usb 2-1: USB disconnect, device number 5
------------[ cut here ]------------
WARNING: CPU: 0 PID: 47 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28
refcount_t: underflow; use-after-free.
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 0 UID: 0 PID: 47 Comm: kworker/0:2 Not tainted 6.11.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: usb_hub_wq hub_event
Call trace:
[<81955560>] (dump_backtrace) from [<8195565c>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257)
r7:00000000 r6:826228c4 r5:00000000 r4:8200be6c
[<81955644>] (show_stack) from [<81973340>] (__dump_stack lib/dump_stack.c:93 [inline])
[<81955644>] (show_stack) from [<81973340>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:119)
[<819732ec>] (dump_stack_lvl) from [<81973380>] (dump_stack+0x18/0x1c lib/dump_stack.c:128)
r5:00000000 r4:8286bd18
[<81973368>] (dump_stack) from [<81956104>] (panic+0x120/0x368 kernel/panic.c:354)
[<81955fe4>] (panic) from [<80242204>] (check_panic_on_warn kernel/panic.c:243 [inline])
[<81955fe4>] (panic) from [<80242204>] (get_taint+0x0/0x1c kernel/panic.c:238)
r3:8260c5c4 r2:00000001 r1:81ff4690 r0:81ffc468
r7:8080cc0c
[<80242190>] (check_panic_on_warn) from [<80242358>] (__warn+0x7c/0x180 kernel/panic.c:741)
[<802422dc>] (__warn) from [<80242644>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:774)
r8:00000009 r7:82059bcc r6:df921c04 r5:82fe8000 r4:00000000
[<80242460>] (warn_slowpath_fmt) from [<8080cc0c>] (refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28)
r10:827c7398 r9:85187080 r8:00000044 r7:85185430 r6:845277b4 r5:85185400
r4:8418bc00
[<8080cad0>] (refcount_warn_saturate) from [<8192f460>] (__refcount_sub_and_test include/linux/refcount.h:275 [inline])
[<8080cad0>] (refcount_warn_saturate) from [<8192f460>] (__refcount_dec_and_test include/linux/refcount.h:307 [inline])
[<8080cad0>] (refcount_warn_saturate) from [<8192f460>] (refcount_dec_and_test include/linux/refcount.h:325 [inline])
[<8080cad0>] (refcount_warn_saturate) from [<8192f460>] (kref_put include/linux/kref.h:64 [inline])
[<8080cad0>] (refcount_warn_saturate) from [<8192f460>] (kobject_put+0x158/0x1f4 lib/kobject.c:737)
[<8192f308>] (kobject_put) from [<80a6daac>] (put_device+0x18/0x1c drivers/base/core.c:3790)
r7:85185430 r6:845277b4 r5:85185400 r4:84527000
[<80a6da94>] (put_device) from [<8133d4d4>] (hdm_disconnect+0x90/0x9c drivers/most/most_usb.c:1129)
[<8133d444>] (hdm_disconnect) from [<80db7018>] (usb_unbind_interface+0x84/0x2c4 drivers/usb/core/driver.c:461)
r7:85185430 r6:827c7398 r5:00000000 r4:85185400
[<80db6f94>] (usb_unbind_interface) from [<80a75984>] (device_remove drivers/base/dd.c:568 [inline])
[<80db6f94>] (usb_unbind_interface) from [<80a75984>] (device_remove+0x64/0x6c drivers/base/dd.c:560)
r10:00000000 r9:85187080 r8:00000044 r7:85185474 r6:827c7398 r5:00000000
r4:85185430
[<80a75920>] (device_remove) from [<80a76e9c>] (__device_release_driver drivers/base/dd.c:1272 [inline])
[<80a75920>] (device_remove) from [<80a76e9c>] (device_release_driver_internal+0x18c/0x200 drivers/base/dd.c:1295)
r5:00000000 r4:85185430
[<80a76d10>] (device_release_driver_internal) from [<80a76f28>] (device_release_driver+0x18/0x1c drivers/base/dd.c:1318)
r9:85187080 r8:82f98d40 r7:82f98d38 r6:82f98d0c r5:85185430 r4:82f98d30
[<80a76f10>] (device_release_driver) from [<80a75008>] (bus_remove_device+0xcc/0x120 drivers/base/bus.c:574)
[<80a74f3c>] (bus_remove_device) from [<80a6f118>] (device_del+0x148/0x38c drivers/base/core.c:3871)
r9:85187080 r8:82fe8000 r7:04208060 r6:00000000 r5:85185430 r4:85185474
[<80a6efd0>] (device_del) from [<80db4a34>] (usb_disable_device+0xdc/0x1f0 drivers/usb/core/message.c:1418)
r10:00000000 r9:00000000 r8:85185400 r7:85187000 r6:8508a3c8 r5:85187000
r4:60000013
[<80db4958>] (usb_disable_device) from [<80da9898>] (usb_disconnect+0xec/0x29c drivers/usb/core/hub.c:2304)
r10:00000001 r9:8418b800 r8:851870c4 r7:83411800 r6:85187080 r5:85187000
r4:60000013
[<80da97ac>] (usb_disconnect) from [<80dac548>] (hub_port_connect drivers/usb/core/hub.c:5361 [inline])
[<80da97ac>] (usb_disconnect) from [<80dac548>] (hub_port_connect_change drivers/usb/core/hub.c:5661 [inline])
[<80da97ac>] (usb_disconnect) from [<80dac548>] (port_event drivers/usb/core/hub.c:5821 [inline])
[<80da97ac>] (usb_disconnect) from [<80dac548>] (hub_event+0xe78/0x194c drivers/usb/core/hub.c:5903)
r10:00000001 r9:00000100 r8:83771d00 r7:85187000 r6:83411000 r5:83411a10
r4:00000001
[<80dab6d0>] (hub_event) from [<80265f30>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3231)
r10:82e6e805 r9:82fe8000 r8:00800000 r7:dddd0000 r6:82e6e800 r5:83771d00
r4:82f96500
[<80265d7c>] (process_one_work) from [<80266b14>] (process_scheduled_works kernel/workqueue.c:3312 [inline])
[<80265d7c>] (process_one_work) from [<80266b14>] (worker_thread+0x1ec/0x3b4 kernel/workqueue.c:3389)
r10:82fe8000 r9:82f9652c r8:61c88647 r7:dddd0020 r6:82604d40 r5:dddd0000
r4:82f96500
[<80266928>] (worker_thread) from [<8026fb2c>] (kthread+0x104/0x134 kernel/kthread.c:389)
r10:00000000 r9:df839e78 r8:82f9fc40 r7:82f96500 r6:80266928 r5:82fe8000
r4:82f9fb40
[<8026fa28>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdf921fb0 to 0xdf921ff8)
1fa0: 00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fa28 r4:82f9fb40
Rebooting in 86400 seconds..