On Thu, Nov 23, 2017 at 1:35 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > Am Donnerstag, 23. November 2017, 12:34:54 CET schrieb Dmitry Vyukov: > > Hi Dmitry, > >> Btw, I've started doing some minimal improvements, did not yet sorted >> out alg types/names, and fuzzer started scratching surface: >> >> WARNING: kernel stack regs has bad 'bp' value 77 Nov 23 2017 12:29:36 CET >> general protection fault in af_alg_free_areq_sgls 54 Nov 23 2017 12:23:30 >> CET general protection fault in crypto_chacha20_crypt 100 Nov 23 2017 >> 12:29:48 CET suspicious RCU usage at ./include/trace/events/kmem.h:LINE 88 >> Nov 23 2017 12:29:15 CET > > This all looks strange. Where would RCU come into play with > af_alg_free_areq_sgls? > > Do you have a reproducer? >> >> This strongly suggests that we need to dig deeper. > > Absolutely. That is why I started my fuzzer that turned up already quite some > issues. I've cooked syzkaller change that teaches it to generate more algorithm names. Probably not idea, but much better than was before: https://github.com/google/syzkaller/blob/ddf7b3e0655cf6dfeacfe509e477c1486d2cc7db/sys/linux/alg.go (if you see any obvious issues there, feedback is welcome, I still did not figure out completely difference between e.g. HASH/AHASH, BLKCIPHER/ABLKCIPHER as most of them seem to be interchangable; this was mostly based on try and trial approach). All bugs with details will soon be reported by syzbot (https://goo.gl/tpsmEJ) to kernel mailing lists with all details. Stephan, thanks for your help!
