syzbot


WARNING: refcount bug in crypto_destroy_tfm
Status: fixed on 2020/07/17 17:58
Reported-by: syzbot+fc0674cde00b66844470@syzkaller.appspotmail.com
Fix commit: 6603523b crypto: api - Fix use-after-free and race in crypto_spawn_alg
First crash: 130d, last: 105d

Cause bisection: introduced by (bisect log):

commit 4f87ee118d16b4b2116a477229573ed5003b0d78
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat Dec 7 14:15:17 2019 +0000

  crypto: api - Do not zap spawn->alg

Crash: WARNING: refcount bug in crypto_destroy_tfm (log)
Repro: C syz .config

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-selinux-root 2020/04/29 05:27 upstream 3f777e19 e3ecea2e .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce 2020/04/09 22:30 upstream 5d30bcac a8c6a3f8 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-net-this-kasan-gce 2020/04/03 21:34 net 468c2a10 5ed396e6 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-net-kasan-gce 2020/04/03 22:26 net-next 1a323ea5 5ed396e6 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org