689c3 Mon Sep 17 00:00:00 2001 > From: Stephan Mueller > Date: Sun, 8 Apr 2018 19:53:59 +0200 > Subject: [PATCH] AF_ALG: Initialize sg_num_bytes in error code path > > The RX SGL in processing is already registered with the RX SGL tracking > list to support proper cleanup. The cleanup code path uses the > sg_num_bytes variable which must therefore be always initialized, even > in the error code path. > > Signed-off-by: Stephan Mueller > Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com > --- > crypto/af_alg.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/crypto/af_alg.c b/crypto/af_alg.c > index c49766b03165..0d555c072669 100644 > --- a/crypto/af_alg.c > +++ b/crypto/af_alg.c > @@ -1156,8 +1156,10 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr= *msg, int flags, > > /* make one iovec available as scatterlist */ > err =3D af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen= ); > - if (err < 0) > + if (err < 0) { > + rsgl->sg_num_bytes =3D 0; > return err; > + } > > /* chain the new scatterlist with previous one */ > if (areq->last_rsgl) > -- > 2.14.3 > > > > > > -- > You received this message because you are subscribed to the Google Groups= "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an= email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgi= d/syzkaller-bugs/3337259.MW9pfDCdka%40positron.chronox.de. > For more options, visit https://groups.google.com/d/optout.