WARNING: refcount bug in get

Title	Replies (including bot)	Last reply
[syzbot] [usb?] WARNING: refcount bug in get_taint (2)	0 (1)	2024/09/17 00:15

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING: refcount bug in get_taint net				2	25d	50d	27/28	fixed on 2024/08/26 12:53

upstream

WARNING: refcount bug in get_taint net

25d

50d

27/28

fixed on 2024/08/26 12:53

usb 1-1: USB disconnect, device number 2 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 46 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28 refcount_t: underflow; use-after-free. Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.11.0-rc7-syzkaller #0 Hardware name: ARM-Versatile Express Workqueue: usb_hub_wq hub_event Call trace: [<8195d3d8>] (dump_backtrace) from [<8195d4d4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:826228c4 r5:00000000 r4:8200cac0 [<8195d4bc>] (show_stack) from [<8197b1f4>] (__dump_stack lib/dump_stack.c:93 [inline]) [<8195d4bc>] (show_stack) from [<8197b1f4>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:119) [<8197b1a0>] (dump_stack_lvl) from [<8197b234>] (dump_stack+0x18/0x1c lib/dump_stack.c:128) r5:00000000 r4:8286dd18 [<8197b21c>] (dump_stack) from [<8195df7c>] (panic+0x120/0x368 kernel/panic.c:354) [<8195de5c>] (panic) from [<802421e4>] (check_panic_on_warn kernel/panic.c:243 [inline]) [<8195de5c>] (panic) from [<802421e4>] (get_taint+0x0/0x1c kernel/panic.c:238) r3:8260c5c4 r2:00000001 r1:81ff52e4 r0:81ffd0bc r7:80813f4c [<80242170>] (check_panic_on_warn) from [<80242338>] (__warn+0x7c/0x180 kernel/panic.c:741) [<802422bc>] (__warn) from [<80242624>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:774) r8:00000009 r7:8205adc0 r6:df91dc04 r5:8348a400 r4:00000000 [<80242440>] (warn_slowpath_fmt) from [<80813f4c>] (refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28) r10:827c8bd8 r9:848e4080 r8:00000044 r7:848e4430 r6:83ed47b4 r5:848e4400 r4:83ed4000 [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (__refcount_sub_and_test include/linux/refcount.h:275 [inline]) [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (__refcount_dec_and_test include/linux/refcount.h:307 [inline]) [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (refcount_dec_and_test include/linux/refcount.h:325 [inline]) [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (kref_put include/linux/kref.h:64 [inline]) [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (kobject_put+0x158/0x1f4 lib/kobject.c:737) [<81937188>] (kobject_put) from [<80a74a04>] (put_device+0x18/0x1c drivers/base/core.c:3790) r7:848e4430 r6:83ed47b4 r5:848e4400 r4:83ed4000 [<80a749ec>] (put_device) from [<81344bf8>] (hdm_disconnect+0x98/0x9c drivers/most/most_usb.c:1130) [<81344b60>] (hdm_disconnect) from [<80dbe638>] (usb_unbind_interface+0x84/0x2c4 drivers/usb/core/driver.c:461) r7:848e4430 r6:827c8bd8 r5:00000000 r4:848e4400 [<80dbe5b4>] (usb_unbind_interface) from [<80a7c8dc>] (device_remove drivers/base/dd.c:568 [inline]) [<80dbe5b4>] (usb_unbind_interface) from [<80a7c8dc>] (device_remove+0x64/0x6c drivers/base/dd.c:560) r10:00000000 r9:848e4080 r8:00000044 r7:848e4474 r6:827c8bd8 r5:00000000 r4:848e4430 [<80a7c878>] (device_remove) from [<80a7ddf4>] (__device_release_driver drivers/base/dd.c:1272 [inline]) [<80a7c878>] (device_remove) from [<80a7ddf4>] (device_release_driver_internal+0x18c/0x200 drivers/base/dd.c:1295) r5:00000000 r4:848e4430 [<80a7dc68>] (device_release_driver_internal) from [<80a7de80>] (device_release_driver+0x18/0x1c drivers/base/dd.c:1318) r9:848e4080 r8:82fbc140 r7:82fbc138 r6:82fbc10c r5:848e4430 r4:82fbc130 [<80a7de68>] (device_release_driver) from [<80a7bf60>] (bus_remove_device+0xcc/0x120 drivers/base/bus.c:574) [<80a7be94>] (bus_remove_device) from [<80a76070>] (device_del+0x148/0x38c drivers/base/core.c:3871) r9:848e4080 r8:8348a400 r7:04208060 r6:00000000 r5:848e4430 r4:848e4474 [<80a75f28>] (device_del) from [<80dbc054>] (usb_disable_device+0xdc/0x1f0 drivers/usb/core/message.c:1418) r10:00000000 r9:00000000 r8:848e4400 r7:848e4000 r6:84aae288 r5:00000001 r4:00000038 [<80dbbf78>] (usb_disable_device) from [<80db0eb8>] (usb_disconnect+0xec/0x29c drivers/usb/core/hub.c:2304) r10:00000001 r9:83ff9600 r8:848e40c4 r7:83e03c00 r6:848e4080 r5:848e4000 r4:60000013 [<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_port_connect drivers/usb/core/hub.c:5361 [inline]) [<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]) [<80db0dcc>] (usb_disconnect) from [<80db3b68>] (port_event drivers/usb/core/hub.c:5821 [inline]) [<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_event+0xe78/0x194c drivers/usb/core/hub.c:5903) r10:00000001 r9:00000100 r8:839cc900 r7:848e4000 r6:83e03400 r5:83e03e10 r4:00000001 [<80db2cf0>] (hub_event) from [<80265f04>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3231) r10:82ea8c05 r9:8348a400 r8:01800000 r7:ddde4000 r6:82ea8c00 r5:839cc900 r4:82fbdb80 [<80265d50>] (process_one_work) from [<80266ae8>] (process_scheduled_works kernel/workqueue.c:3312 [inline]) [<80265d50>] (process_one_work) from [<80266ae8>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3393) r10:8348a400 r9:82fbdbac r8:61c88647 r7:ddde4020 r6:82604d40 r5:ddde4000 r4:82fbdb80 [<802668fc>] (worker_thread) from [<8026fb04>] (kthread+0x104/0x134 kernel/kthread.c:389) r10:00000000 r9:df87de78 r8:82fbfbc0 r7:82fbdb80 r6:802668fc r5:8348a400 r4:82fbf940 [<8026fa00>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf91dfb0 to 0xdf91dff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fa00 r4:82fbf940 Rebooting in 86400 seconds..

