[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 49.428900][ T26] audit: type=1800 audit(1583801023.446:25): pid=8515 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 49.447977][ T26] audit: type=1800 audit(1583801023.456:26): pid=8515 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 49.469796][ T26] audit: type=1800 audit(1583801023.456:27): pid=8515 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.768688][ T8668] ------------[ cut here ]------------ [ 59.774317][ T8668] refcount_t: underflow; use-after-free. [ 59.780394][ T8668] WARNING: CPU: 1 PID: 8668 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 [ 59.789856][ T8668] Kernel panic - not syncing: panic_on_warn set ... [ 59.796429][ T8668] CPU: 1 PID: 8668 Comm: syz-executor779 Not tainted 5.6.0-rc5-syzkaller #0 [ 59.805069][ T8668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.815099][ T8668] Call Trace: [ 59.818385][ T8668] dump_stack+0x1e9/0x30e [ 59.822709][ T8668] panic+0x264/0x7a0 [ 59.826602][ T8668] ? __warn+0x102/0x210 [ 59.830839][ T8668] ? refcount_warn_saturate+0x15b/0x1a0 [ 59.836370][ T8668] __warn+0x209/0x210 [ 59.840346][ T8668] ? refcount_warn_saturate+0x15b/0x1a0 [ 59.845868][ T8668] report_bug+0x1ac/0x2d0 [ 59.850202][ T8668] do_error_trap+0xca/0x1c0 [ 59.854700][ T8668] do_invalid_op+0x32/0x40 [ 59.859097][ T8668] ? refcount_warn_saturate+0x15b/0x1a0 [ 59.864621][ T8668] invalid_op+0x23/0x30 [ 59.868752][ T8668] RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 [ 59.874898][ T8668] Code: c7 e4 ff d0 88 31 c0 e8 23 20 b3 fd 0f 0b eb 85 e8 8a 4a e0 fd c6 05 ff 70 b1 05 01 48 c7 c7 10 00 d1 88 31 c0 e8 05 20 b3 fd <0f> 0b e9 64 ff ff ff e8 69 4a e0 fd c6 05 df 70 b1 05 01 48 c7 c7 [ 59.895270][ T8668] RSP: 0018:ffffc90001f577d0 EFLAGS: 00010246 [ 59.901585][ T8668] RAX: 8c9c9070bbb4e500 RBX: 0000000000000003 RCX: ffff8880938a63c0 [ 59.909660][ T8668] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 59.917629][ T8668] RBP: 0000000000000003 R08: ffffffff815e16e6 R09: fffffbfff15db92a [ 59.925596][ T8668] R10: fffffbfff15db92a R11: 0000000000000000 R12: dffffc0000000000 [ 59.933560][ T8668] R13: ffff88809de82000 R14: ffff8880a89237c0 R15: 1ffff11013be52b0 [ 59.941532][ T8668] ? vprintk_emit+0x2e6/0x3b0 [ 59.946211][ T8668] sctp_wfree+0x3b1/0x710 [ 59.950533][ T8668] skb_release_head_state+0xfb/0x210 [ 59.955794][ T8668] __kfree_skb+0x22/0x1c0 [ 59.960102][ T8668] sctp_chunk_put+0x17b/0x200 [ 59.964757][ T8668] __sctp_outq_teardown+0x80a/0x9d0 [ 59.969947][ T8668] sctp_association_free+0x21e/0x7c0 [ 59.975210][ T8668] ? sctp_do_sm+0x2e2a/0x5560 [ 59.979864][ T8668] sctp_do_sm+0x3c01/0x5560 [ 59.984348][ T8668] ? rcu_read_lock_sched_held+0x106/0x170 [ 59.990062][ T8668] ? _sctp_make_chunk+0x10c/0x3e0 [ 59.995068][ T8668] ? rcu_read_lock_sched_held+0x106/0x170 [ 60.000764][ T8668] ? trace_kmem_cache_alloc+0xcb/0x120 [ 60.006207][ T8668] ? _sctp_make_chunk+0x10c/0x3e0 [ 60.011220][ T8668] ? sctp_auth_send_cid+0x60/0x250 [ 60.016342][ T8668] sctp_primitive_ABORT+0x93/0xc0 [ 60.021357][ T8668] sctp_close+0x231/0x770 [ 60.025675][ T8668] ? ip_mc_drop_socket+0x267/0x280 [ 60.030878][ T8668] inet_release+0x135/0x180 [ 60.035364][ T8668] sock_close+0xd8/0x260 [ 60.039585][ T8668] ? sock_mmap+0x90/0x90 [ 60.043861][ T8668] __fput+0x2d8/0x730 [ 60.047827][ T8668] task_work_run+0x176/0x1b0 [ 60.052402][ T8668] do_exit+0x5ef/0x1f80 [ 60.056541][ T8668] do_group_exit+0x15e/0x2c0 [ 60.061160][ T8668] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 60.066856][ T8668] __do_sys_exit_group+0x13/0x20 [ 60.071768][ T8668] __se_sys_exit_group+0x10/0x10 [ 60.076728][ T8668] __x64_sys_exit_group+0x37/0x40 [ 60.081729][ T8668] do_syscall_64+0xf3/0x1b0 [ 60.086210][ T8668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.092075][ T8668] RIP: 0033:0x43ef98 [ 60.096000][ T8668] Code: Bad RIP value. [ 60.100039][ T8668] RSP: 002b:00007ffcc7e7c398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 60.108421][ T8668] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 60.116367][ T8668] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 60.124316][ T8668] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 60.132307][ T8668] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 60.140353][ T8668] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 60.149769][ T8668] Kernel Offset: disabled [ 60.154139][ T8668] Rebooting in 86400 seconds..