From patchwork Mon Apr 9 07:57:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Vyukov X-Patchwork-Id: 10330717 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CE4796053B for ; Mon, 9 Apr 2018 07:58:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C2F0928A6C for ; Mon, 9 Apr 2018 07:58:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B6987289D8; Mon, 9 Apr 2018 07:58:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F5F8289D8 for ; Mon, 9 Apr 2018 07:58:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752037AbeDIH6K (ORCPT ); Mon, 9 Apr 2018 03:58:10 -0400 Received: from mail-pl0-f68.google.com ([209.85.160.68]:45069 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751770AbeDIH6H (ORCPT ); Mon, 9 Apr 2018 03:58:07 -0400 Received: by mail-pl0-f68.google.com with SMTP id e22-v6so2890350plj.12 for ; Mon, 09 Apr 2018 00:58:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=N8jLg6d52Obj/qtaHC3jVzgCHFQO8+E+JC2O+gUBvlc=; b=NvnuXOfwymgAi88RZur7IS8Pkfo+Oc02IWes6qAq/Mn8owboVyRfcsL0T0HpmmaRZ1 e15zMWP0uzoC7cvIMjjVD/SQGLEysbme6vsY4GG2GaEahGxFZXTs5DbIJsZKsMd/LHOx 0q1oR803OMkxppmhwdO5VnnsEc8QcO+fZClg6/XmVdA5iKpxqfgMwlQNhXr5N8SG/d+8 QNWhfxOivlvsSrLdg/QIXapIP3B7UNq/gwMxr0ngb6cP3TbL7R/Iys3WvpRrfId8nZDE SQXNmtT1OfhqEoHy6Zd0QECFgCbjolQvTFeEQER+OPJHm8UbdfvZbY+li8f7E1STJn5G 7gSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N8jLg6d52Obj/qtaHC3jVzgCHFQO8+E+JC2O+gUBvlc=; b=U2JG6iCFsZIpX87MBjRZWGdcX6meHT+xSbJXzm+Y4ePIO0gaZteQnjsHC1OEy9ZQ7k srjWWjP1ibf78OVGY3B7KWud3X3PvAOIm7ggs80oYhochpfudbxoz6+VS7sgkAnlRvqL ntwVGbU96g4WmL7sCXWQPsyALVQvBlWX3e/SRPa2xiTnbi3PZcwArWZg5g4l8TRDo6va nUHdEScTYmAwLSqDRonhrZZ1VfUgiq2xx5Ag9xULbQu7kC6cCbMXeLOKlsi/NWpv9dzS 9BzssLtil2rH4ac4sMEI3U+chFuULvLKIjgKiPWrJE0TUaHsq7iZBzkMa70j7SD7GW1S Wixg== X-Gm-Message-State: ALQs6tD2xBldBGzE8ki0a8qhuazjkBFFRrjrO2G5Vs2tH1Yl/qwmxZJg wRQreGYt0sCzkrIruEexkGiAnlEdsv2HI9kA2h0oaQ== X-Google-Smtp-Source: AIpwx48KmBHCt9PTXhAndKI7bjzx34YhDK9FppmnGKZqDJzeKKEMMsQjadNDJdPrpih1fE+6kB76RRoYiDmEy0Nt070= X-Received: by 2002:a17:902:820d:: with SMTP id x13-v6mr506609pln.225.1523260686314; Mon, 09 Apr 2018 00:58:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.182.136 with HTTP; Mon, 9 Apr 2018 00:57:45 -0700 (PDT) In-Reply-To: <58589900.TM7ux0T285@tauon.chronox.de> References: <001a114467482dbc4b05692df8f9@google.com> <6541596.TtyMCBNA0Q@positron.chronox.de> <20180408224603.GA32004@thunk.org> <58589900.TM7ux0T285@tauon.chronox.de> From: Dmitry Vyukov Date: Mon, 9 Apr 2018 09:57:45 +0200 Message-ID: Subject: Re: [PATCH] crypto: DRBG - guard uninstantion by lock To: Stephan Mueller Cc: "Theodore Y. Ts'o" , Matthew Wilcox , Herbert Xu , David Miller , linux-crypto@vger.kernel.org, Eric Biggers , syzbot , linux-fsdevel , LKML , syzkaller-bugs@googlegroups.com, Al Viro Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Mon, Apr 9, 2018 at 7:40 AM, Stephan Mueller wrote: > Am Montag, 9. April 2018, 00:46:03 CEST schrieb Theodore Y. Ts'o: > > Hi Theodore, >> >> So the syzbot will run while the patch goes through the normal e-mail >> review process, which is kind of neat. :-) > > Thank you very much for the hint. That is a neat feature indeed. > > As I came late to the party and I missed the original mails, I am wondering > about which GIT repo was used and which branch of it. With that, I would be > happy to resubmit with the test line. All syzbot reported bugs are