Bug#1008692: refcount_t: underflow; use-after-free. in dmesg output
Package: src:linux
Version: 5.17.1-1~exp1
Severity: normal
X-Debbugs-Cc: hbarta@gmail.com
Dear Maintainer,
* What led up to the situation?
Log in to Gnome desktop and open browser
Trigger overview mode (mouse to top left corner)
Grab Firefox titlebar and try to move to next right desktop
Dump appears in dmesg output indicating "refcount_t: underflow; use-after-free"
* What exactly did you do (or not do) that was effective (or
ineffective)?
Tried all available kernels for Bookworm.
* What was the outcome of this action?
No change
* What outcome did you expect instead?
No errors reported in `dmesg` output
Please see https://github.com/HankB/use-after-free.Raspberry_Pi-4B for testing details and links to paste output. Feel free to request additional testing by replying to this report or filingf an issue at that repo.
The following kernels were tested and all exhibit this issue.
hbarta@up:~$ dpkg -l|grep linux-image
ii linux-image-5.15.0-2-arm64 5.15.5-2 arm64 Linux 5.15 for 64-bit ARMv8 machines (signed)
ii linux-image-5.16.0-5-arm64 5.16.14-1 arm64 Linux 5.16 for 64-bit ARMv8 machines (signed)
ii linux-image-5.17.0-rc8-arm64-unsigned 5.17~rc8-1~exp1 arm64 Linux 5.17-rc8 for 64-bit ARMv8 machines
ii linux-image-5.17.0-trunk-arm64 5.17.1-1~exp1 arm64 Linux 5.17 for 64-bit ARMv8 machines (signed)
ii linux-image-arm64 5.17.1-1~exp1 arm64 Linux for 64-bit ARMv8 machines (meta-package)
hbarta@up:~$
-- Package-specific info:
** Version:
Linux version 5.17.0-trunk-arm64 (debian-kernel@lists.debian.org) (gcc-11 (Debian 11.2.0-19) 11.2.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP Debian 5.17.1-1~exp1 (2022-03-29)
** Command line:
video=HDMI-A-1:1600x1200M@60 dma.dmachans=0x37f5 bcm2709.boardrev=0xd03114 bcm2709.serial=0x277f9bee bcm2709.uart_clock=48000000 bcm2709.disk_led_gpio=42 bcm2709.disk_led_active_low=0 smsc95xx.macaddr=DC:A6:32:BF:65:B5 vc_mem.mem_base=0x3eb00000 vc_mem.mem_size=0x3ff00000 console=tty0 console=ttyS1,115200 root=LABEL=RASPIROOT rw fsck.repair=yes net.ifnames=0 rootwait
** Tainted: WC (1536)
* kernel issued warning
* staging driver was loaded
** Kernel log:
Unable to read kernel log; any relevant messages should be attached
** Model information
Device Tree model: Raspberry Pi 4 Model B Rev 1.4
** Loaded modules:
rfcomm
snd_seq_dummy
snd_hrtimer
snd_seq
snd_seq_device
qrtr
algif_hash
algif_skcipher
af_alg
bnep
nls_ascii
nls_cp437
vfat
fat
hci_uart
bcm2835_v4l2(C)
btqca
btrtl
bcm2835_mmal_vchiq(C)
btbcm
videobuf2_vmalloc
btsdio
btintel
videobuf2_memops
videobuf2_v4l2
videobuf2_common
bluetooth
videodev
cpufreq_dt
snd_bcm2835(C)
mc
jitterentropy_rng
joydev
sha512_generic
sg
sha512_arm64
raspberrypi_cpufreq
evdev
aes_neon_bs
aes_neon_blk
brcmfmac
brcmutil
drbg
ansi_cprng
ecdh_generic
snd_soc_hdmi_codec
ecc
bcm2711_thermal
iproc_rng200
pwm_bcm2835
rng_core
vchiq(C)
bcm2835_wdt
cfg80211
leds_gpio
rfkill
nf_tables
libcrc32c
ipmi_devintf
nfnetlink
ipmi_msghandler
fuse
configfs
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
crc32c_generic
hid_logitech_hidpp
hid_logitech_dj
hid_generic
usbhid
hid
sd_mod
t10_pi
crc_t10dif
crct10dif_generic
uas
usb_storage
scsi_mod
scsi_common
vc4
snd_soc_core
broadcom
bcm_phy_lib
snd_pcm_dmaengine
snd_pcm
snd_timer
snd
dwc2
xhci_pci
soundcore
xhci_hcd
cec
genet
rc_core
udc_core
mdio_bcm_unimac
of_mdio
drm_cma_helper
roles
drm_kms_helper
usbcore
fixed_phy
sdhci_iproc
fwnode_mdio
sdhci_pltfm
crct10dif_ce
crct10dif_common
reset_raspberrypi
libphy
i2c_bcm2835
drm
usb_common
fixed
gpio_regulator
sdhci
phy_generic
** PCI devices:
not available
** USB devices:
not available
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing'), (102, 'experimental')
Architecture: arm64 (aarch64)
Kernel: Linux 5.17.0-trunk-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linux-image-5.17.0-trunk-arm64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.140
ii kmod 29-1
ii linux-base 4.8
Versions of packages linux-image-5.17.0-trunk-arm64 recommends:
ii apparmor 3.0.4-2
ii firmware-linux-free 20200122-1
Versions of packages linux-image-5.17.0-trunk-arm64 suggests:
pn debian-kernel-handbook <none>
pn linux-doc-5.17 <none>
Versions of packages linux-image-5.17.0-trunk-arm64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
ii firmware-brcm80211 20210818-1
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
pn firmware-misc-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-realtek <none>
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "C.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Reply to: