WARNING: refcount bug in qrtr

WARNING: refcount bug in qrtr_recvmsg
Status: upstream: reported C repro on 2020/09/07 21:38
Reported-by: syzbot+d0f27d9af17914bf253b@syzkaller.appspotmail.com
First crash: 136d, last: 20h29m

Cause bisection: failed (bisect log)

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/08 20:01	18m	dragonjetli@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2020/09/08 20:01	17m	dragonjetli@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2020/09/08 11:25	18m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2020/09/08 03:52	13m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	report log

Sample crash report:

------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 199 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 199 Comm: kworker/u4:5 Not tainted 5.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x198/0x1fd lib/dump_stack.c:118
 panic+0x382/0x7fb kernel/panic.c:231
 __warn.cold+0x20/0x4b kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Code: 07 31 ff 89 de e8 a7 58 b6 fd 84 db 0f 85 36 ff ff ff e8 7a 5c b6 fd 48 c7 c7 40 71 d8 88 c6 05 35 99 94 07 01 e8 e9 99 86 fd <0f> 0b e9 17 ff ff ff e8 5b 5c b6 fd 0f b6 1d 1a 99 94 07 31 ff 89
RSP: 0018:ffffc900018079d8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880a8a52300 RSI: ffffffff815f5985 RDI: fffff52000300f2d
RBP: 0000000000000002 R08: 0000000000000001 R09: ffff8880ae420f8b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821b0b8040
R13: ffff88809f407400 R14: ffff8880a0abd670 R15: ffff8880a0abd674
 refcount_add include/linux/refcount.h:204 [inline]
 refcount_inc include/linux/refcount.h:241 [inline]
 kref_get include/linux/kref.h:45 [inline]
 qrtr_node_acquire net/qrtr/qrtr.c:196 [inline]
 qrtr_node_lookup net/qrtr/qrtr.c:389 [inline]
 qrtr_send_resume_tx net/qrtr/qrtr.c:981 [inline]
 qrtr_recvmsg+0x845/0x970 net/qrtr/qrtr.c:1044
 sock_recvmsg_nosec net/socket.c:885 [inline]
 sock_recvmsg net/socket.c:903 [inline]
 sock_recvmsg net/socket.c:899 [inline]
 kernel_recvmsg+0x110/0x160 net/socket.c:928
 qrtr_ns_worker+0x15a/0x153b net/qrtr/ns.c:624
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (48):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci-upstream-kasan-gce-selinux-root	2020/09/26 13:20	upstream	7c7ec322	4a006f63	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/09/25 09:30	upstream	171d4ff7	54289b08	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/21 02:53	upstream	325d0eab	9564d2e9	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/11 06:14	upstream	7fe10096	409809d8	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/10 07:58	upstream	34d4ddd3	409809d8	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/09/09 16:48	upstream	34d4ddd3	0ea7a887	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/09/09 03:43	upstream	612ab8ad	abf9ba4f	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/05 18:39	upstream	c70672d8	abf9ba4f	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/05 02:38	upstream	59126901	abf9ba4f	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/21 00:58	upstream	325d0eab	9564d2e9	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/05 18:41	upstream	c70672d8	abf9ba4f	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/05 02:11	upstream	59126901	abf9ba4f	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root	2020/10/09 08:29	linux-next	e4fb79c7	92390980	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root	2020/09/23 19:53	linux-next	dcf2427b	287cd75a	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root	2020/09/23 03:50	linux-next	e6499702	3e8f6c27	.config	log	report	syz	C		bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2021/01/18 15:31	upstream	19c329f6	63631df1	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2021/01/18 02:24	upstream	a1339d63	fd103621	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2021/01/12 22:20	upstream	e609571b	0cdd6185	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/12/25 03:06	upstream	3913d00a	c2c1d1dd	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/12/11 13:47	upstream	33dc9614	ba24ffcd	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/12/09 20:59	upstream	a68a0262	c090b4da	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-qemu-upstream	2020/12/03 18:34	upstream	34816d20	59ad4022	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/11/19 16:09	upstream	c2e7554e	0767f13f	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/11/12 11:25	upstream	3d5e28bf	77a55c8e	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/11/04 07:33	upstream	4ef8451b	cba33199	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/11/03 19:17	upstream	b7cbaf59	cba33199	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/11/02 16:59	upstream	3cea11cd	8bc4594f	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/10/21 12:01	upstream	c4d6fe73	99c64d5c	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/29 04:04	upstream	fb0155a0	1b88c6d5	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/29 00:29	upstream	fb0155a0	6bfdbe89	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/28 10:32	upstream	a1b8638b	6bfdbe89	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-root	2020/09/28 01:03	upstream	a1bffa48	5dd8aee8	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce	2020/09/26 14:39	upstream	7c7ec322	2d5ea0cb	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/24 03:50	upstream	c9c9e6a4	287cd75a	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/18 05:44	upstream	4cbffc46	8247808b	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/09/16 10:17	upstream	fc4f28bb	18d7d030	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/12/11 08:42	upstream	33dc9614	f900b48c	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/11/23 15:00	upstream	418baf2c	878fb17a	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/11/13 16:44	upstream	585e5b17	e1140d25	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/11/10 03:59	upstream	407ab579	64069d48	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/11/04 08:02	upstream	4ef8451b	cba33199	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-qemu-upstream-386	2020/10/30 06:40	upstream	07e08873	a0c7169a	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/10/12 13:04	upstream	bbf5c979	4a77ae0b	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/10/10 02:36	upstream	6f2f486d	93817d89	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/10/08 21:33	upstream	3d006ee4	92390980	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/17 11:28	upstream	5925fa68	8247808b	.config	log	report			info	bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/12 16:33	upstream	729e3d09	ce441f06	.config	log	report				bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-386	2020/09/04 23:31	upstream	59126901	abf9ba4f	.config	log	report				bjorn.andersson@linaro.org, davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, manivannan.sadhasivam@linaro.org, netdev@vger.kernel.org