[ 40.341750][ T26] audit: type=1800 audit(1574419486.686:27): pid=7690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 40.363056][ T26] audit: type=1800 audit(1574419486.686:28): pid=7690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.179514][ T26] audit: type=1800 audit(1574419487.576:29): pid=7690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 41.198821][ T26] audit: type=1800 audit(1574419487.576:30): pid=7690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.226' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.530882][ T7842] ------------[ cut here ]------------ [ 51.536707][ T7842] refcount_t: underflow; use-after-free. [ 51.543005][ T7842] WARNING: CPU: 1 PID: 7842 at lib/refcount.c:190 refcount_sub_and_test_checked+0x1d6/0x230 [ 51.553055][ T7842] Kernel panic - not syncing: panic_on_warn set ... [ 51.559624][ T7842] CPU: 1 PID: 7842 Comm: syz-executor278 Not tainted 5.4.0-rc8-syzkaller #0 [ 51.568292][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.578432][ T7842] Call Trace: [ 51.581703][ T7842] dump_stack+0x1fb/0x318 [ 51.586030][ T7842] panic+0x264/0x7a9 [ 51.589912][ T7842] ? __warn+0x105/0x210 [ 51.594044][ T7842] ? refcount_sub_and_test_checked+0x1d6/0x230 [ 51.600184][ T7842] __warn+0x20e/0x210 [ 51.604140][ T7842] ? refcount_sub_and_test_checked+0x1d6/0x230 [ 51.610456][ T7842] report_bug+0x1b6/0x2f0 [ 51.614774][ T7842] ? refcount_sub_and_test_checked+0x1d6/0x230 [ 51.620908][ T7842] do_error_trap+0xd7/0x440 [ 51.625402][ T7842] do_invalid_op+0x36/0x40 [ 51.629791][ T7842] ? refcount_sub_and_test_checked+0x1d6/0x230 [ 51.636005][ T7842] invalid_op+0x23/0x30 [ 51.640136][ T7842] RIP: 0010:refcount_sub_and_test_checked+0x1d6/0x230 [ 51.646871][ T7842] Code: 75 05 01 75 09 e8 6a d4 2d fe 31 db eb ca e8 61 d4 2d fe c6 05 ca 7c 75 05 01 31 db 48 c7 c7 d1 d9 40 88 31 c0 e8 0a 6b 00 fe <0f> 0b eb aa 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 67 fe ff ff 4c [ 51.666446][ T7842] RSP: 0018:ffff88809491f680 EFLAGS: 00010246 [ 51.672483][ T7842] RAX: cf6ab369a4203a00 RBX: 0000000000000000 RCX: ffff8880a15485c0 [ 51.680428][ T7842] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 51.688370][ T7842] RBP: ffff88809491f6b8 R08: ffffffff815cc074 R09: ffffed1015d66120 [ 51.696323][ T7842] R10: ffffed1015d66120 R11: 0000000000000000 R12: ffff8880a886aa04 [ 51.704280][ T7842] R13: 0000000000008001 R14: 0000000000008100 R15: 1ffff11012923ed0 [ 51.712597][ T7842] ? vprintk_emit+0x2d4/0x3a0 [ 51.717258][ T7842] sock_wfree+0xf5/0x140 [ 51.721533][ T7842] sctp_wfree+0x380/0x6d0 [ 51.725878][ T7842] skb_release_head_state+0x100/0x210 [ 51.731228][ T7842] __kfree_skb+0x25/0x170 [ 51.735532][ T7842] consume_skb+0x6b/0xb0 [ 51.739751][ T7842] sctp_chunk_put+0x13d/0x1b0 [ 51.744400][ T7842] sctp_chunk_free+0x59/0x60 [ 51.748975][ T7842] __sctp_outq_teardown+0x210/0xa30 [ 51.754145][ T7842] sctp_outq_free+0x15/0x20 [ 51.758624][ T7842] sctp_association_free+0x22d/0x7a0 [ 51.763883][ T7842] sctp_do_sm+0x3e98/0x5720 [ 51.768361][ T7842] ? rcu_read_lock_sched_held+0x10b/0x170 [ 51.774057][ T7842] ? rcu_read_lock_sched_held+0x10b/0x170 [ 51.779760][ T7842] ? _sctp_make_chunk+0x10e/0x460 [ 51.784759][ T7842] ? trace_kmem_cache_alloc+0xcd/0x130 [ 51.790194][ T7842] ? _sctp_make_chunk+0x10e/0x460 [ 51.795202][ T7842] ? sctp_auth_send_cid+0x63/0x280 [ 51.800299][ T7842] sctp_primitive_ABORT+0x99/0xd0 [ 51.805302][ T7842] sctp_close+0x263/0x6f0 [ 51.809607][ T7842] ? ip_mc_drop_socket+0x26b/0x280 [ 51.814696][ T7842] inet_release+0x165/0x1c0 [ 51.819189][ T7842] sock_close+0xe1/0x260 [ 51.823400][ T7842] ? sock_mmap+0xa0/0xa0 [ 51.827614][ T7842] __fput+0x2e4/0x740 [ 51.831600][ T7842] ____fput+0x15/0x20 [ 51.835555][ T7842] task_work_run+0x17e/0x1b0 [ 51.840119][ T7842] do_exit+0x5e8/0x2190 [ 51.844252][ T7842] ? __kasan_check_write+0x14/0x20 [ 51.849335][ T7842] ? check_preemption_disabled+0xb7/0x2a0 [ 51.855027][ T7842] ? debug_smp_processor_id+0x1c/0x20 [ 51.860370][ T7842] do_group_exit+0x15c/0x2b0 [ 51.864934][ T7842] __do_sys_exit_group+0x17/0x20 [ 51.869842][ T7842] __se_sys_exit_group+0x14/0x20 [ 51.874752][ T7842] __x64_sys_exit_group+0x3b/0x40 [ 51.879756][ T7842] do_syscall_64+0xf7/0x1c0 [ 51.884233][ T7842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.890094][ T7842] RIP: 0033:0x43f268 [ 51.893968][ T7842] Code: Bad RIP value. [ 51.898003][ T7842] RSP: 002b:00007ffc061ba9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.906383][ T7842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f268 [ 51.914337][ T7842] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 51.922290][ T7842] RBP: 00000000004bea68 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 51.930233][ T7842] R10: 000000002059aff8 R11: 0000000000000246 R12: 0000000000000001 [ 51.938191][ T7842] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 51.947666][ T7842] Kernel Offset: disabled [ 51.952470][ T7842] Rebooting in 86400 seconds..