syzbot


memory leak in crypto_create_tfm_node

Status: fixed on 2023/02/24 13:50
Subsystems: ext4 crypto
[Documentation on labels]
Reported-by: syzbot+104c2a89561289cec13e@syzkaller.appspotmail.com
Fix commit: ccd30a476f8e fscrypt: fix keyring memory leak on mount failure
First crash: 507d, last: 498d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] fscrypt: fix keyring memory leak on mount failure 3 (3) 2022/10/19 11:36
[syzbot] memory leak in crypto_create_tfm_node 4 (5) 2022/10/13 05:59

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888102480200 (size 512):
  comm "syz-executor123", pid 3632, jiffies 4294966699 (age 12.780s)
  hex dump (first 32 bytes):
    d8 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  ................
    70 13 2a 82 ff ff ff ff 68 e0 93 07 81 88 ff ff  p.*.....h.......
  backtrace:
    [<ffffffff814cffa4>] __do_kmalloc_node mm/slab_common.c:954 [inline]
    [<ffffffff814cffa4>] __kmalloc_node+0x44/0x130 mm/slab_common.c:962
    [<ffffffff822984e0>] kmalloc_node include/linux/slab.h:602 [inline]
    [<ffffffff822984e0>] kzalloc_node include/linux/slab.h:723 [inline]
    [<ffffffff822984e0>] crypto_create_tfm_node+0x30/0x130 crypto/api.c:504
    [<ffffffff82298dc6>] crypto_alloc_tfm_node+0x96/0x180 crypto/api.c:588
    [<ffffffff81685b7c>] fscrypt_init_hkdf+0x3c/0x180 fs/crypto/hkdf.c:75
    [<ffffffff81687a30>] add_master_key+0x160/0x370 fs/crypto/keyring.c:535
    [<ffffffff816880d3>] fscrypt_add_test_dummy_key+0x93/0xc0 fs/crypto/keyring.c:801
    [<ffffffff8180217a>] ext4_check_test_dummy_encryption fs/ext4/super.c:2680 [inline]
    [<ffffffff8180217a>] ext4_check_opt_consistency+0x79a/0xb80 fs/ext4/super.c:2735
    [<ffffffff8180857e>] __ext4_fill_super fs/ext4/super.c:5095 [inline]
    [<ffffffff8180857e>] ext4_fill_super+0xb0e/0x5010 fs/ext4/super.c:5648
    [<ffffffff815e0ff1>] get_tree_bdev+0x1f1/0x320 fs/super.c:1323
    [<ffffffff815df228>] vfs_get_tree+0x28/0x100 fs/super.c:1530
    [<ffffffff81623087>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81623087>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff81623c6e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff81623c6e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff81623c6e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff81623c6e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568
    [<ffffffff84605ff5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84605ff5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888111007960 (size 32):
  comm "syz-executor123", pid 3632, jiffies 4294966699 (age 12.780s)
  hex dump (first 32 bytes):
    d0 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  ................
    00 00 00 00 00 00 00 00 60 cc c7 85 ff ff ff ff  ........`.......
  backtrace:
    [<ffffffff814cffa4>] __do_kmalloc_node mm/slab_common.c:954 [inline]
    [<ffffffff814cffa4>] __kmalloc_node+0x44/0x130 mm/slab_common.c:962
    [<ffffffff822984e0>] kmalloc_node include/linux/slab.h:602 [inline]
    [<ffffffff822984e0>] kzalloc_node include/linux/slab.h:723 [inline]
    [<ffffffff822984e0>] crypto_create_tfm_node+0x30/0x130 crypto/api.c:504
    [<ffffffff8229a585>] crypto_create_tfm crypto/internal.h:92 [inline]
    [<ffffffff8229a585>] crypto_spawn_tfm2+0x45/0x90 crypto/algapi.c:803
    [<ffffffff822a9ecb>] crypto_spawn_shash include/crypto/internal/hash.h:231 [inline]
    [<ffffffff822a9ecb>] hmac_init_tfm+0x3b/0xa0 crypto/hmac.c:152
    [<ffffffff822a1d57>] crypto_shash_init_tfm+0x77/0xf0 crypto/shash.c:440
    [<ffffffff82298502>] crypto_create_tfm_node+0x52/0x130 crypto/api.c:512
    [<ffffffff82298dc6>] crypto_alloc_tfm_node+0x96/0x180 crypto/api.c:588
    [<ffffffff81685b7c>] fscrypt_init_hkdf+0x3c/0x180 fs/crypto/hkdf.c:75
    [<ffffffff81687a30>] add_master_key+0x160/0x370 fs/crypto/keyring.c:535
    [<ffffffff816880d3>] fscrypt_add_test_dummy_key+0x93/0xc0 fs/crypto/keyring.c:801
    [<ffffffff8180217a>] ext4_check_test_dummy_encryption fs/ext4/super.c:2680 [inline]
    [<ffffffff8180217a>] ext4_check_opt_consistency+0x79a/0xb80 fs/ext4/super.c:2735
    [<ffffffff8180857e>] __ext4_fill_super fs/ext4/super.c:5095 [inline]
    [<ffffffff8180857e>] ext4_fill_super+0xb0e/0x5010 fs/ext4/super.c:5648
    [<ffffffff815e0ff1>] get_tree_bdev+0x1f1/0x320 fs/super.c:1323
    [<ffffffff815df228>] vfs_get_tree+0x28/0x100 fs/super.c:1530
    [<ffffffff81623087>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81623087>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff81623c6e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff81623c6e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff81623c6e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff81623c6e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568

