[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 46.268259][ T27] audit: type=1800 audit(1584423060.355:25): pid=8413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 46.292411][ T27] audit: type=1800 audit(1584423060.365:26): pid=8413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 46.343586][ T27] audit: type=1800 audit(1584423060.365:27): pid=8413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.254403][ T8566] IPVS: ftp: loaded support on port[0] = 21 [ 64.282605][ T8566] netlink: 16 bytes leftover after parsing attributes in process `syz-executor340'. [ 64.352979][ T8566] ------------[ cut here ]------------ [ 64.358467][ T8566] refcount_t: underflow; use-after-free. [ 64.364400][ T8566] WARNING: CPU: 0 PID: 8566 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 [ 64.373765][ T8566] Kernel panic - not syncing: panic_on_warn set ... [ 64.380333][ T8566] CPU: 0 PID: 8566 Comm: syz-executor340 Not tainted 5.6.0-rc6-syzkaller #0 [ 64.388977][ T8566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.399051][ T8566] Call Trace: [ 64.402323][ T8566] dump_stack+0x1e9/0x30e [ 64.406635][ T8566] panic+0x264/0x7a0 [ 64.410507][ T8566] ? __warn+0x102/0x210 [ 64.414642][ T8566] ? refcount_warn_saturate+0x15b/0x1a0 [ 64.420178][ T8566] __warn+0x209/0x210 [ 64.424169][ T8566] ? refcount_warn_saturate+0x15b/0x1a0 [ 64.429743][ T8566] report_bug+0x1ac/0x2d0 [ 64.434058][ T8566] do_error_trap+0xca/0x1c0 [ 64.438543][ T8566] do_invalid_op+0x32/0x40 [ 64.442935][ T8566] ? refcount_warn_saturate+0x15b/0x1a0 [ 64.448572][ T8566] invalid_op+0x23/0x30 [ 64.452969][ T8566] RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 [ 64.459097][ T8566] Code: c7 14 00 d1 88 31 c0 e8 53 38 b3 fd 0f 0b eb 85 e8 da 59 e0 fd c6 05 2e 86 b1 05 01 48 c7 c7 40 00 d1 88 31 c0 e8 35 38 b3 fd <0f> 0b e9 64 ff ff ff e8 b9 59 e0 fd c6 05 0e 86 b1 05 01 48 c7 c7 [ 64.478715][ T8566] RSP: 0018:ffffc90002077d98 EFLAGS: 00010246 [ 64.484756][ T8566] RAX: d7b3b8c1de7c0300 RBX: 0000000000000003 RCX: ffff88808e5ac540 [ 64.492703][ T8566] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 64.500686][ T8566] RBP: 0000000000000003 R08: ffffffff815e17a6 R09: fffffbfff121afc3 [ 64.508664][ T8566] R10: fffffbfff121afc3 R11: 0000000000000000 R12: ffff888093d78040 [ 64.516661][ T8566] R13: 0000000000000100 R14: ffff8880a9a7db60 R15: ffff888093d78044 [ 64.524636][ T8566] ? vprintk_emit+0x2e6/0x3b0 [ 64.529412][ T8566] ? refcount_warn_saturate+0x15b/0x1a0 [ 64.534957][ T8566] free_nsproxy+0x343/0x3b0 [ 64.539492][ T8566] do_exit+0x5ea/0x1f80 [ 64.543648][ T8566] ? __up_read+0x1f1/0x6e0 [ 64.548044][ T8566] do_group_exit+0x15e/0x2c0 [ 64.552791][ T8566] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 64.558510][ T8566] __do_sys_exit_group+0x13/0x20 [ 64.563430][ T8566] __se_sys_exit_group+0x10/0x10 [ 64.568401][ T8566] __x64_sys_exit_group+0x37/0x40 [ 64.573405][ T8566] do_syscall_64+0xf3/0x1b0 [ 64.577889][ T8566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.583857][ T8566] RIP: 0033:0x43f998 [ 64.587736][ T8566] Code: 24 38 80 f9 3a 0f 85 5f 01 00 00 48 8d 74 24 34 48 8d 7c 24 38 83 ea 01 89 54 24 34 e8 61 f8 ff ff 83 f8 3c 41 89 c1 0f 87 3d <01> 00 00 8b 4c 24 34 85 c9 0f 8e 59 01 00 00 48 8b 54 24 38 c7 44 [ 64.607324][ T8566] RSP: 002b:00007ffe4a535d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 64.615776][ T8566] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f998 [ 64.623772][ T8566] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 64.631738][ T8566] RBP: 00000000004bfa10 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 64.639715][ T8566] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000000001 [ 64.647686][ T8566] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 64.657160][ T8566] Kernel Offset: disabled [ 64.661551][ T8566] Rebooting in 86400 seconds..