------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 9484 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25 Kernel panic - not syncing: panic_on_warn set ... CPU: 3 PID: 9484 Comm: syz-executor.3 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 panic+0x2e3/0x75c kernel/panic.c:221 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x27b/0x2f0 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] fixup_bug arch/x86/kernel/traps.c:170 [inline] do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25 Code: 06 31 ff 89 de e8 17 d8 dc fd 84 db 0f 85 36 ff ff ff e8 da d6 dc fd 48 c7 c7 00 5c 72 88 c6 05 b3 3f ee 06 01 e8 af 11 ae fd <0f> 0b e9 17 ff ff ff e8 bb d6 dc fd 0f b6 1d 98 3f ee 06 31 ff 89 RSP: 0018:ffffc90002ea79e0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 00000000000041a4 RSI: ffffffff815ce641 RDI: fffff520005d4f2e RBP: 0000000000000002 R08: ffff88805d07c280 R09: ffffed1005a266a9 R10: ffff88802d133547 R11: ffffed1005a266a8 R12: ffffffff899735c0 R13: ffff8880131df050 R14: ffff88801d2f9158 R15: ffff88801d2f9150 refcount_add include/linux/refcount.h:204 [inline] refcount_inc include/linux/refcount.h:241 [inline] crypto_alg_get crypto/internal.h:87 [inline] crypto_mod_get+0xc6/0xf0 crypto/api.c:37 crypto_spawn_alg.isra.0+0xa8/0x110 crypto/algapi.c:723 crypto_spawn_tfm2+0x19/0xb0 crypto/algapi.c:763 crypto_spawn_shash include/crypto/internal/hash.h:244 [inline] cryptd_hash_init_tfm+0x3c/0x120 crypto/cryptd.c:433 crypto_create_tfm+0x163/0x2f0 crypto/api.c:458 crypto_alloc_tfm+0x100/0x340 crypto/api.c:526 cryptd_alloc_ahash+0x101/0x200 crypto/cryptd.c:965 ghash_async_init_tfm+0x21/0x100 arch/x86/crypto/ghash-clmulni-intel_glue.c:270 Kernel Offset: disabled Rebooting in 86400 seconds..