Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.343195][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 66.343206][ T26] audit: type=1800 audit(1574440461.084:39): pid=9281 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 66.372168][ T26] audit: type=1800 audit(1574440461.094:40): pid=9281 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 68.483731][ T26] audit: type=1400 audit(1574440463.224:41): avc: denied { map } for pid=9459 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. executing program [ 75.153811][ T26] audit: type=1400 audit(1574440469.894:42): avc: denied { map } for pid=9471 comm="syz-executor879" path="/root/syz-executor879389053" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 75.177672][ T9471] ------------[ cut here ]------------ [ 75.186893][ T9471] refcount_t: underflow; use-after-free. [ 75.192714][ T9471] WARNING: CPU: 0 PID: 9471 at lib/refcount.c:190 refcount_sub_and_test_checked+0x1d0/0x200 [ 75.202753][ T9471] Kernel panic - not syncing: panic_on_warn set ... [ 75.209327][ T9471] CPU: 0 PID: 9471 Comm: syz-executor879 Not tainted 5.4.0-rc8-syzkaller #0 [ 75.218098][ T9471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.228140][ T9471] Call Trace: [ 75.231420][ T9471] dump_stack+0x197/0x210 [ 75.235732][ T9471] ? refcount_sub_and_test_checked+0x100/0x200 [ 75.241863][ T9471] panic+0x2e3/0x75c [ 75.245738][ T9471] ? add_taint.cold+0x16/0x16 [ 75.250488][ T9471] ? __kasan_check_write+0x14/0x20 [ 75.255585][ T9471] ? __warn.cold+0x14/0x35 [ 75.260001][ T9471] ? __warn+0xd9/0x1d0 [ 75.264051][ T9471] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 75.270183][ T9471] __warn.cold+0x2f/0x35 [ 75.274407][ T9471] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 75.280543][ T9471] report_bug+0x289/0x300 [ 75.284854][ T9471] do_error_trap+0x11b/0x200 [ 75.289423][ T9471] do_invalid_op+0x37/0x50 [ 75.293815][ T9471] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 75.299959][ T9471] invalid_op+0x23/0x30 [ 75.304092][ T9471] RIP: 0010:refcount_sub_and_test_checked+0x1d0/0x200 [ 75.310832][ T9471] Code: 1d 30 da 7d 06 31 ff 89 de e8 3c 9b 2e fe 84 db 75 94 e8 f3 99 2e fe 48 c7 c7 40 b9 e6 87 c6 05 10 da 7d 06 01 e8 08 cd ff fd <0f> 0b e9 75 ff ff ff e8 d4 99 2e fe e9 6e ff ff ff 48 89 df e8 17 [ 75.330413][ T9471] RSP: 0018:ffff888092777540 EFLAGS: 00010282 [ 75.336456][ T9471] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 75.344405][ T9471] RDX: 0000000000000000 RSI: ffffffff815cf766 RDI: ffffed10124eee9a [ 75.352548][ T9471] RBP: ffff8880927775d8 R08: ffff8880a0498140 R09: ffffed1015d04101 [ 75.360500][ T9471] R10: ffffed1015d04100 R11: ffff8880ae820807 R12: 00000000ffffff01 [ 75.368455][ T9471] R13: 0000000000000001 R14: ffff8880927775b0 R15: 0000000000008001 [ 75.376420][ T9471] ? vprintk_func+0x86/0x189 [ 75.380996][ T9471] ? refcount_dec_not_one+0x1f0/0x1f0 [ 75.386433][ T9471] ? refcount_sub_and_test_checked+0x154/0x200 [ 75.392564][ T9471] ? refcount_dec_not_one+0x1f0/0x1f0 [ 75.397912][ T9471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.404134][ T9471] sock_wfree+0xc3/0x190 [ 75.408357][ T9471] sctp_wfree+0x336/0x920 [ 75.412677][ T9471] ? __sctp_write_space+0x5e0/0x5e0 [ 75.417853][ T9471] skb_release_head_state+0xeb/0x260 [ 75.423153][ T9471] skb_release_all+0x16/0x60 [ 75.427777][ T9471] consume_skb+0xfb/0x3b0 [ 75.432086][ T9471] sctp_chunk_put+0x192/0x280 [ 75.436740][ T9471] sctp_chunk_free+0x56/0x70 [ 75.441311][ T9471] __sctp_outq_teardown+0x1d0/0xc60 [ 75.446494][ T9471] sctp_outq_free+0x16/0x20 [ 75.450981][ T9471] sctp_association_free+0x208/0x79a [ 75.456252][ T9471] sctp_do_sm+0x3a75/0x5170 [ 75.460737][ T9471] ? __kmalloc_node_track_caller+0x3d/0x70 [ 75.466533][ T9471] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 75.473208][ T9471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.479433][ T9471] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 75.485575][ T9471] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 75.491105][ T9471] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 75.497067][ T9471] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 75.502858][ T9471] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 75.508561][ T9471] ? sctp_init_cause+0x1ae/0x230 [ 75.513476][ T9471] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 75.519188][ T9471] ? skb_put+0x177/0x1d0 [ 75.523425][ T9471] ? memcpy+0x46/0x50 [ 75.527417][ T9471] sctp_primitive_ABORT+0xa0/0xd0 [ 75.532468][ T9471] sctp_close+0x259/0x880 [ 75.536796][ T9471] ? sctp_accept+0x710/0x710 [ 75.541434][ T9471] ? __kasan_check_write+0x14/0x20 [ 75.546662][ T9471] ? down_write+0xdf/0x150 [ 75.551065][ T9471] ? ip_mc_drop_socket+0x211/0x270 [ 75.556184][ T9471] inet_release+0xed/0x200 [ 75.560657][ T9471] __sock_release+0xce/0x280 [ 75.565235][ T9471] sock_close+0x1e/0x30 [ 75.569371][ T9471] __fput+0x2ff/0x890 [ 75.573348][ T9471] ? __sock_release+0x280/0x280 [ 75.578216][ T9471] ____fput+0x16/0x20 [ 75.582191][ T9471] task_work_run+0x145/0x1c0 [ 75.586849][ T9471] do_exit+0x904/0x2e60 [ 75.591023][ T9471] ? mm_update_next_owner+0x640/0x640 [ 75.596426][ T9471] ? __sys_getsockopt+0x1b2/0x310 [ 75.601434][ T9471] ? kernel_accept+0x310/0x310 [ 75.606181][ T9471] ? handle_mm_fault+0x4b0/0xaa0 [ 75.611103][ T9471] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 75.616542][ T9471] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 75.621993][ T9471] do_group_exit+0x135/0x360 [ 75.626572][ T9471] __x64_sys_exit_group+0x44/0x50 [ 75.631628][ T9471] do_syscall_64+0xfa/0x760 [ 75.636120][ T9471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.641994][ T9471] RIP: 0033:0x43f268 [ 75.645878][ T9471] Code: Bad RIP value. [ 75.649927][ T9471] RSP: 002b:00007ffe83627e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.658461][ T9471] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f268 [ 75.666412][ T9471] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 75.674363][ T9471] RBP: 00000000004bea68 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 75.682314][ T9471] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 75.690275][ T9471] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 75.699923][ T9471] Kernel Offset: disabled [ 75.704336][ T9471] Rebooting in 86400 seconds..