available here: https://groups.google.com/forum/#!searchin/syzkaller-bugs/"WARNING$20in$20kmem_cache_free" and here: https://syzkaller.appspot.com/ But unfortunately testing won't work in this case, because I manually extracted a reproducer and syzbot does not know about it. This bug seems to lead to assorted silent heap corruptions and different manifestations each time, so it's difficult for syzbot to attribute a reproducer to the bug. When we debug it, it would be nice to understand why the heap corruption is silent and is not detected by KASAN and anything else, to prevent such unpleasant cases in future. I've tested it manually, but unfortunately kernel still crashed within a minute: $ git status HEAD detached at f2d285669aae Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) modified: crypto/drbg.c $ git diff # ./a.out ... [ 183.647874] FAULT_INJECTION: forcing a failure. [ 183.647874] name failslab, interval 1, probability 0, space 0, times 0 [ 183.648287] Call Trace: [ 183.648297] dump_stack+0x1b9/0x29f [ 183.648306] ? arch_local_irq_restore+0x52/0x52 [ 183.648318] ? __save_stack_trace+0x7e/0xd0 [ 183.651848] should_fail.cold.4+0xa/0x1a [ 183.652411] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.653138] ? kasan_kmalloc+0xc4/0xe0 [ 183.653694] ? __kmalloc+0x14e/0x760 [ 183.654206] ? drbg_kcapi_seed+0x776/0x12e0 [ 183.654798] ? crypto_rng_reset+0x7c/0x130 [ 183.655379] ? rng_setkey+0x25/0x30 [ 183.655882] ? alg_setsockopt+0x306/0x3b0 [ 183.656450] ? graph_lock+0x170/0x170 [ 183.656975] ? entry_SYSENTER_compat+0x70/0x7f [ 183.657606] ? find_held_lock+0x36/0x1c0 [ 183.658164] ? __lock_is_held+0xb5/0x140 [ 183.658728] ? check_same_owner+0x320/0x320 [ 183.659321] ? rcu_note_context_switch+0x710/0x710 [ 183.660000] should_failslab+0x124/0x180 [ 183.660561] __kmalloc+0x2c8/0x760 [ 183.661046] ? graph_lock+0x170/0x170 [ 183.661569] ? drbg_kcapi_seed+0x882/0x12e0 [ 183.662161] drbg_kcapi_seed+0x882/0x12e0 [ 183.662731] ? drbg_seed+0x10a0/0x10a0 [ 183.663267] ? lock_downgrade+0x8e0/0x8e0 [ 183.663833] ? lock_acquire+0x1dc/0x520 [ 183.664385] ? lock_release+0xa10/0xa10 [ 183.664934] ? check_same_owner+0x320/0x320 [ 183.665530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.666292] ? __check_object_size+0x95/0x5d9 [ 183.666904] ? sock_kmalloc+0x14e/0x1d0 [ 183.667444] ? mark_held_locks+0xc9/0x160 [ 183.668020] ? __might_sleep+0x95/0x190 [ 183.668567] crypto_rng_reset+0x7c/0x130 [ 183.669124] rng_setkey+0x25/0x30 [ 183.669598] ? rng_sock_destruct+0x90/0x90 [ 183.670176] alg_setsockopt+0x306/0x3b0 [ 183.670724] __compat_sys_setsockopt+0x315/0x7c0 [ 183.671375] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 183.672057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.672813] ? ksys_write+0x1a6/0x250 [ 183.673333] ? SyS_read+0x30/0x30 [ 183.673811] compat_SyS_setsockopt+0x34/0x50 [ 183.674416] ? scm_detach_fds_compat+0x440/0x440 [ 183.675079] do_fast_syscall_32+0x41f/0x10dc [ 183.675725] ? do_page_fault+0xee/0x8a7 [ 183.676284] ? do_int80_syscall_32+0xa70/0xa70 [ 183.676925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.677590] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.678348] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.679026] ? sysret32_from_system_call+0x5/0x3c [ 183.679694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.680380] entry_SYSENTER_compat+0x70/0x7f [ 183.681000] RIP: 