Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 73.274651][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz-executor582'. [ 73.284388][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz-executor582'. [ 73.318950][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz-executor582'. [ 73.329468][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz-executor582'. [ 73.340371][ T8431] ------------[ cut here ]------------ [ 73.345845][ T8431] refcount_t: decrement hit 0; leaking memory. [ 73.352918][ T8431] WARNING: CPU: 0 PID: 8431 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 [ 73.362440][ T8431] Modules linked in: [ 73.366599][ T8431] CPU: 0 PID: 8431 Comm: syz-executor582 Not tainted 5.12.0-rc4-syzkaller #0 [ 73.376758][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.387511][ T8431] RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 [ 73.393718][ T8431] Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58 [ 73.413594][ T8431] RSP: 0018:ffffc900016aefa0 EFLAGS: 00010282 [ 73.419689][ T8431] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 73.428042][ T8431] RDX: ffff88801f261c40 RSI: ffffffff815c51f5 RDI: fffff520002d5de6 [ 73.436191][ T8431] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 73.444552][ T8431] R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff8880278ce568 [ 73.452670][ T8431] R13: ffff888022338800 R14: 00000000ffffffff R15: ffffffff8d659b80 [ 73.460756][ T8431] FS: 0000000000ddd300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 73.469737][ T8431] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.476429][ T8431] CR2: 000055b4f3428820 CR3: 00000000297f1000 CR4: 00000000001506f0 [ 73.484741][ T8431] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.492841][ T8431] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.501153][ T8431] Call Trace: [ 73.504438][ T8431] ipip6_tunnel_uninit+0x389/0x3f0 [ 73.509550][ T8431] ? ipip6_dellink+0x2d0/0x2d0 [ 73.514455][ T8431] register_netdevice+0xadf/0x1500 [ 73.519593][ T8431] ? netdev_change_features+0xb0/0xb0 [ 73.525063][ T8431] ipip6_tunnel_create+0x29e/0x4e0 [ 73.530420][ T8431] ipip6_newlink+0x137/0x370 [ 73.535019][ T8431] ? ipip6_changelink+0x5b0/0x5b0 [ 73.540145][ T8431] ? alloc_netdev_mqs+0xade/0xe80 [ 73.545198][ T8431] ? rtnl_create_link+0x746/0xae0 [ 73.550611][ T8431] ? ipip6_changelink+0x5b0/0x5b0 [ 73.555663][ T8431] __rtnl_newlink+0x1062/0x1710 [ 73.560619][ T8431] ? rtnl_setlink+0x3c0/0x3c0 [ 73.565321][ T8431] ? find_held_lock+0x2d/0x110 [ 73.570207][ T8431] ? is_bpf_text_address+0xa9/0x160 [ 73.575434][ T8431] ? lock_downgrade+0x6e0/0x6e0 [ 73.580379][ T8431] ? unwind_next_frame+0xec8/0x1ce0 [ 73.585612][ T8431] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.591808][ T8431] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 73.597574][ T8431] ? is_bpf_text_address+0xcb/0x160 [ 73.602856][ T8431] ? kernel_text_address+0xbd/0xf0 [ 73.608021][ T8431] ? __kernel_text_address+0x9/0x30 [ 73.613627][ T8431] ? unwind_get_return_address+0x51/0x90 [ 73.619284][ T8431] ? create_prof_cpu_mask+0x20/0x20 [ 73.624577][ T8431] ? arch_stack_walk+0x93/0xe0 [ 73.629393][ T8431] ? fs_reclaim_release+0x9c/0xe0 [ 73.634929][ T8431] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.640602][ T8431] rtnl_newlink+0x64/0xa0 [ 73.644957][ T8431] ? __rtnl_newlink+0x1710/0x1710 [ 73.650165][ T8431] rtnetlink_rcv_msg+0x44e/0xad0 [ 73.655132][ T8431] ? rtnetlink_put_metrics+0x510/0x510 [ 73.660688][ T8431] netlink_rcv_skb+0x153/0x420 [ 73.665522][ T8431] ? rtnetlink_put_metrics+0x510/0x510 [ 73.671103][ T8431] ? netlink_ack+0xaa0/0xaa0 [ 73.675723][ T8431] ? netlink_deliver_tap+0x227/0xba0 [ 73.681109][ T8431] netlink_unicast+0x533/0x7d0 [ 73.685905][ T8431] ? netlink_attachskb+0x870/0x870 [ 73.691256][ T8431] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.697526][ T8431] ? __phys_addr_symbol+0x2c/0x70 [ 73.702711][ T8431] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 73.708453][ T8431] ? __check_object_size+0x171/0x3f0 [ 73.713911][ T8431] netlink_sendmsg+0x856/0xd90 [ 73.718723][ T8431] ? netlink_unicast+0x7d0/0x7d0 [ 73.723755][ T8431] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.730150][ T8431] ? netlink_unicast+0x7d0/0x7d0 [ 73.735108][ T8431] sock_sendmsg+0xcf/0x120 [ 73.739533][ T8431] ____sys_sendmsg+0x6e8/0x810 [ 73.744696][ T8431] ? kernel_sendmsg+0x50/0x50 [ 73.749397][ T8431] ? do_recvmmsg+0x6d0/0x6d0 [ 73.754149][ T8431] ? lock_chain_count+0x20/0x20 [ 73.759028][ T8431] ___sys_sendmsg+0xf3/0x170 [ 73.763928][ T8431] ? sendmsg_copy_msghdr+0x160/0x160 [ 73.769240][ T8431] ? __lock_acquire+0x16b3/0x54c0 [ 73.774480][ T8431] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.780635][ T8431] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.786910][ T8431] ? __fget_light+0x215/0x280 [ 73.791715][ T8431] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.797982][ T8431] __sys_sendmsg+0xe5/0x1b0 [ 73.802592][ T8431] ? __sys_sendmsg_sock+0x30/0x30 [ 73.807710][ T8431] ? syscall_enter_from_user_mode+0x27/0x70 [ 73.813712][ T8431] do_syscall_64+0x2d/0x70 [ 73.818174][ T8431] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.824144][ T8431] RIP: 0033:0x43fd09 [ 73.828052][ T8431] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 73.848449][ T8431] RSP: 002b:00007ffea1214c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.857037][ T8431] RAX: ffffffffffffffda RBX: 0000000000011e49 RCX: 000000000043fd09 [ 73.865117][ T8431] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 73.873550][ T8431] RBP: 0000000000000000 R08: 00007ffea1214e28 R09: 00007ffea1214e28 [ 73.881687][ T8431] R10: 00007ffea1214e28 R11: 0000000000000246 R12: 00007ffea1214c9c [ 73.889691][ T8431] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 [ 73.898024][ T8431] Kernel panic - not syncing: panic_on_warn set ... [ 73.904795][ T8431] CPU: 0 PID: 8431 Comm: syz-executor582 Not tainted 5.12.0-rc4-syzkaller #0 [ 73.913546][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.923594][ T8431] Call Trace: [ 73.927054][ T8431] dump_stack+0x141/0x1d7 [ 73.931504][ T8431] panic+0x306/0x73d [ 73.935405][ T8431] ? __warn_printk+0xf3/0xf3 [ 73.940023][ T8431] ? __warn.cold+0x1a/0x44 [ 73.944446][ T8431] ? refcount_warn_saturate+0xbf/0x1e0 [ 73.949935][ T8431] __warn.cold+0x35/0x44 [ 73.954198][ T8431] ? refcount_warn_saturate+0xbf/0x1e0 [ 73.959650][ T8431] report_bug+0x1bd/0x210 [ 73.964147][ T8431] handle_bug+0x3c/0x60 [ 73.968295][ T8431] exc_invalid_op+0x14/0x40 [ 73.972788][ T8431] asm_exc_invalid_op+0x12/0x20 [ 73.977630][ T8431] RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 [ 73.983699][ T8431] Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58 [ 74.003303][ T8431] RSP: 0018:ffffc900016aefa0 EFLAGS: 00010282 [ 74.009396][ T8431] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 74.017369][ T8431] RDX: ffff88801f261c40 RSI: ffffffff815c51f5 RDI: fffff520002d5de6 [ 74.025333][ T8431] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 74.033303][ T8431] R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff8880278ce568 [ 74.041288][ T8431] R13: ffff888022338800 R14: 00000000ffffffff R15: ffffffff8d659b80 [ 74.049285][ T8431] ? wake_up_klogd.part.0+0x8e/0xd0 [ 74.054527][ T8431] ? vprintk_func+0x95/0x1e0 [ 74.059163][ T8431] ipip6_tunnel_uninit+0x389/0x3f0 [ 74.064275][ T8431] ? ipip6_dellink+0x2d0/0x2d0 [ 74.069038][ T8431] register_netdevice+0xadf/0x1500 [ 74.074164][ T8431] ? netdev_change_features+0xb0/0xb0 [ 74.079549][ T8431] ipip6_tunnel_create+0x29e/0x4e0 [ 74.084673][ T8431] ipip6_newlink+0x137/0x370 [ 74.089271][ T8431] ? ipip6_changelink+0x5b0/0x5b0 [ 74.094301][ T8431] ? alloc_netdev_mqs+0xade/0xe80 [ 74.099322][ T8431] ? rtnl_create_link+0x746/0xae0 [ 74.104355][ T8431] ? ipip6_changelink+0x5b0/0x5b0 [ 74.109390][ T8431] __rtnl_newlink+0x1062/0x1710 [ 74.114506][ T8431] ? rtnl_setlink+0x3c0/0x3c0 [ 74.119180][ T8431] ? find_held_lock+0x2d/0x110 [ 74.123951][ T8431] ? is_bpf_text_address+0xa9/0x160 [ 74.129182][ T8431] ? lock_downgrade+0x6e0/0x6e0 [ 74.134061][ T8431] ? unwind_next_frame+0xec8/0x1ce0 [ 74.139375][ T8431] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.145476][ T8431] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 74.151235][ T8431] ? is_bpf_text_address+0xcb/0x160 [ 74.156458][ T8431] ? kernel_text_address+0xbd/0xf0 [ 74.161598][ T8431] ? __kernel_text_address+0x9/0x30 [ 74.166827][ T8431] ? unwind_get_return_address+0x51/0x90 [ 74.172489][ T8431] ? create_prof_cpu_mask+0x20/0x20 [ 74.177723][ T8431] ? arch_stack_walk+0x93/0xe0 [ 74.182522][ T8431] ? fs_reclaim_release+0x9c/0xe0 [ 74.187556][ T8431] ? rcu_read_lock_sched_held+0x3a/0x70 [ 74.193108][ T8431] rtnl_newlink+0x64/0xa0 [ 74.197564][ T8431] ? __rtnl_newlink+0x1710/0x1710 [ 74.202594][ T8431] rtnetlink_rcv_msg+0x44e/0xad0 [ 74.207543][ T8431] ? rtnetlink_put_metrics+0x510/0x510 [ 74.213041][ T8431] netlink_rcv_skb+0x153/0x420 [ 74.217803][ T8431] ? rtnetlink_put_metrics+0x510/0x510 [ 74.223272][ T8431] ? netlink_ack+0xaa0/0xaa0 [ 74.227891][ T8431] ? netlink_deliver_tap+0x227/0xba0 [ 74.233634][ T8431] netlink_unicast+0x533/0x7d0 [ 74.238399][ T8431] ? netlink_attachskb+0x870/0x870 [ 74.243507][ T8431] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.249745][ T8431] ? __phys_addr_symbol+0x2c/0x70 [ 74.254787][ T8431] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.260518][ T8431] ? __check_object_size+0x171/0x3f0 [ 74.265916][ T8431] netlink_sendmsg+0x856/0xd90 [ 74.270701][ T8431] ? netlink_unicast+0x7d0/0x7d0 [ 74.275647][ T8431] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.281918][ T8431] ? netlink_unicast+0x7d0/0x7d0 [ 74.286852][ T8431] sock_sendmsg+0xcf/0x120 [ 74.291274][ T8431] ____sys_sendmsg+0x6e8/0x810 [ 74.296043][ T8431] ? kernel_sendmsg+0x50/0x50 [ 74.300726][ T8431] ? do_recvmmsg+0x6d0/0x6d0 [ 74.305310][ T8431] ? lock_chain_count+0x20/0x20 [ 74.310249][ T8431] ___sys_sendmsg+0xf3/0x170 [ 74.314833][ T8431] ? sendmsg_copy_msghdr+0x160/0x160 [ 74.320154][ T8431] ? __lock_acquire+0x16b3/0x54c0 [ 74.325176][ T8431] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.331169][ T8431] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.337411][ T8431] ? __fget_light+0x215/0x280 [ 74.342121][ T8431] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.348358][ T8431] __sys_sendmsg+0xe5/0x1b0 [ 74.352870][ T8431] ? __sys_sendmsg_sock+0x30/0x30 [ 74.357895][ T8431] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.363797][ T8431] do_syscall_64+0x2d/0x70 [ 74.368222][ T8431] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.374111][ T8431] RIP: 0033:0x43fd09 [ 74.378022][ T8431] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 74.397654][ T8431] RSP: 002b:00007ffea1214c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.406082][ T8431] RAX: ffffffffffffffda RBX: 0000000000011e49 RCX: 000000000043fd09 [ 74.414066][ T8431] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 74.422048][ T8431] RBP: 0000000000000000 R08: 00007ffea1214e28 R09: 00007ffea1214e28 [ 74.430723][ T8431] R10: 00007ffea1214e28 R11: 0000000000000246 R12: 00007ffea1214c9c [ 74.438702][ T8431] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 [ 74.447477][ T8431] Kernel Offset: disabled [ 74.451943][ T8431] Rebooting in 86400 seconds..