[syzbot] [crypto?] KMSAN: uninit-value in aes_encrypt (5)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+aeb14e2539ffb6d21130@syzkaller.appspotmail.com>
To: davem@davemloft.net, herbert@gondor.apana.org.au,
	 linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: [syzbot] [crypto?] KMSAN: uninit-value in aes_encrypt (5)
Date: Sun, 28 Apr 2024 03:32:24 -0700	[thread overview]
Message-ID: <0000000000000fe556061725a7be@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    5d12ed4bea43 Merge tag 'i2c-for-6.9-rc6' of git://git.kern..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16491b80980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1c4a1df36b3414a8
dashboard link: https://syzkaller.appspot.com/bug?extid=aeb14e2539ffb6d21130
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bb5148c91210/disk-5d12ed4b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/49a9a8f075f4/vmlinux-5d12ed4b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1309b451ab44/bzImage-5d12ed4b.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aeb14e2539ffb6d21130@syzkaller.appspotmail.com

=====================================================
BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:149 [inline]
BUG: KMSAN: uninit-value in aes_encrypt+0x15cc/0x1db0 lib/crypto/aes.c:282
 subshift lib/crypto/aes.c:149 [inline]
 aes_encrypt+0x15cc/0x1db0 lib/crypto/aes.c:282
 aesti_encrypt+0x7d/0xf0 crypto/aes_ti.c:31
 crypto_ecb_crypt crypto/ecb.c:23 [inline]
 crypto_ecb_encrypt2+0x18a/0x300 crypto/ecb.c:40
 crypto_lskcipher_crypt_sg+0x36b/0x7f0 crypto/lskcipher.c:228
 crypto_lskcipher_encrypt_sg+0x8a/0xc0 crypto/lskcipher.c:247
 crypto_skcipher_encrypt+0x119/0x1e0 crypto/skcipher.c:669
 xts_encrypt+0x3c4/0x550 crypto/xts.c:269
 crypto_skcipher_encrypt+0x1a0/0x1e0 crypto/skcipher.c:671
 fscrypt_crypt_data_unit+0x4ee/0x8f0 fs/crypto/crypto.c:144
 fscrypt_encrypt_pagecache_blocks+0x422/0x900 fs/crypto/crypto.c:207
 ext4_bio_write_folio+0x13db/0x2e40 fs/ext4/page-io.c:526
 mpage_submit_folio+0x351/0x4a0 fs/ext4/inode.c:1869
 mpage_process_page_bufs+0xb92/0xe30 fs/ext4/inode.c:1982
 mpage_process_folio fs/ext4/inode.c:2036 [inline]
 mpage_map_and_submit_buffers fs/ext4/inode.c:2105 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2254 [inline]
 ext4_do_writepages+0x353e/0x62e0 fs/ext4/inode.c:2679
 ext4_writepages+0x312/0x830 fs/ext4/inode.c:2768
 do_writepages+0x427/0xc30 mm/page-writeback.c:2612
 __writeback_single_inode+0x10d/0x12c0 fs/fs-writeback.c:1650
 writeback_sb_inodes+0xb48/0x1be0 fs/fs-writeback.c:1941
 wb_writeback+0x4a1/0xdf0 fs/fs-writeback.c:2117
 wb_do_writeback fs/fs-writeback.c:2264 [inline]
 wb_workfn+0x40b/0x1940 fs/fs-writeback.c:2304
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa81/0x1bd0 kernel/workqueue.c:3335
 worker_thread+0xea5/0x1560 kernel/workqueue.c:3416
 kthread+0x3e2/0x540 kernel/kthread.c:388
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Uninit was stored to memory at:
 le128_xor include/crypto/b128ops.h:69 [inline]
 xts_xor_tweak+0x4ae/0xbf0 crypto/xts.c:123
 xts_xor_tweak_pre crypto/xts.c:135 [inline]
 xts_encrypt+0x296/0x550 crypto/xts.c:268
 crypto_skcipher_encrypt+0x1a0/0x1e0 crypto/skcipher.c:671
 fscrypt_crypt_data_unit+0x4ee/0x8f0 fs/crypto/crypto.c:144
