From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEXHASH_WORD,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 120BAC48BD4 for ; Tue, 25 Jun 2019 05:50:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C1D332086D for ; Tue, 25 Jun 2019 05:50:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561441827; bh=F4hnGGzLY7usgKkIJXUMIpR6+bTNeqaaCYN4sn1twcM=; h=Date:From:To:Cc:Subject:List-ID:From; b=tYOu7cR51nAdWf9PoqLRLlCC6rZyJHPVUWCy9zQfmHYUIFOG5vmOunRObcst7h04t jq/G9JXd7u/dq93/y92UF5ojDBBMgR1Yjwt8KGaOmen6FGdckdU20kuHB6ZSXr3Lc5 wywjVV+TDtVP7s7xP8RhShRU428Tp5boQ4780Uu4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728727AbfFYFuY (ORCPT ); Tue, 25 Jun 2019 01:50:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:54610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728533AbfFYFuX (ORCPT ); Tue, 25 Jun 2019 01:50:23 -0400 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 12E042085A; Tue, 25 Jun 2019 05:50:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561441821; bh=F4hnGGzLY7usgKkIJXUMIpR6+bTNeqaaCYN4sn1twcM=; h=Date:From:To:Cc:Subject:From; b=lUeC8HVd7pbrzAekLs8nLyKLsEx2T21FWGdhoklL8FbrrilG+U1G8Eb2Vyq1Qeh7M 792ZlqZj+eWDb8xI/5LXsRLXBdPRchtXgdjfSR2h3pWM8siH1NmQSr1IoKlh+yLeWR LtRumikhrtyfmXLEE/yXZaAykE7DcXQoXeINRjKI= Date: Mon, 24 Jun 2019 22:50:19 -0700 From: Eric Biggers To: netdev@vger.kernel.org, Boris Pismenny , Aviad Yehezkel , Dave Watson , John Fastabend , Daniel Borkmann , "David S. Miller" , Vakul Garg Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Reminder: 17 open syzbot bugs in "net/tls" subsystem Message-ID: <20190625055019.GD17703@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.12.1 (2019-06-15) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org [This email was generated by a script. Let me know if you have any suggestions to make it better.] Of the currently open syzbot reports against the upstream kernel, I've manually marked 17 of them as possibly being bugs in the "net/tls" subsystem. I've listed these reports below, sorted by an algorithm that tries to list first the reports most likely to be still valid, important, and actionable. Of these 17 bugs, 7 were seen in mainline in the last week. Of these 17 bugs, 6 were bisected to commits from the following people: Dave Watson Vakul Garg Boris Pismenny Daniel Borkmann If you believe a bug is no longer valid, please close the syzbot report by sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the original thread, as explained at https://goo.gl/tpsmEJ#status If you believe I misattributed a bug to the "net/tls" subsystem, please let me know, and if possible forward the report to the correct people or mailing list. Here are the bugs: -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in tls_write_space Last occurred: 0 days ago Reported: 353 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=3ff26cb6000860a73428556d7df314541369c939 Original thread: https://lkml.kernel.org/lkml/0000000000003dab1605704fb71d@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+2134b6b74dec9f8c760f@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000003dab1605704fb71d@google.com -------------------------------------------------------------------------------- Title: KMSAN: uninit-value in gf128mul_4k_lle (3) Last occurred: 0 days ago Reported: 213 days ago Branches: Mainline (with KMSAN patches) Dashboard link: https://syzkaller.appspot.com/bug?id=a01db4c67933e9e4be8e721a8ee15a9530f1ac04 Original thread: https://lkml.kernel.org/lkml/000000000000bf2457057b5ccda3@google.com/T/#u This bug has a C reproducer. The original thread for this bug received 2 replies; the last was 208 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+f8495bff23a879a6d0bd@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000bf2457057b5ccda3@google.com -------------------------------------------------------------------------------- Title: INFO: task hung in tls_sw_free_resources_tx Last occurred: 6 days ago Reported: 202 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=44ae4b4fa7e6c6e92aa921d2ec20ce9fbee97939 Original thread: https://lkml.kernel.org/lkml/000000000000cab053057c2e5202@google.com/T/#u This bug has a C reproducer. This bug was bisected to: commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 Author: Dave Watson Date: Wed Jun 14 18:37:39 2017 +0000   tls: kernel TLS support No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+503339bf3c9053b8a7fc@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000cab053057c2e5202@google.com -------------------------------------------------------------------------------- Title: