[ 41.104795][ T23] audit: type=1800 audit(1575177350.956:27): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 41.139840][ T23] audit: type=1800 audit(1575177350.956:28): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.781412][ T23] audit: type=1800 audit(1575177351.686:29): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 41.800817][ T23] audit: type=1800 audit(1575177351.686:30): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 66.548424][ T8091] ------------[ cut here ]------------ [ 66.554240][ T8091] refcount_t: underflow; use-after-free. [ 66.560315][ T8091] WARNING: CPU: 0 PID: 8091 at lib/refcount.c:28 refcount_warn_saturate+0x165/0x1b0 [ 66.569679][ T8091] Kernel panic - not syncing: panic_on_warn set ... [ 66.576274][ T8091] CPU: 0 PID: 8091 Comm: syz-executor378 Not tainted 5.4.0-syzkaller #0 [ 66.584570][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.594610][ T8091] Call Trace: [ 66.598205][ T8091] dump_stack+0x1fb/0x318 [ 66.602531][ T8091] panic+0x264/0x7a9 [ 66.606409][ T8091] ? __warn+0x105/0x210 [ 66.610555][ T8091] ? refcount_warn_saturate+0x165/0x1b0 [ 66.616085][ T8091] __warn+0x20e/0x210 [ 66.620062][ T8091] ? refcount_warn_saturate+0x165/0x1b0 [ 66.625607][ T8091] report_bug+0x1b6/0x2f0 [ 66.629919][ T8091] ? refcount_warn_saturate+0x165/0x1b0 [ 66.635442][ T8091] do_error_trap+0xd7/0x440 [ 66.639924][ T8091] do_invalid_op+0x36/0x40 [ 66.644316][ T8091] ? refcount_warn_saturate+0x165/0x1b0 [ 66.649836][ T8091] invalid_op+0x23/0x30 [ 66.653966][ T8091] RIP: 0010:refcount_warn_saturate+0x165/0x1b0 [ 66.660102][ T8091] Code: c7 28 7b c8 88 31 c0 e8 99 1b ba fd 0f 0b eb 83 e8 40 02 e8 fd c6 05 db 3e b1 05 01 48 c7 c7 54 7b c8 88 31 c0 e8 7b 1b ba fd <0f> 0b e9 62 ff ff ff e8 1f 02 e8 fd c6 05 bb 3e b1 05 01 48 c7 c7 [ 66.679691][ T8091] RSP: 0018:ffff88809222f6a0 EFLAGS: 00010246 [ 66.685742][ T8091] RAX: c3ab58b299cc6000 RBX: 0000000000000003 RCX: ffff888094fa62c0 [ 66.693691][ T8091] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 66.701639][ T8091] RBP: ffff88809222f6b0 R08: ffffffff815fa274 R09: fffffbfff13c8332 [ 66.709585][ T8091] R10: fffffbfff13c8332 R11: 0000000000000000 R12: 0000000000000900 [ 66.717547][ T8091] R13: 00000000ffffff01 R14: 0000000000000003 R15: ffff8880a9ba6a04 [ 66.725508][ T8091] ? vprintk_emit+0x2d4/0x3a0 [ 66.730182][ T8091] sock_wfree+0x1d5/0x200 [ 66.734487][ T8091] sctp_wfree+0x3c7/0x740 [ 66.738794][ T8091] skb_release_head_state+0x100/0x210 [ 66.744224][ T8091] __kfree_skb+0x25/0x1c0 [ 66.748525][ T8091] consume_skb+0x72/0x110 [ 66.752847][ T8091] sctp_chunk_put+0x17b/0x200 [ 66.757507][ T8091] sctp_chunk_free+0x59/0x60 [ 66.762073][ T8091] __sctp_outq_teardown+0x210/0xa30 [ 66.767244][ T8091] sctp_outq_free+0x15/0x20 [ 66.771720][ T8091] sctp_association_free+0x271/0x870 [ 66.776986][ T8091] sctp_do_sm+0x3e98/0x5730 [ 66.781467][ T8091] ? rcu_read_lock_sched_held+0x10b/0x170 [ 66.787189][ T8091] ? rcu_read_lock_sched_held+0x10b/0x170 [ 66.793030][ T8091] ? _sctp_make_chunk+0x10e/0x460 [ 66.798027][ T8091] ? trace_kmem_cache_alloc+0xcd/0x130 [ 66.803466][ T8091] ? _sctp_make_chunk+0x10e/0x460 [ 66.808462][ T8091] ? sctp_auth_send_cid+0x63/0x280 [ 66.813552][ T8091] sctp_primitive_ABORT+0x99/0xd0 [ 66.818557][ T8091] sctp_close+0x277/0x7e0 [ 66.822874][ T8091] ? ip_mc_drop_socket+0x26b/0x280 [ 66.827965][ T8091] inet_release+0x165/0x1c0 [ 66.832447][ T8091] sock_close+0xe1/0x260 [ 66.836672][ T8091] ? sock_mmap+0xa0/0xa0 [ 66.840911][ T8091] __fput+0x2e4/0x740 [ 66.844877][ T8091] ____fput+0x15/0x20 [ 66.848842][ T8091] task_work_run+0x17e/0x1b0 [ 66.853407][ T8091] do_exit+0x5c4/0x2020 [ 66.857535][ T8091] ? __up_read+0x238/0x740 [ 66.861938][ T8091] ? check_preemption_disabled+0xb4/0x260 [ 66.867633][ T8091] do_group_exit+0x15c/0x2b0 [ 66.872201][ T8091] __do_sys_exit_group+0x17/0x20 [ 66.877114][ T8091] __se_sys_exit_group+0x14/0x20 [ 66.882034][ T8091] __x64_sys_exit_group+0x3b/0x40 [ 66.887036][ T8091] do_syscall_64+0xf7/0x1c0 [ 66.891517][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.897400][ T8091] RIP: 0033:0x43ef98 [ 66.901277][ T8091] Code: Bad RIP value. [ 66.905330][ T8091] RSP: 002b:00007fff39bbc948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 66.913716][ T8091] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 66.921663][ T8091] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 66.929617][ T8091] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 66.937561][ T8091] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 66.945523][ T8091] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 66.955262][ T8091] Kernel Offset: disabled [ 66.959642][ T8091] Rebooting in 86400 seconds..