[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 31.653322][ T6889] sshd (6889) used greatest stack depth: 24960 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.353310][ T7211] ------------[ cut here ]------------ [ 43.358939][ T7211] refcount_t: underflow; use-after-free. [ 43.366105][ T7211] WARNING: CPU: 0 PID: 7211 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 [ 43.375474][ T7211] Kernel panic - not syncing: panic_on_warn set ... [ 43.382048][ T7211] CPU: 0 PID: 7211 Comm: syz-executor869 Not tainted 5.6.0-rc7-syzkaller #0 [ 43.390703][ T7211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.400747][ T7211] Call Trace: [ 43.404018][ T7211] dump_stack+0x1e9/0x30e [ 43.408345][ T7211] panic+0x264/0x7a0 [ 43.412574][ T7211] ? __warn+0x102/0x210 [ 43.416710][ T7211] ? refcount_warn_saturate+0x15b/0x1a0 [ 43.422303][ T7211] __warn+0x209/0x210 [ 43.426404][ T7211] ? refcount_warn_saturate+0x15b/0x1a0 [ 43.432004][ T7211] report_bug+0x1ac/0x2d0 [ 43.436339][ T7211] do_error_trap+0xca/0x1c0 [ 43.440837][ T7211] do_invalid_op+0x32/0x40 [ 43.445248][ T7211] ? refcount_warn_saturate+0x15b/0x1a0 [ 43.450768][ T7211] invalid_op+0x23/0x30 [ 43.454899][ T7211] RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 [ 43.461035][ T7211] Code: c7 24 02 d1 88 31 c0 e8 d3 e3 b2 fd 0f 0b eb 85 e8 5a 05 e0 fd c6 05 f0 41 b1 05 01 48 c7 c7 50 02 d1 88 31 c0 e8 b5 e3 b2 fd <0f> 0b e9 64 ff ff ff e8 39 05 e0 fd c6 05 d0 41 b1 05 01 48 c7 c7 [ 43.480735][ T7211] RSP: 0018:ffffc900015d77d0 EFLAGS: 00010246 [ 43.486791][ T7211] RAX: ee06f2d01d3db900 RBX: 0000000000000003 RCX: ffff88809755e1c0 [ 43.495204][ T7211] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 43.503537][ T7211] RBP: 0000000000000003 R08: ffffffff815e07a6 R09: ffffed1015d06618 [ 43.511505][ T7211] R10: ffffed1015d06618 R11: 0000000000000000 R12: dffffc0000000000 [ 43.519465][ T7211] R13: ffff8880a833c000 R14: ffff88809f2817c0 R15: 1ffff11013b282b0 [ 43.527531][ T7211] ? vprintk_emit+0x2e6/0x3b0 [ 43.532203][ T7211] sctp_wfree+0x3b1/0x710 [ 43.536619][ T7211] skb_release_head_state+0xfb/0x210 [ 43.541992][ T7211] __kfree_skb+0x22/0x1c0 [ 43.546349][ T7211] sctp_chunk_put+0x17b/0x200 [ 43.551119][ T7211] __sctp_outq_teardown+0x80a/0x9d0 [ 43.556574][ T7211] sctp_association_free+0x21e/0x7c0 [ 43.561898][ T7211] ? sctp_do_sm+0x2e2a/0x5560 [ 43.566573][ T7211] sctp_do_sm+0x3c01/0x5560 [ 43.571099][ T7211] ? rcu_read_lock_sched_held+0x106/0x170 [ 43.576820][ T7211] ? _sctp_make_chunk+0x10c/0x3e0 [ 43.581823][ T7211] ? rcu_read_lock_sched_held+0x106/0x170 [ 43.587554][ T7211] ? trace_kmem_cache_alloc+0xcb/0x120 [ 43.593034][ T7211] ? _sctp_make_chunk+0x10c/0x3e0 [ 43.598581][ T7211] ? sctp_auth_send_cid+0x60/0x250 [ 43.603716][ T7211] sctp_primitive_ABORT+0x93/0xc0 [ 43.608752][ T7211] sctp_close+0x231/0x770 [ 43.613072][ T7211] ? ip_mc_drop_socket+0x267/0x280 [ 43.618264][ T7211] inet_release+0x135/0x180 [ 43.622762][ T7211] sock_close+0xd8/0x260 [ 43.626986][ T7211] ? sock_mmap+0x90/0x90 [ 43.631204][ T7211] __fput+0x2d8/0x730 [ 43.635177][ T7211] task_work_run+0x176/0x1b0 [ 43.639756][ T7211] do_exit+0x5ef/0x1f80 [ 43.643897][ T7211] do_group_exit+0x15e/0x2c0 [ 43.648463][ T7211] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 43.654167][ T7211] __do_sys_exit_group+0x13/0x20 [ 43.659094][ T7211] __se_sys_exit_group+0x10/0x10 [ 43.664010][ T7211] __x64_sys_exit_group+0x37/0x40 [ 43.669017][ T7211] do_syscall_64+0xf3/0x1b0 [ 43.673518][ T7211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.679394][ T7211] RIP: 0033:0x43ef98 [ 43.683289][ T7211] Code: Bad RIP value. [ 43.687336][ T7211] RSP: 002b:00007ffd76f5a2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.695722][ T7211] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 43.703670][ T7211] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.711616][ T7211] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.719682][ T7211] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 43.727638][ T7211] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 43.737078][ T7211] Kernel Offset: disabled [ 43.741467][ T7211] Rebooting in 86400 seconds..