bisecting cause commit starting from 4710e78940d8d957f24b8f085f961f1279f8fbff building syzkaller on 8bd6bd63656d411729c450d452e1355b42adf900 testing commit 4710e78940d8d957f24b8f085f961f1279f8fbff with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in crypto_gcm_init_common testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc run #1: crashed: KASAN: use-after-free Write in padata_parallel_worker run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: KASAN: use-after-free Read in padata_do_parallel run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Write in padata_parallel_worker run #9: crashed: KASAN: use-after-free Write in padata_parallel_worker testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: KASAN: use-after-free Write in padata_parallel_worker run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: KASAN: use-after-free Write in padata_parallel_worker run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Write in padata_parallel_worker run #9: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.14 v4.13 Bisecting: 7300 revisions left to test after this (roughly 13 steps) [15d8ffc96464f6571ecf22043c45fad659f11bdd] Merge tag 'mmc-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 15d8ffc96464f6571ecf22043c45fad659f11bdd with gcc (GCC) 8.1.0 all runs: OK # git bisect good 15d8ffc96464f6571ecf22043c45fad659f11bdd Bisecting: 3465 revisions left to test after this (roughly 12 steps) [e90937e756938f03d37d4cae7c82316a3a425944] Merge tag 'armsoc-devicetree' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit e90937e756938f03d37d4cae7c82316a3a425944 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e90937e756938f03d37d4cae7c82316a3a425944 Bisecting: 1724 revisions left to test after this (roughly 11 steps) [a3583202e8292540fae38ed44bd49d77e35286c2] Merge tag 'drm-fixes-for-v4.14-rc3' of git://people.freedesktop.org/~airlied/linux testing commit a3583202e8292540fae38ed44bd49d77e35286c2 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Write in padata_parallel_worker # git bisect bad a3583202e8292540fae38ed44bd49d77e35286c2 Bisecting: 884 revisions left to test after this (roughly 10 steps) [b38923a068c10fc36ca8f596d650d095ce390b85] Merge tag 'firmware_removal-4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit b38923a068c10fc36ca8f596d650d095ce390b85 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b38923a068c10fc36ca8f596d650d095ce390b85 Bisecting: 442 revisions left to test after this (roughly 9 steps) [9ae0b37e69ca7143cb338f183ce326442c8dd8be] Merge tag 'iommu-fixes-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu testing commit 9ae0b37e69ca7143cb338f183ce326442c8dd8be with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9ae0b37e69ca7143cb338f183ce326442c8dd8be Bisecting: 219 revisions left to test after this (roughly 8 steps) [6e7f253801a2c7e6274b702e5cbda78b89122470] Merge tag 'devicetree-fixes-for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 6e7f253801a2c7e6274b702e5cbda78b89122470 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6e7f253801a2c7e6274b702e5cbda78b89122470 Bisecting: 97 revisions left to test after this (roughly 7 steps) [225d3b67482930ff5a9f49ad307deffd97ce04c1] Merge tag 'linux-kselftest-4.14-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit 225d3b67482930ff5a9f49ad307deffd97ce04c1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 225d3b67482930ff5a9f49ad307deffd97ce04c1 Bisecting: 53 revisions left to test after this (roughly 6 steps) [770b782f555d663d133fcd4dc1632023f79357b9] Merge tag 'acpi-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 770b782f555d663d133fcd4dc1632023f79357b9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 770b782f555d663d133fcd4dc1632023f79357b9 Bisecting: 26 revisions left to test after this (roughly 5 steps) [9f2a5128b94beb6bb63d8fc03d67f47203b04b3a] Merge tag 'for-linus-4.14c-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 9f2a5128b94beb6bb63d8fc03d67f47203b04b3a with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: KASAN: use-after-free Write in padata_parallel_worker run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: KASAN: use-after-free Write in padata_parallel_worker run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Write in padata_parallel_worker run #9: crashed: KASAN: use-after-free Write in padata_parallel_worker # git bisect bad 9f2a5128b94beb6bb63d8fc03d67f47203b04b3a Bisecting: 13 revisions left to test after this (roughly 4 steps) [2569e7e1d684e418ba7ffc9d0ad9a5f5247df0a0] Merge commit 'keys-fixes-20170927' into fixes-v4.14-rc3 testing commit 2569e7e1d684e418ba7ffc9d0ad9a5f5247df0a0 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Write in padata_parallel_worker # git bisect bad 2569e7e1d684e418ba7ffc9d0ad9a5f5247df0a0 Bisecting: 6 revisions left to test after this (roughly 3 steps) [237bbd29f7a049d310d907f4b2716a7feef9abf3] KEYS: prevent creating a different user's keyrings testing commit 237bbd29f7a049d310d907f4b2716a7feef9abf3 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 237bbd29f7a049d310d907f4b2716a7feef9abf3 Bisecting: 3 revisions left to test after this (roughly 2 steps) [4aa68e07d845562561f5e73c04aa521376e95252] KEYS: restrict /proc/keys by credentials at open time testing commit 4aa68e07d845562561f5e73c04aa521376e95252 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4aa68e07d845562561f5e73c04aa521376e95252 Bisecting: 1 revision left to test after this (roughly 1 step) [910801809b2e40a4baedd080ef5d80b4a180e70e] security/keys: properly zero out sensitive key material in big_key testing commit 910801809b2e40a4baedd080ef5d80b4a180e70e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 910801809b2e40a4baedd080ef5d80b4a180e70e Bisecting: 0 revisions left to test after this (roughly 0 steps) [428490e38b2e352812e0b765d8bceafab0ec441d] security/keys: rewrite all of big_key crypto testing commit 428490e38b2e352812e0b765d8bceafab0ec441d with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc run #1: crashed: KASAN: use-after-free Write in padata_parallel_worker run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: KASAN: use-after-free Write in padata_parallel_worker run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Write in padata_parallel_worker run #9: crashed: KASAN: use-after-free Write in padata_parallel_worker # git bisect bad 428490e38b2e352812e0b765d8bceafab0ec441d 428490e38b2e352812e0b765d8bceafab0ec441d is the first bad commit commit 428490e38b2e352812e0b765d8bceafab0ec441d Author: Jason A. Donenfeld Date: Wed Sep 20 16:58:39 2017 +0200 security/keys: rewrite all of big_key crypto This started out as just replacing the use of crypto/rng with get_random_bytes_wait, so that we wouldn't use bad randomness at boot time. But, upon looking further, it appears that there were even deeper underlying cryptographic problems, and that this seems to have been committed with very little crypto review. So, I rewrote the whole thing, trying to keep to the conventions introduced by the previous author, to fix these cryptographic flaws. It makes no sense to seed crypto/rng at boot time and then keep using it like this, when in fact there's already get_random_bytes_wait, which can ensure there's enough entropy and be a much more standard way of generating keys. Since this sensitive material is being stored untrusted, using ECB and no authentication is simply not okay at all. I find it surprising and a bit horrifying that this code even made it past basic crypto review, which perhaps points to some larger issues. This patch moves from using AES-ECB to using AES-GCM. Since keys are uniquely generated each time, we can set the nonce to zero. There was also a race condition in which the same key would be reused at the same time in different threads. A mutex fixes this issue now. So, to summarize, this commit fixes the following vulnerabilities: * Low entropy key generation, allowing an attacker to potentially guess or predict keys. * Unauthenticated encryption, allowing an attacker to modify the cipher text in particular ways in order to manipulate the plaintext, which is is even more frightening considering the next point. * Use of ECB mode, allowing an attacker to trivially swap blocks or compare identical plaintext blocks. * Key re-use. * Faulty memory zeroing. Signed-off-by: Jason A. Donenfeld Reviewed-by: Eric Biggers Signed-off-by: David Howells Cc: Herbert Xu Cc: Kirill Marinushkin Cc: security@kernel.org Cc: stable@vger.kernel.org security/keys/Kconfig | 4 +- security/keys/big_key.c | 127 ++++++++++++++++++++++-------------------------- 2 files changed, 60 insertions(+), 71 deletions(-) revisions tested: 22, total time: 4h1m29.5833547s (build: 