From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.165]:32751 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751914AbeDJPgN (ORCPT ); Tue, 10 Apr 2018 11:36:13 -0400 From: Stephan Mueller To: Dmitry Vyukov Cc: "Theodore Y. Ts'o" , Matthew Wilcox , Herbert Xu , David Miller , linux-crypto@vger.kernel.org, Eric Biggers , syzbot , linux-fsdevel , LKML , syzkaller-bugs , Al Viro Subject: Re: [PATCH] crypto: DRBG - guard uninstantion by lock Date: Tue, 10 Apr 2018 17:35:29 +0200 Message-ID: <2704286.80iLvC0rRL@tauon.chronox.de> In-Reply-To: References: <001a114467482dbc4b05692df8f9@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Am Dienstag, 10. April 2018, 17:23:46 CEST schrieb Dmitry Vyukov: Hi Dmitry, > Stephan, > > Do you have any hypothesis as to why this is not detected by KASAN and > causes silent corruptions? > We generally try to understand such cases and improve KASAN so that it > catches such cases more reliably and they do not cause splashes of > random crashes on syzbot. I do not have any hypothesis at this point. I know that you induce some fault. As you mentioned the drbg_kcapi_seed function, I was looking through the error code paths to see whether some error handlers trip over each other. But all is guesswork so far. And I am not even sure whether the bug is in the DRBG code base. Looking into the trace you sent, I see a NULL pointer dereference. At one point there is also the drbg_init_hash_kernel that is called. But nowhere I see any smoking gun. Could you please give me a description of the fault you are inducing? Ciao Stephan