[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   65.083581][ T6867] ------------[ cut here ]------------
[   65.102228][ T6867] refcount_t: underflow; use-after-free.
[   65.116375][ T6867] WARNING: CPU: 0 PID: 6867 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0
[   65.164855][ T6867] Modules linked in:
[   65.175162][ T6867] CPU: 0 PID: 6867 Comm: syz-executor339 Not tainted 5.9.0-rc2-next-20200825-syzkaller #0
[   65.205247][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.237760][ T6867] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0
[   65.272428][ T6867] Code: e9 db fe ff ff 48 89 df e8 dc cd 17 fe e9 8a fe ff ff e8 a2 9d d7 fd 48 c7 c7 80 0a 94 88 c6 05 71 e0 19 07 01 e8 ea 6d a8 fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55
[   65.301166][ T6867] RSP: 0018:ffffc900010a74a0 EFLAGS: 00010282
[   65.311663][ T6867] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   65.332291][ T6867] RDX: ffff888093d58540 RSI: ffffffff815da937 RDI: fffff52000214e86
[   65.362580][ T6867] RBP: 0000000000000003 R08: 0000000000000001 R09: ffff8880ae6318a7
[   65.371884][ T6867] R10: 0000000000000000 R11: 0000000063666572 R12: ffff8880a33f0864
[   65.380094][ T6867] R13: 00000000ffffffea R14: ffff88809011e000 R15: ffff88809994d024
[   65.388164][ T6867] FS:  0000000001311880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   65.398354][ T6867] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   65.405033][ T6867] CR2: 000055966cc50180 CR3: 000000009ee9f000 CR4: 00000000001506f0
[   65.418439][ T6867] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   65.426469][ T6867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   65.434545][ T6867] Call Trace:
[   65.437913][ T6867]  qdisc_put+0xbe/0xe0
[   65.441997][ T6867]  ? red_offload.isra.0+0x480/0x480
[   65.447266][ T6867]  qdisc_create+0xcd9/0x12e0
[   65.452127][ T6867]  ? tc_get_qdisc+0xad0/0xad0
[   65.456917][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   65.461895][ T6867]  tc_modify_qdisc+0x4c8/0x1990
[   65.466980][ T6867]  ? rtnetlink_rcv_msg+0x3f9/0xad0
[   65.472202][ T6867]  ? qdisc_create+0x12e0/0x12e0
[   65.477383][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   65.482616][ T6867]  ? qdisc_create+0x12e0/0x12e0
[   65.487670][ T6867]  rtnetlink_rcv_msg+0x44e/0xad0
[   65.492760][ T6867]  ? rtnetlink_put_metrics+0x510/0x510
[   65.498338][ T6867]  ? lock_acquire+0x1f1/0xad0
[   65.503057][ T6867]  ? netlink_deliver_tap+0x146/0xb70
[   65.509280][ T6867]  netlink_rcv_skb+0x15a/0x430
[   65.514089][ T6867]  ? rtnetlink_put_metrics+0x510/0x510
[   65.519743][ T6867]  ? netlink_ack+0xa10/0xa10
[   65.524361][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   65.530239][ T6867]  netlink_unicast+0x533/0x7d0
[   65.535335][ T6867]  ? netlink_attachskb+0x810/0x810
[   65.540564][ T6867]  ? _copy_from_iter_full+0x247/0x890
[   65.546367][ T6867]  ? __phys_addr+0x9a/0x110
[   65.550970][ T6867]  ? __phys_addr_symbol+0x2c/0x70
[   65.556348][ T6867]  ? __check_object_size+0x171/0x3e4
[   65.561822][ T6867]  netlink_sendmsg+0x856/0xd90
[   65.566981][ T6867]  ? netlink_unicast+0x7d0/0x7d0
[   65.572352][ T6867]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   65.577849][ T6867]  ? netlink_unicast+0x7d0/0x7d0
[   65.582819][ T6867]  sock_sendmsg+0xcf/0x120
[   65.587411][ T6867]  ____sys_sendmsg+0x6e8/0x810
[   65.592204][ T6867]  ? kernel_sendmsg+0x50/0x50
[   65.596944][ T6867]  ? do_recvmmsg+0x6d0/0x6d0
[   65.601744][ T6867]  ? mark_lock+0xbc/0x1710
[   65.606354][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   65.611477][ T6867]  ? __lock_acquire+0xbb5/0x5640
[   65.616625][ T6867]  ___sys_sendmsg+0xf3/0x170
[   65.621432][ T6867]  ? sendmsg_copy_msghdr+0x160/0x160
[   65.627174][ T6867]  ? percpu_counter_add_batch+0x126/0x180
[   65.633035][ T6867]  ? lock_acquire+0x1f1/0xad0
[   65.638049][ T6867]  ? __get_unused_fd_flags+0x60/0x60
[   65.643483][ T6867]  ? find_held_lock+0x2d/0x110
[   65.648693][ T6867]  ? __fd_install+0x1b4/0x600
[   65.653593][ T6867]  ? lock_downgrade+0x830/0x830
[   65.659372][ T6867]  ? __fget_light+0x215/0x280
[   65.678999][ T6867]  __sys_sendmsg+0xe5/0x1b0
[   65.683629][ T6867]  ? __sys_sendmsg_sock+0xb0/0xb0
[   65.688748][ T6867]  ? trace_hardirqs_on+0x5f/0x220
[   65.693891][ T6867]  ? lockdep_hardirqs_on+0x76/0xf0
[   65.699084][ T6867]  do_syscall_64+0x2d/0x70
[   65.703545][ T6867]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.710245][ T6867] RIP: 0033:0x4404a9
[   65.714165][ T6867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.733868][ T6867] RSP: 002b:00007ffed43a8458 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.742523][ T6867] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404a9
[   65.750622][ T6867] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
[   65.758805][ T6867] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.766881][ T6867] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401cb0
[   65.775712][ T6867] R13: 0000000000401d40 R14: 0000000000000000 R15: 0000000000000000
[   65.783859][ T6867] Kernel panic - not syncing: panic_on_warn set ...
[   65.790826][ T6867] CPU: 0 PID: 6867 Comm: syz-executor339 Not tainted 5.9.0-rc2-next-20200825-syzkaller #0
[   65.800690][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.810748][ T6867] Call Trace:
[   65.814092][ T6867]  dump_stack+0x18f/0x20d
[   65.818419][ T6867]  panic+0x2e3/0x75c
[   65.822318][ T6867]  ? __warn_printk+0xf3/0xf3
[   65.826896][ T6867]  ? __warn.cold+0x1d/0xc1
[   65.834128][ T6867]  ? __warn.cold+0x14/0xc1
[   65.838587][ T6867]  ? refcount_warn_saturate+0x1d1/0x1e0
[   65.846378][ T6867]  __warn.cold+0x38/0xc1
[   65.850992][ T6867]  ? refcount_warn_saturate+0x1d1/0x1e0
[   65.856825][ T6867]  report_bug+0x1bd/0x210
[   65.861318][ T6867]  handle_bug+0x38/0x90
[   65.866245][ T6867]  ? __warn_printk+0xc6/0xf3
[   65.871272][ T6867]  exc_invalid_op+0x14/0x40
[   65.876125][ T6867]  asm_exc_invalid_op+0x12/0x20
[   65.881009][ T6867] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0
[   65.887660][ T6867] Code: e9 db fe ff ff 48 89 df e8 dc cd 17 fe e9 8a fe ff ff e8 a2 9d d7 fd 48 c7 c7 80 0a 94 88 c6 05 71 e0 19 07 01 e8 ea 6d a8 fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55
[   65.908567][ T6867] RSP: 0018:ffffc900010a74a0 EFLAGS: 00010282
[   65.916321][ T6867] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   65.924509][ T6867] RDX: ffff888093d58540 RSI: ffffffff815da937 RDI: fffff52000214e86
[   65.932498][ T6867] RBP: 0000000000000003 R08: 0000000000000001 R09: ffff8880ae6318a7
[   65.940675][ T6867] R10: 0000000000000000 R11: 0000000063666572 R12: ffff8880a33f0864
[   65.949121][ T6867] R13: 00000000ffffffea R14: ffff88809011e000 R15: ffff88809994d024
[   65.957334][ T6867]  ? vprintk_func+0x97/0x1a6
