[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.384655][ T6828] ------------[ cut here ]------------ [ 45.398519][ T6828] refcount_t: underflow; use-after-free. [ 45.413664][ T6828] WARNING: CPU: 0 PID: 6828 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 [ 45.433886][ T6828] Kernel panic - not syncing: panic_on_warn set ... [ 45.440512][ T6828] CPU: 0 PID: 6828 Comm: syz-executor300 Not tainted 5.9.0-rc2-syzkaller #0 [ 45.449181][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.459241][ T6828] Call Trace: [ 45.462536][ T6828] dump_stack+0x1f0/0x31e [ 45.466874][ T6828] panic+0x264/0x7a0 [ 45.470803][ T6828] ? __warn+0x102/0x250 [ 45.474967][ T6828] ? refcount_warn_saturate+0x15b/0x1a0 [ 45.480515][ T6828] ? refcount_warn_saturate+0x15b/0x1a0 [ 45.486064][ T6828] __warn+0x227/0x250 [ 45.490054][ T6828] ? refcount_warn_saturate+0x15b/0x1a0 [ 45.495600][ T6828] report_bug+0x1b1/0x2e0 [ 45.499937][ T6828] handle_bug+0x42/0x80 [ 45.504119][ T6828] exc_invalid_op+0x16/0x40 [ 45.508623][ T6828] asm_exc_invalid_op+0x12/0x20 [ 45.513476][ T6828] RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 [ 45.519627][ T6828] Code: c7 aa 91 15 89 31 c0 e8 93 3f a6 fd 0f 0b eb 85 e8 7a 9a d4 fd c6 05 53 93 ea 05 01 48 c7 c7 d6 91 15 89 31 c0 e8 75 3f a6 fd <0f> 0b e9 64 ff ff ff e8 59 9a d4 fd c6 05 33 93 ea 05 01 48 c7 c7 [ 45.539319][ T6828] RSP: 0018:ffffc9000100f598 EFLAGS: 00010246 [ 45.545391][ T6828] RAX: a0b905fb01115d00 RBX: 0000000000000003 RCX: ffff8880a80f83c0 [ 45.553413][ T6828] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 45.561429][ T6828] RBP: 0000000000000003 R08: ffffffff815e2109 R09: ffffed1015d062c0 [ 45.569518][ T6828] R10: ffffed1015d062c0 R11: 0000000000000000 R12: ffff8880a8a4a000 [ 45.577496][ T6828] R13: ffff8880943cf478 R14: dffffc0000000000 R15: ffffc9000100f5b0 [ 45.585486][ T6828] ? vprintk_emit+0x339/0x3c0 [ 45.590194][ T6828] ? refcount_warn_saturate+0x15b/0x1a0 [ 45.595773][ T6828] red_destroy+0x1ed/0x2a0 [ 45.600197][ T6828] ? red_reset+0x100/0x100 [ 45.604646][ T6828] qdisc_create+0xfc4/0x1410 [ 45.609248][ T6828] ? lockdep_rtnl_is_held+0x22/0x30 [ 45.614452][ T6828] tc_modify_qdisc+0x962/0x1d90 [ 45.619329][ T6828] ? rcu_lock_release+0x20/0x20 [ 45.624186][ T6828] rtnetlink_rcv_msg+0x889/0xd40 [ 45.629153][ T6828] ? lock_acquire+0x160/0x730 [ 45.633832][ T6828] ? rcu_lock_acquire+0x5/0x30 [ 45.638609][ T6828] netlink_rcv_skb+0x190/0x3a0 [ 45.643474][ T6828] ? rtnetlink_bind+0x80/0x80 [ 45.648184][ T6828] netlink_unicast+0x786/0x940 [ 45.652994][ T6828] netlink_sendmsg+0xa57/0xd70 [ 45.657790][ T6828] ? netlink_getsockopt+0x9e0/0x9e0 [ 45.662967][ T6828] ____sys_sendmsg+0x519/0x800 [ 45.667710][ T6828] ? import_iovec+0x12a/0x2c0 [ 45.672361][ T6828] __sys_sendmsg+0x2b1/0x360 [ 45.676931][ T6828] ? trace_lock_release+0x137/0x1a0 [ 45.682109][ T6828] ? rcu_lock_release+0x9/0x20 [ 45.686871][ T6828] ? lock_is_held_type+0xb3/0xe0 [ 45.691790][ T6828] ? syscall_enter_from_user_mode+0x24/0x1a0 [ 45.697765][ T6828] ? lockdep_hardirqs_on+0x49/0xf0 [ 45.702854][ T6828] ? syscall_enter_from_user_mode+0x24/0x1a0 [ 45.708844][ T6828] do_syscall_64+0x31/0x70 [ 45.713246][ T6828] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.719138][ T6828] RIP: 0033:0x4404a9 [ 45.723022][ T6828] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.742996][ T6828] RSP: 002b:00007fff355f30b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.751406][ T6828] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404a9 [ 45.759365][ T6828] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 45.767516][ T6828] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 45.775470][ T6828] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401cb0 [ 45.783435][ T6828] R13: 0000000000401d40 R14: 0000000000000000 R15: 0000000000000000 [ 45.792524][ T6828] Kernel Offset: disabled [ 45.796895][ T6828] Rebooting in 86400 seconds..