------------[ cut here ]------------
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 0 PID: 6555 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Modules linked in:
CPU: 0 PID: 6555 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Code: 1d 6a ad 81 09 31 ff 89 de e8 ad 11 9d fd 84 db 75 e0 e8 c4 0d 9d fd 48 c7 c7 60 cb e4 89 c6 05 4a ad 81 09 01 e8 b8 c7 1c 05 <0f> 0b eb c4 e8 a8 0d 9d fd 0f b6 1d 39 ad 81 09 31 ff 89 de e8 78
RSP: 0018:ffffc90000007df0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888018040000 RSI: ffffffff815f39c8 RDI: fffff52000000fb0
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815ed79e R11: 0000000000000000 R12: 0000000000000001
R13: ffff88801c1045b0 R14: 0000000000000005 R15: ffff88802cdd9de8
FS:  0000555557002400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee293acdc CR3: 0000000046ae3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __refcount_dec include/linux/refcount.h:344 [inline]
 refcount_dec include/linux/refcount.h:359 [inline]
 dev_put include/linux/netdevice.h:4166 [inline]
 in_dev_finish_destroy+0x160/0x1b0 net/ipv4/devinet.c:246
 in_dev_put include/linux/inetdevice.h:276 [inline]
 in_dev_rcu_put+0x83/0xb0 net/ipv4/devinet.c:303
 rcu_do_batch kernel/rcu/tree.c:2506 [inline]
 rcu_core+0x7ab/0x1470 kernel/rcu/tree.c:2741
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:check_kcov_mode+0x2c/0x40 kernel/kcov.c:177
Code: 05 39 ae 8a 7e 89 c2 81 e2 00 01 00 00 a9 00 01 ff 00 74 10 31 c0 85 d2 74 15 8b 96 a4 15 00 00 85 d2 74 0b 8b 86 80 15 00 00 <39> f8 0f 94 c0 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 31 c0
RSP: 0018:ffffc90002827598 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff888018040000 RDI: 0000000000000003
RBP: ffff888019e7f280 R08: 0000000000000000 R09: 000000000000000b
R10: ffffffff83a30fc7 R11: 0000000000000010 R12: 0000000000000030
R13: 00000000000001ff R14: dffffc0000000000 R15: 0000000000000000
 write_comp_data kernel/kcov.c:221 [inline]
 __sanitizer_cov_trace_const_cmp4+0x1c/0x70 kernel/kcov.c:287
 tomoyo_domain_quota_is_ok+0x307/0x550 security/tomoyo/util.c:1093
 tomoyo_supervisor+0x2f2/0xf00 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_permission+0x270/0x3a0 security/tomoyo/file.c:573
 tomoyo_check_open_permission+0x33e/0x380 security/tomoyo/file.c:777
 tomoyo_file_open security/tomoyo/tomoyo.c:311 [inline]
 tomoyo_file_open+0xa3/0xd0 security/tomoyo/tomoyo.c:306
 security_file_open+0x45/0xb0 security/security.c:1635
 do_dentry_open+0x353/0x1250 fs/open.c:809
 do_open fs/namei.c:3426 [inline]
 path_openat+0x1cad/0x2750 fs/namei.c:3559
 do_filp_open+0x1aa/0x400 fs/namei.c:3586
 do_sys_openat2+0x16d/0x4d0 fs/open.c:1212
 do_sys_open fs/open.c:1228 [inline]
 __do_sys_openat fs/open.c:1244 [inline]
 __se_sys_openat fs/open.c:1239 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1239
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f6b85203628
Code: 24 18 31 c0 41 83 e2 40 75 40 89 f0 25 00 00 41 00 3d 00 00 41 00 74 32 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 40 48 8b 4c 24 18 64 48 2b 0c 25 28 00 00 00
RSP: 002b:00007ffee293ac50 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000001b04 RCX: 00007f6b85203628
RDX: 0000000000090800 RSI: 00007ffee293be40 RDI: 00000000ffffff9c
RBP: 00007ffee293be1c R08: 0000000000090800 R09: 00007ffee293be40
R10: 0000000000000000 R11: 0000000000000287 R12: 00007f6b8525d105
R13: 00007ffee293be40 R14: 0000000000000005 R15: 00007ffee293be80
 </TASK>
----------------
Code disassembly (best guess):
   0:	05 39 ae 8a 7e       	add    $0x7e8aae39,%eax
   5:	89 c2                	mov    %eax,%edx
   7:	81 e2 00 01 00 00    	and    $0x100,%edx
   d:	a9 00 01 ff 00       	test   $0xff0100,%eax
  12:	74 10                	je     0x24
  14:	31 c0                	xor    %eax,%eax
  16:	85 d2                	test   %edx,%edx
  18:	74 15                	je     0x2f
  1a:	8b 96 a4 15 00 00    	mov    0x15a4(%rsi),%edx
  20:	85 d2                	test   %edx,%edx
  22:	74 0b                	je     0x2f
  24:	8b 86 80 15 00 00    	mov    0x1580(%rsi),%eax
* 2a:	39 f8                	cmp    %edi,%eax <-- trapping instruction
  2c:	0f 94 c0             	sete   %al
  2f:	c3                   	retq
  30:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  37:	00 00 00 00
  3b:	0f 1f 00             	nopl   (%rax)
  3e:	31 c0                	xor    %eax,%eax