0023:0xf7f0ecb9 [ 183.681488] RSP: 002b:00000000ffeb1e9c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 183.682606] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 183.683620] RDX: 0000000000000001 RSI: 00000000205b1fd0 RDI: 0000000000000000 [ 183.684602] RBP: 0000000020000040 R08: 0000000000000000 R09: 0000000000000000 [ 183.685622] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.686642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.687712] CPU: 0 PID: 5506 Comm: a.out Not tainted 4.16.0+ #4 [ 183.688602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 183.689764] BUG: unable to handle kernel [ 183.689776] Call Trace: [ 183.689782] NULL pointer dereference [ 183.690367] dump_stack+0x1b9/0x29f [ 183.690709] at 0000000000000106 [ 183.691237] ? arch_local_irq_restore+0x52/0x52 [ 183.691721] PGD 64a50067 [ 183.692164] should_fail.cold.4+0xa/0x1a [ 183.692747] P4D 64a50067 [ 183.693110] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.693620] PUD 61a17067 [ 183.693981] ? graph_lock+0x170/0x170 [ 183.694622] PMD 0 [ 183.694980] ? find_held_lock+0x36/0x1c0 [ 183.695766] ? __lock_is_held+0xb5/0x140 [ 183.696285] Oops: 0000 [#1] SMP KASAN [ 183.696852] ? check_same_owner+0x320/0x320 [ 183.697337] Modules linked in: [ 183.697962] ? rcu_note_context_switch+0x710/0x710 [ 183.697973] CPU: 2 PID: 4054 Comm: a.out Not tainted 4.16.0+ #4 [ 183.698436] ? drbg_init_hash_kernel+0x300/0x300 [ 183.699060] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 183.699942] should_failslab+0x124/0x180 [ 183.700559] RIP: 0010:qlist_free_all+0x37/0x160 [ 183.701763] __kmalloc+0x2c8/0x760 [ 183.702292] RSP: 0018:ffff880062de7050 EFLAGS: 00010246 [ 183.702976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.703437] RAX: ffff88000040008c RBX: 0000000000000282 RCX: 0000000000000000 [ 183.704205] ? drbg_kcapi_seed+0x776/0x12e0 [ 183.704804] RDX: ffffea0000010000 RSI: ffff88007ffdc39f RDI: 0000000000000282 [ 183.704812] RBP: ffff880062de7088 R08: ffff88006bb1ce78 R09: 0000000000000006 [ 183.705824] drbg_kcapi_seed+0x776/0x12e0 [ 183.706369] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.706377] R13: 000000000000000a R14: ffff88000040008c R15: ffffffff88b172a0 [ 183.707382] ? drbg_seed+0x10a0/0x10a0 [ 183.708311] FS: 0000000000000000(0000) GS:ffff88006c900000(0063) knlGS:0000000009fbd840 [ 183.708839] ? lock_downgrade+0x8e0/0x8e0 [ 183.709760] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 183.710760] ? lock_acquire+0x1dc/0x520 [ 183.711252] CR2: 0000000000000106 CR3: 00000000651d8002 CR4: 00000000001606e0 [ 183.711257] Call Trace: [ 183.712390] ? lock_release+0xa10/0xa10 [ 183.712922] quarantine_reduce+0x141/0x170 [ 183.713733] ? check_same_owner+0x320/0x320 [ 183.714246] kasan_kmalloc+0x99/0xe0 [ 183.715244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.715586] kasan_slab_alloc+0x12/0x20 [ 183.716143] ? __check_object_size+0x95/0x5d9 [ 183.716683] kmem_cache_alloc_node+0x131/0x780 [ 183.717282] ? sock_kmalloc+0x14e/0x1d0 [ 183.717760] ? do_raw_spin_unlock+0x1f9/0x2e0 [ 183.718520] ? mark_held_locks+0xc9/0x160 [ 183.719029] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 183.719654] ? __might_sleep+0x95/0x190 [ 183.720280] copy_process.part.39+0x16c4/0x6ee0 [ 183.720828] crypto_rng_reset+0x7c/0x130 [ 183.721434] ? trace_hardirqs_on+0xd/0x10 [ 183.722007] rng_setkey+0x25/0x30 [ 