[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.401174][ T26] audit: type=1800 audit(1570578194.949:25): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.439575][ T26] audit: type=1800 audit(1570578194.949:26): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.460574][ T26] audit: type=1800 audit(1570578194.949:27): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.59' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.029269][ T8691] ------------[ cut here ]------------ [ 68.034875][ T8691] refcount_t: underflow; use-after-free. [ 68.040848][ T8691] WARNING: CPU: 0 PID: 8691 at lib/refcount.c:190 refcount_sub_and_test_checked+0x1d0/0x200 [ 68.050940][ T8691] Kernel panic - not syncing: panic_on_warn set ... [ 68.057504][ T8691] CPU: 0 PID: 8691 Comm: syz-executor322 Not tainted 5.4.0-rc2-next-20191008 #0 [ 68.066500][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.076528][ T8691] Call Trace: [ 68.079801][ T8691] dump_stack+0x172/0x1f0 [ 68.084113][ T8691] ? refcount_sub_and_test_checked+0x120/0x200 [ 68.090245][ T8691] panic+0x2e3/0x75c [ 68.094116][ T8691] ? add_taint.cold+0x16/0x16 [ 68.098824][ T8691] ? __kasan_check_write+0x14/0x20 [ 68.103942][ T8691] ? __warn.cold+0x14/0x35 [ 68.108364][ T8691] ? __warn+0xd9/0x1d0 [ 68.112415][ T8691] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 68.118541][ T8691] __warn.cold+0x2f/0x35 [ 68.122758][ T8691] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 68.128886][ T8691] report_bug+0x289/0x300 [ 68.133193][ T8691] do_error_trap+0x11b/0x200 [ 68.137762][ T8691] do_invalid_op+0x37/0x50 [ 68.142155][ T8691] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 68.148286][ T8691] invalid_op+0x23/0x30 [ 68.152420][ T8691] RIP: 0010:refcount_sub_and_test_checked+0x1d0/0x200 [ 68.159154][ T8691] Code: 1d b0 f0 7f 06 31 ff 89 de e8 6c d7 30 fe 84 db 75 94 e8 23 d6 30 fe 48 c7 c7 20 81 e6 87 c6 05 90 f0 7f 06 01 e8 e8 15 02 fe <0f> 0b e9 75 ff ff ff e8 04 d6 30 fe e9 6e ff ff ff 48 89 df e8 e7 [ 68.178739][ T8691] RSP: 0018:ffff8880a8267a28 EFLAGS: 00010282 [ 68.184778][ T8691] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 68.192727][ T8691] RDX: 0000000000000000 RSI: ffffffff815cb676 RDI: ffffed101504cf37 [ 68.200673][ T8691] RBP: ffff8880a8267ac0 R08: ffff888090e363c0 R09: fffffbfff14eeb42 [ 68.208619][ T8691] R10: fffffbfff14eeb41 R11: ffffffff8a775a0f R12: 00000000fffffd02 [ 68.216566][ T8691] R13: 0000000000000001 R14: ffff8880a8267a98 R15: 0000000000000001 [ 68.224540][ T8691] ? vprintk_func+0x86/0x189 [ 68.229113][ T8691] ? refcount_sub_and_test_checked+0x1d0/0x200 [ 68.235247][ T8691] ? refcount_dec_not_one+0x1f0/0x1f0 [ 68.240599][ T8691] ? __io_sqe_files_scm+0x429/0x640 [ 68.245773][ T8691] sock_wfree+0x10c/0x190 [ 68.250083][ T8691] unix_destruct_scm+0x115/0x170 [ 68.254994][ T8691] ? unix_detach_fds+0x180/0x180 [ 68.259910][ T8691] ? __io_sqe_files_scm+0x429/0x640 [ 68.265083][ T8691] ? io_ring_ctx_ref_free+0x20/0x20 [ 68.270266][ T8691] io_destruct_skb+0x62/0x80 [ 68.274832][ T8691] skb_release_head_state+0xeb/0x260 [ 68.280092][ T8691] skb_release_all+0x16/0x60 [ 68.284663][ T8691] kfree_skb+0x101/0x3c0 [ 68.288883][ T8691] __io_sqe_files_scm+0x429/0x640 [ 68.293886][ T8691] __io_uring_register+0x1f69/0x2d70 [ 68.299154][ T8691] ? io_uring_setup+0x1940/0x1940 [ 68.304156][ T8691] ? io_uring_release+0x50/0x50 [ 68.309020][ T8691] __x64_sys_io_uring_register+0x193/0x1f0 [ 68.314803][ T8691] do_syscall_64+0xfa/0x760 [ 68.319290][ T8691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.325160][ T8691] RIP: 0033:0x440279 [ 68.329032][ T8691] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.348617][ T8691] RSP: 002b:00007ffeeedc31e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 68.357007][ T8691] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440279 [ 68.364954][ T8691] RDX: 0000000020000280 RSI: 0000000000000002 RDI: 0000000000000003 [ 68.372903][ T8691] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 68.380855][ T8691] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401b00 [ 68.388806][ T8691] R13: 0000000000401b90 R14: 0000000000000000 R15: 0000000000000000 [ 68.398195][ T8691] Kernel Offset: disabled [ 68.402600][ T8691] Rebooting in 86400 seconds..