syzbot

------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 11265 at lib/refcount.c:25 refcount_warn_saturate+0x174/0x1f0 lib/refcount.c:25
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 11265 Comm: syz-executor883 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x3e kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 fixup_bug arch/x86/kernel/traps.c:169 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:refcount_warn_saturate+0x174/0x1f0 lib/refcount.c:25
Code: 06 31 ff 89 de e8 ec f9 e6 fd 84 db 0f 85 33 ff ff ff e8 9f f8 e6 fd 48 c7 c7 80 76 4f 88 c6 05 db 9a a4 06 01 e8 0b a3 b7 fd <0f> 0b e9 14 ff ff ff e8 80 f8 e6 fd 0f b6 1d c0 9a a4 06 31 ff 89
RSP: 0018:ffffc900045378a8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815e5a26 RDI: fffff520008a6f07
RBP: ffffc900045378b8 R08: ffff8880a365c600 R09: ffffed1015d645c9
R10: ffffed1015d645c8 R11: ffff8880aeb22e47 R12: 0000000000000002
R13: ffff88809fae8660 R14: ffff888092e3aa40 R15: ffff88809208b498
 refcount_add include/linux/refcount.h:191 [inline]
 refcount_inc include/linux/refcount.h:228 [inline]
 kref_get include/linux/kref.h:45 [inline]
 kobject_get+0x134/0x150 lib/kobject.c:644
 cdev_get+0x60/0xb0 fs/char_dev.c:355
 chrdev_open+0xb0/0x6b0 fs/char_dev.c:400
 do_dentry_open+0x4e6/0x1380 fs/open.c:797
 vfs_open+0xa0/0xd0 fs/open.c:914
 do_last fs/namei.c:3412 [inline]
 path_openat+0x10e4/0x4710 fs/namei.c:3529
 do_filp_open+0x1a1/0x280 fs/namei.c:3559
 do_sys_open+0x3fe/0x5d0 fs/open.c:1097
 __do_sys_open fs/open.c:1115 [inline]
 __se_sys_open fs/open.c:1110 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1110
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x405ef1
Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 18 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007fa12008f8b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000405ef1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fa12008f8d0
RBP: 00000000006dcc30 R08: 000000000000000f R09: 00007fa120090700
R10: 00007fa1200909d0 R11: 0000000000000293 R12: 00000000006dcc3c
R13: 00007ffea2bdbc9f R14: 00007fa1200909c0 R15: 0000000000000003
Kernel Offset: disabled
Rebooting in 86400 seconds..