183.722596] ? debug_object_active_state+0x2e7/0x4e0 [ 183.723145] ? rng_sock_destruct+0x90/0x90 [ 183.723745] ? kasan_check_read+0x11/0x20 [ 183.724308] alg_setsockopt+0x306/0x3b0 [ 183.724845] ? rcu_is_watching+0x85/0x140 [ 183.725324] __compat_sys_setsockopt+0x315/0x7c0 [ 183.725972] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 183.726560] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 183.727091] ? __call_rcu.constprop.68+0x396/0xbb0 [ 183.727643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.728173] ? __cleanup_sighand+0x70/0x70 [ 183.728827] ? ksys_write+0x1a6/0x250 [ 183.729485] ? note_gp_changes+0x540/0x540 [ 183.730161] ? SyS_read+0x30/0x30 [ 183.730797] ? lock_downgrade+0x8e0/0x8e0 [ 183.731558] compat_SyS_setsockopt+0x34/0x50 [ 183.732109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.732636] ? scm_detach_fds_compat+0x440/0x440 [ 183.733180] ? tty_kref_put.part.14+0x81/0x250 [ 183.733657] do_fast_syscall_32+0x41f/0x10dc [ 183.734190] ? __cleanup_sighand+0x58/0x70 [ 183.734798] ? do_page_fault+0xee/0x8a7 [ 183.735505] ? do_raw_write_trylock+0x1b0/0x1b0 [ 183.736162] ? do_int80_syscall_32+0xa70/0xa70 [ 183.736745] ? print_usage_bug+0xc0/0xc0 [ 183.737367] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.737907] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 183.738459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.739057] ? call_rcu_sched+0x12/0x20 [ 183.739700] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.740220] ? release_task.part.15+0xf70/0x1b90 [ 183.740882] ? sysret32_from_system_call+0x5/0x3c [ 183.741522] ? __lock_acquire+0x7f5/0x5130 [ 183.742290] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.742798] ? rcu_is_watching+0x85/0x140 [ 183.743480] entry_SYSENTER_compat+0x70/0x7f [ 183.744099] ? find_held_lock+0x36/0x1c0 [ 183.744769] RIP: 0023:0xf7f0ecb9 [ 183.745327] ? debug_check_no_locks_freed+0x310/0x310 [ 183.745990] RSP: 002b:00000000ffeb1e9c EFLAGS: 00000296 [ 183.746525] ? lock_downgrade+0x8e0/0x8e0 [ 183.747126] ORIG_RAX: 000000000000016e [ 183.747653] ? find_held_lock+0x36/0x1c0 [ 183.748117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 183.748800] ? print_usage_bug+0xc0/0xc0 [ 183.749530] RDX: 0000000000000001 RSI: 00000000205b1fd0 RDI: 0000000000000000 [ 183.749538] RBP: 0000000020000040 R08: 0000000000000000 R09: 0000000000000000 [ 183.750087] ? lock_downgrade+0x8e0/0x8e0 [ 183.750632] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.751152] ? lock_downgrade+0x8e0/0x8e0 [ 183.752156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.752170] CPU: 3 PID: 5504 Comm: a.out Not tainted 4.16.0+ #4 [ 183.752693] ? __lock_acquire+0x7f5/0x5130 [ 183.753653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 183.754595] ? graph_lock+0x170/0x170 [ 183.755167] Call Trace: [ 183.756102] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 183.756639] dump_stack+0x1b9/0x29f [ 183.757562] ? debug_check_no_locks_freed+0x310/0x310 [ 183.758333] ? arch_local_irq_restore+0x52/0x52 [ 183.758872] ? find_held_lock+0x36/0x1c0 [ 183.759218] FAULT_INJECTION: forcing a failure. [ 183.759218] name failslab, interval 1, probability 0, space 0, times 0 [ 183.759966] ? __save_stack_trace+0x7e/0xd0 [ 183.760453] ? lock_downgrade+0x8e0/0x8e0 [ 183.760788] should_fail.cold.4+0xa/0x1a [ 183.761427] ? do_raw_spin_unlock+0x1f9/0x2e0 [ 