syzbot


WARNING: refcount bug in crypto_destroy_tfm
Status: fixed on 2020/07/17 17:58
Reported-by: syzbot+fc0674cde00b66844470@syzkaller.appspotmail.com
Fix commit: 6603523bf5e4 crypto: api - Fix use-after-free and race in crypto_spawn_alg
First crash: 604d, last: 579d

Cause bisection: introduced by (bisect log) :
commit 4f87ee118d16b4b2116a477229573ed5003b0d78
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat Dec 7 14:15:17 2019 +0000

  crypto: api - Do not zap spawn->alg

Crash: WARNING: refcount bug in crypto_destroy_tfm (log)
Repro: C syz .config

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/04/29 05:27 upstream 3f777e19d171 e3ecea2e .config log report syz C
ci-upstream-kasan-gce 2020/04/09 22:30 upstream 5d30bcacd91a a8c6a3f8 .config log report syz C
ci-upstream-net-this-kasan-gce 2020/04/03 21:34 net 468c2a100208 5ed396e6 .config log report syz C
ci-upstream-net-kasan-gce 2020/04/03 22:26 net-next 1a323ea5356e 5ed396e6 .config log report syz C