[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.742903][ T26] audit: type=1800 audit(1575130183.728:25): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.783951][ T26] audit: type=1800 audit(1575130183.738:26): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.832786][ T26] audit: type=1800 audit(1575130183.738:27): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.950912][ T9048] ------------[ cut here ]------------ [ 68.956705][ T9048] refcount_t: underflow; use-after-free. [ 68.962592][ T9048] WARNING: CPU: 0 PID: 9048 at lib/refcount.c:28 refcount_warn_saturate+0x1dc/0x1f0 [ 68.971980][ T9048] Kernel panic - not syncing: panic_on_warn set ... [ 68.978546][ T9048] CPU: 0 PID: 9048 Comm: syz-executor690 Not tainted 5.4.0-syzkaller #0 [ 68.986851][ T9048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.996882][ T9048] Call Trace: [ 69.000154][ T9048] dump_stack+0x197/0x210 [ 69.004490][ T9048] ? refcount_warn_saturate+0x1b0/0x1f0 [ 69.010016][ T9048] panic+0x2e3/0x75c [ 69.013893][ T9048] ? add_taint.cold+0x16/0x16 [ 69.018557][ T9048] ? __kasan_check_write+0x14/0x20 [ 69.023643][ T9048] ? __warn.cold+0x14/0x3e [ 69.028039][ T9048] ? __warn+0xd9/0x1cf [ 69.032093][ T9048] ? refcount_warn_saturate+0x1dc/0x1f0 [ 69.037615][ T9048] __warn.cold+0x2f/0x3e [ 69.041837][ T9048] ? refcount_warn_saturate+0x1dc/0x1f0 [ 69.047379][ T9048] report_bug+0x289/0x300 [ 69.051695][ T9048] do_error_trap+0x11b/0x200 [ 69.056268][ T9048] do_invalid_op+0x37/0x50 [ 69.060671][ T9048] ? refcount_warn_saturate+0x1dc/0x1f0 [ 69.066216][ T9048] invalid_op+0x23/0x30 [ 69.070499][ T9048] RIP: 0010:refcount_warn_saturate+0x1dc/0x1f0 [ 69.076687][ T9048] Code: e9 d8 fe ff ff 48 89 df e8 31 65 25 fe e9 85 fe ff ff e8 07 37 e8 fd 48 c7 c7 60 53 4f 88 c6 05 7d b6 a5 06 01 e8 73 eb b8 fd <0f> 0b e9 ac fe ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 [ 69.096270][ T9048] RSP: 0018:ffff888099daf5d0 EFLAGS: 00010282 [ 69.102314][ T9048] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 69.110263][ T9048] RDX: 0000000000000000 RSI: ffffffff815e4316 RDI: ffffed10133b5eac [ 69.118380][ T9048] RBP: ffff888099daf5e0 R08: ffff888099fdc100 R09: ffffed1015d045c9 [ 69.126498][ T9048] R10: ffffed1015d045c8 R11: ffff8880ae822e47 R12: 0000000000000003 [ 69.134490][ T9048] R13: ffff888094ecca04 R14: 0000000000000900 R15: ffff888099f017c0 [ 69.142456][ T9048] ? vprintk_func+0x86/0x189 [ 69.147054][ T9048] sock_wfree+0x1f8/0x260 [ 69.151368][ T9048] sctp_wfree+0x389/0x990 [ 69.155691][ T9048] ? __sctp_write_space+0x5d0/0x5d0 [ 69.160868][ T9048] skb_release_head_state+0xeb/0x260 [ 69.166132][ T9048] skb_release_all+0x16/0x60 [ 69.170697][ T9048] consume_skb+0xfb/0x410 [ 69.175020][ T9048] sctp_chunk_put+0x1d4/0x2f0 [ 69.179692][ T9048] sctp_chunk_free+0x56/0x70 [ 69.184319][ T9048] __sctp_outq_teardown+0x1d0/0xc60 [ 69.189527][ T9048] sctp_outq_free+0x16/0x20 [ 69.194035][ T9048] sctp_association_free+0x208/0x7e0 [ 69.199305][ T9048] sctp_do_sm+0x3a6a/0x5190 [ 69.203794][ T9048] ? __kmalloc_node_track_caller+0x3d/0x70 [ 69.209584][ T9048] ? sctp_do_8_2_transport_strike.isra.0+0xa60/0xa60 [ 69.216251][ T9048] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 69.222383][ T9048] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 69.227926][ T9048] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.234057][ T9048] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 69.239847][ T9048] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 69.245559][ T9048] ? sctp_init_cause+0x1ae/0x230 [ 69.250474][ T9048] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 69.256172][ T9048] ? skb_put+0x177/0x1d0 [ 69.260390][ T9048] ? memcpy+0x46/0x50 [ 69.264355][ T9048] sctp_primitive_ABORT+0xa0/0xd0 [ 69.269358][ T9048] sctp_close+0x259/0x960 [ 69.273668][ T9048] ? sctp_accept+0x710/0x710 [ 69.278237][ T9048] ? __kasan_check_write+0x14/0x20 [ 69.283332][ T9048] ? down_write+0xdf/0x150 [ 69.287724][ T9048] ? ip_mc_drop_socket+0x211/0x270 [ 69.292816][ T9048] inet_release+0xed/0x200 [ 69.297212][ T9048] __sock_release+0xce/0x280 [ 69.301779][ T9048] sock_close+0x1e/0x30 [ 69.305912][ T9048] __fput+0x2ff/0x890 [ 69.309872][ T9048] ? __sock_release+0x280/0x280 [ 69.314700][ T9048] ____fput+0x16/0x20 [ 69.318682][ T9048] task_work_run+0x145/0x1c0 [ 69.323254][ T9048] do_exit+0x8e7/0x2ef0 [ 69.327390][ T9048] ? sock_common_getsockopt+0x94/0xd0 [ 69.332741][ T9048] ? mm_update_next_owner+0x7c0/0x7c0 [ 69.338099][ T9048] ? __sys_getsockopt+0x1b2/0x310 [ 69.343099][ T9048] ? kernel_accept+0x310/0x310 [ 69.347851][ T9048] ? handle_mm_fault+0x4ab/0xa50 [ 69.352767][ T9048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.358202][ T9048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.363694][ T9048] do_group_exit+0x135/0x360 [ 69.368279][ T9048] __x64_sys_exit_group+0x44/0x50 [ 69.373315][ T9048] do_syscall_64+0xfa/0x790 [ 69.377807][ T9048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.383675][ T9048] RIP: 0033:0x43ef98 [ 69.387569][ T9048] Code: Bad RIP value. [ 69.391612][ T9048] RSP: 002b:00007ffcc2bf18b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.399999][ T9048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 69.407947][ T9048] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 69.415894][ T9048] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 69.424203][ T9048] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 69.432149][ T9048] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 69.441838][ T9048] Kernel Offset: disabled [ 69.446242][ T9048] Rebooting in 86400 seconds..