| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|
| WARNING: refcount bug in qrtr_recvmsg | C | error | 76 | 660d | 1002d | 0/24 | closed as dup on 2021/01/20 14:30 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [959] ≡ Subsystems 🐞 Fixed [4569] 🐞 Invalid [10543] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|
| WARNING: refcount bug in qrtr_recvmsg | C | error | 76 | 660d | 1002d | 0/24 | closed as dup on 2021/01/20 14:30 |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| Re: [syzbot] WARNING: refcount bug in qrtr_node_lookup | 2 (2) | 2021/09/03 02:40 |
| Re: [syzbot] WARNING: refcount bug in qrtr_node_lookup | 1 (1) | 2021/09/01 04:26 |
| WARNING: refcount bug in qrtr_node_lookup | 1 (3) | 2021/08/30 08:39 |
| [PATCH] net: qrtr: Reintroduce ARCH_QCOM as a dependency for QRTR | 2 (2) | 2020/09/08 23:40 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-5.15 | WARNING: refcount bug in qrtr_node_lookup | C | done | 1 | 82d | 82d | 3/3 | fixed on 2023/04/17 07:57 | |
| upstream | WARNING: refcount bug in qrtr_node_lookup (2) net arm-msm | C | 1 | 83d | 76d | 0/24 | upstream: reported C repro on 2023/03/23 00:39 | ||
| linux-6.1 | WARNING: refcount bug in qrtr_node_lookup | C | done | 1 | 82d | 82d | 3/3 | fixed on 2023/04/17 07:57 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2022/09/28 19:30 | 20m | retest repro | upstream | OK log | |
| 2022/09/28 17:30 | 19m | retest repro | upstream | OK log | |
| 2021/09/03 04:28 | 21m | hdanton@sina.com | patch | upstream | report log |
| 2021/09/02 00:53 | 12m | hdanton@sina.com | patch | git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b91db6a0b52e | report log |
| 2021/09/01 03:06 | 6m | hdanton@sina.com | patch | upstream | error |
| 2020/09/08 20:06 | 17m | anant.thazhemadam@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | OK |
| 2020/09/08 19:58 | 17m | dragonjetli@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | OK |
| 2020/09/08 19:58 | 18m | dragonjetli@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | OK |
| 2020/09/08 10:26 | 17m | dragonjetli@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | OK |
------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 4133 at lib/refcount.c:25 refcount_warn_saturate+0x13d/0x1a0 lib/refcount.c:25 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 4133 Comm: kworker/u4:8 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: qrtr_ns_handler qrtr_ns_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d6/0x29e lib/dump_stack.c:118 panic+0x2c0/0x800 kernel/panic.c:231 __warn+0x227/0x250 kernel/panic.c:600 report_bug+0x1b1/0x2e0 lib/bug.c:198 handle_bug+0x42/0x80 arch/x86/kernel/traps.c:234 exc_invalid_op+0x16/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:refcount_warn_saturate+0x13d/0x1a0 lib/refcount.c:25 Code: c7 03 f4 37 89 31 c0 e8 01 5f 88 fd 0f 0b eb a3 e8 c8 bf b6 fd c6 05 1a 33 ed 05 01 48 c7 c7 3a f4 37 89 31 c0 e8 e3 5e 88 fd <0f> 0b eb 85 e8 aa bf b6 fd c6 05 fd 32 ed 05 01 48 c7 c7 66 f4 37 RSP: 0018:ffffc900072f79c0 EFLAGS: 00010046 RAX: 1ceabb8756dc6c00 RBX: 0000000000000002 RCX: ffff8880a3208300 RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 RBP: 0000000000000002 R08: ffffffff815e37c0 R09: ffffed1015d241c3 R10: ffffed1015d241c3 R11: 0000000000000000 R12: ffff888096c23098 R13: 1ffff1101454b39e R14: 0000000000000282 R15: ffff888096c23000 refcount_add include/linux/refcount.h:206 [inline] refcount_inc include/linux/refcount.h:241 [inline] kref_get include/linux/kref.h:45 [inline] qrtr_node_acquire net/qrtr/qrtr.c:196 [inline] qrtr_node_lookup+0xc0/0xd0 net/qrtr/qrtr.c:388 qrtr_send_resume_tx net/qrtr/qrtr.c:980 [inline] qrtr_recvmsg+0x429/0xa80 net/qrtr/qrtr.c:1043 qrtr_ns_worker+0x176/0x45f0 net/qrtr/ns.c:624 process_one_work+0x789/0xfc0 kernel/workqueue.c:2269 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2415 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Shutting down cpus with NMI Kernel Offset: disabled Rebooting in 86400 seconds..
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/09/21 18:28 | upstream | ba4f184e126b | 9e1fa68e | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
| 2020/09/06 04:04 | upstream | 9322c47b21b9 | abf9ba4f | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
| 2021/07/28 21:20 | upstream | 4010a528219e | 9a4781d4 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/07/22 03:19 | upstream | 7b6ae471e541 | 29c3f20f | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/05/22 06:21 | upstream | 45af60e7ced0 | 3c7fef33 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/04/25 07:39 | upstream | 2a1d7946fa53 | 36c88236 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/04/13 20:05 | upstream | 89698becf06d | a184b83e | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/03/28 07:24 | upstream | 0f4498cef9f5 | a8529b82 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2021/01/22 22:50 | upstream | 83d09ad4b950 | 4080af96 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | WARNING: refcount bug in qrtr_node_lookup | |||
| 2020/12/11 08:10 | upstream | 33dc9614dc20 | f900b48c | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/12/08 19:36 | upstream | cd796ed33450 | a7f7f4a4 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/11/14 06:02 | upstream | f01c30de86f1 | 1bf9a662 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/11/07 13:20 | upstream | 659caaf65dc9 | 64069d48 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/10/05 06:37 | upstream | 549738f15da0 | 5ef9c291 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/09/26 06:29 | upstream | 7c7ec3226f5f | 4a006f63 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | ||||
| 2020/09/20 01:42 | upstream | eb5f95f1593f | 53ce8104 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root |