Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1002107rwd; Tue, 13 Jun 2023 03:32:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4GF84MexwlxoQ+Br8q5rXxJMyJmVhRU4Xh6CLrfwxp7O0nw22pR2oVHl65p8F93w/0Y821 X-Received: by 2002:a17:906:74c6:b0:977:cc87:62b5 with SMTP id z6-20020a17090674c600b00977cc8762b5mr9948284ejl.4.1686652323035; Tue, 13 Jun 2023 03:32:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686652323; cv=none; d=google.com; s=arc-20160816; b=ZnoN7G8hH/MbWOtGkgWs+Fr61tzL5mLdUqBN2iDdza8L0Ddd0LP4CBNVs30nS9eoIL dX1LuQKvJKSXwJb8yOk6B9nGZx/FkiPV+RQmVjVjrjPcj2BR6Z88N2cnDzdIQVm08g+M +XWMUZBmf2uSlCsv7VsfvDfIIDJM0uHRAjAfjzRMWaRuPmP+I7w/Nqs4uYkW8z8MMv5h t3XiWkf7tF4lFbvmqeKJLZ1PLQJCbVq4ZGU7hiupLF44ULXD5FGHbqR5/jeEbx3Rsiyi dDyu+BvFTTRIFEZKos73HmJC1DqaTf/gTIwwyP4se6eKJQSQ02SHDUJzwhqHv7jKYa7u Ykaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=zwtwqzsDb3mSLPUruEXhawkDB/dKW3az9A5QGp5u2jY=; b=UnRu61Hz8/P8TTa6uiyu41MZNYk4UjxmK+yNbcyqFIugD11WTpcapYUEJvQGTxFC57 f6BzR9wURmRnBa/9wavbByyf3w7qgzQFBA7BHtSWO7v5c7q3UgMlIalD5k7VMn8ZUdE5 sS9cEamawUoEzgdm7McPomQkfwlK0iybtRqDJpjNgpJA+4091uNTNh8sIfPlHVwdNMP3 YzOy/FD+yviuOklaT5ascTpFTp5RnMIPvFLqHA2KBFVz0WXIX1vvc5a7tUOlZg7uCdss cMY766ECGbDS/dG5CPvYo8GQbMqBh2XKhy5GiYKJBiTc0sg/d60a3Xen62yKeDbegCNY uJ4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cw7-20020a170906c78700b00977cc671cb8si6693935ejb.438.2023.06.13.03.31.32; Tue, 13 Jun 2023 03:32:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241892AbjFMK0W (ORCPT + 99 others); Tue, 13 Jun 2023 06:26:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241897AbjFMKZ7 (ORCPT ); Tue, 13 Jun 2023 06:25:59 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B1451FF9; Tue, 13 Jun 2023 03:25:05 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1q91CZ-002Me3-9m; Tue, 13 Jun 2023 18:24:40 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Tue, 13 Jun 2023 18:24:39 +0800 Date: Tue, 13 Jun 2023 18:24:39 +0800 From: Herbert Xu To: syzbot Cc: davem@davemloft.net, dhowells@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export Message-ID: References: <0000000000000cb2c305fdeb8e30@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0000000000000cb2c305fdeb8e30@google.com> X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_00,HELO_DYNAMIC_IPADDR2, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jun 12, 2023 at 02:43:45AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem.. > git tree: net-next > console+strace: https://syzkaller.appspot.com/x/log.txt?x=104cdef1280000 > kernel config: https://syzkaller.appspot.com/x/.config?x=526f919910d4a671 > dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/ffd66beb6784/disk-ded5c1a1.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/e7336ae5a7bf/vmlinux-ded5c1a1.xz > kernel image: https://storage.googleapis.com/syzbot-assets/10ded02dc7e2/bzImage-ded5c1a1.xz > > The issue was bisected to: > > commit c662b043cdca89bf0f03fc37251000ac69a3a548 > Author: David Howells > Date: Tue Jun 6 13:08:56 2023 +0000 > > crypto: af_alg/hash: Support MSG_SPLICE_PAGES David, the logic for calling hash_alloc_result looks quite different from that on whether you do the hash finalisation. I'd suggest that you change them to use the same check, and also set use NULL instead of ctx->result if you didn't call hash_alloc_result. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt