syzbot

 sign-in | mailing list | source | docs
🐞 Open [1515]
Subsystems
🐞 Fixed [6488]
🐞 Invalid [16486]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in process_one_work

Status: upstream: reported C repro on 2025/07/29 21:59
Subsystems: fuse
[Documentation on labels]
Reported-by: syzbot+a638ae70fa7b6a1353b4@syzkaller.appspotmail.com
First crash: 9d04h, last: now
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [fuse?] WARNING: refcount bug in process_one_work 0 (1) 2025/07/29 21:59

Sample crash report:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 34 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 34 Comm: kworker/3:0 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: md_misc mddev_delayed_delete
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 d8 7f da fc 84 db 0f 85 66 ff ff ff e8 eb 84 da fc c6 05 19 50 b0 0b 01 90 48 c7 c7 e0 6a 15 8c e8 d7 8b 99 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 84 da fc 0f b6 1d f4 4f b0 0b 31
RSP: 0018:ffffc900006dfc10 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b01b8
RDX: ffff88801eaac880 RSI: ffffffff817b01c5 RDI: 0000000000000001
RBP: ffff88802a5f4130 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a5f4134
R13: dffffc0000000000 R14: ffff88802a5f4130 R15: ffffc900006dfd10
FS:  0000000000000000(0000) GS:ffff8880d69f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f43c9dddd58 CR3: 0000000032cdc000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 kref_put include/linux/kref.h:64 [inline]
 kobject_put+0x230/0x5a0 lib/kobject.c:737
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (1861):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/29 02:42 upstream ced1b9e0392d c4a95487 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/07/29 02:16 upstream ced1b9e0392d c4a95487 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 23:07 upstream 479058002c32 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/06 18:27 upstream 479058002c32 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING: refcount bug in process_one_work
2025/08/06 15:41 upstream 479058002c32 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/06 08:59 upstream 6bcdbd62bd56 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/06 02:44 upstream 6bcdbd62bd56 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/06 01:28 upstream 7e161a991ea7 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/06 01:26 upstream 7e161a991ea7 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/05 18:39 upstream 7e161a991ea7 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/05 12:31 upstream 7e161a991ea7 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/07 05:56 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 05:52 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 04:47 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 02:04 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 00:10 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 22:03 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 21:23 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 20:23 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 17:26 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 15:00 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 13:02 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 11:59 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 11:04 upstream a530a36bb548 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 10:16 upstream a530a36bb548 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 06:51 upstream a530a36bb548 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 04:29 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 03:19 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 02:29 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/06 00:25 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 23:04 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 22:53 upstream 7e161a991ea7 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 21:30 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 19:49 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 17:11 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 14:57 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 14:51 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 13:32 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 11:16 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 10:32 upstream 7e161a991ea7 37880f40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 09:32 upstream 7e161a991ea7 f5bcc8dc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/05 09:16 upstream 7e161a991ea7 f5bcc8dc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 03:31 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/07 01:02 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/06 13:56 upstream 479058002c32 4bd24a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/06 07:54 upstream 7881cd6886a8 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/06 05:21 upstream 7881cd6886a8 ffe1dd46 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
* Struck through repros no longer work on HEAD.