netlink: 48 bytes leftover after parsing attributes in process `syz.0.350'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5655 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28
refcount_t: underflow; use-after-free.
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 UID: 0 PID: 5655 Comm: syz.0.350 Not tainted 6.11.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
Call trace: 
[<81953268>] (dump_backtrace) from [<81953364>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257)
 r7:00000000 r6:826228c4 r5:00000000 r4:8200b970
[<8195334c>] (show_stack) from [<81971014>] (__dump_stack lib/dump_stack.c:93 [inline])
[<8195334c>] (show_stack) from [<81971014>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:119)
[<81970fc0>] (dump_stack_lvl) from [<81971054>] (dump_stack+0x18/0x1c lib/dump_stack.c:128)
 r5:00000000 r4:8286bd18
[<8197103c>] (dump_stack) from [<81953e0c>] (panic+0x120/0x358 kernel/panic.c:348)
[<81953cec>] (panic) from [<802421dc>] (check_panic_on_warn kernel/panic.c:241 [inline])
[<81953cec>] (panic) from [<802421dc>] (get_taint+0x0/0x1c kernel/panic.c:236)
 r3:8260c5c4 r2:00000001 r1:81ff4194 r0:81ffbf6c
 r7:8080b91c
[<80242168>] (check_panic_on_warn) from [<80242330>] (__warn+0x7c/0x180 kernel/panic.c:735)
[<802422b4>] (__warn) from [<8024261c>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:768)
 r8:00000009 r7:82059694 r6:df9c9e5c r5:8376b000 r4:00000000
[<80242438>] (warn_slowpath_fmt) from [<8080b91c>] (refcount_warn_saturate+0x13c/0x174 lib/refcount.c:28)
 r10:00000000 r9:82913440 r8:8479022c r7:00000100 r6:00000000 r5:847901ac
 r4:84790000
[<8080b7e0>] (refcount_warn_saturate) from [<8144dce4>] (__refcount_sub_and_test include/linux/refcount.h:275 [inline])
[<8080b7e0>] (refcount_warn_saturate) from [<8144dce4>] (__refcount_dec_and_test include/linux/refcount.h:307 [inline])
[<8080b7e0>] (refcount_warn_saturate) from [<8144dce4>] (refcount_dec_and_test include/linux/refcount.h:325 [inline])
[<8080b7e0>] (refcount_warn_saturate) from [<8144dce4>] (sock_put include/net/sock.h:1883 [inline])
[<8080b7e0>] (refcount_warn_saturate) from [<8144dce4>] (sk_common_release+0xc0/0x100 net/core/sock.c:3773)
[<8144dc24>] (sk_common_release) from [<81708294>] (inet6_create net/ipv6/af_inet6.c:271 [inline])
[<8144dc24>] (sk_common_release) from [<81708294>] (inet6_create+0x390/0x3d0 net/ipv6/af_inet6.c:120)
 r7:00000100 r6:00000001 r5:84790000 r4:fffffffe
[<81707f04>] (inet6_create) from [<81445df8>] (__sock_create+0xfc/0x1d4 net/socket.c:1571)
 r10:81c69a80 r9:82913440 r8:83356280 r7:00000100 r6:81707f04 r5:00000001
 r4:0000000a
[<81445cfc>] (__sock_create) from [<8144875c>] (sock_create net/socket.c:1622 [inline])
[<81445cfc>] (__sock_create) from [<8144875c>] (__sys_socketpair+0x140/0x2ac net/socket.c:1769)
 r10:00000100 r9:8376b000 r8:00000000 r7:00000000 r6:0000000a r5:00000001
 r4:00000000
[<8144861c>] (__sys_socketpair) from [<814488d8>] (__do_sys_socketpair net/socket.c:1822 [inline])
[<8144861c>] (__sys_socketpair) from [<814488d8>] (sys_socketpair+0x10/0x14 net/socket.c:1819)
 r10:00000120 r9:8376b000 r8:8020029c r7:00000120 r6:002662ec r5:00000000
 r4:00000000
[<814488c8>] (sys_socketpair) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdf9c9fa8 to 0xdf9c9ff0)
9fa0:                   00000000 00000000 0000000a 00000001 00000100 20000080
9fc0: 00000000 00000000 002662ec 00000120 7e90977e 7e90977f 003d0f00 76bc20bc
9fe0: 76bc1ec8 76bc1eb8 000188c0 00132250
Rebooting in 86400 seconds..