syzbot


WARNING: refcount bug in crypto_destroy_tfm
Status: upstream: reported C repro on 2020/04/06 18:16
Reported-by: syzbot+fc0674cde00b66844470@syzkaller.appspotmail.com
Fix commit: 6603523b crypto: api - Fix use-after-free and race in crypto_spawn_alg
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root], missing on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 60d, last: 34d

Cause bisection: introduced by (bisect log):

commit 4f87ee118d16b4b2116a477229573ed5003b0d78
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat Dec 7 14:15:17 2019 +0000

  crypto: api - Do not zap spawn->alg

Crash: WARNING: refcount bug in crypto_destroy_tfm (log)
Repro: C syz .config

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-selinux-root 2020/04/29 05:27 upstream 3f777e19 e3ecea2e .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce 2020/04/09 22:30 upstream 5d30bcac a8c6a3f8 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-net-this-kasan-gce 2020/04/03 21:34 net 468c2a10 5ed396e6 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-net-kasan-gce 2020/04/03 22:26 net-next 1a323ea5 5ed396e6 .config log report syz C davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org