183.761933] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.762593] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 183.763216] ? kasan_kmalloc+0xc4/0xe0 [ 183.763742] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 183.765288] ? __kmalloc+0x14e/0x760 [ 183.765844] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 183.766423] ? drbg_kcapi_seed+0x776/0x12e0 [ 183.766945] ? trace_hardirqs_on+0xd/0x10 [ 183.767556] ? crypto_rng_reset+0x7c/0x130 [ 183.768227] ? graph_lock+0x170/0x170 [ 183.768845] ? rng_setkey+0x25/0x30 [ 183.769368] ? add_wait_queue+0x2a0/0x2a0 [ 183.770026] ? alg_setsockopt+0x306/0x3b0 [ 183.770501] ? kasan_check_write+0x14/0x20 [ 183.771198] ? graph_lock+0x170/0x170 [ 183.771758] ? do_raw_read_lock+0x3f/0x80 [ 183.772336] ? entry_SYSENTER_compat+0x70/0x7f [ 183.772887] _do_fork+0x291/0x12a0 [ 183.773416] ? find_held_lock+0x36/0x1c0 [ 183.773881] ? fork_idle+0x1a0/0x1a0 [ 183.774458] ? __lock_is_held+0xb5/0x140 [ 183.774989] ? lock_release+0xa10/0xa10 [ 183.775581] ? check_same_owner+0x320/0x320 [ 183.776070] ? check_same_owner+0x320/0x320 [ 183.776650] ? rcu_note_context_switch+0x710/0x710 [ 183.777234] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.777725] should_failslab+0x124/0x180 [ 183.778246] ? put_pid.part.2+0x1bc/0x230 [ 183.778792] __kmalloc+0x2c8/0x760 [ 183.779311] ? __might_sleep+0x95/0x190 [ 183.779871] ? graph_lock+0x170/0x170 [ 183.780426] ? __might_fault+0x1a3/0x1e0 [ 183.781007] ? drbg_kcapi_seed+0x882/0x12e0 [ 183.781643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.782423] drbg_kcapi_seed+0x882/0x12e0 [ 183.782942] ? kernel_wait4+0x2d8/0x3d0 [ 183.783520] ? drbg_seed+0x10a0/0x10a0 [ 183.783980] ? SyS_waitid+0x40/0x40 [ 183.784539] ? lock_downgrade+0x8e0/0x8e0 [ 183.785026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.785596] ? lock_acquire+0x1dc/0x520 [ 183.786146] ? task_stopped_code+0x190/0x190 [ 183.786922] ? lock_release+0xa10/0xa10 [ 183.787451] compat_SyS_x86_clone+0x37/0x50 [ 183.788020] ? check_same_owner+0x320/0x320 [ 183.788517] ? compat_SyS_x86_fallocate+0x60/0x60 [ 183.789028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.789556] do_fast_syscall_32+0x41f/0x10dc [ 183.790334] ? __check_object_size+0x95/0x5d9 [ 183.790841] ? do_page_fault+0xee/0x8a7 [ 183.791460] ? sock_kmalloc+0x14e/0x1d0 [ 183.791971] ? do_int80_syscall_32+0xa70/0xa70 [ 183.792583] ? mark_held_locks+0xc9/0x160 [ 183.793137] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.793820] ? __might_sleep+0x95/0x190 [ 183.794528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.795147] crypto_rng_reset+0x7c/0x130 [ 183.795737] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.796291] rng_setkey+0x25/0x30 [ 183.796803] ? sysret32_from_system_call+0x5/0x3c [ 183.797442] ? rng_sock_destruct+0x90/0x90 [ 183.797997] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.798658] alg_setsockopt+0x306/0x3b0 [ 183.799166] entry_SYSENTER_compat+0x70/0x7f [ 183.799971] __compat_sys_setsockopt+0x315/0x7c0 [ 183.800486] RIP: 0023:0xf7f0ecb9 [ 183.801190] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 183.801631] RSP: 002b:00000000ffeb1ec0 EFLAGS: 00000246 [ 183.802312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.802850] ORIG_RAX: 0000000000000078 [ 183.803534] ? ksys_write+0x1a6/0x250 [ 183.804067] RAX: ffffffffffffffda RBX: 0000000001200011 RCX: 0000000000000000 [ 183.804693] ? SyS_read+0x30/0x30 [ 