Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.060885][ T7091] IPVS: ftp: loaded support on port[0] = 21 [ 67.100886][ T7091] netlink: 16 bytes leftover after parsing attributes in process `syz-executor827'. [ 67.151114][ T7091] ------------[ cut here ]------------ [ 67.156807][ T7091] refcount_t: underflow; use-after-free. [ 67.165093][ T7091] WARNING: CPU: 1 PID: 7091 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 [ 67.174828][ T7091] Kernel panic - not syncing: panic_on_warn set ... [ 67.181404][ T7091] CPU: 1 PID: 7091 Comm: syz-executor827 Not tainted 5.6.0-next-20200410-syzkaller #0 [ 67.190925][ T7091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.200972][ T7091] Call Trace: [ 67.204275][ T7091] dump_stack+0x188/0x20d [ 67.208589][ T7091] ? refcount_warn_saturate+0x100/0x1e0 [ 67.214118][ T7091] panic+0x2e3/0x75c [ 67.218002][ T7091] ? add_taint.cold+0x16/0x16 [ 67.222669][ T7091] ? __probe_kernel_read+0x188/0x1d0 [ 67.227939][ T7091] ? __warn.cold+0x14/0x35 [ 67.232376][ T7091] ? __warn+0xd5/0x1c8 [ 67.236434][ T7091] ? refcount_warn_saturate+0x1d1/0x1e0 [ 67.242671][ T7091] __warn.cold+0x2f/0x35 [ 67.247460][ T7091] ? refcount_warn_saturate+0x1d1/0x1e0 [ 67.253094][ T7091] report_bug+0x27b/0x2f0 [ 67.258654][ T7091] do_error_trap+0x12b/0x220 [ 67.263278][ T7091] ? refcount_warn_saturate+0x1d1/0x1e0 [ 67.268818][ T7091] do_invalid_op+0x32/0x40 [ 67.273243][ T7091] ? refcount_warn_saturate+0x1d1/0x1e0 [ 67.278792][ T7091] invalid_op+0x23/0x30 [ 67.282944][ T7091] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 [ 67.289084][ T7091] Code: e9 db fe ff ff 48 89 df e8 9c 67 1a fe e9 8a fe ff ff e8 12 47 dc fd 48 c7 c7 40 6b 72 88 c6 05 6e ab ed 06 01 e8 97 7b ad fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 [ 67.309365][ T7091] RSP: 0018:ffffc90005737d38 EFLAGS: 00010286 [ 67.315417][ T7091] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 67.323382][ T7091] RDX: 0000000000000000 RSI: ffffffff815ce251 RDI: fffff52000ae6f99 [ 67.331356][ T7091] RBP: 0000000000000003 R08: ffff888091f70180 R09: ffffed1015ce66b1 [ 67.339316][ T7091] R10: ffff8880ae733587 R11: ffffed1015ce66b0 R12: ffff888098ef8040 [ 67.347272][ T7091] R13: ffff888098ef8044 R14: 00000000000002ab R15: ffff8880972da7c0 [ 67.355246][ T7091] ? vprintk_func+0x81/0x17e [ 67.359827][ T7091] ? refcount_warn_saturate+0x1d1/0x1e0 [ 67.365379][ T7091] free_nsproxy+0x445/0x4a0 [ 67.369879][ T7091] switch_task_namespaces+0xaa/0xc0 [ 67.375071][ T7091] do_exit+0xb4e/0x2e10 [ 67.379220][ T7091] ? mm_update_next_owner+0x7a0/0x7a0 [ 67.384587][ T7091] ? up_read+0x1a8/0x750 [ 67.388817][ T7091] ? down_read_nested+0x430/0x430 [ 67.394298][ T7091] ? handle_mm_fault+0x29e/0x660 [ 67.399236][ T7091] do_group_exit+0x125/0x340 [ 67.403835][ T7091] __x64_sys_exit_group+0x3a/0x50 [ 67.408851][ T7091] do_syscall_64+0xf6/0x7d0 [ 67.413382][ T7091] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.419257][ T7091] RIP: 0033:0x43f998 [ 67.423139][ T7091] Code: Bad RIP value. [ 67.427271][ T7091] RSP: 002b:00007fff211ea488 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 67.435664][ T7091] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f998 [ 67.443646][ T7091] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 67.451607][ T7091] RBP: 00000000004bfa10 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 67.459586][ T7091] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000000001 [ 67.467644][ T7091] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 67.477431][ T7091] Kernel Offset: disabled [ 67.481940][ T7091] Rebooting in 86400 seconds..