BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk_done crypto	C			2	2336d	2336d	3/26	fixed on 2018/01/11 01:23

RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 RDX: 0000000020000240 RSI: 0000000000000006 RDI: 0000000000000004 RBP: 00007ffd3d5ef4b0 R08: 0000000000000002 R09: 0000000000000000 R10: 0000008000000008 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000 BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 PGD 8000000202db7067 P4D 8000000202db7067 PUD 1fecd1067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 1 PID: 5994 Comm: syz-executor705 Not tainted 4.18.0-rc8+ #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:85 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:119 [inline] RIP: 0010:blkcipher_walk_done+0x18e/0x290 crypto/blkcipher.c:124 Code: 45 28 49 8b 5d 38 8b 43 0c 03 43 08 41 39 45 40 73 07 e8 05 f5 83 ff eb 18 e8 fe f4 83 ff 48 89 df e8 b6 74 0d 00 49 89 45 38 <8b> 40 08 41 89 45 40 45 89 7d 48 45 89 7d 30 41 f6 46 11 02 75 07 RSP: 0018:ffff8801fecdf948 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88020c6aea90 RCX: ffff88020c6a0000 RDX: 0000000000000000 RSI: ffff8801fecdf9a0 RDI: ffff88020c6aea90 RBP: ffff8801fecdf970 R08: ffff880204cf2cec R09: 0000000000000082 R10: 000000000000d99b R11: 000000008484435b R12: 0000000000000010 R13: ffff8801fecdf9a0 R14: ffff8801fecdfa88 R15: 0000000000000ff0 FS: 000000000183e880(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000204c2c000 CR4: 00000000001406e0 Call Trace: crypto_ctr_crypt+0x21c/0x250 crypto/ctr.c:146 skcipher_crypt_blkcipher crypto/skcipher.c:623 [inline] skcipher_encrypt_blkcipher+0x49/0x50 crypto/skcipher.c:632 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline] crypto_gcm_encrypt+0xd1/0x160 crypto/gcm.c:483 crypto_aead_encrypt include/crypto/aead.h:335 [inline] tls_do_encryption net/tls/tls_sw.c:211 [inline] tls_push_record+0x1f0/0x470 net/tls/tls_sw.c:247 tls_sw_sendpage+0x380/0x4d0 net/tls/tls_sw.c:601 inet_sendpage+0x11d/0x1c0 net/ipv4/af_inet.c:815 kernel_sendpage net/socket.c:3334 [inline] sock_sendpage+0x63/0x90 net/socket.c:867 pipe_to_sendpage+0x93/0xb0 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0xdd/0x2a0 fs/splice.c:627 splice_from_pipe fs/splice.c:662 [inline] generic_splice_sendpage+0x6e/0x90 fs/splice.c:833 do_splice_from fs/splice.c:852 [inline] direct_splice_actor+0x42/0x50 fs/splice.c:1019 splice_direct_to_actor+0x174/0x350 fs/splice.c:974 do_splice_direct+0x87/0xe0 fs/splice.c:1062 do_sendfile+0x424/0x680 fs/read_write.c:1440 __do_sys_sendfile64 fs/read_write.c:1495 [inline] __se_sys_sendfile64 fs/read_write.c:1487 [inline] __x64_sys_sendfile64+0x59/0xb0 fs/read_write.c:1487 do_syscall_64+0x61/0x90 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x442759 Code: e8 bc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 02 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd3d5ef348 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 RDX: 0000000020000240 RSI: 0000000000000006 RDI: 0000000000000004 RBP: 00007ffd3d5ef4b0 R08: 0000000000000002 R09: 0000000000000000 R10: 0000008000000008 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: 0000000000000008 BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 ---[ end trace 8c575ab9cf1bcd3b ]--- PGD 80000002069d3067 P4D 80000002069d3067 PUD 1fec7a067 PMD 0 Oops: 0000 [#2] SMP PTI CPU: 0 PID: 5991 Comm: syz-executor705 Tainted: G D 4.18.0-rc8+ #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:85 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:119 [inline] RIP: 0010:blkcipher_walk_done+0x18e/0x290 crypto/blkcipher.c:124 Code: RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:85 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:119 [inline] RIP: 0010:blkcipher_walk_done+0x18e/0x290 crypto/blkcipher.c:124 45 28 49 8b 5d 38 8b 43 0c 03 43 08 41 39 45 40 73 07 e8 05 f5 83 ff eb 18 Code: e8 fe f4 83 ff 48 89 df e8 b6 74 0d 00 49 89 45 38 <8b> 40 08 41 89 45 40 45 89 7d 45 48 45 89 7d 30 41 f6 46 11 02 75 07 RSP: 0018:ffff880204d7b948 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff880204db0290 RCX: ffff880208c30000 RDX: 0000000000000000 RSI: