Warning: Permanently added '[localhost]:37577' (ECDSA) to the list of known hosts. syzkaller login: [ 142.469218][ T8920] IPVS: ftp: loaded support on port[0] = 21 executing program [ 142.868185][ T8920] netlink: 16 bytes leftover after parsing attributes in process `syz-executor390'. [ 143.046614][ C2] ------------[ cut here ]------------ [ 143.078679][ C2] refcount_t: underflow; use-after-free. [ 143.110165][ C2] WARNING: CPU: 2 PID: 22 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] Kernel panic - not syncing: panic_on_warn set ... [ 143.111388][ C2] CPU: 2 PID: 22 Comm: ksoftirqd/2 Not tainted 5.7.0-syzkaller #0 [ 143.111388][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 143.111388][ C2] Call Trace: [ 143.111388][ C2] dump_stack+0x188/0x20d [ 143.111388][ C2] ? refcount_warn_saturate+0x140/0x1e0 [ 143.111388][ C2] panic+0x2e3/0x75c [ 143.111388][ C2] ? add_taint.cold+0x16/0x16 [ 143.111388][ C2] ? __probe_kernel_read+0x188/0x1d0 [ 143.111388][ C2] ? __warn.cold+0x14/0x35 [ 143.111388][ C2] ? __warn+0xd5/0x1c8 [ 143.111388][ C2] ? refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] __warn.cold+0x2f/0x35 [ 143.111388][ C2] ? refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] report_bug+0x27b/0x2f0 [ 143.111388][ C2] do_error_trap+0x12b/0x220 [ 143.111388][ C2] ? refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] do_invalid_op+0x32/0x40 [ 143.111388][ C2] ? refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] invalid_op+0x23/0x30 [ 143.111388][ C2] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] Code: e9 db fe ff ff 48 89 df e8 fc a3 18 fe e9 8a fe ff ff e8 a2 8c d9 fd 48 c7 c7 40 e7 72 88 c6 05 b7 45 ec 06 01 e8 37 91 aa fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 [ 143.111388][ C2] RSP: 0018:ffffc90000517c18 EFLAGS: 00010282 [ 143.111388][ C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 143.111388][ C2] RDX: 0000000000000000 RSI: ffffffff815d88a7 RDI: fffff520000a2f75 [ 143.111388][ C2] RBP: 0000000000000003 R08: ffff88802c3306c0 R09: 0000000000000001 [ 143.111388][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888026e20000 [ 143.111388][ C2] R13: ffff888026eec040 R14: ffff888026eec044 R15: ffff88802c3306c0 [ 143.111388][ C2] ? vprintk_func+0x97/0x1a6 [ 143.111388][ C2] ? refcount_warn_saturate+0x1d1/0x1e0 [ 143.111388][ C2] __sk_destruct+0x696/0x7c0 [ 143.111388][ C2] sk_destruct+0xc6/0x100 [ 143.111388][ C2] __sk_free+0xef/0x3d0 [ 143.111388][ C2] sk_free+0x78/0xa0 [ 143.111388][ C2] deferred_put_nlk_sk+0x151/0x2e0 [ 143.111388][ C2] rcu_core+0x59f/0x1370 [ 143.111388][ C2] ? __rcu_read_unlock+0x560/0x560 [ 143.111388][ C2] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 143.111388][ C2] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 143.111388][ C2] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 143.111388][ C2] __do_softirq+0x26c/0x9f7 [ 143.111388][ C2] ? takeover_tasklets+0x810/0x810 [ 143.111388][ C2] run_ksoftirqd+0x89/0x100 [ 143.111388][ C2] smpboot_thread_fn+0x653/0x9e0 [ 143.111388][ C2] ? __smpboot_create_thread.part.0+0x340/0x340 [ 143.111388][ C2] ? __kthread_parkme+0x13f/0x1e0 [ 143.111388][ C2] ? __smpboot_create_thread.part.0+0x340/0x340 [ 143.111388][ C2] kthread+0x388/0x470 [ 143.111388][ C2] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 143.111388][ C2] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 143.111388][ C2] ret_from_fork+0x24/0x30 [ 143.111388][ C2] Kernel Offset: disabled [ 143.111388][ C2] Rebooting in 86400 seconds..