WARNING: refcount bug in bnep

Title	Replies (including bot)	Last reply
[syzbot] [kernel?] WARNING: refcount bug in bnep_session	0 (1)	2024/11/27 11:44

------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 0 PID: 2544 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Modules linked in: CPU: 0 UID: 0 PID: 2544 Comm: kbnepd bnep0 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Code: ff 89 de e8 58 0f fa fc 84 db 0f 85 66 ff ff ff e8 6b 0d fa fc c6 05 3a dd a7 0b 01 90 48 c7 c7 a0 98 d1 8b e8 e7 46 ba fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 48 0d fa fc 0f b6 1d 15 dd a7 0b 31 RSP: 0018:ffffc900035479a8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a5079 RDX: ffff888041f52440 RSI: ffffffff815a5086 RDI: 0000000000000001 RBP: ffff888024b72878 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000cc650 R12: ffff8880623bc800 R13: ffff888024b72878 R14: ffffffff85c4d8e0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31415ff8 CR3: 000000006c134000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __refcount_sub_and_test include/linux/refcount.h:275 [inline] __refcount_dec_and_test include/linux/refcount.h:307 [inline] refcount_dec_and_test include/linux/refcount.h:325 [inline] kref_put include/linux/kref.h:64 [inline] klist_dec_and_del lib/klist.c:206 [inline] klist_put+0x11b/0x1b0 lib/klist.c:217 device_del+0x1d9/0x9f0 drivers/base/core.c:3831 unregister_netdevice_many_notify+0x105d/0x1e60 net/core/dev.c:11562 unregister_netdevice_many net/core/dev.c:11590 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11462 unregister_netdevice include/linux/netdevice.h:3192 [inline] unregister_netdev+0x1c/0x30 net/core/dev.c:11608 bnep_session+0x21b6/0x2ca0 net/bluetooth/bnep/core.c:525 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/12/21 07:27	upstream	499551201b5f	d7f584ee	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	WARNING: refcount bug in bnep_session
2024/12/15 16:01	net	c296c0bf4518	7cbfbb3a	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING: refcount bug in bnep_session
2024/12/10 12:16	net	f136552b7ce3	cfc402b4	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING: refcount bug in bnep_session
2024/12/07 06:27	net	0f6ede9fbc74	9ac0fdc6	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING: refcount bug in bnep_session
2024/11/22 22:47	net	fcc79e1714e8	68da6d95	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING: refcount bug in bnep_session
2024/12/10 03:43	net-next	e58b4771af2b	cfc402b4	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	WARNING: refcount bug in bnep_session
2024/12/07 14:33	net-next	860dbab69ad8	9ac0fdc6	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	WARNING: refcount bug in bnep_session
2024/12/07 03:28	net-next	51db5c894300	9ac0fdc6	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	WARNING: refcount bug in bnep_session
2024/11/27 08:00	net-next	fcc79e1714e8	52b38cc1	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	WARNING: refcount bug in bnep_session