syzbot

 sign-in | mailing list | source | docs
🐞 Open [1445]
Subsystems
🐞 Fixed [6877]
🐞 Invalid [17853]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in device_move

Status: upstream: reported on 2024/11/28 08:47
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+7e94d6c5abca98373aee@syzkaller.appspotmail.com
First crash: 423d, last: 1d13h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] WARNING: refcount bug in device_move 0 (1) 2024/11/28 08:47
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING: refcount bug in device_move 13 1 290d 290d 0/3 auto-obsoleted due to no activity on 2025/07/15 02:20
linux-6.1 WARNING: refcount bug in device_move (2) 13 1 190d 190d 0/3 auto-obsoleted due to no activity on 2025/10/23 11:30

Sample crash report:
Bluetooth: hci0: Opcode 0x0c1a failed: -4
Bluetooth: hci0: Opcode 0x0406 failed: -4
Bluetooth: hci3: Opcode 0x0c1a failed: -4
Bluetooth: hci3: Opcode 0x0406 failed: -4
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: lib/refcount.c:28 at refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28, CPU#0: syz.3.4306/20850
Modules linked in:
CPU: 0 UID: 0 PID: 20850 Comm: syz.3.4306 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28
Code: b4 68 fd 0a 67 48 0f b9 3a eb 4a e8 88 a0 32 fd 48 8d 3d b1 68 fd 0a 67 48 0f b9 3a eb 37 e8 75 a0 32 fd 48 8d 3d ae 68 fd 0a <67> 48 0f b9 3a eb 24 e8 62 a0 32 fd 48 8d 3d ab 68 fd 0a 67 48 0f
RSP: 0018:ffffc90004977078 EFLAGS: 00010287
RAX: ffffffff848f11db RBX: 0000000000000003 RCX: 0000000000080000
RDX: ffffc9000f459000 RSI: 00000000000114ed RDI: ffffffff8f8c7a90
RBP: 0000000000000000 R08: ffff888029eadb80 R09: 0000000000000005
R10: 0000000000000004 R11: 0000000000000002 R12: ffff8880525f9400
R13: ffff888053a58060 R14: ffff888053a58078 R15: dffffc0000000000
FS:  00007f924b47b6c0(0000) GS:ffff888125e35000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2edd50 CR3: 00000000875db000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 kref_put include/linux/kref.h:64 [inline]
 klist_dec_and_del+0x3c7/0x3d0 lib/klist.c:206
 klist_put lib/klist.c:217 [inline]
 klist_del lib/klist.c:230 [inline]
 klist_remove+0x1bd/0x340 lib/klist.c:249
 device_move+0x193/0x730 drivers/base/core.c:4615
 hci_conn_del_sysfs+0xb8/0x1a0 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:173 [inline]
 hci_conn_del+0xc36/0x1240 net/bluetooth/hci_conn.c:1234
 hci_abort_conn_sync+0x658/0xe30 net/bluetooth/hci_sync.c:5721
 hci_disconnect_all_sync+0x1b5/0x350 net/bluetooth/hci_sync.c:5744
 hci_suspend_sync+0x3fc/0xc90 net/bluetooth/hci_sync.c:6220
 hci_suspend_dev+0x28d/0x530 net/bluetooth/hci_core.c:2849
 hci_suspend_notifier+0xf2/0x2f0 net/bluetooth/hci_core.c:2420
 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
 notifier_call_chain_robust kernel/notifier.c:120 [inline]
 blocking_notifier_call_chain_robust+0x85/0x100 kernel/notifier.c:345
 pm_notifier_call_chain_robust+0x2c/0x60 kernel/power/main.c:172
 snapshot_open+0x19c/0x280 kernel/power/user.c:77
 misc_open+0x2d5/0x350 drivers/char/misc.c:163
 chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414
 do_dentry_open+0x7ce/0x1420 fs/open.c:962
 vfs_open+0x3b/0x340 fs/open.c:1094
 do_open fs/namei.c:4628 [inline]
 path_openat+0x340e/0x3dd0 fs/namei.c:4787
 do_filp_open+0x1fa/0x410 fs/namei.c:4814
 do_sys_openat2+0x121/0x200 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f924a58f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f924b47b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f924a7e5fa0 RCX: 00007f924a58f749
RDX: 0000000000040080 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007f924a613f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f924a7e6038 R14: 00007f924a7e5fa0 R15: 00007ffc572e66d8
 </TASK>
----------------
Code disassembly (best guess):
   0:	b4 68                	mov    $0x68,%ah
   2:	fd                   	std
   3:	0a 67 48             	or     0x48(%rdi),%ah
   6:	0f b9 3a             	ud1    (%rdx),%edi
   9:	eb 4a                	jmp    0x55
   b:	e8 88 a0 32 fd       	call   0xfd32a098
  10:	48 8d 3d b1 68 fd 0a 	lea    0xafd68b1(%rip),%rdi        # 0xafd68c8
  17:	67 48 0f b9 3a       	ud1    (%edx),%rdi
  1c:	eb 37                	jmp    0x55
  1e:	e8 75 a0 32 fd       	call   0xfd32a098
  23:	48 8d 3d ae 68 fd 0a 	lea    0xafd68ae(%rip),%rdi        # 0xafd68d8
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	eb 24                	jmp    0x55
  31:	e8 62 a0 32 fd       	call   0xfd32a098
  36:	48 8d 3d ab 68 fd 0a 	lea    0xafd68ab(%rip),%rdi        # 0xafd68e8
  3d:	67                   	addr32
  3e:	48                   	rex.W
  3f:	0f                   	.byte 0xf

Crashes (171):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/19 14:31 upstream dd9b004b7ff3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: refcount bug in device_move
2025/05/29 08:53 upstream 90b83efa6701 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in device_move
2025/02/10 09:41 upstream a64dcfb451e2 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2024/11/24 04:52 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2026/01/20 07:52 upstream 24d479d26b25 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/19 00:24 upstream e84d960149e7 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/18 17:58 upstream e84d960149e7 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/18 08:22 upstream d12453c7e281 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/14 16:04 upstream c537e12daeec d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/01 19:40 upstream b69053dd3ffb d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/01 15:55 upstream b69053dd3ffb d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/12/27 06:17 upstream 3f0e9c8cefa9 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/12/20 03:39 upstream dd9b004b7ff3 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/12/09 23:53 upstream cb015814f8b6 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/11/26 15:11 upstream 30f09200cc4a c116feb4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2026/01/13 14:01 upstream b71e635feefc d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/12/03 21:57 upstream 3f9f0252130e d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2025/11/01 20:01 upstream 691d401c7e0e 2c50b6a9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in device_move
2026/01/12 12:43 net 16ce6e6fa946 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2026/01/10 19:26 net 7470a7a63dc1 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2026/01/08 09:04 net 653267321f05 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2026/01/08 02:57 net 653267321f05 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2026/01/02 15:12 net dbf8fe85a16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/12/23 21:01 net 2a2618c050e7 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/12/22 04:52 net 7b8e9264f55a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/12/07 18:52 net 0373d5c387f2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/12/05 17:53 net 0373d5c387f2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/12/05 15:34 net 0373d5c387f2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/11/28 02:35 net f07f4ea53e22 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/11/20 15:48 net 3ceb6ac2116e 280ea308 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/11/10 09:02 net 96a9178a29a6 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2026/01/14 10:09 net-next c65182ef9df6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2026/01/09 12:48 net-next 59ba823e689f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2026/01/07 12:59 net-next 8e7148b56023 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2026/01/02 21:24 net-next dbf8fe85a16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2026/01/01 03:28 net-next dbf8fe85a16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/26 07:32 net-next 7b8e9264f55a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/24 02:26 net-next 7b8e9264f55a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/20 19:00 net-next 7b8e9264f55a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/20 11:20 net-next 7b8e9264f55a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/15 20:48 net-next 8f7aa3d3c732 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/13 04:27 net-next 8f7aa3d3c732 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/02 15:15 net-next 31a3ed492dd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/30 05:32 net-next ff736a286116 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/28 01:25 net-next 73f784b2c938 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/27 12:09 net-next c01a6e5b2e4f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/15 23:20 net-next c9dfb92de073 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/15 04:54 net-next 04ca7a69a35b f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/11/12 02:29 net-next 21f43f4a2b57 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/12/17 05:20 linux-next 12b95d29eb97 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in device_move
2025/09/23 10:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci b5db4add5e77 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING: refcount bug in device_move
* Struck through repros no longer work on HEAD.