netlink: 17 bytes leftover after parsing attributes in process `syz-executor1'. ================================================================== BUG: KASAN: null-ptr-deref in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310 lib/refcount.c:179 Read of size 4 at addr 000000000000002e by task ksoftirqd/1/18 CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc6+ #245 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report.cold.9+0x6d/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] refcount_sub_and_test_checked+0x9d/0x310 lib/refcount.c:179 refcount_dec_and_test_checked+0x1a/0x20 lib/refcount.c:212 ip_fib_metrics_put include/net/ip.h:428 [inline] fib6_info_destroy_rcu+0x2ef/0x3e0 net/ipv6/ip6_fib.c:204 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2576 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2880 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2847 [inline] rcu_process_callbacks+0xf23/0x2670 kernel/rcu/tree.c:2864 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 run_ksoftirqd+0x94/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x68b/0xa00 kernel/smpboot.c:164 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 18 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc6+ #245 kobject: 'loop1' (00000000958fc56d): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 panic+0x238/0x4e7 kernel/panic.c:184 kasan_end_report+0x47/0x4f mm/kasan/report.c:180 kasan_report_error mm/kasan/report.c:359 [inline] kasan_report.cold.9+0x76/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 kobject: 'loop1' (00000000958fc56d): fill_kobj_path: path = '/devices/virtual/block/loop1' atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] refcount_sub_and_test_checked+0x9d/0x310 lib/refcount.c:179 kobject: 'loop0' (000000009d04bf60): kobject_uevent_env refcount_dec_and_test_checked+0x1a/0x20 lib/refcount.c:212 ip_fib_metrics_put include/net/ip.h:428 [inline] fib6_info_destroy_rcu+0x2ef/0x3e0 net/ipv6/ip6_fib.c:204 kobject: 'loop0' (000000009d04bf60): fill_kobj_path: path = '/devices/virtual/block/loop0' __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2576 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2880 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2847 [inline] rcu_process_callbacks+0xf23/0x2670 kernel/rcu/tree.c:2864 netlink: 17 bytes leftover after parsing attributes in process `syz-executor1'. kobject: 'loop4' (000000000bacd84d): kobject_uevent_env kobject: 'loop4' (000000000bacd84d): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop1' (00000000958fc56d): kobject_uevent_env kobject: 'loop1' (00000000958fc56d): fill_kobj_path: path = '/devices/virtual/block/loop1' netlink: 17 bytes leftover after parsing attributes in process `syz-executor1'. __do_softirq+0x30b/0xad8 kernel/softirq.c:292 kobject: 'loop5' (00000000e7a23380): kobject_uevent_env kobject: 'loop5' (00000000e7a23380): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000000bacd84d): kobject_uevent_env kobject: 'loop4' (000000000bacd84d): fill_kobj_path: path = '/devices/virtual/block/loop4' run_ksoftirqd+0x94/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x68b/0xa00 kernel/smpboot.c:164 kobject: 'loop1' (00000000958fc56d): kobject_uevent_env kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 Kernel Offset: disabled Rebooting in 86400 seconds..