BUG: memory leak
unreferenced object 0xffff88810fb1f800 (size 2048):
  comm "syz-executor123", pid 3632, jiffies 4294966699 (age 12.780s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814cf670>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046
    [<ffffffff81687b96>] kmalloc include/linux/slab.h:576 [inline]
    [<ffffffff81687b96>] kzalloc include/linux/slab.h:712 [inline]
    [<ffffffff81687b96>] allocate_filesystem_keyring fs/crypto/keyring.c:194 [inline]
    [<ffffffff81687b96>] do_add_master_key fs/crypto/keyring.c:502 [inline]
    [<ffffffff81687b96>] add_master_key+0x2c6/0x370 fs/crypto/keyring.c:554
    [<ffffffff816880d3>] fscrypt_add_test_dummy_key+0x93/0xc0 fs/crypto/keyring.c:801
    [<ffffffff8180217a>] ext4_check_test_dummy_encryption fs/ext4/super.c:2680 [inline]
    [<ffffffff8180217a>] ext4_check_opt_consistency+0x79a/0xb80 fs/ext4/super.c:2735
    [<ffffffff8180857e>] __ext4_fill_super fs/ext4/super.c:5095 [inline]
    [<ffffffff8180857e>] ext4_fill_super+0xb0e/0x5010 fs/ext4/super.c:5648
    [<ffffffff815e0ff1>] get_tree_bdev+0x1f1/0x320 fs/super.c:1323
    [<ffffffff815df228>] vfs_get_tree+0x28/0x100 fs/super.c:1530
    [<ffffffff81623087>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81623087>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff81623c6e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff81623c6e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff81623c6e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff81623c6e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568
    [<ffffffff84605ff5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84605ff5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/17 05:20 upstream 2df76606db9d 67cb024c .config console log report syz C [mounted in repro] ci-upstream-gce-leak memory leak in crypto_create_tfm_node
2022/10/14 16:02 upstream 6d84c258e804 4954e4b2 .config console log report syz C [mounted in repro] ci-upstream-gce-leak memory leak in crypto_create_tfm_node
2022/10/07 20:37 upstream 4c86114194e6 0de35f24 .config console log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-gce-leak memory leak in crypto_create_tfm_node
* Struck through repros no longer work on HEAD.