syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING: refcount bug in kobject_get

Status: closed as invalid on 2019/08/19 12:30
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+b74b8b6e712f33454561@syzkaller.appspotmail.com
First crash: 2333d, last: 1999d
Discussions (4)
Title Replies (including bot) Last reply
Reminder: 29 open syzbot bugs in bluetooth subsystem 1 (1) 2019/07/24 01:41
Reminder: 29 open syzbot bugs in bluetooth subsystem 1 (1) 2019/07/09 19:07
Reminder: 27 open syzbot bugs in bluetooth subsystem 1 (1) 2019/06/24 05:14
WARNING: refcount bug in kobject_get 0 (1) 2018/09/10 07:21
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING: refcount bug in kobject_get C done 21 1882d 2112d 1/1 fixed on 2020/01/03 09:37
linux-4.14 WARNING: refcount bug in kobject_get C done 20 1882d 2116d 1/1 fixed on 2020/01/03 09:37

Sample crash report:
------------[ cut here ]------------
refcount_t: increment on 0; use-after-free.
WARNING: CPU: 0 PID: 10363 at lib/refcount.c:156 refcount_inc_checked lib/refcount.c:156 [inline]
WARNING: CPU: 0 PID: 10363 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70 lib/refcount.c:154
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 10363 Comm: syz-executor494 Not tainted 5.3.0-rc2+ #112
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2dc/0x755 kernel/panic.c:219
 __warn.cold+0x20/0x4c kernel/panic.c:576
 report_bug+0x263/0x2b0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1026
RIP: 0010:refcount_inc_checked lib/refcount.c:156 [inline]
RIP: 0010:refcount_inc_checked+0x61/0x70 lib/refcount.c:154
Code: 1d 5e 90 64 06 31 ff 89 de e8 eb 99 35 fe 84 db 75 dd e8 a2 98 35 fe 48 c7 c7 80 03 c6 87 c6 05 3e 90 64 06 01 e8 57 05 07 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41
RSP: 0018:ffff8880a818f8f8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815c5216 RDI: ffffed1015031f11
RBP: ffff8880a818f908 R08: ffff8880a7e70300 R09: ffffed1015d04101
R10: ffffed1015d04100 R11: ffff8880ae820807 R12: ffff88821adec338
R13: ffff888094299820 R14: ffff888094299818 R15: ffff88821adec2b8
 kref_get include/linux/kref.h:45 [inline]
 kobject_get+0x66/0xc0 lib/kobject.c:644
 kset_get include/linux/kobject.h:214 [inline]
 kobj_kset_join lib/kobject.c:194 [inline]
 kobject_add_internal lib/kobject.c:246 [inline]
 kobject_add_internal+0x14f/0x380 lib/kobject.c:225
 kobject_add_varg lib/kobject.c:390 [inline]
 kobject_add+0x150/0x1c0 lib/kobject.c:442
 class_dir_create_and_add drivers/base/core.c:1735 [inline]
 get_device_parent.isra.0+0x413/0x560 drivers/base/core.c:1790
 device_add+0x2df/0x17a0 drivers/base/core.c:2051
 hci_register_dev+0x2e8/0x8f0 net/bluetooth/hci_core.c:3307
 __vhci_create_device+0x2c5/0x5d0 drivers/bluetooth/hci_vhci.c:124
 vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
 vhci_write+0x2d0/0x470 drivers/bluetooth/hci_vhci.c:284
 call_write_iter include/linux/fs.h:1870 [inline]
 new_sync_write+0x4d3/0x770 fs/read_write.c:483
 __vfs_write+0xe1/0x110 fs/read_write.c:496
 vfs_write+0x268/0x5d0 fs/read_write.c:558
 ksys_write+0x14f/0x290 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write fs/read_write.c:620 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:620
 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441279
Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fffdebca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 0000000000014777 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401ff0
R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (530):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/01 21:31 upstream 1e78030e5e5b 835dffe7 .config console log report syz C ci-upstream-kasan-gce
2019/07/04 20:27 upstream 550d1f5bda33 55565fa0 .config console log report syz C ci-upstream-kasan-gce
2019/07/01 02:30 upstream 6fbc7275c7a9 699d6448 .config console log report syz C ci-upstream-kasan-gce-root
2019/06/03 22:27 upstream f2c7c76c5d0a 63bf051f .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/05/04 08:57 upstream a4ccb5f9dc6c d28f4ce5 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/05/04 06:47 upstream a4ccb5f9dc6c d28f4ce5 .config console log report syz C ci-upstream-kasan-gce
2019/05/04 06:21 upstream a4ccb5f9dc6c d28f4ce5 .config console log report syz C ci-upstream-kasan-gce-root
2019/04/28 17:20 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/28 17:17 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce
2019/04/28 17:12 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-root
2019/04/27 05:53 upstream d0473f978e61 b617407b .config console log report syz C ci-upstream-kasan-gce-root
2019/04/27 05:53 upstream d0473f978e61 b617407b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/04/27 05:46 upstream d0473f978e61 b617407b .config console log report syz C ci-upstream-kasan-gce
2019/04/27 05:46 upstream d0473f978e61 b617407b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/26 11:40 upstream 8113a85f8720 b617407b .config console log report syz C ci-upstream-kasan-gce
2019/04/26 11:30 upstream 8113a85f8720 b617407b .config console log report syz C ci-upstream-kasan-gce-root
2019/04/18 18:48 upstream e53f31bffe1d b0e8efcb .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/18 16:35 upstream e53f31bffe1d b0e8efcb .config console log report syz C ci-upstream-kasan-gce-root
2019/04/18 16:32 upstream e53f31bffe1d b0e8efcb .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/04/18 15:50 upstream e53f31bffe1d b0e8efcb .config console log report syz C ci-upstream-kasan-gce
2019/04/16 10:59 upstream 5512320c9f6f 505ab413 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/16 10:43 upstream 618d919cae2f 505ab413 .config console log report syz C ci-upstream-kasan-gce-root
2019/04/14 14:43 upstream 4443f8e6ac77 505ab413 .config console log report syz C ci-upstream-kasan-gce
2019/04/14 13:29 upstream 4443f8e6ac77 505ab413 .config console log report syz C ci-upstream-kasan-gce-root
2019/04/14 13:19 upstream 4443f8e6ac77 505ab413 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/04/14 13:02 upstream 4443f8e6ac77 505ab413 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/07/01 01:12 upstream 6fbc7275c7a9 699d6448 .config console log report syz C ci-upstream-kasan-gce-386
2019/06/03 22:25 upstream f2c7c76c5d0a 63bf051f .config console log report syz C ci-upstream-kasan-gce-386
2019/04/28 17:18 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-386
2019/04/26 11:50 upstream 8113a85f8720 b617407b .config console log report syz C ci-upstream-kasan-gce-386
2019/04/18 15:57 upstream e53f31bffe1d b0e8efcb .config console log report syz C ci-upstream-kasan-gce-386
2019/04/14 14:47 upstream 4443f8e6ac77 505ab413 .config console log report syz C ci-upstream-kasan-gce-386
2018/09/10 03:27 upstream 9a5682765a2e 6b5120a4 .config console log report syz C ci-upstream-kasan-gce-386
2019/05/04 06:09 linux-next 76a893bbbf75 d28f4ce5 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/28 17:27 linux-next 3ddfa8af5dc9 b617407b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/27 05:41 linux-next 3ddfa8af5dc9 b617407b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/26 11:39 linux-next 3ddfa8af5dc9 b617407b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/18 15:48 linux-next 3f018f4a019a b0e8efcb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/14 21:57 linux-next bcb67f0fbce9 505ab413 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/05/04 06:01 upstream a4ccb5f9dc6c d28f4ce5 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/04/26 11:28 upstream 8113a85f8720 b617407b .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/04/27 05:40 upstream d0473f978e61 b617407b .config console log report syz ci-upstream-kasan-gce-386
2019/08/09 00:50 https://github.com/google/kasan.git usb-fuzzer e96407b49762 bcc419e9 .config console log report syz ci2-upstream-usb
2019/08/06 10:04 upstream 0eb0ce0a78e1 6affd8e8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/02 10:00 upstream 1e78030e5e5b 835dffe7 .config console log report ci-upstream-kasan-gce-selinux-root
2019/07/30 21:27 upstream 2a11c76e5301 f28bf2a5 .config console log report ci-upstream-kasan-gce
2019/07/30 18:00 upstream 2a11c76e5301 f28bf2a5 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/21 08:08 upstream abdfd52a295f 1656845f .config console log report ci-upstream-kasan-gce
2019/07/20 03:13 upstream 3bfe1fc46794 1656845f .config console log report ci-upstream-kasan-gce-root
2019/07/02 23:41 upstream 6fbc7275c7a9 55565fa0 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/01 22:41 upstream 6fbc7275c7a9 907bf746 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/30 22:57 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce
2019/06/30 11:34 upstream 728254541ebc 7509bf36 .config console log report ci-upstream-kasan-gce-root