Crashes (83):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/09/14 07:45	upstream	e936e7d4a83b	ff60e2ca	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/20 16:51	upstream	baeb9a7d8b60	6f888b75	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/20 16:18	upstream	baeb9a7d8b60	6f888b75	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/20 04:17	upstream	2004cef11ea0	6f888b75	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/19 16:09	upstream	932d2d1fcb2b	6f888b75	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/19 01:45	upstream	4a39ac5b7d62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/19 01:41	upstream	4a39ac5b7d62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/18 23:14	upstream	4a39ac5b7d62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/18 15:30	upstream	2f27fce67173	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/18 12:47	upstream	2f27fce67173	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/18 10:12	upstream	2f27fce67173	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 21:51	upstream	a940d9a43e62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 21:50	upstream	a940d9a43e62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 21:06	upstream	a940d9a43e62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 21:06	upstream	a940d9a43e62	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 08:17	upstream	a430d95c5efa	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 08:16	upstream	a430d95c5efa	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 08:11	upstream	a430d95c5efa	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/17 08:11	upstream	a430d95c5efa	c673ca06	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 22:22	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 22:21	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 22:03	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 22:02	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:44	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:44	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:39	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:38	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:37	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:37	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:36	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:36	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:23	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:22	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:05	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:04	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:03	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 21:03	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 20:54	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 20:53	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 20:24	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 20:24	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 19:56	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint
2024/09/16 19:55	upstream	adfc3ded5c33	49cf0773	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	WARNING: refcount bug in get_taint

Crashes (83):

Assets (help?)

2024/09/14 07:45

upstream