syzbot

 sign-in | mailing list | source | docs
🐞 Open [1033] Subsystems 🐞 Fixed [5252] 🐞 Invalid [12579] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: refcount bug in ax25_release (2)

Status: internal: reported C repro on 2024/03/18 09:58
Subsystems: hams
[Documentation on labels]
Fix commit: 467324bcfe1a ax25: Fix netdev refcount issue
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce], missing on: [ci-qemu2-riscv64 ci2-upstream-usb]
First crash: 48d, last: 2h06m
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: refcount bug in ax25_release hams 1 236d 236d 0/26 closed as invalid on 2023/12/15 13:48

Sample crash report:
------------[ cut here ]------------
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 1 PID: 5071 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31
Modules linked in:
CPU: 1 PID: 5071 Comm: syz-executor365 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31
Code: b2 00 00 00 e8 a7 71 f0 fc 5b 5d c3 cc cc cc cc e8 9b 71 f0 fc c6 05 df cf cc 0a 01 90 48 c7 c7 a0 74 fe 8b e8 97 4a b3 fc 90 <0f> 0b 90 90 eb d9 e8 7b 71 f0 fc c6 05 bc cf cc 0a 01 90 48 c7 c7
RSP: 0018:ffffc900043b79c8 EFLAGS: 00010246
RAX: f1eb1a7dba888a00 RBX: ffff888029f34664 RCX: ffff88807982bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000004 R08: ffffffff8157cc12 R09: 1ffff92000876e8c
R10: dffffc0000000000 R11: fffff52000876e8d R12: ffff888029f34620
R13: 0000000000000000 R14: ffff888029f34664 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f55b4a830f0 CR3: 000000000df32000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_dec include/linux/refcount.h:336 [inline]
 refcount_dec include/linux/refcount.h:351 [inline]
 ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236
 netdev_tracker_free include/linux/netdevice.h:4084 [inline]
 netdev_put include/linux/netdevice.h:4101 [inline]
 ax25_release+0x368/0x950 net/ax25/af_ax25.c:1069
 __sock_release net/socket.c:659 [inline]
 sock_close+0xbc/0x240 net/socket.c:1421
 __fput+0x429/0x8a0 fs/file_table.c:423
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa1b/0x27e0 kernel/exit.c:878
 do_group_exit+0x207/0x2c0 kernel/exit.c:1027
 __do_sys_exit_group kernel/exit.c:1038 [inline]
 __se_sys_exit_group kernel/exit.c:1036 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f55b4a07e39
Code: Unable to access opcode bytes at 0x7f55b4a07e0f.
RSP: 002b:00007fffaefc8498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f55b4a07e39
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f55b4a82290 R08: ffffffffffffffb8 R09: 00007fffaefc86b8
R10: 00000000200002c0 R11: 0000000000000246 R12: 00007f55b4a82290
R13: 0000000000000000 R14: 00007f55b4a82ce0 R15: 00007f55b49d9c00
 </TASK>

Crashes (26):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/22 10:54 net f99c5f563c17 af24b050 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING: refcount bug in ax25_release
2024/04/19 00:43 linux-next 7b4f2bc91c15 af24b050 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/21 02:57 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING: refcount bug in ax25_release
2024/05/05 21:48 upstream b9158815de52 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING: refcount bug in ax25_release
2024/05/04 17:13 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in ax25_release
2024/04/29 16:38 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in ax25_release
2024/04/29 05:10 upstream e67572cd2204 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in ax25_release
2024/04/29 05:05 upstream e67572cd2204 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING: refcount bug in ax25_release
2024/04/22 12:59 upstream ed30a4a51bb1 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/20 09:00 upstream 13a2e429f644 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: refcount bug in ax25_release
2024/05/04 15:59 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING: refcount bug in ax25_release
2024/05/06 00:38 net-next cdc74c9d06e7 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/05 22:40 net-next cdc74c9d06e7 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/05 21:54 net-next cdc74c9d06e7 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/05 03:10 net-next 173e7622ccb3 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/05 02:30 net-next 173e7622ccb3 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/05 01:34 net-next 173e7622ccb3 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/05/04 18:39 net-next 173e7622ccb3 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/03/18 09:57 net-next 237bb5f7f7f5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING: refcount bug in ax25_release
2024/04/24 09:39 linux-next 7b4f2bc91c15 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/22 04:21 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/22 01:22 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/18 23:55 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/18 23:52 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in ax25_release
2024/04/21 11:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING: refcount bug in ax25_release
2024/04/21 11:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING: refcount bug in ax25_release
* Struck through repros no longer work on HEAD.