syzbot

 sign-in | mailing list | source | docs
🐞 Open [1633]
Subsystems
🐞 Fixed [6115]
🐞 Invalid [15342]
Missing Backports [170]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in device_move

Status: upstream: reported on 2024/11/28 08:47
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+7e94d6c5abca98373aee@syzkaller.appspotmail.com
First crash: 126d, last: 1d13h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] WARNING: refcount bug in device_move 0 (1) 2024/11/28 08:47

Sample crash report:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 5829 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28
Modules linked in:
CPU: 0 UID: 0 PID: 5829 Comm: kworker/u9:5 Not tainted 6.14.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: hci2 hci_cmd_sync_work
RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28
Code: 40 72 5f 8c e8 c7 0e 9f fc 90 0f 0b 90 90 eb 99 e8 5b 65 de fc c6 05 ba 6e 23 0b 01 90 48 c7 c7 a0 72 5f 8c e8 a7 0e 9f fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 38 65 de fc c6 05 94 6e 23 0b 01 90
RSP: 0018:ffffc9000419f618 EFLAGS: 00010246
RAX: 4352ab0487a16600 RBX: ffff888027774c78 RCX: ffff88802f468000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: ffffffff817ffb32 R09: fffffbfff1cfa588
R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: ffff888027774c60
R13: ffffffff862303f0 R14: 1ffff11004eee98c R15: ffff888027774c60
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f885464aea2 CR3: 0000000027aa0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:275 [inline]
 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
 refcount_dec_and_test include/linux/refcount.h:325 [inline]
 kref_put include/linux/kref.h:64 [inline]
 klist_dec_and_del+0x3ec/0x3f0 lib/klist.c:206
 klist_put lib/klist.c:217 [inline]
 klist_del lib/klist.c:230 [inline]
 klist_remove+0x25e/0x480 lib/klist.c:249
 device_move+0x1b4/0x710 drivers/base/core.c:4591
 hci_conn_del_sysfs+0xb5/0x170 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:174 [inline]
 hci_conn_del+0x8c4/0xc40 net/bluetooth/hci_conn.c:1164
 hci_conn_failed+0x319/0x400 net/bluetooth/hci_conn.c:1267
 hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5588
 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Crashes (43):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/10 09:41 upstream a64dcfb451e2 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2025/01/13 10:47 upstream be548645527a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in device_move
2024/11/24 04:52 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in device_move
2025/03/29 12:36 upstream eff5f16bfd87 cf25e2c2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/29 04:27 upstream eff5f16bfd87 cf25e2c2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/23 03:35 upstream 183601b78a9b 4e8d3850 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/19 10:35 upstream 81e4f8d68c66 8d0a2921 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/11 10:48 upstream 4d872d51bc9d 16256247 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/09 11:25 upstream b7c90e3e717a 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/07 20:58 upstream 00a7d39898c8 7e3bd60d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/04 08:53 upstream 99fa936e8e4f c3901742 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/01 23:24 upstream 03d38806a902 c3901742 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/02/23 18:59 upstream 27102b38b8ca d34966d1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/02/18 12:08 upstream 2408a807bfc3 c37c7249 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/02/17 11:32 upstream 0ad2507d5d93 9be4ace3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/02/17 03:59 upstream ba643b6d8440 40a34ec9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/02/15 09:00 upstream 04f41cbf03ec 40a34ec9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/01/08 15:41 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/01/08 12:03 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2024/12/14 16:27 upstream a446e965a188 7cbfbb3a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2024/12/14 08:53 upstream a446e965a188 7cbfbb3a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in device_move
2025/03/17 17:08 net 4003c9e78778 948c34e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/03/13 12:22 net d2b9d97e89c7 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/02/24 14:36 net f15176b8b6e7 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/02/16 09:40 net 071ed42cff4f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/02/11 04:16 net 9dfedb8dc78b 43f51a00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/02/08 16:15 net cb827db50a88 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/01/15 19:55 net 0a5b8fff01bd 7315a7cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/01/08 03:33 net fd48f071a3d6 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2024/12/10 14:13 net f136552b7ce3 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2024/12/10 07:30 net f136552b7ce3 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in device_move
2025/03/21 15:14 net-next 6f13bec53a48 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/21 07:57 net-next 6f13bec53a48 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/19 19:26 net-next 23c9ff659140 8d0a2921 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/13 11:58 net-next 0ea09cbf8350 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/13 09:30 net-next 0ea09cbf8350 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/03/06 19:16 net-next f130a0cc1b4f 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/02/24 05:12 net-next b66e19dcf684 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/02/19 21:53 net-next de7a88b639d4 cbd8edab .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2025/01/14 05:14 net-next b1b62d6d332e b1f1cd88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2024/12/23 20:42 net-next a502ea6fa94b 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2024/12/22 06:51 net-next ae418e95dd93 d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
2024/12/21 07:35 net-next ae418e95dd93 d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in device_move
* Struck through repros no longer work on HEAD.