183.805295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000009fbd8a8 [ 183.805768] compat_SyS_setsockopt+0x34/0x50 [ 183.806404] RBP: 00000000ffeb1ef8 R08: 0000000000000000 R09: 0000000000000000 [ 183.807154] ? scm_detach_fds_compat+0x440/0x440 [ 183.807861] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.808421] do_fast_syscall_32+0x41f/0x10dc [ 183.808900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.808905] Code: [ 183.809928] ? do_page_fault+0xee/0x8a7 [ 183.810365] 55 [ 183.811385] ? do_int80_syscall_32+0xa70/0xa70 [ 183.811949] 48 [ 183.812992] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.813590] 89 [ 183.814630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.815191] e5 [ 183.816214] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.816487] 41 [ 183.817066] ? sysret32_from_system_call+0x5/0x3c [ 183.817313] 57 [ 183.817958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.818200] 49 [ 183.818869] entry_SYSENTER_compat+0x70/0x7f [ 183.819109] c7 [ 183.819894] RIP: 0023:0xf7f0ecb9 [ 183.820135] c7 [ 183.820821] RSP: 002b:00000000ffeb1e9c EFLAGS: 00000296 [ 183.821065] a0 [ 183.821738] ORIG_RAX: 000000000000016e [ 183.821984] 72 [ 183.822657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 183.822900] b1 [ 183.823513] RDX: 0000000000000001 RSI: 00000000205b1fd0 RDI: 0000000000000000 [ 183.823760] 88 [ 183.824230] RBP: 0000000020000040 R08: 0000000000000000 R09: 0000000000000000 [ 183.824238] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.824492] 41 [ 183.825238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.825250] CPU: 0 PID: 5512 Comm: a.out Not tainted 4.16.0+ #4 [ 183.825490] 56 [ 183.826073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 183.826204] FAULT_INJECTION: forcing a failure. [ 183.826204] name failslab, interval 1, probability 0, space 0, times 0 [ 183.826315] 41 [ 183.827333] Call Trace: [ 183.827583] 55 [ 183.828608] dump_stack+0x1b9/0x29f [ 183.828844] 41 [ 183.829864] ? arch_local_irq_restore+0x52/0x52 [ 183.830780] 54 [ 183.831054] ? __save_stack_trace+0x7e/0xd0 [ 183.831979] 49 [ 183.832860] should_fail.cold.4+0xa/0x1a [ 183.833097] 89 [ 183.834277] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.835690] f4 [ 183.835964] ? kasan_kmalloc+0xc4/0xe0 [ 183.836300] 53 [ 183.836568] ? __kmalloc+0x14e/0x760 [ 183.836577] ? drbg_kcapi_seed+0x776/0x12e0 [ 183.837061] 48 [ 183.837329] ? crypto_rng_reset+0x7c/0x130 [ 183.837338] ? rng_setkey+0x25/0x30 [ 183.837931] 83 [ 183.838200] ? alg_setsockopt+0x306/0x3b0 [ 183.838748] ec [ 183.839015] ? __compat_sys_setsockopt+0x315/0x7c0 [ 183.839026] ? do_fast_syscall_32+0x41f/0x10dc [ 183.839536] 10 [ 183.839814] ? entry_SYSENTER_compat+0x70/0x7f [ 183.840457] 48 [ 183.840728] ? check_same_owner+0x320/0x320 [ 183.841224] 89 [ 183.841495] ? kasan_check_write+0x14/0x20 [ 183.841969] 7d [ 183.842572] ? kasan_unpoison_shadow+0x35/0x50 [ 183.842811] c8 [ 183.843405] ? lock_acquire+0x1dc/0x520 [ 183.843867] 4d [ 183.844142] ? fs_reclaim_acquire+0x20/0x20 [ 183.844665] 89 [ 183.844935] ? lock_downgrade+0x8e0/0x8e0 [ 183.845555] e5 [ 183.846234] ? lock_release+0xa10/0xa10 [ 183.846474] 4d [ 183.847130] ? drbg_init_sym_kernel+0x516/0x74a [ 183.847139] ? check_same_owner+0x320/0x320 [ 183.847380] 85 [ 183.847991] ? rcu_note_context_switch+0x710/0x710 [ 183.848229] e4 [ 183.848824] should_failslab+0x124/0x180 [ 183.849063] 0f [ 