[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 45.605308][ T25] audit: type=1800 audit(1575184203.820:25): pid=8177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 45.624838][ T25] audit: type=1800 audit(1575184203.820:26): pid=8177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 45.671090][ T25] audit: type=1800 audit(1575184203.820:27): pid=8177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts.
2019/12/01 07:10:16 parsed 1 programs
2019/12/01 07:10:17 executed programs: 0
syzkaller login: [ 59.529705][ T8345] IPVS: ftp: loaded support on port[0] = 21
[ 59.595942][ T8345] chnl_net:caif_netlink_parms(): no params data found
[ 59.622186][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.630259][ T8345] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.639102][ T8345] device bridge_slave_0 entered promiscuous mode
[ 59.647569][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.654671][ T8345] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.662884][ T8345] device bridge_slave_1 entered promiscuous mode
[ 59.678632][ T8345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.689343][ T8345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.706672][ T8345] team0: Port device team_slave_0 added
[ 59.714456][ T8345] team0: Port device team_slave_1 added
[ 59.779717][ T8345] device hsr_slave_0 entered promiscuous mode
[ 59.817794][ T8345] device hsr_slave_1 entered promiscuous mode
[ 59.880894][ T8345] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.940184][ T8345] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.999685][ T8345] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 60.039686][ T8345] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 60.088271][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.095420][ T8345] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.103413][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.110517][ T8345] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.140850][ T8345] 8021q: adding VLAN 0 to HW filter on device bond0
[ 60.153728][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 60.175240][ T5] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.194605][ T5] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.203937][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 60.216235][ T8345] 8021q: adding VLAN 0 to HW filter on device team0
[ 60.226712][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 60.235793][ T3694] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.242936][ T3694] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.265459][ T8345] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 60.276850][ T8345] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 60.291302][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 60.300782][ T5] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.308020][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.316627][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 60.325538][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 60.334243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 60.343091][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 60.351517][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 60.359621][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 60.376477][ T8345] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 60.386817][ T8347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 60.394823][ T8347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
2019/12/01 07:10:22 executed programs: 204
[ 64.675113][ T9172] ------------[ cut here ]------------
[ 64.680960][ T9172] refcount_t: underflow; use-after-free.
[ 64.690848][ T9172] WARNING: CPU: 0 PID: 9172 at lib/refcount.c:28 refcount_warn_saturate+0x165/0x1b0
[ 64.700476][ T9172] Kernel panic - not syncing: panic_on_warn set ...
[ 64.707061][ T9172] CPU: 0 PID: 9172 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
[ 64.715342][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 64.725387][ T9172] Call Trace:
[ 64.728829][ T9172] dump_stack+0x1fb/0x318
[ 64.733187][ T9172] panic+0x264/0x7a9
[ 64.737067][ T9172] ? __warn+0x105/0x210
[ 64.741242][ T9172] ? refcount_warn_saturate+0x165/0x1b0
[ 64.746769][ T9172] __warn+0x20e/0x210
[ 64.750730][ T9172] ? refcount_warn_saturate+0x165/0x1b0
[ 64.756251][ T9172] report_bug+0x1b6/0x2f0
[ 64.760556][ T9172] ? refcount_warn_saturate+0x165/0x1b0
[ 64.766089][ T9172] do_error_trap+0xd7/0x440
[ 64.770576][ T9172] do_invalid_op+0x36/0x40
[ 64.774967][ T9172] ? refcount_warn_saturate+0x165/0x1b0
[ 64.780578][ T9172] invalid_op+0x23/0x30
[ 64.784718][ T9172] RIP: 0010:refcount_warn_saturate+0x165/0x1b0
[ 64.790957][ T9172] Code: c7 28 7b c8 88 31 c0 e8 99 1b ba fd 0f 0b eb 83 e8 40 02 e8 fd c6 05 db 3e b1 05 01 48 c7 c7 54 7b c8 88 31 c0 e8 7b 1b ba fd <0f> 0b e9 62 ff ff ff e8 1f 02 e8 fd c6 05 bb 3e b1 05 01 48 c7 c7
[ 64.810544][ T9172] RSP: 0018:ffff888087cdfca8 EFLAGS: 00010246
[ 64.816591][ T9172] RAX: ef690df9a7bff700 RBX: 0000000000000003 RCX: ffff888098f02200
[ 64.824539][ T9172] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 64.832502][ T9172] RBP: ffff888087cdfcb8 R08: ffffffff815fa274 R09: ffffed1015d465d8
[ 64.840549][ T9172] R10: ffffed1015d465d8 R11: 0000000000000000 R12: ffff8880a5cc4b40
[ 64.848497][ T9172] R13: dffffc0000000000 R14: 0000000000000003 R15: dffffc0000000000
[ 64.856467][ T9172] ? vprintk_emit+0x2d4/0x3a0
[ 64.861132][ T9172] ? refcount_warn_saturate+0x165/0x1b0
[ 64.866655][ T9172] smc_release+0x37c/0x3f0
[ 64.871073][ T9172] sock_close+0xe1/0x260
[ 64.875290][ T9172] ? sock_mmap+0xa0/0xa0
[ 64.879520][ T9172] __fput+0x2e4/0x740
[ 64.883483][ T9172] ____fput+0x15/0x20
[ 64.887442][ T9172] task_work_run+0x17e/0x1b0
[ 64.892013][ T9172] prepare_exit_to_usermode+0x483/0x5b0
[ 64.897539][ T9172] syscall_return_slowpath+0x113/0x4a0
[ 64.902983][ T9172] do_syscall_64+0x11f/0x1c0
[ 64.907573][ T9172] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 64.913461][ T9172] RIP: 0033:0x414211
[ 64.917360][ T9172] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 64.937134][ T9172] RSP: 002b:00007ffef77f1400 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 64.945524][ T9172] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000414211
[ 64.953574][ T9172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 64.961523][ T9172] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff
[ 64.969478][ T9172] R10: 00007ffef77f14e0 R11: 0000000000000293 R12: 000000000075bfc8
[ 64.977427][ T9172] R13: 000000000000fc8a R14: 0000000000760458 R15: 000000000075bfd4
[ 64.987287][ T9172] Kernel Offset: disabled
[ 64.991716][ T9172] Rebooting in 86400 seconds..