Re: [syzbot] [crypto?] KMSAN: uninit-value in af_alg_free_sg (2)

From: xingwei lee
Date: Fri Jan 26 2024 - 08:12:00 EST

Next message: syzbot: "Re: [syzbot] [udf?] KASAN: use-after-free Read in crc_itu_t"
Previous message: Kurt Kanzenbach: "Re: [PATCH v2 2/2] net: stmmac: dwmac-imx: set TSO/TBS TX queues default settings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.
This bug is the same bug that is mentioned in
https://lore.kernel.org/all/20231211135949.689204-1-syoshida@xxxxxxxxxx/.
And I also reproduced it with repro.c in
https://lore.kernel.org/all/CABOYnLxaHBEaSRaEU+kDsHF8a=9AokO1ZUEVtpeT9ddL8giw3A@xxxxxxxxxxxxxx/
also see in https://gist.github.com/xrivendell7/b10745f297bd2d12a2e48155920996d2
and also a simple root cause analysis.

The incorrect logic of unlock_free label can really cause security issue like
KASAN: double-free in af_alg_free_sg
KASAN: slab-use-after-free in af_alg_free_sg
KASAN: slab-use-after-free Read in hash_sock_destruct

and it needs a quick fix.

I hope it helps.

Best regards.
xingwei Lee

Next message: syzbot: "Re: [syzbot] [udf?] KASAN: use-after-free Read in crc_itu_t"
Previous message: Kurt Kanzenbach: "Re: [PATCH v2 2/2] net: stmmac: dwmac-imx: set TSO/TBS TX queues default settings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]