1h28m57.085612876s, test: 2h28m25.44990859s) first bad commit: 428490e38b2e352812e0b765d8bceafab0ec441d security/keys: rewrite all of big_key crypto cc: ["dhowells@redhat.com" "ebiggers3@gmail.com" "herbert@gondor.apana.org.au" "jason@zx2c4.com" "k.marinushkin@gmail.com" "security@kernel.org"] crash: KASAN: use-after-free Write in padata_parallel_worker bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state ================================================================== BUG: KASAN: use-after-free in list_replace include/linux/list.h:140 [inline] BUG: KASAN: use-after-free in list_replace_init include/linux/list.h:148 [inline] BUG: KASAN: use-after-free in padata_parallel_worker+0x633/0x660 kernel/padata.c:74 Write of size 8 at addr ffff88006b4cf718 by task kworker/0:1/553 CPU: 0 PID: 553 Comm: kworker/0:1 Not tainted 4.14.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Workqueue: pencrypt padata_parallel_worker Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:52 print_address_description.cold.7+0x9/0x1c9 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report.cold.8+0x121/0x2da mm/kasan/report.c:409 __asan_report_store8_noabort+0x17/0x20 mm/kasan/report.c:435 list_replace include/linux/list.h:140 [inline] list_replace_init include/linux/list.h:148 [inline] padata_parallel_worker+0x633/0x660 kernel/padata.c:74 process_one_work+0x9f7/0x1a80 kernel/workqueue.c:2119 worker_thread+0x215/0x1820 kernel/workqueue.c:2253 kthread+0x376/0x440 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 Allocated by task 6509: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:551 __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x14e/0x7b0 mm/slab.c:3734 kmalloc include/linux/slab.h:498 [inline] tls_do_encryption net/tls/tls_sw.c:222 [inline] tls_push_record+0x6b8/0x12d0 net/tls/tls_sw.c:264 tls_sw_push_pending_record+0xe/0x10 net/tls/tls_sw.c:292 tls_handle_open_record net/tls/tls_main.c:133 [inline] tls_sk_proto_close+0x5bc/0x980 net/tls/tls_main.c:221 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:425 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:433 sock_release+0x83/0x190 net/socket.c:597 sock_close+0xd/0x20 net/socket.c:1126 __fput+0x2db/0x910 fs/file_table.c:210 ____fput+0x9/0x10 fs/file_table.c:244 task_work_run+0x15e/0x240 kernel/task_work.c:112 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x216/0x280 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath+0x341/0x400 arch/x86/entry/common.c:266 entry_SYSCALL_64_fastpath+0xc0/0xc2 Freed by task 6509: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:524 __cache_free mm/slab.c:3503 [inline] kfree+0xcc/0x270 mm/slab.c:3820 tls_do_encryption net/tls/tls_sw.c:238 [inline] tls_push_record+0x9ae/0x12d0 net/tls/tls_sw.c:264 tls_sw_push_pending_record+0xe/0x10 net/tls/tls_sw.c:292 tls_handle_open_record net/tls/tls_main.c:133 [inline] tls_sk_proto_close+0x5bc/0x980 net/tls/tls_main.c:221 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:425 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:433 sock_release+0x83/0x190 net/socket.c:597 sock_close+0xd/0x20 net/socket.c:1126 __fput+0x2db/0x910 fs/file_table.c:210 ____fput+0x9/0x10 fs/file_table.c:244 task_work_run+0x15e/0x240 kernel/task_work.c:112 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x216/0x280 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath+0x341/0x400 arch/x86/entry/common.c:266 entry_SYSCALL_64_fastpath+0xc0/0xc2 The buggy address belongs to the object at ffff88006b4cf6c0 which belongs to the cache kmalloc-1024 of size 1024 The buggy address is located 88 bytes inside of 1024-byte region [ffff88006b4cf6c0, ffff88006b4cfac0) The buggy address belongs to the page: page:ffffea0001ad3380 count:1 mapcount:0 mapping:ffff88006b4ce040 index:0x0 compound_mapcount: 0 flags: 0x1fffc0000008100(slab|head) raw: 01fffc0000008100 ffff88006b4ce040 0000000000000000 0000000100000007 raw: ffffea00017c1620 ffffea0001a465a0 ffff88006c000ac0 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88006b4cf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006b4cf680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb >ffff88006b4cf700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88006b4cf780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88006b4cf800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================