ffff880204d7b9a0 RDI: ffff880204db0290 RBP: ffff880204d7b970 R08: ffff880204d834ec R09: 0000000000000082 R10: 000000000000d99b R11: 000000008484435b R12: 0000000000000010 28 R13: ffff880204d7b9a0 R14: ffff880204d7ba88 R15: 0000000000000ff0 FS: 000000000183e880(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000204ca6000 CR4: 00000000001406f0 Call Trace: crypto_ctr_crypt+0x21c/0x250 crypto/ctr.c:146 49 skcipher_crypt_blkcipher crypto/skcipher.c:623 [inline] skcipher_encrypt_blkcipher+0x49/0x50 crypto/skcipher.c:632 8b crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline] crypto_gcm_encrypt+0xd1/0x160 crypto/gcm.c:483 crypto_aead_encrypt include/crypto/aead.h:335 [inline] tls_do_encryption net/tls/tls_sw.c:211 [inline] tls_push_record+0x1f0/0x470 net/tls/tls_sw.c:247 5d tls_sw_sendpage+0x380/0x4d0 net/tls/tls_sw.c:601 inet_sendpage+0x11d/0x1c0 net/ipv4/af_inet.c:815 38 kernel_sendpage net/socket.c:3334 [inline] sock_sendpage+0x63/0x90 net/socket.c:867 pipe_to_sendpage+0x93/0xb0 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0xdd/0x2a0 fs/splice.c:627 8b splice_from_pipe fs/splice.c:662 [inline] generic_splice_sendpage+0x6e/0x90 fs/splice.c:833 do_splice_from fs/splice.c:852 [inline] direct_splice_actor+0x42/0x50 fs/splice.c:1019 43 splice_direct_to_actor+0x174/0x350 fs/splice.c:974 do_splice_direct+0x87/0xe0 fs/splice.c:1062 do_sendfile+0x424/0x680 fs/read_write.c:1440 0c __do_sys_sendfile64 fs/read_write.c:1495 [inline] __se_sys_sendfile64 fs/read_write.c:1487 [inline] __x64_sys_sendfile64+0x59/0xb0 fs/read_write.c:1487 do_syscall_64+0x61/0x90 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x442759 03 Code: e8 bc e6 ff ff 48 83 c4 18 c3 0f 1f 43 80 00 00 00 00 48 89 f8 48 89 f7 48 89 08 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 41 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 02 39 fc ff c3 66 2e 0f 1f 84 00 00 00 00 45 RSP: 002b:00007ffd3d5ef348 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 RDX: 0000000020000240 RSI: 0000000000000006 RDI: 0000000000000004 RBP: 00007ffd3d5ef4b0 R08: 0000000000000002 R09: 0000000000000000 R10: 0000008000000008 R11: 0000000000000246 R12: ffffffffffffffff 40 R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: Dumping ftrace buffer: 73 (ftrace buffer empty) CR2: 0000000000000008 ---[ end trace 8c575ab9cf1bcd3c ]--- 07 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:85 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:119 [inline] RIP: 0010:blkcipher_walk_done+0x18e/0x290 crypto/blkcipher.c:124 e8 Code: 05 45 f5 28 83 49 ff 8b eb 5d 18 38 8b e8 43 fe 0c f4 03 83 43 ff 08 48 41 89 39 df e8 45 b6 40 74 73 0d 07 00 e8 49 05 89 f5 45 83 38 ff <8b> eb 40 18 08 e8 41 fe 89 f4 45 83 40 ff 45 89 48 7d 89 48 df 45 89 e8 7d b6 30 74 41 0d f6 00 46 49 11 89 02 45 75 38 07 <8b> 40 RSP: 0018:ffff8801fecdf948 EFLAGS: 00010246 08 41 RAX: 0000000000000000 RBX: ffff88020c6aea90 RCX: ffff88020c6a0000 89 RDX: 0000000000000000 RSI: ffff8801fecdf9a0 RDI: ffff88020c6aea90 45 RBP: ffff8801fecdf970 R08: ffff880204cf2cec R09: 0000000000000082 40 R10: 000000000000d99b R11: 000000008484435b R12: 0000000000000010 45 R13: ffff8801fecdf9a0 R14: ffff8801fecdfa88 R15: 0000000000000ff0 89 FS: 000000000183e880(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 7d CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 48 CR2: 0000000000000008 CR3: 0000000204c2c000 CR4: 00000000001406e0 45

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/08/09 16:02	https://github.com/google/kmsan.git master	0cc51dc9a291	1fb62d58	.config	console log	report	syz	C	ci-upstream-kmsan-gce
2018/08/09 13:20	https://github.com/google/kmsan.git master	0cc51dc9a291	2eeda842	.config	console log	report	syz		ci-upstream-kmsan-gce
2018/08/10 00:00	https://github.com/google/kmsan.git master	0cc51dc9a291	1fb62d58	.config	console log	report			ci-upstream-kmsan-gce
2018/08/09 15:32	https://github.com/google/kmsan.git master	0cc51dc9a291	1fb62d58	.config	console log	report			ci-upstream-kmsan-gce
2018/08/09 13:02	https://github.com/google/kmsan.git master	0cc51dc9a291	2eeda842	.config	console log	report			ci-upstream-kmsan-gce

Crashes (5):

Assets (help?)