netlink: 'syz-executor.0': attribute type 4 has an invalid length. netlink: 'syz-executor.0': attribute type 4 has an invalid length. netlink: 'syz-executor.1': attribute type 4 has an invalid length. netlink: 'syz-executor.4': attribute type 4 has an invalid length. ------------[ cut here ]------------ Kernel BUG at 00000000ad06fdc8 [verbose debug info unavailable] ------------[ cut here ]------------ refcount_t overflow at refcount_add arch/x86/include/asm/refcount.h:43 [inline] in syz-executor.0[7339], uid/euid: 0/0 refcount_t overflow at skb_set_owner_w+0x20a/0x2f0 net/core/sock.c:1846 in syz-executor.0[7339], uid/euid: 0/0 WARNING: CPU: 1 PID: 7339 at kernel/panic.c:657 refcount_error_report+0x1a4/0x202 kernel/panic.c:653 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7339 Comm: syz-executor.0 Not tainted 4.15.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:183 __warn.cold.8+0x120/0x156 kernel/panic.c:547 report_bug+0x1a3/0x230 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:177 [inline] do_error_trap+0x1bd/0x460 arch/x86/kernel/traps.c:295 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:930 RIP: 0010:refcount_error_report+0x1a4/0x202 kernel/panic.c:653 RSP: 0018:ffff8800984af290 EFLAGS: 00010282 RAX: 0000000000000059 RBX: ffff8800984af4b8 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff880098168cc8 RDI: ffffffff8a6711a0 RBP: ffff8800984af2c8 R08: ffff880098168ce8 R09: 0000000000000006 R10: 0000000000000000 R11: dffffc0000000000 R12: ffffffff8787d660 R13: 0000000000000000 R14: ffff880098168400 R15: ffff8800984af3d0 ex_handler_refcount+0x10e/0x180 arch/x86/mm/extable.c:77 fixup_exception+0x7c/0xb3 arch/x86/mm/extable.c:196 do_trap_no_signal arch/x86/kernel/traps.c:208 [inline] do_trap+0x63/0x240 arch/x86/kernel/traps.c:257 do_error_trap+0x159/0x460 arch/x86/kernel/traps.c:301 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:930 RIP: 0010:skb_set_owner_w+0x20a/0x2f0 net/core/sock.c:1847 RSP: 0018:ffff8800984af568 EFLAGS: 00010a82 RAX: 0000000000040100 RBX: ffff8800a8f3f2c0 RCX: ffff8800a074a9a4 RDX: 1ffff100151e7e74 RSI: ffff8800a074a740 RDI: ffff8800a8f3f3a0 RBP: ffff8800984af588 R08: ffffed0040aeb9a4 R09: ffff88020575cd00 R10: ffffed0040aeb9a3 R11: ffff88020575cd1f R12: ffff8800a074a740 R13: ffff8800a8f3f320 R14: ffff8800a8f3f2d8 R15: 0000000000035318 sock_wmalloc+0x12f/0x1c0 net/core/sock.c:1932 ip_append_page+0x55f/0xe90 net/ipv4/ip_output.c:1239 udp_sendpage+0x1f7/0x490 net/ipv4/udp.c:1148 inet_sendpage+0x16f/0x730 net/ipv4/af_inet.c:780 kernel_sendpage+0x60/0xd0 net/socket.c:3364 sock_sendpage+0x73/0xd0 net/socket.c:861 pipe_to_sendpage+0x228/0x4e0 fs/splice.c:451 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x2cb/0x720 fs/splice.c:626 splice_from_pipe+0x1a7/0x300 fs/splice.c:661 generic_splice_sendpage+0x10/0x20 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x104/0x1c0 fs/splice.c:1018 splice_direct_to_actor+0x28a/0x7e0 fs/splice.c:973 do_splice_direct+0x24d/0x550 fs/splice.c:1061 do_sendfile+0x51e/0x1100 fs/read_write.c:1413 SYSC_sendfile64 fs/read_write.c:1474 [inline] SyS_sendfile64+0x11e/0x140 fs/read_write.c:1460 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x45a679 RSP: 002b:00007f127a1b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f127a1b1700 RCX: 000000000045a679 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 00007ffc774c2700 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc774c259f R14: 00007f127a1b19c0 R15: 000000000075bfd4 Kernel Offset: disabled Rebooting in 86400 seconds..