reference count underflow

[andsontan]

60836.026949] refcount_t: underflow; use-after-free.
[60836.026959] WARNING: CPU: 0 PID: 645312 at lib/refcount.c:28 refcount_warn_saturate+0xd8/0xe0
[60836.026975] Modules linked in: dattobd(O) veth irqbypass drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm [last unloaded: veth]
[60836.026984] CPU: 0 PID: 645312 Comm: kworker/0:2 Kdump: loaded Tainted: G O 6.1.58+ #244
[60836.026987] Hardware name: retsamarret 000-F4424-EU000-2000/M-ADLN01, BIOS MADN0101.V04 12/22/2023
[60836.026988] Workqueue: events blkg_free_workfn
[60836.026991] RIP: 0010:refcount_warn_saturate+0xd8/0xe0
[60836.026994] Code: ff 48 c7 c7 b0 35 58 b9 c6 05 fd f3 b8 01 01 e8 5e 8d 87 ff 0f 0b c3 48 c7 c7 58 35 58 b9 c6 05 e9 f3 b8 01 01 e8 48 8d 87 ff <0f> 0b c3 0f 1f 44 00 00 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13
[60836.026996] RSP: 0018:ffffa65103953e80 EFLAGS: 00010282
[60836.026997] RAX: 0000000000000000 RBX: 0000000000000030 RCX: 0000000000000000
[60836.026999] RDX: 0000000000000002 RSI: 0000000000000027 RDI: 00000000ffffffff
[60836.027000] RBP: ffff99d3c5cafd00 R08: 00000000ffffdfff R09: 0000000000000001
[60836.027001] R10: 00000000ffffdfff R11: ffffffffb985f380 R12: ffff99d3c5cafc00
[60836.027002] R13: ffff99d537a2ee00 R14: 0000000000000000 R15: ffff99d537a2ee05
[60836.027003] FS: 0000000000000000(0000) GS:ffff99d537a00000(0000) knlGS:0000000000000000
[60836.027005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[60836.027006] CR2: 00007f0c3941ba50 CR3: 00000001451c2000 CR4: 0000000000350ef0
[60836.027007] Call Trace:
[60836.027009]
[60836.027010] ? refcount_warn_saturate+0xd8/0xe0
[60836.027012] ? __warn+0x79/0xc0
[60836.027015] ? refcount_warn_saturate+0xd8/0xe0
[60836.027018] ? report_bug+0xe2/0x170
[60836.027021] ? handle_bug+0x36/0x70
[60836.027025] ? exc_invalid_op+0x13/0x60
[60836.027027] ? asm_exc_invalid_op+0x16/0x20
[60836.027030] ? refcount_warn_saturate+0xd8/0xe0
[60836.027033] blkg_free_workfn+0x44/0x70
[60836.027035] process_one_work+0x1cf/0x3a0
[60836.027039] worker_thread+0x4a/0x3b0
[60836.027041] ? _raw_spin_lock_irqsave+0x17/0x40
[60836.027043] ? rescuer_thread+0x390/0x390
[60836.027046] kthread+0xe6/0x110
[60836.027048] ? kthread_complete_and_exit+0x20/0x20
[60836.027050] ret_from_fork+0x1f/0x30
[60836.027054]
[60836.027054] ---[ end trace 0000000000000000 ]---

[yito24]

Hi @andsontan

I don't know what OS you're using, but I think the problem is:
https://access.redhat.com/security/cve/cve-2024-38555

[iamandrii]

Hi @andsontan.
Can you please provide details on ON/kernel you are using and dattobd version?