[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 70.577271][ T28] audit: type=1800 audit(1575692213.024:25): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 70.620064][ T28] audit: type=1800 audit(1575692213.034:26): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 70.667738][ T28] audit: type=1800 audit(1575692213.034:27): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 80.914658][ T9394] ------------[ cut here ]------------ [ 80.920487][ T9394] refcount_t: underflow; use-after-free. [ 80.926368][ T9394] WARNING: CPU: 1 PID: 9394 at lib/refcount.c:28 refcount_warn_saturate+0x1dc/0x1f0 [ 80.935731][ T9394] Kernel panic - not syncing: panic_on_warn set ... [ 80.942424][ T9394] CPU: 1 PID: 9394 Comm: syz-executor969 Not tainted 5.4.0-next-20191206-syzkaller #0 [ 80.952134][ T9394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.963984][ T9394] Call Trace: [ 80.967374][ T9394] dump_stack+0x197/0x210 [ 80.971701][ T9394] ? refcount_warn_saturate+0x1a0/0x1f0 [ 80.977272][ T9394] panic+0x2e3/0x75c [ 80.981258][ T9394] ? add_taint.cold+0x16/0x16 [ 80.986201][ T9394] ? __kasan_check_write+0x14/0x20 [ 80.991321][ T9394] ? __warn.cold+0x14/0x3e [ 80.995727][ T9394] ? __warn+0xd9/0x1cf [ 80.999806][ T9394] ? refcount_warn_saturate+0x1dc/0x1f0 [ 81.005335][ T9394] __warn.cold+0x2f/0x3e [ 81.009563][ T9394] ? refcount_warn_saturate+0x1dc/0x1f0 [ 81.015090][ T9394] report_bug+0x289/0x300 [ 81.019424][ T9394] do_error_trap+0x11b/0x200 [ 81.023995][ T9394] do_invalid_op+0x37/0x50 [ 81.028554][ T9394] ? refcount_warn_saturate+0x1dc/0x1f0 [ 81.034674][ T9394] invalid_op+0x23/0x30 [ 81.039365][ T9394] RIP: 0010:refcount_warn_saturate+0x1dc/0x1f0 [ 81.045514][ T9394] Code: e9 d8 fe ff ff 48 89 df e8 71 5d 23 fe e9 85 fe ff ff e8 e7 b9 e5 fd 48 c7 c7 20 b7 6f 88 c6 05 2d e5 ec 06 01 e8 e3 65 b6 fd <0f> 0b e9 ac fe ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 [ 81.065365][ T9394] RSP: 0018:ffffc90001e275d0 EFLAGS: 00010282 [ 81.071431][ T9394] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 81.079385][ T9394] RDX: 0000000000000000 RSI: ffffffff815e5536 RDI: fffff520003c4eac [ 81.087337][ T9394] RBP: ffffc90001e275e0 R08: ffff88809c5b6440 R09: ffffed1015d245c9 [ 81.095305][ T9394] R10: ffffed1015d245c8 R11: ffff8880ae922e43 R12: 0000000000000003 [ 81.103289][ T9394] R13: ffff8880a3fc7a04 R14: 0000000000008100 R15: ffff8880996287c0 [ 81.111289][ T9394] ? vprintk_func+0x86/0x189 [ 81.115866][ T9394] sock_wfree+0x1f8/0x260 [ 81.120182][ T9394] sctp_wfree+0x389/0x990 [ 81.124629][ T9394] ? __sctp_write_space+0x5d0/0x5d0 [ 81.129822][ T9394] skb_release_head_state+0xeb/0x260 [ 81.135195][ T9394] skb_release_all+0x16/0x60 [ 81.139806][ T9394] consume_skb+0xfb/0x410 [ 81.144125][ T9394] sctp_chunk_put+0x1d4/0x2f0 [ 81.148966][ T9394] sctp_chunk_free+0x56/0x70 [ 81.153545][ T9394] __sctp_outq_teardown+0x1d0/0xc60 [ 81.158949][ T9394] sctp_outq_free+0x16/0x20 [ 81.163452][ T9394] sctp_association_free+0x208/0x7e0 [ 81.168894][ T9394] sctp_do_sm+0x3a6a/0x5190 [ 81.173384][ T9394] ? __kmalloc_node_track_caller+0x3d/0x70 [ 81.179284][ T9394] ? sctp_do_8_2_transport_strike.isra.0+0xa60/0xa60 [ 81.185944][ T9394] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 81.192080][ T9394] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 81.197724][ T9394] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 81.203743][ T9394] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.209541][ T9394] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 81.215249][ T9394] ? sctp_init_cause+0x1ae/0x230 [ 81.220172][ T9394] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 81.225876][ T9394] ? skb_put+0x177/0x1d0 [ 81.230102][ T9394] ? memcpy+0x46/0x50 [ 81.234518][ T9394] sctp_primitive_ABORT+0xa0/0xd0 [ 81.239529][ T9394] sctp_close+0x259/0x960 [ 81.243936][ T9394] ? sctp_accept+0x710/0x710 [ 81.248533][ T9394] ? __kasan_check_write+0x14/0x20 [ 81.253630][ T9394] ? down_write+0xdf/0x150 [ 81.258066][ T9394] ? ip_mc_drop_socket+0x211/0x270 [ 81.264342][ T9394] inet_release+0xed/0x200 [ 81.269007][ T9394] __sock_release+0xce/0x280 [ 81.273753][ T9394] sock_close+0x1e/0x30 [ 81.277890][ T9394] __fput+0x2ff/0x890 [ 81.281856][ T9394] ? __sock_release+0x280/0x280 [ 81.286692][ T9394] ____fput+0x16/0x20 [ 81.290659][ T9394] task_work_run+0x145/0x1c0 [ 81.295233][ T9394] do_exit+0x8e7/0x2ef0 [ 81.299372][ T9394] ? sock_common_getsockopt+0x94/0xd0 [ 81.304728][ T9394] ? mm_update_next_owner+0x7c0/0x7c0 [ 81.310096][ T9394] ? __sys_getsockopt+0x1b2/0x310 [ 81.315250][ T9394] ? kernel_accept+0x310/0x310 [ 81.320535][ T9394] ? handle_mm_fault+0x4ab/0xa50 [ 81.327287][ T9394] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.333111][ T9394] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.338756][ T9394] do_group_exit+0x135/0x360 [ 81.343335][ T9394] __x64_sys_exit_group+0x44/0x50 [ 81.348357][ T9394] do_syscall_64+0xfa/0x790 [ 81.352849][ T9394] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.359161][ T9394] RIP: 0033:0x43f268 [ 81.364882][ T9394] Code: Bad RIP value. [ 81.369028][ T9394] RSP: 002b:00007fff5752b248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 81.377667][ T9394] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f268 [ 81.385662][ T9394] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 81.393624][ T9394] RBP: 00000000004bea68 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 81.401742][ T9394] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 81.409905][ T9394] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 81.420631][ T9394] Kernel Offset: disabled [ 81.426542][ T9394] Rebooting in 86400 seconds..