INFO: task hung in __flush_work Last occurred: 0 days ago Reported: 128 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=9613d8dffb5c6cc39da8ec290cb8f3eb62bdf21f Original thread: https://lkml.kernel.org/lkml/0000000000008f9c780581fd7417@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+aa0b64a57e300a1c6bcc@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000008f9c780581fd7417@google.com -------------------------------------------------------------------------------- Title: kernel BUG at include/linux/scatterlist.h:LINE! Last occurred: 1 day ago Reported: 33 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=effb623cefb879664122cc47df3af728957eb279 Original thread: https://lkml.kernel.org/lkml/000000000000f41cd905897c075e@google.com/T/#u This bug has a C reproducer. This bug was bisected to: commit f295b3ae9f5927e084bd5decdff82390e3471801 Author: Vakul Garg Date: Wed Mar 20 02:03:36 2019 +0000   net/tls: Add support of AES128-CCM based ciphers The original thread for this bug has received 1 reply, 14 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread, which had activity only 14 days ago. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000f41cd905897c075e@google.com -------------------------------------------------------------------------------- Title: kernel BUG at ./include/linux/scatterlist.h:LINE! Last occurred: 5 days ago Reported: 4 days ago Branches: Mainline Dashboard link: https://syzkaller.appspot.com/bug?id=3008161aab5958fe4125a4cae3e4b7ad3ea50a26 Original thread: https://lkml.kernel.org/lkml/000000000000417551058bc0bef9@google.com/T/#u This bug has a C reproducer. This bug was bisected to: commit f295b3ae9f5927e084bd5decdff82390e3471801 Author: Vakul Garg Date: Wed Mar 20 02:03:36 2019 +0000   net/tls: Add support of AES128-CCM based ciphers No one has replied to the original thread for this bug yet. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+ef0daa6ce95facb233c1@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000417551058bc0bef9@google.com -------------------------------------------------------------------------------- Title: kernel BUG at include/linux/mm.h:LINE! (5) Last occurred: 42 days ago Reported: 112 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=c14d620a28ea77843c2632f5b05b315c44a2dd06 Original thread: https://lkml.kernel.org/lkml/00000000000054cc6d05834c33d7@google.com/T/#u This bug has a C reproducer. This bug was bisected to: commit 94850257cf0f88b20db7644f28bfedc7d284de15 Author: Boris Pismenny Date: Wed Feb 27 15:38:03 2019 +0000   tls: Fix tls_device handling of partial records The original thread for this bug received 1 reply, 111 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+5013d47539cdd43e7098@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000054cc6d05834c33d7@google.com -------------------------------------------------------------------------------- Title: WARNING: ODEBUG bug in tls_sw_free_resources_tx Last occurred: 7 days ago Reported: 230 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=f4b5189b77d5defcd01b7177411ebb8717b7ca45 Original thread: https://lkml.kernel.org/lkml/00000000000062c5c3057a095d25@google.com/T/#u Unfortunately, this bug does not have a reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+70ab6a1f8151888c4ea0@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000062c5c3057a095d25@google.com -------------------------------------------------------------------------------- Title: memory leak in create_ctx Last occurred: 16 days ago Reported: 16 days ago Branches: Mainline Dashboard link: https://syzkaller.appspot.com/bug?id=3497d93558e378dec6f6583bedd163778c79d0dd Original thread: https://lkml.kernel.org/lkml/000000000000a420af058ad4bca2@google.com/T/#u This bug has a syzkaller reproducer only. The original thread for this bug has received 5 replies; the last was 10 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+06537213db7ba2745c4a@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread, which had activity only 10 days ago. