process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
------------[ cut here ]------------
WARNING: CPU: 3 PID: 5359 at lib/ref_tracker.c:255 ref_tracker_free+0x61e/0x820 lib/ref_tracker.c:255
Modules linked in:
CPU: 3 UID: 0 PID: 5359 Comm: udevd Not tainted 6.14.0-rc2-syzkaller-00228-g04f41cbf03ec #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:ref_tracker_free+0x61e/0x820 lib/ref_tracker.c:255
Code: 00 44 8b 6b 18 31 ff 44 89 ee e8 dd 0d c8 fc 45 85 ed 0f 85 a6 00 00 00 e8 cf 12 c8 fc 48 8b 34 24 48 89 ef e8 a3 b1 65 06 90 <0f> 0b 90 bb ea ff ff ff e9 4e fd ff ff e8 b0 12 c8 fc 4c 8d 6d 44
RSP: 0018:ffffc900005f8a88 EFLAGS: 00010202
RAX: 0000000000000101 RBX: ffff8880267e3300 RCX: 0000000000000000
RDX: 0000000000000102 RSI: ffffffff8b6ced20 RDI: 0000000000000001
RBP: ffff888044e68608 R08: 0000000000000001 R09: fffffbfff2dd77b4
R10: ffffffff96ebbda7 R11: 0000000000000003 R12: 1ffff920000bf153
R13: 0000000003ac0667 R14: ffff8880267e3318 R15: ffff888044e684b8
FS: 00007fdaf459a280(0000) GS:ffff88802b700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f72fc088 CR3: 00000000226e4000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
netdev_tracker_free include/linux/netdevice.h:4301 [inline]
netdev_put include/linux/netdevice.h:4318 [inline]
netdev_put include/linux/netdevice.h:4314 [inline]
dev_watchdog+0x1dd/0x910 net/sched/sch_generic.c:551
call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1840 [inline]
__run_timers+0x6e8/0x930 kernel/time/timer.c:2414
__run_timer_base kernel/time/timer.c:2426 [inline]
__run_timer_base kernel/time/timer.c:2418 [inline]
run_timer_base+0x114/0x190 kernel/time/timer.c:2435
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2445
handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_schedule_irq+0x4c/0x90 kernel/sched/core.c:7086
Code: df 55 65 48 8b 2d a4 c6 ad 74 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 2f 35 32 f6 e8 da 77 6b f6 fb bf 01 00 00 00 <e8> 4f 9f ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 0d e1 31
RSP: 0018:ffffc900036f7938 EFLAGS: 00000206
RAX: 0000000000479f55 RBX: ffffed10094df488 RCX: 1ffffffff20c4431
RDX: 0000000000000000 RSI: ffffffff8b6ced20 RDI: 0000000000000001
RBP: ffff88804a6fa440 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90626517 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210
Code: 7e 60 e8 a3 ff ff ff 31 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 48 8b 15 f4 03 4a 7e 65 8b 05 f5 03 4a 7e a9 00 01
RSP: 0018:ffffc900036f7a08 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8231b326
RDX: ffff88804a6fa440 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffffc900036f7c30 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002
R13: ffffc900036f7c80 R14: ffffc900036f7c30 R15: ffff8880701aa225
walk_component+0x53/0x5b0 fs/namei.c:2110
link_path_walk.part.0.constprop.0+0x669/0xd40 fs/namei.c:2479
link_path_walk fs/namei.c:2411 [inline]
path_openat+0x228/0x2d80 fs/namei.c:3985
do_filp_open+0x20c/0x470 fs/namei.c:4016
do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
do_sys_open fs/open.c:1443 [inline]
__do_sys_openat fs/open.c:1459 [inline]
__se_sys_openat fs/open.c:1454 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1454
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdaf411a477
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 82 69 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc2769b8c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000055853464adf0 RCX: 00007fdaf411a477
RDX: 0000000000090800 RSI: 000055853464e320 RDI: 00000000ffffff9c
RBP: 0000558534689240 R08: 0000000000090800 R09: 000055853464e320
R10: 0000000000000000 R11: 0000000000000287 R12: 000055853464e320
R13: 00000000000000fd R14: 0000558530dd01c4 R15: 0000000000000000
</TASK>
----------------
Code disassembly (best guess):
0: df 55 65 fists 0x65(%rbp)
3: 48 8b 2d a4 c6 ad 74 mov 0x74adc6a4(%rip),%rbp # 0x74adc6ae
a: 53 push %rbx
b: 48 89 eb mov %rbp,%rbx
e: 48 c1 eb 03 shr $0x3,%rbx
12: 48 01 c3 add %rax,%rbx
15: bf 01 00 00 00 mov $0x1,%edi
1a: e8 2f 35 32 f6 call 0xf632354e
1f: e8 da 77 6b f6 call 0xf66b77fe
24: fb sti
25: bf 01 00 00 00 mov $0x1,%edi
* 2a: e8 4f 9f ff ff call 0xffff9f7e <-- trapping instruction
2f: 9c pushf
30: 58 pop %rax
31: fa cli
32: f6 c4 02 test $0x2,%ah
35: 75 1e jne 0x55
37: bf 01 00 00 00 mov $0x1,%edi
3c: e8 .byte 0xe8
3d: 0d .byte 0xd
3e: e1 31 loope 0x71