syzbot


WARNING: refcount bug in qrtr_recvmsg

Status: closed as dup on 2021/01/20 14:30
Subsystems: arm-msm net
[Documentation on labels]
Reported-by: syzbot+d0f27d9af17914bf253b@syzkaller.appspotmail.com
First crash: 1291d, last: 946d
Cause bisection: failed (error log, bisect log)
  
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
WARNING: refcount bug in qrtr_node_lookup arm-msm net C done done 16 964d 1288d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] net: qrtr: Reintroduce ARCH_QCOM as a dependency for QRTR 2 (2) 2020/09/08 23:40
WARNING: refcount bug in qrtr_recvmsg 0 (1) 2020/09/07 21:38
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: refcount bug in qrtr_recvmsg (2) arm-msm net C error 2 368d 362d 22/26 fixed on 2023/06/08 14:41
Last patch testing requests (4)
Created Duration User Patch Repo Result
2020/09/08 20:01 18m dragonjetli@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/09/08 20:01 17m dragonjetli@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/09/08 11:25 18m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/09/08 03:52 13m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log

Sample crash report:
------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 25 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Modules linked in:
CPU: 1 PID: 25 Comm: kworker/u4:1 Tainted: G        W         5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
RIP: 0010:refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Code: 0a 31 ff 89 de e8 47 73 a2 fd 84 db 0f 85 36 ff ff ff e8 fa 6c a2 fd 48 c7 c7 a0 2d e3 89 c6 05 02 b5 03 0a 01 e8 24 1a 0c 05 <0f> 0b e9 17 ff ff ff e8 db 6c a2 fd 0f b6 1d e7 b4 03 0a 31 ff 89
RSP: 0018:ffffc90000dffa00 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888015da1c40 RSI: ffffffff815d7235 RDI: fffff520001bff32
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815d109e R11: 0000000000000000 R12: ffff8881441d0000
R13: ffff888021ffa800 R14: ffff888035bb8df0 R15: ffff888035bb8df4
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea272d828 CR3: 00000000176fa000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __refcount_add include/linux/refcount.h:199 [inline]
 __refcount_inc include/linux/refcount.h:250 [inline]
 refcount_inc include/linux/refcount.h:267 [inline]
 kref_get include/linux/kref.h:45 [inline]
 qrtr_node_acquire net/qrtr/qrtr.c:202 [inline]
 qrtr_node_lookup net/qrtr/qrtr.c:398 [inline]
 qrtr_send_resume_tx net/qrtr/qrtr.c:995 [inline]
 qrtr_recvmsg+0x85a/0x990 net/qrtr/qrtr.c:1063
 sock_recvmsg_nosec net/socket.c:936 [inline]
 sock_recvmsg net/socket.c:954 [inline]
 sock_recvmsg net/socket.c:950 [inline]
 kernel_recvmsg+0x110/0x160 net/socket.c:979
 qrtr_ns_worker+0x15a/0x1710 net/qrtr/ns.c:684
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Crashes (76):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/07/02 03:20 upstream e058a84bfddc 658ebc66 .config console log report syz C ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/07/10 19:12 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce-386 WARNING: refcount bug in qrtr_recvmsg
2020/09/26 13:20 upstream 7c7ec3226f5f 4a006f63 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/09/25 09:30 upstream 171d4ff79f96 54289b08 .config console log report syz C ci-upstream-kasan-gce-root
2020/09/21 02:53 upstream 325d0eab4f31 9564d2e9 .config console log report syz C ci-upstream-kasan-gce
2020/09/11 06:14 upstream 7fe10096c150 409809d8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/09/10 07:58 upstream 34d4ddd359db 409809d8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/09/09 16:48 upstream 34d4ddd359db 0ea7a887 .config console log report syz C ci-upstream-kasan-gce-root
2020/09/09 03:43 upstream 612ab8ad6414 abf9ba4f .config console log report syz C ci-upstream-kasan-gce-root
2020/09/05 18:39 upstream c70672d8d316 abf9ba4f .config console log report syz C ci-upstream-kasan-gce
2020/09/05 02:38 upstream 59126901f200 abf9ba4f .config console log report syz C ci-upstream-kasan-gce
2020/09/21 00:58 upstream 325d0eab4f31 9564d2e9 .config console log report syz C ci-upstream-kasan-gce-386
2020/09/05 18:41 upstream c70672d8d316 abf9ba4f .config console log report syz C ci-upstream-kasan-gce-386
2020/09/05 02:11 upstream 59126901f200 abf9ba4f .config console log report syz C ci-upstream-kasan-gce-386
2020/10/09 08:29 linux-next e4fb79c771fb 92390980 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/09/23 19:53 linux-next dcf2427baa64 287cd75a .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/09/23 03:50 linux-next e64997027d5f 3e8f6c27 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/08/15 13:57 upstream 0aa78d17099b 2489ab88 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/08/14 23:08 upstream ba31f97d43be 2489ab88 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/08/13 01:32 upstream f8fbb47c6e86 3fd2ea69 .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/08/07 15:00 upstream 894d6f401b21 6972b106 .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/07/06 11:56 upstream 3dbdb38e2869 6c4484eb .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/06/17 14:43 upstream 70585216fe77 aba2b2fb .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/06/04 23:09 upstream 16f0596fc1d7 966a236b .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/05/26 12:42 upstream ad9f25d33860 93d3a9f6 .config console log report info ci-qemu-upstream WARNING: refcount bug in qrtr_recvmsg
2021/05/16 17:43 upstream 63d1cb53e26a f54a5c09 .config console log report info ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in qrtr_recvmsg
2021/05/12 23:02 upstream dbb5afad100a ed7d41c5 .config console log report info ci-qemu-upstream WARNING: refcount bug in qrtr_recvmsg
2021/04/27 19:53 upstream 57fa2369ab17 805b5003 .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/04/21 20:39 upstream 16fc44d6387e 2bc8999a .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/04/12 14:32 upstream d434405aaab7 bfeda1b1 .config console log report info ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in qrtr_recvmsg
2021/04/03 04:12 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/04/01 23:28 upstream ffd9fb546d49 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in qrtr_recvmsg
2021/03/22 21:36 upstream 84196390620a 8092f30d .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/03/22 20:00 upstream 84196390620a 8092f30d .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/03/13 19:17 upstream f296bfd5cd04 4a003785 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/03/08 06:52 upstream 144c79ef3353 09fbf400 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/03/06 00:02 upstream 280d542f6ffa e4b4d570 .config console log report info ci-qemu-upstream WARNING: refcount bug in qrtr_recvmsg
2021/02/22 07:57 upstream 31caf8b2a847 a659b3f1 .config console log report info ci-qemu-upstream WARNING: refcount bug in qrtr_recvmsg
2021/02/11 20:24 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/02/11 00:42 upstream 291009f656e8 a52ee10a .config console log report info ci-upstream-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/01/18 15:31 upstream 19c329f68089 63631df1 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/01/18 02:24 upstream a1339d6355ac fd103621 .config console log report info ci-upstream-kasan-gce WARNING: refcount bug in qrtr_recvmsg
2021/05/12 13:45 upstream 88b06399c9c7 da958a4d .config console log report info ci-upstream-kasan-gce-386 WARNING: refcount bug in qrtr_recvmsg
2021/04/21 07:47 upstream 1fe5501ba1ab c0ced557 .config console log report info ci-qemu-upstream-386 WARNING: refcount bug in qrtr_recvmsg
2021/03/25 21:52 linux-next b4f20b70784a 6a383ecf .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in qrtr_recvmsg
2021/01/12 22:20 upstream e609571b5ffa 0cdd6185 .config console log report info ci-upstream-kasan-gce-root
2020/12/25 03:06 upstream 3913d00ac51a c2c1d1dd .config console log report info ci-upstream-kasan-gce
2020/12/11 13:47 upstream 33dc9614dc20 ba24ffcd .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/09 20:59 upstream a68a0262abda c090b4da .config console log report info ci-upstream-kasan-gce-root
2020/12/03 18:34 upstream 34816d20f173 59ad4022 .config console log report info ci-qemu-upstream
2020/11/19 16:09 upstream c2e7554e1b85 0767f13f .config console log report info ci-upstream-kasan-gce-selinux-root
2020/11/12 11:25 upstream 3d5e28bff7ad 77a55c8e .config console log report info ci-upstream-kasan-gce
2020/11/04 07:33 upstream 4ef8451b3326 cba33199 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/11/03 19:17 upstream b7cbaf59f62f cba33199 .config console log report info ci-upstream-kasan-gce
2020/11/02 16:59 upstream 3cea11cd5e3b 8bc4594f .config console log report info ci-upstream-kasan-gce
2020/10/21 12:01 upstream c4d6fe731176 99c64d5c .config console log report info ci-upstream-kasan-gce-root
2020/09/29 04:04 upstream fb0155a09b02 1b88c6d5 .config console log report info ci-upstream-kasan-gce
2020/09/29 00:29 upstream fb0155a09b02 6bfdbe89 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/28 10:32 upstream a1b8638ba132 6bfdbe89 .config console log report info ci-upstream-kasan-gce
2020/09/28 01:03 upstream a1bffa48745a 5dd8aee8 .config console log report info ci-upstream-kasan-gce-root
2020/09/26 14:39 upstream 7c7ec3226f5f 2d5ea0cb .config console log report info ci-upstream-kasan-gce
2020/09/24 03:50 upstream c9c9e6a49f89 287cd75a .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/18 05:44 upstream 4cbffc461ec9 8247808b .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/16 10:17 upstream fc4f28bb3daf 18d7d030 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/11 08:42 upstream 33dc9614dc20 f900b48c .config console log report info ci-upstream-kasan-gce-386
2020/11/23 15:00 upstream 418baf2c28f3 878fb17a .config console log report info ci-upstream-kasan-gce-386
2020/11/13 16:44 upstream 585e5b17b92d e1140d25 .config console log report info ci-upstream-kasan-gce-386
2020/11/10 03:59 upstream 407ab579637c 64069d48 .config console log report info ci-upstream-kasan-gce-386
2020/11/04 08:02 upstream 4ef8451b3326 cba33199 .config console log report info ci-upstream-kasan-gce-386
2020/10/30 06:40 upstream 07e088730245 a0c7169a .config console log report info ci-qemu-upstream-386
2020/10/12 13:04 upstream bbf5c979011a 4a77ae0b .config console log report info ci-upstream-kasan-gce-386
2020/10/10 02:36 upstream 6f2f486d57c4 93817d89 .config console log report info ci-upstream-kasan-gce-386
2020/10/08 21:33 upstream 3d006ee42dde 92390980 .config console log report info ci-upstream-kasan-gce-386
2020/09/17 11:28 upstream 5925fa68fe82 8247808b .config console log report info ci-upstream-kasan-gce-386
2020/09/12 16:33 upstream 729e3d091984 ce441f06 .config console log report ci-upstream-kasan-gce-386
2020/09/04 23:31 upstream 59126901f200 abf9ba4f .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.