syzbot

 sign-in | mailing list | source | docs
🐞 Open [1497]
Subsystems
🐞 Fixed [6511]
🐞 Invalid [16555]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in process_one_work

Status: upstream: reported C repro on 2025/07/29 21:59
Subsystems: fuse
[Documentation on labels]
Reported-by: syzbot+a638ae70fa7b6a1353b4@syzkaller.appspotmail.com
First crash: 17d, last: 6d01h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [fuse?] WARNING: refcount bug in process_one_work 0 (2) 2025/08/09 13:31
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/08/09 13:31 21m penguin-kernel@i-love.sakura.ne.jp patch upstream OK log

Sample crash report:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 34 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 34 Comm: kworker/3:0 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: md_misc mddev_delayed_delete
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 d8 7f da fc 84 db 0f 85 66 ff ff ff e8 eb 84 da fc c6 05 19 50 b0 0b 01 90 48 c7 c7 e0 6a 15 8c e8 d7 8b 99 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 84 da fc 0f b6 1d f4 4f b0 0b 31
RSP: 0018:ffffc900006dfc10 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b01b8
RDX: ffff88801eaac880 RSI: ffffffff817b01c5 RDI: 0000000000000001
RBP: ffff88802a5f4130 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a5f4134
R13: dffffc0000000000 R14: ffff88802a5f4130 R15: ffffc900006dfd10
FS:  0000000000000000(0000) GS:ffff8880d69f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f43c9dddd58 CR3: 0000000032cdc000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 kref_put include/linux/kref.h:64 [inline]
 kobject_put+0x230/0x5a0 lib/kobject.c:737
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (2153):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/29 02:42 upstream ced1b9e0392d c4a95487 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/07/29 02:16 upstream ced1b9e0392d c4a95487 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 18:40 upstream 0227b49b5027 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/09 06:45 upstream 0227b49b5027 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/09 06:44 upstream 0227b49b5027 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/09 01:38 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/08 23:13 upstream 37816488247d 987b750d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/08 13:42 upstream 37816488247d 987b750d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/08 13:42 upstream 37816488247d 987b750d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/08 06:59 upstream bec077162bd0 6a893178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/08 03:42 upstream 6e64f4580381 6a893178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING: refcount bug in process_one_work
2025/08/07 20:54 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/07 14:01 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/07 12:36 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/07 11:22 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in process_one_work
2025/08/09 09:59 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 09:28 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 07:50 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 05:44 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 04:06 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 01:25 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 00:22 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 23:59 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 22:26 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 19:30 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 18:14 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 17:11 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 16:00 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 10:51 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 04:45 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 03:31 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/08 02:11 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 23:20 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 23:01 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 18:26 upstream 6e64f4580381 04cffc22 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 16:55 upstream 6e64f4580381 04cffc22 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 15:40 upstream 6e64f4580381 04cffc22 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 11:34 upstream 6e64f4580381 04cffc22 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 07:01 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 05:56 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/07 05:52 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING: refcount bug in process_one_work
2025/08/09 11:09 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/09 02:57 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/09 02:38 upstream 37816488247d 32a0e5ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/08 12:38 upstream bec077162bd0 56444e07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/08 06:48 upstream bec077162bd0 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/08 00:45 upstream 6e64f4580381 6a893178 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/07 08:23 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
2025/08/07 07:16 upstream cca7a0aae895 9a42d6b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in process_one_work
* Struck through repros no longer work on HEAD.