[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.709371][ T7079] IPVS: ftp: loaded support on port[0] = 21 [ 72.754186][ T7079] netlink: 16 bytes leftover after parsing attributes in process `syz-executor073'. [ 72.805170][ T7079] ------------[ cut here ]------------ [ 72.810786][ T7079] refcount_t: underflow; use-after-free. [ 72.817762][ T7079] WARNING: CPU: 0 PID: 7079 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 [ 72.827694][ T7079] Kernel panic - not syncing: panic_on_warn set ... [ 72.834267][ T7079] CPU: 0 PID: 7079 Comm: syz-executor073 Not tainted 5.6.0-rc7-syzkaller #0 [ 72.843060][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.853141][ T7079] Call Trace: [ 72.856451][ T7079] dump_stack+0x188/0x20d [ 72.860767][ T7079] ? refcount_warn_saturate+0x170/0x1e0 [ 72.866323][ T7079] panic+0x2e3/0x75c [ 72.870221][ T7079] ? add_taint.cold+0x16/0x16 [ 72.874929][ T7079] ? __probe_kernel_read+0x188/0x1d0 [ 72.880211][ T7079] ? __warn.cold+0x14/0x35 [ 72.884623][ T7079] ? __warn+0xd5/0x1c8 [ 72.888680][ T7079] ? refcount_warn_saturate+0x1d1/0x1e0 [ 72.894601][ T7079] __warn.cold+0x2f/0x35 [ 72.898851][ T7079] ? refcount_warn_saturate+0x1d1/0x1e0 [ 72.904392][ T7079] report_bug+0x27b/0x2f0 [ 72.908729][ T7079] do_error_trap+0x12b/0x220 [ 72.913319][ T7079] ? refcount_warn_saturate+0x1d1/0x1e0 [ 72.918853][ T7079] do_invalid_op+0x32/0x40 [ 72.923261][ T7079] ? refcount_warn_saturate+0x1d1/0x1e0 [ 72.928811][ T7079] invalid_op+0x23/0x30 [ 72.932954][ T7079] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 [ 72.939107][ T7079] Code: e9 db fe ff ff 48 89 df e8 4c 63 1f fe e9 8a fe ff ff e8 d2 99 e2 fd 48 c7 c7 00 a9 51 88 c6 05 66 a1 d1 06 01 e8 b7 aa b4 fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 [ 72.958692][ T7079] RSP: 0018:ffffc90001a07d38 EFLAGS: 00010286 [ 72.964750][ T7079] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 72.972887][ T7079] RDX: 0000000000000000 RSI: ffffffff815c06c1 RDI: fffff52000340f99 [ 72.980865][ T7079] RBP: 0000000000000003 R08: ffff8880a8d763c0 R09: ffffed1015cc6659 [ 72.988834][ T7079] R10: ffffed1015cc6658 R11: ffff8880ae6332c7 R12: ffff8880a2c12040 [ 72.996809][ T7079] R13: ffff8880a2c12044 R14: 00000000000002aa R15: ffff8880967d4d80 [ 73.004809][ T7079] ? vprintk_func+0x81/0x17e [ 73.009386][ T7079] ? refcount_warn_saturate+0x1d1/0x1e0 [ 73.014911][ T7079] free_nsproxy+0x445/0x4a0 [ 73.019397][ T7079] switch_task_namespaces+0xaa/0xc0 [ 73.024576][ T7079] do_exit+0xb2f/0x2dd0 [ 73.028736][ T7079] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.034088][ T7079] ? up_read+0x1ab/0x750 [ 73.038498][ T7079] ? mark_held_locks+0x9f/0xe0 [ 73.043626][ T7079] ? down_read_non_owner+0x470/0x470 [ 73.048925][ T7079] ? handle_mm_fault+0x491/0xa10 [ 73.053861][ T7079] do_group_exit+0x125/0x340 [ 73.058433][ T7079] __x64_sys_exit_group+0x3a/0x50 [ 73.063444][ T7079] do_syscall_64+0xf6/0x7d0 [ 73.067936][ T7079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.073821][ T7079] RIP: 0033:0x43f998 [ 73.077701][ T7079] Code: Bad RIP value. [ 73.081772][ T7079] RSP: 002b:00007fff85f1c228 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.090350][ T7079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f998 [ 73.098308][ T7079] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 73.106271][ T7079] RBP: 00000000004bfa10 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 73.114223][ T7079] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000000001 [ 73.122188][ T7079] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 73.131853][ T7079] Kernel Offset: disabled [ 73.136272][ T7079] Rebooting in 86400 seconds..