On Tue, Nov 28, 2017 at 01:30:26PM -0800, Andrew Morton wrote: > > It looks like blkcipher_walk_done() passed a bad address to kfree(). >
Indeed, it's freeing uninitialized memory because the Salsa20 algorithms are using the blkcipher_walk API incorrectly. I've sent a patch to fix it: "crypto: salsa20 - fix blkcipher_walk API usage" I am not sure why the bug reports show up as "suspicious RCU usage", though. There were also a few other syzbot reports of this same underlying bug; I marked them as duplicates of this one. Eric
