[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.432976][ T26] audit: type=1800 audit(1575262301.772:25): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.453182][ T26] audit: type=1800 audit(1575262301.772:26): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.526155][ T26] audit: type=1800 audit(1575262301.782:27): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 469.170136][ T9365] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.295131][ T9372] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.303694][ T9370] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.313941][ T9371] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.322517][ T9373] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.330946][ T9374] netlink: 'syz-executor850': attribute type 4 has an invalid length. executing program executing program executing program executing program executing program executing program [ 469.339683][ T9365] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.349858][ T9372] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.358763][ T9370] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 469.367981][ T9371] netlink: 'syz-executor850': attribute type 4 has an invalid length. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 474.173565][ T9456] validate_nla: 158 callbacks suppressed [ 474.173575][ T9456] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.188152][ T9457] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.196829][ T9453] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.209398][ T9459] netlink: 'syz-executor850': attribute type 4 has an invalid length. executing program executing program executing program [ 474.320128][ T9458] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.328675][ T9456] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.338803][ T9455] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.347316][ T9457] netlink: 'syz-executor850': attribute type 4 has an invalid length. [ 474.357335][ T9460] netlink: 'syz-executor850': attribute type 4 has an invalid length. executing program executing program [ 474.470425][ T9459] netlink: 'syz-executor850': attribute type 4 has an invalid length. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 478.723471][ T9464] ------------[ cut here ]------------ [ 478.729421][ T9464] refcount_t: saturated; leaking memory. [ 478.735943][ T9464] WARNING: CPU: 0 PID: 9464 at lib/refcount.c:22 refcount_warn_saturate+0x138/0x1f0 [ 478.745376][ T9464] Kernel panic - not syncing: panic_on_warn set ... [ 478.752427][ T9464] CPU: 0 PID: 9464 Comm: syz-executor850 Not tainted 5.4.0-syzkaller #0 [ 478.760751][ T9464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 executing program [ 478.770874][ T9464] Call Trace: [ 478.774208][ T9464] dump_stack+0x197/0x210 [ 478.778547][ T9464] ? refcount_warn_saturate+0x60/0x1f0 [ 478.784076][ T9464] panic+0x2e3/0x75c [ 478.787986][ T9464] ? add_taint.cold+0x16/0x16 [ 478.792727][ T9464] ? __kasan_check_write+0x14/0x20 [ 478.797862][ T9464] ? __warn.cold+0x14/0x3e [ 478.802279][ T9464] ? __warn+0xd9/0x1cf [ 478.806357][ T9464] ? refcount_warn_saturate+0x138/0x1f0 [ 478.811900][ T9464] __warn.cold+0x2f/0x3e [ 478.816142][ T9464] ? refcount_warn_saturate+0x138/0x1f0 [ 478.821749][ T9464] report_bug+0x289/0x300 [ 478.826130][ T9464] do_error_trap+0x11b/0x200 [ 478.830725][ T9464] do_invalid_op+0x37/0x50 [ 478.835142][ T9464] ? refcount_warn_saturate+0x138/0x1f0 [ 478.842596][ T9464] invalid_op+0x23/0x30 [ 478.846790][ T9464] RIP: 0010:refcount_warn_saturate+0x138/0x1f0 [ 478.852960][ T9464] Code: 06 31 ff 89 de e8 c8 f5 e6 fd 84 db 0f 85 6f ff ff ff e8 7b f4 e6 fd 48 c7 c7 e0 71 4f 88 c6 05 56 a6 a4 06 01 e8 c7 a8 b7 fd <0f> 0b e9 50 ff ff ff e8 5c f4 e6 