syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in get_taint (2)

Status: upstream: reported C repro on 2024/09/17 00:15
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+72d3b151aacf9fa74455@syzkaller.appspotmail.com
First crash: 69d, last: 1d10h
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly can report (Nov 2024) 0 (1) 2024/11/04 08:50
[syzbot] [usb?] WARNING: refcount bug in get_taint (2) 0 (1) 2024/09/17 00:15
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: refcount bug in get_taint net 2 86d 112d 27/28 fixed on 2024/08/26 12:53

Sample crash report:
usb 1-1: USB disconnect, device number 2
------------[ cut here ]------------
WARNING: CPU: 1 PID: 46 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28
refcount_t: underflow; use-after-free.
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.11.0-rc7-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: usb_hub_wq hub_event
Call trace: 
[<8195d3d8>] (dump_backtrace) from [<8195d4d4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257)
 r7:00000000 r6:826228c4 r5:00000000 r4:8200cac0
[<8195d4bc>] (show_stack) from [<8197b1f4>] (__dump_stack lib/dump_stack.c:93 [inline])
[<8195d4bc>] (show_stack) from [<8197b1f4>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:119)
[<8197b1a0>] (dump_stack_lvl) from [<8197b234>] (dump_stack+0x18/0x1c lib/dump_stack.c:128)
 r5:00000000 r4:8286dd18
[<8197b21c>] (dump_stack) from [<8195df7c>] (panic+0x120/0x368 kernel/panic.c:354)
[<8195de5c>] (panic) from [<802421e4>] (check_panic_on_warn kernel/panic.c:243 [inline])
[<8195de5c>] (panic) from [<802421e4>] (get_taint+0x0/0x1c kernel/panic.c:238)
 r3:8260c5c4 r2:00000001 r1:81ff52e4 r0:81ffd0bc
 r7:80813f4c
[<80242170>] (check_panic_on_warn) from [<80242338>] (__warn+0x7c/0x180 kernel/panic.c:741)
[<802422bc>] (__warn) from [<80242624>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:774)
 r8:00000009 r7:8205adc0 r6:df91dc04 r5:8348a400 r4:00000000
[<80242440>] (warn_slowpath_fmt) from [<80813f4c>] (refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28)
 r10:827c8bd8 r9:848e4080 r8:00000044 r7:848e4430 r6:83ed47b4 r5:848e4400
 r4:83ed4000
[<80813e10>] (refcount_warn_saturate) from [<819372e0>] (__refcount_sub_and_test include/linux/refcount.h:275 [inline])
[<80813e10>] (refcount_warn_saturate) from [<819372e0>] (__refcount_dec_and_test include/linux/refcount.h:307 [inline])
[<80813e10>] (refcount_warn_saturate) from [<819372e0>] (refcount_dec_and_test include/linux/refcount.h:325 [inline])
[<80813e10>] (refcount_warn_saturate) from [<819372e0>] (kref_put include/linux/kref.h:64 [inline])
[<80813e10>] (refcount_warn_saturate) from [<819372e0>] (kobject_put+0x158/0x1f4 lib/kobject.c:737)
[<81937188>] (kobject_put) from [<80a74a04>] (put_device+0x18/0x1c drivers/base/core.c:3790)
 r7:848e4430 r6:83ed47b4 r5:848e4400 r4:83ed4000
[<80a749ec>] (put_device) from [<81344bf8>] (hdm_disconnect+0x98/0x9c drivers/most/most_usb.c:1130)
[<81344b60>] (hdm_disconnect) from [<80dbe638>] (usb_unbind_interface+0x84/0x2c4 drivers/usb/core/driver.c:461)
 r7:848e4430 r6:827c8bd8 r5:00000000 r4:848e4400
[<80dbe5b4>] (usb_unbind_interface) from [<80a7c8dc>] (device_remove drivers/base/dd.c:568 [inline])
[<80dbe5b4>] (usb_unbind_interface) from [<80a7c8dc>] (device_remove+0x64/0x6c drivers/base/dd.c:560)
 r10:00000000 r9:848e4080 r8:00000044 r7:848e4474 r6:827c8bd8 r5:00000000
 r4:848e4430
[<80a7c878>] (device_remove) from [<80a7ddf4>] (__device_release_driver drivers/base/dd.c:1272 [inline])
[<80a7c878>] (device_remove) from [<80a7ddf4>] (device_release_driver_internal+0x18c/0x200 drivers/base/dd.c:1295)
 r5:00000000 r4:848e4430
[<80a7dc68>] (device_release_driver_internal) from [<80a7de80>] (device_release_driver+0x18/0x1c drivers/base/dd.c:1318)
 r9:848e4080 r8:82fbc140 r7:82fbc138 r6:82fbc10c r5:848e4430 r4:82fbc130
[<80a7de68>] (device_release_driver) from [<80a7bf60>] (bus_remove_device+0xcc/0x120 drivers/base/bus.c:574)
[<80a7be94>] (bus_remove_device) from [<80a76070>] (device_del+0x148/0x38c drivers/base/core.c:3871)
 r9:848e4080 r8:8348a400 r7:04208060 r6:00000000 r5:848e4430 r4:848e4474
[<80a75f28>] (device_del) from [<80dbc054>] (usb_disable_device+0xdc/0x1f0 drivers/usb/core/message.c:1418)
 r10:00000000 r9:00000000 r8:848e4400 r7:848e4000 r6:84aae288 r5:00000001
 r4:00000038
[<80dbbf78>] (usb_disable_device) from [<80db0eb8>] (usb_disconnect+0xec/0x29c drivers/usb/core/hub.c:2304)
 r10:00000001 r9:83ff9600 r8:848e40c4 r7:83e03c00 r6:848e4080 r5:848e4000
 r4:60000013
[<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_port_connect drivers/usb/core/hub.c:5361 [inline])
[<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_port_connect_change drivers/usb/core/hub.c:5661 [inline])
[<80db0dcc>] (usb_disconnect) from [<80db3b68>] (port_event drivers/usb/core/hub.c:5821 [inline])
[<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_event+0xe78/0x194c drivers/usb/core/hub.c:5903)
 r10:00000001 r9:00000100 r8:839cc900 r7:848e4000 r6:83e03400 r5:83e03e10
 r4:00000001
[<80db2cf0>] (hub_event) from [<80265f04>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3231)
 r10:82ea8c05 r9:8348a400 r8:01800000 r7:ddde4000 r6:82ea8c00 r5:839cc900
 r4:82fbdb80
[<80265d50>] (process_one_work) from [<80266ae8>] (process_scheduled_works kernel/workqueue.c:3312 [inline])
[<80265d50>] (process_one_work) from [<80266ae8>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3393)
 r10:8348a400 r9:82fbdbac r8:61c88647 r7:ddde4020 r6:82604d40 r5:ddde4000
 r4:82fbdb80
[<802668fc>] (worker_thread) from [<8026fb04>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:df87de78 r8:82fbfbc0 r7:82fbdb80 r6:802668fc r5:8348a400
 r4:82fbf940
[<8026fa00>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdf91dfb0 to 0xdf91dff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fa00 r4:82fbf940
Rebooting in 86400 seconds..

Crashes (629):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/14 07:45 upstream e936e7d4a83b ff60e2ca .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/19 19:43 upstream 158f238aa69d 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/19 06:20 upstream 23acd177540d 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/18 18:17 upstream adc218676eef 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/18 11:18 upstream adc218676eef 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/18 07:31 upstream adc218676eef 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/17 18:40 upstream 4a5df3796467 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/17 10:24 upstream b5a24181e461 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/16 17:02 upstream e8bdb3c8be08 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/16 16:34 upstream e8bdb3c8be08 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/16 05:49 upstream f868cd251776 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/15 10:23 upstream cfaaa7d010d1 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/14 13:03 upstream 0a9b9d17f3a7 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/13 20:21 upstream f1b785f4c787 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/13 18:30 upstream f1b785f4c787 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/13 09:15 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/13 08:58 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/11 18:31 upstream 2d5404caa8c7 0c4b1325 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/11 15:51 upstream 2d5404caa8c7 0c4b1325 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/11 03:00 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/10 14:39 upstream de2f378f2b77 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/10 13:37 upstream de2f378f2b77 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/09 21:26 upstream da4373fbcf00 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/09 20:26 upstream da4373fbcf00 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/09 12:02 upstream f1dce1f09380 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/09 10:23 upstream f1dce1f09380 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/09 08:31 upstream f1dce1f09380 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/08 10:26 upstream 906bd684e4b1 179b040e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/07 08:33 upstream 7758b206117d df3dc63b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/06 08:49 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/06 08:37 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/06 06:53 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/05 22:36 upstream 2e1b3cc9d7f7 da38b4c9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/04 20:23 upstream 59b723cd2adb 7bfecfb9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/04 03:32 upstream a33ab3f94f51 f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/04 03:30 upstream a33ab3f94f51 f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/03 19:21 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/03 14:38 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/03 05:14 upstream 11066801dd4b f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/02 11:55 upstream c426456857fa f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/02 09:53 upstream c426456857fa f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/02 00:01 upstream 6c52d4da1c74 9f6834c9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/01 22:32 upstream 6c52d4da1c74 9f6834c9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/01 21:15 upstream 6c52d4da1c74 9f6834c9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/01 10:54 upstream 90602c251cda 96eb609f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
2024/11/01 07:34 upstream 90602c251cda 96eb609f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING: refcount bug in get_taint
* Struck through repros no longer work on HEAD.