[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 78.503686][ T27] audit: type=1800 audit(1585945986.232:25): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 78.539112][ T27] audit: type=1800 audit(1585945986.232:26): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 78.579121][ T27] audit: type=1800 audit(1585945986.232:27): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 90.070867][ T9425] ------------[ cut here ]------------ [ 90.076502][ T9425] refcount_t: underflow; use-after-free. [ 90.082812][ T9425] WARNING: CPU: 1 PID: 9425 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 [ 90.092180][ T9425] Kernel panic - not syncing: panic_on_warn set ... [ 90.098812][ T9425] CPU: 1 PID: 9425 Comm: syz-executor764 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 90.108729][ T9425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.118764][ T9425] Call Trace: [ 90.122041][ T9425] dump_stack+0x188/0x20d [ 90.126355][ T9425] ? refcount_warn_saturate+0x150/0x1e0 [ 90.131880][ T9425] panic+0x2e3/0x75c [ 90.135752][ T9425] ? add_taint.cold+0x16/0x16 [ 90.140416][ T9425] ? __probe_kernel_read+0x188/0x1d0 [ 90.145682][ T9425] ? __warn.cold+0x14/0x35 [ 90.150082][ T9425] ? __warn+0xd5/0x1c8 [ 90.154141][ T9425] ? refcount_warn_saturate+0x1d1/0x1e0 [ 90.159681][ T9425] __warn.cold+0x2f/0x35 [ 90.163907][ T9425] ? refcount_warn_saturate+0x1d1/0x1e0 [ 90.169450][ T9425] report_bug+0x27b/0x2f0 [ 90.173760][ T9425] do_error_trap+0x12b/0x220 [ 90.178339][ T9425] ? refcount_warn_saturate+0x1d1/0x1e0 [ 90.183881][ T9425] do_invalid_op+0x32/0x40 [ 90.188277][ T9425] ? refcount_warn_saturate+0x1d1/0x1e0 [ 90.193803][ T9425] invalid_op+0x23/0x30 [ 90.197953][ T9425] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 [ 90.204221][ T9425] Code: e9 db fe ff ff 48 89 df e8 1c e7 1f fe e9 8a fe ff ff e8 12 c6 e2 fd 48 c7 c7 40 db 71 88 c6 05 b6 a9 f1 06 01 e8 77 91 b4 fd <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 [ 90.223958][ T9425] RSP: 0018:ffffc900020b7698 EFLAGS: 00010286 [ 90.230025][ T9425] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 90.237996][ T9425] RDX: 0000000000000000 RSI: ffffffff815c4e91 RDI: fffff52000416ec5 [ 90.245966][ T9425] RBP: 0000000000000003 R08: ffff88808bcee040 R09: fffffbfff1852717 [ 90.253982][ T9425] R10: fffffbfff1852716 R11: ffffffff8c2938b7 R12: 0000000000008100 [ 90.261943][ T9425] R13: ffff8880a8683a04 R14: ffff888097726540 R15: ffff888097726580 [ 90.270107][ T9425] ? vprintk_func+0x81/0x17e [ 90.274717][ T9425] ? refcount_warn_saturate+0x1d1/0x1e0 [ 90.280270][ T9425] sock_wfree+0x1e3/0x240 [ 90.284593][ T9425] sctp_wfree+0x372/0x960 [ 90.288917][ T9425] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 90.294460][ T9425] ? __sctp_write_space+0x5c0/0x5c0 [ 90.299651][ T9425] skb_release_head_state+0xe2/0x250 [ 90.304926][ T9425] skb_release_all+0x11/0x60 [ 90.309509][ T9425] consume_skb+0xf3/0x400 [ 90.314260][ T9425] sctp_chunk_put+0x1c0/0x2d0 [ 90.318918][ T9425] __sctp_outq_teardown+0x715/0xc60 [ 90.324100][ T9425] sctp_association_free+0x212/0x7e0 [ 90.329393][ T9425] sctp_do_sm+0x3921/0x4ee0 [ 90.333881][ T9425] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 90.339841][ T9425] ? sctp_do_8_2_transport_strike.isra.0+0xa60/0xa60 [ 90.346510][ T9425] ? kmem_cache_alloc_node_trace+0x3a2/0x790 [ 90.352493][ T9425] ? sctp_chunkify+0x46/0x290 [ 90.357166][ T9425] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 90.362708][ T9425] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 90.368678][ T9425] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 90.374560][ T9425] ? kmem_cache_alloc+0x261/0x730 [ 90.379614][ T9425] ? sctp_addto_chunk+0x290/0x290 [ 90.384645][ T9425] ? skb_put+0x15d/0x1c0 [ 90.388865][ T9425] ? memcpy+0x35/0x50 [ 90.392842][ T9425] sctp_primitive_ABORT+0x9b/0xc0 [ 90.397868][ T9425] sctp_close+0x22e/0x8a0 [ 90.402194][ T9425] ? sctp_accept+0x6a0/0x6a0 [ 90.406777][ T9425] ? down_write+0xdb/0x150 [ 90.411190][ T9425] ? ip_mc_drop_socket+0x16/0x260 [ 90.416254][ T9425] ? __sock_release+0x280/0x280 [ 90.421089][ T9425] inet_release+0xe4/0x1f0 [ 90.425494][ T9425] __sock_release+0xcd/0x280 [ 90.430064][ T9425] sock_close+0x18/0x20 [ 90.434200][ T9425] __fput+0x2da/0x850 [ 90.438169][ T9425] task_work_run+0x13f/0x1b0 [ 90.442742][ T9425] do_exit+0xb53/0x2e10 [ 90.446932][ T9425] ? mm_update_next_owner+0x7a0/0x7a0 [ 90.452292][ T9425] ? __sys_getsockopt+0x18d/0x2e0 [ 90.457349][ T9425] ? kernel_accept+0x360/0x360 [ 90.462094][ T9425] ? down_read_nested+0x430/0x430 [ 90.467134][ T9425] ? handle_mm_fault+0x29e/0x660 [ 90.472061][ T9425] do_group_exit+0x125/0x340 [ 90.476632][ T9425] __x64_sys_exit_group+0x3a/0x50 [ 90.481654][ T9425] do_syscall_64+0xf6/0x790 [ 90.486173][ T9425] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 90.492072][ T9425] RIP: 0033:0x43ef98 [ 90.495956][ T9425] Code: Bad RIP value. [ 90.500014][ T9425] RSP: 002b:00007ffc746d2428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 90.508417][ T9425] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef98 [ 90.516379][ T9425] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 90.524332][ T9425] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 90.532305][ T9425] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 90.540254][ T9425] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 90.549740][ T9425] Kernel Offset: disabled [ 90.554124][ T9425] Rebooting in 86400 seconds..