syzbot

 sign-in | mailing list | source | docs
🐞 Open [1506]
Subsystems
🐞 Fixed [6514]
🐞 Invalid [16570]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in device_move

Status: upstream: reported on 2024/11/28 08:47
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+7e94d6c5abca98373aee@syzkaller.appspotmail.com
First crash: 267d, last: 1d11h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] WARNING: refcount bug in device_move 0 (1) 2024/11/28 08:47
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING: refcount bug in device_move 13 1 134d 134d 0/3 auto-obsoleted due to no activity on 2025/07/15 02:20
linux-6.1 WARNING: refcount bug in device_move (2) 13 1 34d 34d 0/3 upstream: reported on 2025/07/15 11:29

Sample crash report:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 9264 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 0 UID: 0 PID: 9264 Comm: syz.6.1276 Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 28 ca e2 fc 84 db 0f 85 66 ff ff ff e8 3b cf e2 fc c6 05 10 1e 97 0b 01 90 48 c7 c7 e0 d9 f4 8b e8 27 fe a1 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 cf e2 fc 0f b6 1d eb 1d 97 0b 31
RSP: 0018:ffffc9000bb47738 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817aa908
RDX: ffff8880476f8000 RSI: ffffffff817aa915 RDI: 0000000000000001
RBP: ffff8880470ea078 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a111400
R13: ffff8880470ea078 R14: ffffffff86078b90 R15: ffffffff906a68a0
FS:  0000000000000000(0000) GS:ffff888124974000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f827cc00218 CR3: 00000000488d2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 kref_put include/linux/kref.h:64 [inline]
 klist_dec_and_del lib/klist.c:206 [inline]
 klist_put+0x11b/0x1b0 lib/klist.c:217
 klist_del lib/klist.c:230 [inline]
 klist_remove+0x13f/0x2e0 lib/klist.c:249
 device_move+0x12d/0x10d0 drivers/base/core.c:4618
 hci_conn_del_sysfs+0x81/0x180 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]
 hci_conn_del+0x566/0xdc0 net/bluetooth/hci_conn.c:1173
 hci_conn_hash_flush+0x186/0x260 net/bluetooth/hci_conn.c:2544
 hci_dev_close_sync+0x602/0x11d0 net/bluetooth/hci_sync.c:5225
 hci_dev_do_close+0x2e/0x90 net/bluetooth/hci_core.c:483
 hci_unregister_dev+0x213/0x620 net/bluetooth/hci_core.c:2678
 vhci_release+0x79/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x150/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xae2/0x2c70 kernel/exit.c:959
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1108
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
 do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ea93c1225
Code: Unable to access opcode bytes at 0x7f5ea93c11fb.
RSP: 002b:00007f5ea71f5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f5ea95b5fa0 RCX: 00007f5ea93c1225
RDX: 00007f5ea71f5fc0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f5ea9410ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f5ea95b5fa0 R15: 00007fff59843ff8
 </TASK>

Crashes (100):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/29 08:53 upstream 90b83efa6701 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in device_move
2025/02/10 09:41 upstream a64dcfb451e2 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2024/11/24 04:52 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2025/08/04 15:36 upstream 352af6a011d5 f5bcc8dc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/28 00:08 upstream b711733e89a3 fb8f743d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/22 23:07 upstream 89be9a83ccf1 8e9d1dc1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/21 07:40 upstream 89be9a83ccf1 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/06/04 12:14 upstream 5abc7438f1e9 e565f08d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/06/03 10:11 upstream d00a83477e7a a30356b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/05/13 10:42 upstream e9565e23cd89 9497799b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/06/22 08:30 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/08/15 16:58 net 065c31f2c691 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/17 22:40 net 9f735b6f8a77 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/05 02:43 net b9fd9888a565 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/04 02:27 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/02 21:22 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/26 17:35 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/20 19:15 net e0fca6f2cebf e3003213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/20 15:53 net e0fca6f2cebf e3003213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/13 05:32 net 27605c8c0f69 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/10 03:06 net fdd9ebccfc32 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/07 16:07 net 82cbd06f327f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/05 10:39 net 919d763d6094 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/04 23:09 net 12c331b29c73 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/31 14:51 net 3ec523304976 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/19 14:54 net 239af1970bcb f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/16 12:12 net ef935650e044 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/12 03:13 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/11 12:13 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/09 00:57 net 3c44b2d615e6 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/02 05:00 net 2d52e2e38b85 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/29 20:53 net d4cb1ecc2290 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/19 21:08 net 750d0ac001e8 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/19 16:29 net 750d0ac001e8 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/19 09:50 net 750d0ac001e8 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/11 20:17 net cfe82469a00f 12ba9c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/04/06 13:30 net 61f96e684edd 1c65791e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2024/12/10 07:30 net f136552b7ce3 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/08/17 05:18 net-next bab3ce404553 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/13 03:03 net-next a52f9f0d77f2 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/09 21:54 net-next ea988b450690 f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/05 01:02 net-next 6b9fd8857b9f d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/02 05:33 net-next 8f240030794c ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/28 11:50 net-next f22e6fdf7b33 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/22 04:44 net-next 091d019adce0 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/14 12:08 net-next 08207f42d3ff 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/29 03:50 net-next f6bd8faeb113 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/27 13:26 net-next 358bea91ce6b 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/25 11:39 net-next ea15e046263b ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/15 21:52 net-next 4cde0e4224ce d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/13 05:14 net-next 6b466efc6365 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/12 05:24 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/10 18:22 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/10 00:52 net-next a9ce2ce1800e bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/04/26 02:08 net-next 4acf6d4f6afc c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/04/09 16:57 net-next 420aabef3ab5 988b336c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/04/03 07:48 net-next acc4d5ff0b61 996a9618 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/31 08:20 net-next 1a9239bb4253 d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/07 05:38 linux-next 475c850a7fdd 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in device_move
* Struck through repros no longer work on HEAD.