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000a420af058ad4bca2@google.com -------------------------------------------------------------------------------- Title: WARNING in sk_stream_kill_queues (3) Last occurred: 16 days ago Reported: 375 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=1557fb40b5ed0a1ed2ba18268e04da194674d770 Original thread: https://lkml.kernel.org/lkml/000000000000013b0d056e997fec@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+13e1ee9caeab5a9abc62@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000013b0d056e997fec@google.com -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in generic_gcmaes_encrypt Last occurred: 145 days ago Reported: 271 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=27ba7fbc34f9b61adecf2615022db00a6fb61211 Original thread: https://lkml.kernel.org/lkml/000000000000d014010576cc00f4@google.com/T/#u This bug has a C reproducer. This bug was bisected to: commit a42055e8d2c30d4decfc13ce943d09c7b9dad221 Author: Vakul Garg Date: Fri Sep 21 04:16:13 2018 +0000   net/tls: Add support for async encryption of records for performance The original thread for this bug received 2 replies; the last was 270 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+6d3612ba5e254e387153@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000d014010576cc00f4@google.com -------------------------------------------------------------------------------- Title: general protection fault in tcp_cleanup_ulp Last occurred: 276 days ago Reported: 291 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=24f95d3de36dd102ee36510385eec785fe08ad0d Original thread: https://lkml.kernel.org/lkml/00000000000006602605752ffa1a@google.com/T/#u This bug has a syzkaller reproducer only. This bug was bisected to: commit 90545cdc3f2b2ea700e24335610cd181e73756da Author: Daniel Borkmann Date: Thu Aug 16 19:49:07 2018 +0000   tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+0b3ccd4f62dac2cf3a7d@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000006602605752ffa1a@google.com -------------------------------------------------------------------------------- Title: INFO: task hung in tls_sw_sendmsg Last occurred: 5 days ago Reported: 105 days ago Branches: net and net-next Dashboard link: https://syzkaller.appspot.com/bug?id=706f5d1339aa1c10348c96d852da1c1e34e5b7bd Original thread: https://lkml.kernel.org/lkml/0000000000006a71990583cd3d9c@google.com/T/#u Unfortunately, this bug does not have a reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+8a6df99c3b1812093b70@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000006a71990583cd3d9c@google.com -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in crypto_gcm_init_common Last occurred: 165 days ago Reported: 230 days ago Branches: Mainline and others Dashboard link: https://syzkaller.appspot.com/bug?id=979d00397272e11bc334ec842074d314bde41b90 Original thread: https://lkml.kernel.org/lkml/00000000000060e0ae057a092be8@google.com/T/#u This bug has a C reproducer. syzbot has bisected this bug, but I think the bisection result is incorrect. The original thread for this bug received 2 replies; the last was 62 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+e736399a2c4054612307@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000060e0ae057a092be8@google.com -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in timer_is_static_object (2) Last occurred: 14 days ago Reported: 40 days ago Branches: net-next Dashboard link: https://syzkaller.appspot.com/bug?id=aa9951fb518f1e883b28a0675789ff2fc82c8bf5 Original thread: https://lkml.kernel.org/lkml/000000000000f29ffd0588e669d4@google.com/T/#u Unfortunately, this bug does not have a reproducer. No one has replied to the original thread for this bug yet. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+81215bf96c82318c7e74@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000f29ffd0588e669d4@google.com -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in tls_push_sg Last occurred: 38 days ago Reported: 38 days ago Branches: net-next Dashboard link: https://syzkaller.appspot.com/bug?id=244990e1ccfdb940c14114668b0a967198582f04 Original thread: https://lkml.kernel.org/lkml/0000000000000d1491058919b662@google.com/T/#u Unfortunately, this bug does not have a reproducer. No one has replied to the original thread for this bug yet. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+66fbe4719f6ef22754ee@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000000d1491058919b662@google.com -------------------------------------------------------------------------------- Title: KASAN: slab-out-of-bounds Read in tls_write_space Last occurred: 272 days ago Reported: 272 days ago Branches: linux-next and net-next Dashboard link: https://syzkaller.appspot.com/bug?id=748ab8de777f23e8265027741072c68feb62a527 Original thread: https://lkml.kernel.org/lkml/0000000000000a5b840576bad225@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+12638b747fd208f6cff0@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000000a5b840576bad225@google.com