syzbot

 sign-in | mailing list | source | docs
🐞 Open [1508]
Subsystems
🐞 Fixed [6627]
🐞 Invalid [16966]
Missing Backports [211]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in device_move

Status: upstream: reported on 2024/11/28 08:47
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+7e94d6c5abca98373aee@syzkaller.appspotmail.com
First crash: 314d, last: 5d02h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] WARNING: refcount bug in device_move 0 (1) 2024/11/28 08:47
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING: refcount bug in device_move 13 1 182d 182d 0/3 auto-obsoleted due to no activity on 2025/07/15 02:20
linux-6.1 WARNING: refcount bug in device_move (2) 13 1 81d 81d 0/3 upstream: reported on 2025/07/15 11:29

Sample crash report:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 9264 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 0 UID: 0 PID: 9264 Comm: syz.6.1276 Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 28 ca e2 fc 84 db 0f 85 66 ff ff ff e8 3b cf e2 fc c6 05 10 1e 97 0b 01 90 48 c7 c7 e0 d9 f4 8b e8 27 fe a1 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 cf e2 fc 0f b6 1d eb 1d 97 0b 31
RSP: 0018:ffffc9000bb47738 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817aa908
RDX: ffff8880476f8000 RSI: ffffffff817aa915 RDI: 0000000000000001
RBP: ffff8880470ea078 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a111400
R13: ffff8880470ea078 R14: ffffffff86078b90 R15: ffffffff906a68a0
FS:  0000000000000000(0000) GS:ffff888124974000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f827cc00218 CR3: 00000000488d2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 kref_put include/linux/kref.h:64 [inline]
 klist_dec_and_del lib/klist.c:206 [inline]
 klist_put+0x11b/0x1b0 lib/klist.c:217
 klist_del lib/klist.c:230 [inline]
 klist_remove+0x13f/0x2e0 lib/klist.c:249
 device_move+0x12d/0x10d0 drivers/base/core.c:4618
 hci_conn_del_sysfs+0x81/0x180 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]
 hci_conn_del+0x566/0xdc0 net/bluetooth/hci_conn.c:1173
 hci_conn_hash_flush+0x186/0x260 net/bluetooth/hci_conn.c:2544
 hci_dev_close_sync+0x602/0x11d0 net/bluetooth/hci_sync.c:5225
 hci_dev_do_close+0x2e/0x90 net/bluetooth/hci_core.c:483
 hci_unregister_dev+0x213/0x620 net/bluetooth/hci_core.c:2678
 vhci_release+0x79/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x150/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xae2/0x2c70 kernel/exit.c:959
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1108
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
 do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ea93c1225
Code: Unable to access opcode bytes at 0x7f5ea93c11fb.
RSP: 002b:00007f5ea71f5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f5ea95b5fa0 RCX: 00007f5ea93c1225
RDX: 00007f5ea71f5fc0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f5ea9410ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f5ea95b5fa0 R15: 00007fff59843ff8
 </TASK>

Crashes (115):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/29 08:53 upstream 90b83efa6701 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in device_move
2025/02/10 09:41 upstream a64dcfb451e2 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2024/11/24 04:52 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2025/09/22 11:46 upstream 07e27ad16399 770ff59f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/09/12 12:54 upstream 320475fbd590 e2beed91 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/09/10 03:44 upstream 9dd1835ecda5 fdeaa69b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/08/27 11:22 upstream fab1beda7597 e12e5ba4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/08/04 15:36 upstream 352af6a011d5 f5bcc8dc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/28 00:08 upstream b711733e89a3 fb8f743d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/22 23:07 upstream 89be9a83ccf1 8e9d1dc1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/07/21 07:40 upstream 89be9a83ccf1 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/06/04 12:14 upstream 5abc7438f1e9 e565f08d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/06/03 10:11 upstream d00a83477e7a a30356b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/09/20 17:18 upstream cd89d487374c 67c37560 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/08/24 05:20 upstream 8d245acc1e88 bf27483f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/06/22 08:30 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/09/30 01:22 net 012ea489aeda 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/09/16 06:55 net 4351ca3fcb3f e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/09/08 00:16 net e2a10daba849 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/09/05 08:44 net 157cf360c4a8 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/09/01 04:12 net 788bc43d8330 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/08/21 09:34 net f7b0b97c2d38 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/08/15 16:58 net 065c31f2c691 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/17 22:40 net 9f735b6f8a77 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/05 02:43 net b9fd9888a565 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/04 02:27 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/07/02 21:22 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/26 17:35 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/20 19:15 net e0fca6f2cebf e3003213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/20 15:53 net e0fca6f2cebf e3003213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/13 05:32 net 27605c8c0f69 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/10 03:06 net fdd9ebccfc32 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/07 16:07 net 82cbd06f327f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/05 10:39 net 919d763d6094 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/06/04 23:09 net 12c331b29c73 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/31 14:51 net 3ec523304976 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/19 14:54 net 239af1970bcb f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/05/16 12:12 net ef935650e044 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/09/10 01:52 net-next 3b4296f5893d fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/08/30 18:05 net-next 864ecc4a6dad 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/08/17 05:18 net-next bab3ce404553 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/13 03:03 net-next a52f9f0d77f2 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/09 21:54 net-next ea988b450690 f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/05 01:02 net-next 6b9fd8857b9f d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/07/02 05:33 net-next 8f240030794c ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/28 11:50 net-next f22e6fdf7b33 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/22 04:44 net-next 091d019adce0 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/14 12:08 net-next 08207f42d3ff 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/29 03:50 net-next f6bd8faeb113 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/27 13:26 net-next 358bea91ce6b 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/05/25 11:39 net-next ea15e046263b ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/06/07 05:38 linux-next 475c850a7fdd 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in device_move
2025/09/23 10:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci b5db4add5e77 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING: refcount bug in device_move
* Struck through repros no longer work on HEAD.