------------[ cut here ]------------ refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 0 PID: 24164 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31 Modules linked in: CPU: 0 PID: 24164 Comm: kworker/u4:6 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31 Code: 1d 3b 53 e8 09 31 ff 89 de e8 fd e7 aa fd 84 db 75 e0 e8 44 e1 aa fd 48 c7 c7 a0 e8 c1 89 c6 05 1b 53 e8 09 01 e8 0e d8 fa 04 <0f> 0b eb c4 e8 28 e1 aa fd 0f b6 1d 0a 53 e8 09 31 ff 89 de e8 c8 RSP: 0018:ffffc90000007e10 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88801f7b3880 RSI: ffffffff815c4d85 RDI: fffff52000000fb4 RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815bdb1e R11: 0000000000000000 R12: ffff88805e7e4000 R13: ffff88805e7e4568 R14: ffff88802db825e0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32324000 CR3: 000000002cf0e000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: __refcount_dec include/linux/refcount.h:344 [inline] refcount_dec include/linux/refcount.h:359 [inline] dev_put include/linux/netdevice.h:4135 [inline] in_dev_finish_destroy+0x172/0x1b0 net/ipv4/devinet.c:244 in_dev_put include/linux/inetdevice.h:265 [inline] in_dev_rcu_put+0x83/0xb0 net/ipv4/devinet.c:301 rcu_do_batch kernel/rcu/tree.c:2559 [inline] rcu_core+0x74a/0x12f0 kernel/rcu/tree.c:2794 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:kasan_check_range+0xc/0x180 mm/kasan/generic.c:185 Code: f2 be f5 00 00 00 e9 13 d8 2e 02 0f 1f 00 48 89 f2 be f8 00 00 00 e9 03 d8 2e 02 0f 1f 00 48 85 f6 0f 84 70 01 00 00 49 89 f9 <41> 54 44 0f b6 c2 49 01 f1 55 53 0f 82 18 01 00 00 48 b8 ff ff ff RSP: 0018:ffffc9000bedfb68 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8159a1e1 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8dc59e08 RBP: 1ffff920017dbf70 R08: 0000000000000000 R09: ffffffff8dc59e08 R10: fffffbfff1f58b16 R11: 0000000000000000 R12: ffffffff8c0ac0e0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000400dc0 instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] cpumask_test_cpu include/linux/cpumask.h:373 [inline] trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xa1/0x720 kernel/locking/lockdep.c:5521 prepare_alloc_pages mm/page_alloc.c:4944 [inline] __alloc_pages_nodemask+0x169/0x730 mm/page_alloc.c:4991 alloc_pages_current+0x18c/0x2a0 mm/mempolicy.c:2277 alloc_pages include/linux/gfp.h:561 [inline] __get_free_pages+0x8/0x40 mm/page_alloc.c:5044 _pgd_alloc arch/x86/mm/pgtable.c:414 [inline] pgd_alloc+0x81/0x360 arch/x86/mm/pgtable.c:430 mm_alloc_pgd kernel/fork.c:625 [inline] mm_init+0x645/0xaf0 kernel/fork.c:1053 mm_alloc+0xa2/0xc0 kernel/fork.c:1081 bprm_mm_init fs/exec.c:369 [inline] alloc_bprm+0x1c6/0x8f0 fs/exec.c:1520 kernel_execve+0x55/0x460 fs/exec.c:1940 call_usermodehelper_exec_async+0x2de/0x580 kernel/umh.c:110 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294