[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.234529][ T25] audit: type=1800 audit(1575102304.472:25): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.254623][ T25] audit: type=1800 audit(1575102304.472:26): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.298015][ T25] audit: type=1800 audit(1575102304.472:27): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.980806][ T9163] ------------[ cut here ]------------ [ 69.986510][ T9163] refcount_t: underflow; use-after-free. [ 69.993027][ T9163] WARNING: CPU: 0 PID: 9163 at lib/refcount.c:28 refcount_warn_saturate+0x1dc/0x1f0 [ 70.002540][ T9163] Kernel panic - not syncing: panic_on_warn set ... [ 70.009112][ T9163] CPU: 0 PID: 9163 Comm: syz-executor460 Not tainted 5.4.0-syzkaller #0 [ 70.017584][ T9163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.027872][ T9163] Call Trace: [ 70.031170][ T9163] dump_stack+0x197/0x210 [ 70.035497][ T9163] ? refcount_warn_saturate+0x1b0/0x1f0 [ 70.041900][ T9163] panic+0x2e3/0x75c [ 70.045847][ T9163] ? add_taint.cold+0x16/0x16 [ 70.050741][ T9163] ? __kasan_check_write+0x14/0x20 [ 70.055841][ T9163] ? __warn.cold+0x14/0x3e [ 70.060252][ T9163] ? __warn+0xd9/0x1cf [ 70.064489][ T9163] ? refcount_warn_saturate+0x1dc/0x1f0 [ 70.070024][ T9163] __warn.cold+0x2f/0x3e [ 70.074332][ T9163] ? refcount_warn_saturate+0x1dc/0x1f0 [ 70.080142][ T9163] report_bug+0x289/0x300 [ 70.084451][ T9163] do_error_trap+0x11b/0x200 [ 70.089021][ T9163] do_invalid_op+0x37/0x50 [ 70.093516][ T9163] ? refcount_warn_saturate+0x1dc/0x1f0 [ 70.099064][ T9163] invalid_op+0x23/0x30 [ 70.103205][ T9163] RIP: 0010:refcount_warn_saturate+0x1dc/0x1f0 [ 70.109340][ T9163] Code: e9 d8 fe ff ff 48 89 df e8 31 65 25 fe e9 85 fe ff ff e8 07 37 e8 fd 48 c7 c7 60 53 4f 88 c6 05 7d b6 a5 06 01 e8 73 eb b8 fd <0f> 0b e9 ac fe ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 [ 70.128934][ T9163] RSP: 0018:ffff88809280f5d0 EFLAGS: 00010282 [ 70.134977][ T9163] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.142940][ T9163] RDX: 0000000000000000 RSI: ffffffff815e4316 RDI: ffffed1012501eac [ 70.150890][ T9163] RBP: ffff88809280f5e0 R08: ffff8880a39f6000 R09: fffffbfff15d29b2 [ 70.158842][ T9163] R10: fffffbfff15d29b1 R11: ffffffff8ae94d8f R12: 0000000000000003 [ 70.166821][ T9163] R13: ffff8880a79e7a04 R14: 0000000000000900 R15: ffff8880a86df7c0 [ 70.174828][ T9163] ? vprintk_func+0x86/0x189 [ 70.180375][ T9163] sock_wfree+0x1f8/0x260 [ 70.184715][ T9163] sctp_wfree+0x389/0x990 [ 70.189658][ T9163] ? __sctp_write_space+0x5d0/0x5d0 [ 70.194959][ T9163] skb_release_head_state+0xeb/0x260 [ 70.200423][ T9163] skb_release_all+0x16/0x60 [ 70.205029][ T9163] consume_skb+0xfb/0x410 [ 70.209372][ T9163] sctp_chunk_put+0x1d4/0x2f0 [ 70.214034][ T9163] sctp_chunk_free+0x56/0x70 [ 70.218624][ T9163] __sctp_outq_teardown+0x1d0/0xc60 [ 70.223908][ T9163] sctp_outq_free+0x16/0x20 [ 70.228404][ T9163] sctp_association_free+0x208/0x7e0 [ 70.233724][ T9163] sctp_do_sm+0x3a6a/0x5190 [ 70.238234][ T9163] ? __kmalloc_node_track_caller+0x3d/0x70 [ 70.244051][ T9163] ? sctp_do_8_2_transport_strike.isra.0+0xa60/0xa60 [ 70.250821][ T9163] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 70.257956][ T9163] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 70.263492][ T9163] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 70.269581][ T9163] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 70.275393][ T9163] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 70.281827][ T9163] ? sctp_init_cause+0x1ae/0x230 [ 70.286773][ T9163] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 70.293144][ T9163] ? skb_put+0x177/0x1d0 [ 70.297551][ T9163] ? memcpy+0x46/0x50 [ 70.302155][ T9163] sctp_primitive_ABORT+0xa0/0xd0 [ 70.307192][ T9163] sctp_close+0x259/0x960 [ 70.311554][ T9163] ? sctp_accept+0x710/0x710 [ 70.316368][ T9163] ? __kasan_check_write+0x14/0x20 [ 70.321577][ T9163] ? down_write+0xdf/0x150 [ 70.326009][ T9163] ? ip_mc_drop_socket+0x211/0x270 [ 70.331207][ T9163] inet_release+0xed/0x200 [ 70.335613][ T9163] __sock_release+0xce/0x280 [ 70.340212][ T9163] sock_close+0x1e/0x30 [ 70.344832][ T9163] __fput+0x2ff/0x890 [ 70.349617][ T9163] ? __sock_release+0x280/0x280 [ 70.354510][ T9163] ____fput+0x16/0x20 [ 70.358482][ T9163] task_work_run+0x145/0x1c0 [ 70.363291][ T9163] do_exit+0x8e7/0x2ef0 [ 70.368192][ T9163] ? sock_common_getsockopt+0x94/0xd0 [ 70.373914][ T9163] ? mm_update_next_owner+0x7c0/0x7c0 [ 70.379671][ T9163] ? __sys_getsockopt+0x1b2/0x310 [ 70.386120][ T9163] ? kernel_accept+0x310/0x310 [ 70.391084][ T9163] ? handle_mm_fault+0x4ab/0xa50 [ 70.396014][ T9163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.401586][ T9163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.407212][ T9163] do_group_exit+0x135/0x360 [ 70.411814][ T9163] __x64_sys_exit_group+0x44/0x50 [ 70.416838][ T9163] do_syscall_64+0xfa/0x790 [ 70.421373][ T9163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.427265][ T9163] RIP: 0033:0x43ef98 [ 70.431144][ T9163] Code: Bad RIP value. [ 70.435191][ T9163] RSP: 002b:00007ffe12657658 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 70.443964][ T9163] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 70.452292][ T9163] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 70.460251][ T9163] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 70.468225][ T9163] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 70.476197][ T9163] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 70.485769][ T9163] Kernel Offset: disabled [ 70.490163][ T9163] Rebooting in 86400 seconds..