[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.198142][ T7024] IPVS: ftp: loaded support on port[0] = 21 [ 55.236157][ T7024] netlink: 16 bytes leftover after parsing attributes in process `syz-executor173'. [ 55.288629][ T7024] ------------[ cut here ]------------ [ 55.294127][ T7024] refcount_t: underflow; use-after-free. [ 55.300142][ T7024] WARNING: CPU: 1 PID: 7024 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 [ 55.309600][ T7024] Kernel panic - not syncing: panic_on_warn set ... [ 55.316236][ T7024] CPU: 1 PID: 7024 Comm: syz-executor173 Not tainted 5.6.0-rc7-syzkaller #0 [ 55.324887][ T7024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.334923][ T7024] Call Trace: [ 55.338199][ T7024] dump_stack+0x188/0x20d [ 55.342739][ T7024] ? refcount_warn_saturate+0x190/0x1e0 [ 55.348274][ T7024] panic+0x2e3/0x75c [ 55.352151][ T7024] ? add_taint.cold+0x16/0x16 [ 55.356814][ T7024] ? __probe_kernel_read+0x188/0x1d0 [ 55.362074][ T7024] ? __warn.cold+0x14/0x35 [ 55.366515][ T7024] ? __warn+0xd5/0x1c8 [ 55.370573][ T7024] ? refcount_warn_saturate+0x1d1/0x1e0 [ 55.376249][ T7024] __warn.cold+0x2f/0x35 [ 55.380486][ T7024] ? refcount_warn_saturate+0x1d1/0x1e0 [ 55.386015][ T7024] report_bug+0x27b/0x2f0 [ 55.390596][ T7024] do_error_trap+0x12b/0x220 [ 55.395217][ T7024] ? refcount_warn_saturate+0x1d1/0x1e0 [ 55.400895][ T7024] do_invalid_op+0x32/0x40 [ 55.405326][ T7024] ? refcount_warn_saturate+0x1d1/0x1e0 [ 55.410865][ T7024] invalid_op+0x23/0x30 [ 55.415014][ T7024] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 [ 55.421163][ T7024] Code: e9 db fe ff ff 48 89 df e8 4c 63 1f fe e9 8a fe ff ff e8 f2 99 e2 fd 48 c7 c7 00 a9 51 88 c6 05 c6 a0 d1 06 01 e8 d7 aa b4 fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 [ 55.440761][ T7024] RSP: 0018:ffffc90001577d38 EFLAGS: 00010286 [ 55.446821][ T7024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 55.454774][ T7024] RDX: 0000000000000000 RSI: ffffffff815c06c1 RDI: fffff520002aef99 [ 55.463072][ T7024] RBP: 0000000000000003 R08: ffff8880962684c0 R09: ffffed1015ce6659 [ 55.471042][ T7024] R10: ffffed1015ce6658 R11: ffff8880ae7332c7 R12: ffff8880a0c7c040 [ 55.479050][ T7024] R13: ffff8880a0c7c044 R14: 00000000000002ab R15: ffff8880a8b50580 [ 55.487041][ T7024] ? vprintk_func+0x81/0x17e [ 55.491680][ T7024] ? refcount_warn_saturate+0x1d1/0x1e0 [ 55.497302][ T7024] free_nsproxy+0x445/0x4a0 [ 55.501806][ T7024] switch_task_namespaces+0xaa/0xc0 [ 55.507072][ T7024] do_exit+0xb2f/0x2dd0 [ 55.511219][ T7024] ? mm_update_next_owner+0x7a0/0x7a0 [ 55.516570][ T7024] ? up_read+0x1ab/0x750 [ 55.520799][ T7024] ? mark_held_locks+0x9f/0xe0 [ 55.525552][ T7024] ? down_read_non_owner+0x470/0x470 [ 55.530820][ T7024] ? handle_mm_fault+0x491/0xa10 [ 55.535737][ T7024] do_group_exit+0x125/0x340 [ 55.540307][ T7024] __x64_sys_exit_group+0x3a/0x50 [ 55.545311][ T7024] do_syscall_64+0xf6/0x7d0 [ 55.549812][ T7024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.555682][ T7024] RIP: 0033:0x43f998 [ 55.559561][ T7024] Code: Bad RIP value. [ 55.563612][ T7024] RSP: 002b:00007ffd8574d708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.572009][ T7024] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f998 [ 55.579960][ T7024] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 55.588115][ T7024] RBP: 00000000004bfa10 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 55.596085][ T7024] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000000001 [ 55.604040][ T7024] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 55.613796][ T7024] Kernel Offset: disabled [ 55.619228][ T7024] Rebooting in 86400 seconds..