183.849707] __kmalloc+0x2c8/0x760 [ 183.849946] 84 [ 183.850505] ? lock_acquire+0x1dc/0x520 [ 183.850744] c8 [ 183.851350] ? __fget+0x3e3/0x650 [ 183.851593] 00 [ 183.852177] ? drbg_kcapi_seed+0x882/0x12e0 [ 183.852416] 00 [ 183.852972] drbg_kcapi_seed+0x882/0x12e0 [ 183.853213] 00 [ 183.853867] ? drbg_seed+0x10a0/0x10a0 [ 183.854414] <49> [ 183.854688] ? lock_acquire+0x1dc/0x520 [ 183.855313] 63 [ 183.855591] ? __might_fault+0x12b/0x1e0 [ 183.856105] 95 [ 183.856375] ? lock_downgrade+0x8e0/0x8e0 [ 183.856821] fc [ 183.857090] ? lock_acquire+0x1dc/0x520 [ 183.857590] 00 [ 183.857858] ? lock_release+0xa10/0xa10 [ 183.858319] 00 [ 183.858589] ? check_same_owner+0x320/0x320 [ 183.859131] 00 [ 183.859401] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.859928] 4c [ 183.860200] ? __check_object_size+0x95/0x5d9 [ 183.860689] 8b [ 183.860983] ? sock_kmalloc+0x14e/0x1d0 [ 183.861482] 30 [ 183.861748] ? do_raw_spin_unlock+0x1f9/0x2e0 [ 183.861758] ? __might_sleep+0x95/0x190 [ 183.862269] 48 [ 183.862539] crypto_rng_reset+0x7c/0x130 [ 183.863079] 29 [ 183.863348] rng_setkey+0x25/0x30 [ 183.863878] d0 [ 183.864150] ? rng_sock_destruct+0x90/0x90 [ 183.864654] 49 [ 183.864924] alg_setsockopt+0x306/0x3b0 [ 183.865488] 83 [ 183.865758] __compat_sys_setsockopt+0x315/0x7c0 [ 183.866488] 3f [ 183.866758] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 183.867324] 00 [ 183.867598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.868098] 48 [ 183.868369] ? ksys_write+0x1a6/0x250 [ 183.868941] 89 [ 183.869500] ? SyS_read+0x30/0x30 [ 183.869740] c6 [ 183.870312] compat_SyS_setsockopt+0x34/0x50 [ 183.870551] 0f [ 183.871043] ? scm_detach_fds_compat+0x440/0x440 [ 183.871289] RIP: qlist_free_all+0x37/0x160 RSP: ffff880062de7050 [ 183.871893] do_fast_syscall_32+0x41f/0x10dc [ 183.872134] CR2: 0000000000000106 [ 183.872695] ? do_page_fault+0xee/0x8a7 [ 183.872988] ---[ end trace 0fa4e77a7b3c174f ]--- [ 183.873604] ? do_int80_syscall_32+0xa70/0xa70 [ 183.873611] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.873622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.873871] Kernel panic - not syncing: Fatal exception [ 183.874560] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.885552] ? prepare_exit_to_usermode+0x390/0x390 [ 183.886255] ? prepare_exit_to_usermode+0x285/0x390 [ 183.886953] ? perf_trace_sys_enter+0xaf0/0xaf0 [ 183.887609] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.888289] entry_SYSENTER_compat+0x70/0x7f [ 183.888906] RIP: 0023:0xf7f0ecb9 [ 183.889376] RSP: 002b:00000000ffeb1e9c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 183.890447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 183.891452] RDX: 0000000000000001 RSI: 00000000205b1fd0 RDI: 0000000000000000 [ 183.892463] RBP: 0000000020000040 R08: 0000000000000000 R09: 0000000000000000 [ 183.893471] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 183.894481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 183.895514] Kernel Offset: disabled [ 183.896034] Rebooting in 86400 seconds.. diff --git a/crypto/drbg.c b/crypto/drbg.c index 4faa2781c964..68c1949a253f 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1510,8 +1510,8 @@ static int drbg_instantiate(struct drbg_state *drbg, struct drbg_string *pers, return ret; free_everything: - mutex_unlock(&drbg->drbg_mutex); drbg_uninstantiate(drbg); + mutex_unlock(&drbg->drbg_mutex); return ret; }