 fscrypt_encrypt_pagecache_blocks+0x422/0x900 fs/crypto/crypto.c:207
 ext4_bio_write_folio+0x13db/0x2e40 fs/ext4/page-io.c:526
 mpage_submit_folio+0x351/0x4a0 fs/ext4/inode.c:1869
 mpage_process_page_bufs+0xb92/0xe30 fs/ext4/inode.c:1982
 mpage_process_folio fs/ext4/inode.c:2036 [inline]
 mpage_map_and_submit_buffers fs/ext4/inode.c:2105 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2254 [inline]
 ext4_do_writepages+0x353e/0x62e0 fs/ext4/inode.c:2679
 ext4_writepages+0x312/0x830 fs/ext4/inode.c:2768
 do_writepages+0x427/0xc30 mm/page-writeback.c:2612
 __writeback_single_inode+0x10d/0x12c0 fs/fs-writeback.c:1650
 writeback_sb_inodes+0xb48/0x1be0 fs/fs-writeback.c:1941
 wb_writeback+0x4a1/0xdf0 fs/fs-writeback.c:2117
 wb_do_writeback fs/fs-writeback.c:2264 [inline]
 wb_workfn+0x40b/0x1940 fs/fs-writeback.c:2304
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa81/0x1bd0 kernel/workqueue.c:3335
 worker_thread+0xea5/0x1560 kernel/workqueue.c:3416
 kthread+0x3e2/0x540 kernel/kthread.c:388
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Uninit was created at:
 __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598
 alloc_pages_mpol+0x299/0x990 mm/mempolicy.c:2264
 alloc_pages mm/mempolicy.c:2335 [inline]
 folio_alloc+0x1d0/0x230 mm/mempolicy.c:2342
 filemap_alloc_folio+0xa6/0x440 mm/filemap.c:984
 __filemap_get_folio+0xa10/0x14b0 mm/filemap.c:1926
 ext4_write_begin+0x3e5/0x2230 fs/ext4/inode.c:1159
 ext4_da_write_begin+0x4cd/0xec0 fs/ext4/inode.c:2869
 generic_perform_write+0x400/0xc60 mm/filemap.c:3974
 ext4_buffered_write_iter+0x564/0xaa0 fs/ext4/file.c:299
 ext4_file_write_iter+0x208/0x3450
 __kernel_write_iter+0x68b/0xc40 fs/read_write.c:523
 __kernel_write+0xca/0x100 fs/read_write.c:543
 __dump_emit fs/coredump.c:813 [inline]
 dump_emit+0x3aa/0x5d0 fs/coredump.c:850
 writenote+0x2ad/0x480 fs/binfmt_elf.c:1422
 write_note_info fs/binfmt_elf.c:1912 [inline]
 elf_core_dump+0x4f77/0x59c0 fs/binfmt_elf.c:2064
 do_coredump+0x32d5/0x4920 fs/coredump.c:764
 get_signal+0x267e/0x2d00 kernel/signal.c:2896
 arch_do_signal_or_restart+0x53/0xcb0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 irqentry_exit_to_user_mode+0xa6/0x160 kernel/entry/common.c:231
 irqentry_exit+0x16/0x60 kernel/entry/common.c:334
 exc_general_protection+0x2e6/0x4b0 arch/x86/kernel/traps.c:644
 asm_exc_general_protection+0x2b/0x30 arch/x86/include/asm/idtentry.h:617

CPU: 0 PID: 57 Comm: kworker/u8:3 Not tainted 6.9.0-rc5-syzkaller-00329-g5d12ed4bea43 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: writeback wb_workfn (flush-7:1)
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2024-04-28 10:32 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-28 10:32 syzbot [this message]
2024-05-10  4:02 ` [syzbot] [crypto?] KMSAN: uninit-value in aes_encrypt (5) syzbot
2024-05-30  4:31   ` Herbert Xu
2024-06-05 20:17 ` [syzbot] ff/ext4: Prevent crypto operation on unaligned blocks syzbot
2024-06-06  6:15 ` syzbot
2024-06-06  7:57 ` syzbot
2024-06-06  8:27 ` [syzbot] [syzbot] [ext4] KMSAN: uninit-value in aes_encrypt (5) syzbot
2024-06-06  9:15 ` syzbot
2025-10-10 13:01 ` Forwarded: FYI syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000000fe556061725a7be@google.com \
    --to=syzbot+aeb14e2539ffb6d21130@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.