2019/06/29 12:35 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce
2019/06/28 14:33 upstream c84afab02c31 7509bf36 .config console log report ci-upstream-kasan-gce-root
2019/06/28 08:17 upstream c84afab02c31 7509bf36 .config console log report ci-upstream-kasan-gce-root
2019/06/26 08:49 upstream 249155c20f9b 0a8d1a96 .config console log report ci-upstream-kasan-gce-root
2019/06/24 18:34 upstream 241e39004581 472f0082 .config console log report ci-upstream-kasan-gce
2019/06/22 15:24 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/21 18:43 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/19 21:30 upstream bed3c0d84e7e 34bf9440 .config console log report ci-upstream-kasan-gce-root
2019/06/18 04:55 upstream 9e0babf2c06c 442206d7 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/15 10:38 upstream 0011572c8830 442206d7 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/14 15:12 upstream c11fb13a117e 998ccc76 .config console log report ci-upstream-kasan-gce
2019/06/12 16:53 upstream aa7235483a83 794a1ad7 .config console log report ci-upstream-kasan-gce
2019/06/12 15:34 upstream aa7235483a83 794a1ad7 .config console log report ci-upstream-kasan-gce
2019/06/11 16:54 upstream 01ccc3ad4413 5b5826d0 .config console log report ci-upstream-kasan-gce
2019/06/11 14:40 upstream 01ccc3ad4413 5b5826d0 .config console log report ci-upstream-kasan-gce
2019/06/10 05:37 upstream d1fdb6d8f6a4 0159583c .config console log report ci-upstream-kasan-gce-smack-root
2019/06/09 08:39 upstream 8d72e5bd86cb 0159583c .config console log report ci-upstream-kasan-gce
2019/06/08 21:48 upstream 79c3ba3206c7 0159583c .config console log report ci-upstream-kasan-gce-root
2019/06/08 06:20 upstream 79c3ba3206c7 cf9c3a50 .config console log report ci-upstream-kasan-gce-root
2019/06/06 03:17 upstream 156c05917e09 a547defc .config console log report ci-upstream-kasan-gce-smack-root
2019/06/06 00:35 upstream 156c05917e09 bfb4a51e .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/05 00:00 upstream 788a024921c4 e41a20c5 .config console log report ci-upstream-kasan-gce
2019/05/23 07:34 upstream 54dee406374c 0dadcd9d .config console log report ci-upstream-kasan-gce-smack-root
2018/09/09 01:32 upstream d7b686ebf704 6b5120a4 .config console log report ci-upstream-kasan-gce
2019/07/31 06:55 upstream 629f8205a6cc 7c7ded69 .config console log report ci-upstream-kasan-gce-386
2019/07/30 00:00 upstream 2a11c76e5301 f67095ee .config console log report ci-upstream-kasan-gce-386
2019/07/01 08:30 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce-386
2019/06/09 22:17 upstream d1fdb6d8f6a4 0159583c .config console log report ci-upstream-kasan-gce-386
2019/05/26 11:58 upstream 35efb51eee22 85c57315 .config console log report ci-upstream-kasan-gce-386
2019/05/25 06:03 upstream c50bbf615f2f 85c57315 .config console log report ci-upstream-kasan-gce-386
2019/05/21 12:23 upstream 5bdd9ad875b6 712bfcbd .config console log report ci-upstream-kasan-gce-386
2019/05/08 11:01 upstream 8ff468c29e9a a7383bfa .config console log report ci-upstream-kasan-gce-386
2019/05/07 17:37 upstream 71ae5fc87c34 d28f4ce5 .config console log report ci-upstream-kasan-gce-386
2019/05/07 15:57 upstream 71ae5fc87c34 d28f4ce5 .config console log report ci-upstream-kasan-gce-386
2019/08/06 16:13 https://github.com/google/kasan.git usb-fuzzer e96407b49762 da562c0b .config console log report ci2-upstream-usb
2019/08/06 13:03 https://github.com/google/kasan.git usb-fuzzer e96407b49762 da562c0b .config console log report ci2-upstream-usb
2019/08/03 11:09 https://github.com/google/kasan.git usb-fuzzer e96407b49762 6affd8e8 .config console log report ci2-upstream-usb
2019/07/25 06:05 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/17 04:12 linux-next 1438cde7c87c 0d10349c .config console log report ci-upstream-linux-next-kasan-gce-root
2019/06/30 15:59 linux-next 48568d8c7f47 7509bf36 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/06/30 11:10 linux-next 48568d8c7f47 7509bf36 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/06/30 04:22 linux-next 48568d8c7f47 7509bf36 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/06/13 12:59 linux-next da151e650328 3f4e812b .config console log report ci-upstream-linux-next-kasan-gce-root
2019/06/05 08:08 linux-next b2924447b98a bfb4a51e .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.