[   65.962200][ T6867]  qdisc_put+0xbe/0xe0
[   65.966358][ T6867]  ? red_offload.isra.0+0x480/0x480
[   65.971542][ T6867]  qdisc_create+0xcd9/0x12e0
[   65.976616][ T6867]  ? tc_get_qdisc+0xad0/0xad0
[   65.981408][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   65.986355][ T6867]  tc_modify_qdisc+0x4c8/0x1990
[   65.991221][ T6867]  ? rtnetlink_rcv_msg+0x3f9/0xad0
[   65.996337][ T6867]  ? qdisc_create+0x12e0/0x12e0
[   66.001206][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   66.006159][ T6867]  ? qdisc_create+0x12e0/0x12e0
[   66.011004][ T6867]  rtnetlink_rcv_msg+0x44e/0xad0
[   66.016018][ T6867]  ? rtnetlink_put_metrics+0x510/0x510
[   66.021487][ T6867]  ? lock_acquire+0x1f1/0xad0
[   66.026156][ T6867]  ? netlink_deliver_tap+0x146/0xb70
[   66.031426][ T6867]  netlink_rcv_skb+0x15a/0x430
[   66.036191][ T6867]  ? rtnetlink_put_metrics+0x510/0x510
[   66.041631][ T6867]  ? netlink_ack+0xa10/0xa10
[   66.046234][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   66.051534][ T6867]  netlink_unicast+0x533/0x7d0
[   66.056308][ T6867]  ? netlink_attachskb+0x810/0x810
[   66.061533][ T6867]  ? _copy_from_iter_full+0x247/0x890
[   66.066918][ T6867]  ? __phys_addr+0x9a/0x110
[   66.071412][ T6867]  ? __phys_addr_symbol+0x2c/0x70
[   66.076473][ T6867]  ? __check_object_size+0x171/0x3e4
[   66.081749][ T6867]  netlink_sendmsg+0x856/0xd90
[   66.086682][ T6867]  ? netlink_unicast+0x7d0/0x7d0
[   66.091616][ T6867]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   66.096906][ T6867]  ? netlink_unicast+0x7d0/0x7d0
[   66.101843][ T6867]  sock_sendmsg+0xcf/0x120
[   66.106241][ T6867]  ____sys_sendmsg+0x6e8/0x810
[   66.110983][ T6867]  ? kernel_sendmsg+0x50/0x50
[   66.115657][ T6867]  ? do_recvmmsg+0x6d0/0x6d0
[   66.120229][ T6867]  ? mark_lock+0xbc/0x1710
[   66.124664][ T6867]  ? lock_is_held_type+0xbb/0xf0
[   66.129609][ T6867]  ? __lock_acquire+0xbb5/0x5640
[   66.134555][ T6867]  ___sys_sendmsg+0xf3/0x170
[   66.139269][ T6867]  ? sendmsg_copy_msghdr+0x160/0x160
[   66.144575][ T6867]  ? percpu_counter_add_batch+0x126/0x180
[   66.150442][ T6867]  ? lock_acquire+0x1f1/0xad0
[   66.155637][ T6867]  ? __get_unused_fd_flags+0x60/0x60
[   66.161101][ T6867]  ? find_held_lock+0x2d/0x110
[   66.165880][ T6867]  ? __fd_install+0x1b4/0x600
[   66.170711][ T6867]  ? lock_downgrade+0x830/0x830
[   66.175609][ T6867]  ? __fget_light+0x215/0x280
[   66.180306][ T6867]  __sys_sendmsg+0xe5/0x1b0
[   66.184837][ T6867]  ? __sys_sendmsg_sock+0xb0/0xb0
[   66.189888][ T6867]  ? trace_hardirqs_on+0x5f/0x220
[   66.195149][ T6867]  ? lockdep_hardirqs_on+0x76/0xf0
[   66.200261][ T6867]  do_syscall_64+0x2d/0x70
[   66.204675][ T6867]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.210561][ T6867] RIP: 0033:0x4404a9
[   66.214464][ T6867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.234072][ T6867] RSP: 002b:00007ffed43a8458 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.242590][ T6867] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404a9
[   66.251440][ T6867] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
[   66.259406][ T6867] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   66.267362][ T6867] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401cb0
[   66.275806][ T6867] R13: 0000000000401d40 R14: 0000000000000000 R15: 0000000000000000
[   66.285429][ T6867] Kernel Offset: disabled
[   66.289839][ T6867] Rebooting in 86400 seconds..