syzbot


memory leak in crypto_create_tfm

Status: fixed on 2020/07/17 17:58
Subsystems: crypto
[Documentation on labels]
Reported-by: syzbot+2e635807decef724a1fa@syzkaller.appspotmail.com
Fix commit: 819966c06b75 crypto: drbg - always try to free Jitter RNG instance
First crash: 1395d, last: 1378d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.9 000/264] 4.9.320-rc1 review 270 (270) 2022/06/25 13:53
[PATCH 4.14 000/237] 4.14.285-rc1 review 240 (240) 2022/06/25 13:50
[PATCH 4.19 000/234] 4.19.249-rc1 review 241 (241) 2022/06/25 13:45
[PATCH 5.4 000/240] 5.4.200-rc1 review 249 (249) 2022/06/21 21:49
[PATCH] crypto: DRBG - always try to free Jitter RNG instance 12 (12) 2020/06/12 06:49
memory leak in crypto_create_tfm 1 (2) 2020/06/03 03:55

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888117db4fc0 (size 64):
  comm "syz-executor864", pid 6434, jiffies 4294946078 (age 24.810s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 b8 56 84 ff ff ff ff 00 00 00 00 00 00 00 00  ..V.............
  backtrace:
    [<00000000080c1517>] kmalloc include/linux/slab.h:560 [inline]
    [<00000000080c1517>] kzalloc include/linux/slab.h:669 [inline]
    [<00000000080c1517>] crypto_create_tfm+0x31/0x100 crypto/api.c:448
    [<00000000d12a09ea>] crypto_alloc_tfm+0x79/0x1a0 crypto/api.c:527
    [<000000006f8ea703>] drbg_prepare_hrng crypto/drbg.c:1509 [inline]
    [<000000006f8ea703>] drbg_instantiate crypto/drbg.c:1587 [inline]
    [<000000006f8ea703>] drbg_kcapi_seed+0x432/0x6a9 crypto/drbg.c:1980
    [<00000000082bf511>] crypto_rng_reset+0x35/0x1a0 crypto/rng.c:53
    [<000000004a3af90d>] alg_setkey crypto/af_alg.c:222 [inline]
    [<000000004a3af90d>] alg_setsockopt+0x149/0x190 crypto/af_alg.c:255
    [<00000000ac151653>] __sys_setsockopt+0x112/0x230 net/socket.c:2127
    [<0000000017b7011f>] __do_sys_setsockopt net/socket.c:2143 [inline]
    [<0000000017b7011f>] __se_sys_setsockopt net/socket.c:2140 [inline]
    [<0000000017b7011f>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2140
    [<00000000985db52f>] do_syscall_64+0x4b/0xb0 arch/x86/entry/common.c:359
    [<000000000fd81fd6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/19 22:40 upstream 5e857ce6eae7 81abc331 .config console log report syz C ci-upstream-gce-leak
2020/06/18 14:34 upstream 1b5044021070 d45a4d69 .config console log report syz C ci-upstream-gce-leak
2020/06/17 21:20 upstream 1b5044021070 b9f3810b .config console log report syz C ci-upstream-gce-leak
2020/06/17 04:09 upstream 69119673bd50 559fbe2d .config console log report syz C ci-upstream-gce-leak
2020/06/16 22:44 upstream a5dc8300df75 559fbe2d .config console log report syz C ci-upstream-gce-leak
2020/06/13 19:44 upstream 7ae77150d94d dbce178a .config console log report syz C ci-upstream-gce-leak
2020/06/12 04:41 upstream 7ae77150d94d 58802067 .config console log report syz C ci-upstream-gce-leak
2020/06/09 07:36 upstream 7ae77150d94d 0d60b78a .config console log report syz C ci-upstream-gce-leak
2020/06/07 13:02 upstream 7ae77150d94d 2c2b926c .config console log report syz C ci-upstream-gce-leak
2020/06/06 11:59 upstream 7ae77150d94d e6b89e4e .config console log report syz C ci-upstream-gce-leak
2020/06/06 03:22 upstream 7ae77150d94d f243c88f .config console log report syz C ci-upstream-gce-leak
2020/06/06 02:53 upstream 7ae77150d94d f243c88f .config console log report syz C ci-upstream-gce-leak
2020/06/06 02:32 upstream 7ae77150d94d f243c88f .config console log report syz C ci-upstream-gce-leak
2020/06/02 22:27 upstream 194098915ac7 52fd7b7d .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.