fd 0f b6 1d 3d a6 a4 06 31 ff 89 [ 478.872850][ T9464] RSP: 0018:ffff88809689f550 EFLAGS: 00010286 [ 478.879068][ T9464] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 478.887243][ T9464] RDX: 0000000000000000 RSI: ffffffff815e4336 RDI: ffffed1012d13e9c [ 478.895578][ T9464] RBP: ffff88809689f560 R08: ffff88809c50a3c0 R09: fffffbfff15d31b1 [ 478.903820][ T9464] R10: fffffbfff15d31b0 R11: ffffffff8ae98d87 R12: 0000000000000001 [ 478.911990][ T9464] R13: 0000000000040100 R14: ffff888099041104 R15: ffff888218d96e40 [ 478.920413][ T9464] ? vprintk_func+0x86/0x189 [ 478.925065][ T9464] skb_set_owner_w+0x2b6/0x410 [ 478.929820][ T9464] sock_wmalloc+0xf1/0x120 [ 478.934352][ T9464] ip_append_page+0x7ef/0x1190 [ 478.939160][ T9464] udp_sendpage+0x1c7/0x480 [ 478.943655][ T9464] ? udp_sendmsg+0x2810/0x2810 [ 478.948420][ T9464] ? __kasan_check_write+0x14/0x20 [ 478.953588][ T9464] ? copy_page_to_iter+0x514/0xdd0 [ 478.958831][ T9464] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 478.965276][ T9464] ? put_page+0xe5/0x220 [ 478.969518][ T9464] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 478.975874][ T9464] inet_sendpage+0xdb/0x150 [ 478.980665][ T9464] ? udp_sendmsg+0x2810/0x2810 [ 478.985536][ T9464] kernel_sendpage+0x92/0xf0 [ 478.991182][ T9464] ? inet_sendmsg+0xe0/0xe0 [ 478.995694][ T9464] sock_sendpage+0x8b/0xc0 [ 479.000681][ T9464] pipe_to_sendpage+0x2da/0x3c0 [ 479.005774][ T9464] ? kernel_sendpage+0xf0/0xf0 [ 479.010823][ T9464] ? direct_splice_actor+0x190/0x190 [ 479.016165][ T9464] ? __lock_acquire+0x16f2/0x4a00 [ 479.021191][ T9464] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 479.027419][ T9464] __splice_from_pipe+0x3ee/0x7c0 [ 479.032445][ T9464] ? direct_splice_actor+0x190/0x190 [ 479.037739][ T9464] ? direct_splice_actor+0x190/0x190 [ 479.043101][ T9464] splice_from_pipe+0x108/0x170 [ 479.048062][ T9464] ? splice_shrink_spd+0xd0/0xd0 [ 479.053014][ T9464] generic_splice_sendpage+0x3c/0x50 [ 479.058313][ T9464] ? splice_from_pipe+0x170/0x170 [ 479.063383][ T9464] direct_splice_actor+0x123/0x190 [ 479.068521][ T9464] splice_direct_to_actor+0x3b4/0xa30 [ 479.073890][ T9464] ? generic_pipe_buf_nosteal+0x10/0x10 [ 479.079695][ T9464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 479.085935][ T9464] ? do_splice_to+0x180/0x180 [ 479.090686][ T9464] ? rw_verify_area+0x126/0x360 [ 479.095551][ T9464] do_splice_direct+0x1da/0x2a0 [ 479.100431][ T9464] ? splice_direct_to_actor+0xa30/0xa30 [ 479.105966][ T9464] ? rw_verify_area+0x126/0x360 [ 479.110806][ T9464] do_sendfile+0x597/0xd00 [ 479.115213][ T9464] ? do_compat_pwritev64+0x1c0/0x1c0 [ 479.120483][ T9464] ? __sb_end_write+0x115/0x1a0 [ 479.125330][ T9464] __x64_sys_sendfile64+0x1dd/0x220 [ 479.130521][ T9464] ? __ia32_sys_sendfile+0x230/0x230 [ 479.135996][ T9464] ? do_syscall_64+0x26/0x790 [ 479.140682][ T9464] ? lockdep_hardirqs_on+0x421/0x5e0 [ 479.145990][ T9464] ? trace_hardirqs_on+0x67/0x240 [ 479.151010][ T9464] do_syscall_64+0xfa/0x790 [ 479.155554][ T9464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.161436][ T9464] RIP: 0033:0x441409 [ 479.165328][ T9464] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.184926][ T9464] RSP: 002b:00007fffb64c4f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 479.193321][ T9464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 [ 479.201274][ T9464] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 479.209311][ T9464] RBP: 0000000000073b8a R08: 0000000000000010 R09: 0000000000000010 [ 479.217787][ T9464] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000402180 [ 479.225748][ T9464] R13: 0000000000402210 R14: 0000000000000000 R15: 0000000000000000 [ 479.235394][ T9464] Kernel Offset: disabled [ 479.239803][ T9464] Rebooting in 86400 seconds..