[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.280839][ T25] audit: type=1800 audit(1575354329.365:25): pid=8893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.301593][ T25] audit: type=1800 audit(1575354329.365:26): pid=8893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.343893][ T25] audit: type=1800 audit(1575354329.365:27): pid=8893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. syzkaller login: [ 69.507013][ T9055] IPVS: ftp: loaded support on port[0] = 21 [ 69.517842][ T9056] IPVS: ftp: loaded support on port[0] = 21 [ 69.526955][ T9051] IPVS: ftp: loaded support on port[0] = 21 [ 69.528346][ T9054] IPVS: ftp: loaded support on port[0] = 21 [ 69.535749][ T9053] IPVS: ftp: loaded support on port[0] = 21 [ 69.540577][ T9052] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program [ 69.866284][ T9060] input: syz1 as /devices/virtual/input/input6 [ 69.881537][ T9059] input: syz1 as /devices/virtual/input/input5 [ 69.898519][ T9066] input: syz1 as /devices/virtual/input/input7 executing program executing program [ 69.912409][ T9071] input: syz1 as /devices/virtual/input/input8 [ 69.928644][ T9073] input: syz1 as /devices/virtual/input/input10 [ 69.936323][ T9074] input: syz1 as /devices/virtual/input/input9 [ 70.000128][ T9060] input: syz1 as /devices/virtual/input/input11 executing program executing program [ 70.117916][ T9071] input: syz1 as /devices/virtual/input/input13 [ 70.137850][ T9092] input: syz1 as /devices/virtual/input/input12 [ 70.146715][ T9073] input: syz1 as /devices/virtual/input/input15 [ 70.153209][ T9095] input: syz1 as /devices/virtual/input/input14 [ 70.195959][ T9074] input: syz1 as /devices/virtual/input/input16 executing program [ 70.316022][ T9107] input: syz1 as /devices/virtual/input/input17 [ 70.325948][ T9095] input: syz1 as /devices/virtual/input/input18 executing program executing program [ 70.410943][ T9112] input: syz1 as /devices/virtual/input/input19 [ 70.450203][ T9115] input: syz1 as /devices/virtual/input/input20 executing program [ 70.502088][ T9122] input: syz1 as /devices/virtual/input/input21 executing program executing program [ 70.596804][ T9130] input: syz1 as /devices/virtual/input/input23 [ 70.605959][ T9107] input: syz1 as /devices/virtual/input/input24 [ 70.624822][ T9129] input: syz1 as /devices/virtual/input/input22 [ 70.656509][ T9115] input: syz1 as /devices/virtual/input/input25 executing program executing program [ 70.808911][ T9140] input: syz1 as /devices/virtual/input/input26 [ 70.840561][ T9143] input: syz1 as /devices/virtual/input/input27 executing program [ 70.885567][ T9122] input: syz1 as /devices/virtual/input/input28 [ 70.922193][ T9149] input: syz1 as /devices/virtual/input/input29 [ 70.965668][ T9130] input: syz1 as /devices/virtual/input/input30 [ 71.005467][ T9129] input: syz1 as /devices/virtual/input/input31 [ 71.012520][ T9152] ------------[ cut here ]------------ [ 71.018246][ T9152] refcount_t: addition on 0; use-after-free. [ 71.018566][ T9152] WARNING: CPU: 0 PID: 9152 at lib/refcount.c:25 refcount_warn_saturate+0x174/0x1f0 [ 71.033746][ T9152] Kernel panic - not syncing: panic_on_warn set ... [ 71.040331][ T9152] CPU: 0 PID: 9152 Comm: syz-executor827 Not tainted 5.4.0-syzkaller #0 [ 71.048639][ T9152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.058674][ T9152] Call Trace: [ 71.061966][ T9152] dump_stack+0x197/0x210 [ 71.066284][ T9152] ? refcount_warn_saturate+0x80/0x1f0 [ 71.071724][ T9152] panic+0x2e3/0x75c [ 71.075614][ T9152] ? add_taint.cold+0x16/0x16 [ 71.080276][ T9152] ? __kasan_check_write+0x14/0x20 [ 71.085368][ T9152] ? __warn.cold+0x14/0x3e [ 71.089761][ T9152] ? __warn+0xd9/0x1cf [ 71.093823][ T9152] ? refcount_warn_saturate+0x174/0x1f0 [ 71.099347][ T9152] __warn.cold+0x2f/0x3e [ 71.103565][ T9152] ? refcount_warn_saturate+0x174/0x1f0 [ 71.109117][ T9152] report_bug+0x289/0x300 [ 71.113428][ T9152] do_error_trap+0x11b/0x200 [ 71.118000][ T9152] do_invalid_op+0x37/0x50 [ 71.122389][ T9152] ? refcount_warn_saturate+0x174/0x1f0 [ 71.127912][ T9152] invalid_op+0x23/0x30 [ 71.132069][ T9152] RIP: 0010:refcount_warn_saturate+0x174/0x1f0 [ 71.138197][ T9152] Code: 06 31 ff 89 de e8 ec f9 e6 fd 84 db 0f 85 33 ff ff ff e8 9f f8 e6 fd 48 c7 c7 80 76 6f 88 c6 05 9d b1 c5 06 01 e8 0b a3 b7 fd <0f> 0b e9 14 ff ff ff e8 80 f8 e6 fd 0f b6 1d 82 b1 c5 06 31 ff 89 [ 71.157776][ T9152] RSP: 0018:ffffc900025578a8 EFLAGS: 00010286 [ 71.163818][ T9152] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 71.171804][ T9152] RDX: 0000000000000000 RSI: ffffffff815e5a26 RDI: fffff520004aaf07 [ 71.179763][ T9152] RBP: ffffc900025578b8 R08: ffff888099836240 R09: fffffbfff1615da9 [ 71.187718][ T9152] R10: fffffbfff1615da8 R11: ffffffff8b0aed47 R12: 0000000000000002 [ 71.195680][ T9152] R13: ffff8880a79c0660 R14: ffff8880a8f00c80 R15: ffff88808ce75498 [ 71.203659][ T9152] ? vprintk_func+0x86/0x189 [ 71.208245][ T9152] ? refcount_warn_saturate+0x174/0x1f0 [ 71.213775][ T9152] kobject_get+0x134/0x150 [ 71.218176][ T9152] cdev_get+0x60/0xb0 [ 71.222135][ T9152] chrdev_open+0xb0/0x6b0 [ 71.226444][ T9152] ? cdev_put.part.0+0x50/0x50 [ 71.231185][ T9152] ? security_file_open+0x87/0x300 [ 71.236275][ T9152] do_dentry_open+0x4e6/0x1380 [ 71.241013][ T9152] ? __kasan_check_read+0x11/0x20 [ 71.246014][ T9152] ? cdev_put.part.0+0x50/0x50 [ 71.250759][ T9152] ? chown_common+0x5c0/0x5c0 [ 71.255435][ T9152] ? inode_permission+0xb4/0x520 [ 71.260373][ T9152] vfs_open+0xa0/0xd0 [ 71.264360][ T9152] path_openat+0x10e4/0x4710 [ 71.268942][ T9152] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 71.274733][ T9152] ? kasan_slab_alloc+0xf/0x20 [ 71.279480][ T9152] ? kmem_cache_alloc+0x121/0x710 [ 71.284485][ T9152] ? getname_flags+0xd6/0x5b0 [ 71.289143][ T9152] ? getname+0x1a/0x20 [ 71.293230][ T9152] ? do_sys_open+0x2c9/0x5d0 [ 71.297809][ T9152] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 71.303162][ T9152] ? __alloc_fd+0x487/0x620 [ 71.307644][ T9152] do_filp_open+0x1a1/0x280 [ 71.312124][ T9152] ? may_open_dev+0x100/0x100 [ 71.316784][ T9152] ? do_raw_spin_unlock+0x178/0x270 [ 71.321976][ T9152] ? _raw_spin_unlock+0x28/0x40 [ 71.326800][ T9152] ? __alloc_fd+0x487/0x620 [ 71.331284][ T9152] do_sys_open+0x3fe/0x5d0 [ 71.335680][ T9152] ? filp_open+0x80/0x80 [ 71.339921][ T9152] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 71.345386][ T9152] ? do_syscall_64+0x26/0x790 [ 71.350054][ T9152] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.356108][ T9152] ? do_syscall_64+0x26/0x790 [ 71.360775][ T9152] __x64_sys_open+0x7e/0xc0 [ 71.365263][ T9152] do_syscall_64+0xfa/0x790 [ 71.369750][ T9152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.375625][ T9152] RIP: 0033:0x406eb1 [ 71.379673][ T9152] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 18 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 71.399399][ T9152] RSP: 002b:00007fe00bebc960 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 71.407794][ T9152] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000406eb1 [ 71.415760][ T9152] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fe00bebc970 [ 71.423712][ T9152] RBP: 6666666666666667 R08: 000000000000000f R09: 00007fe00bebd700 [ 71.431663][ T9152] R10: 00007fe00bebd9d0 R11: 0000000000000293 R12: 00000000006dec4c [ 71.439625][ T9152] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000317a7973 [ 71.449006][ T9152] Kernel Offset: disabled [ 71.453421][ T9152] Rebooting in 86400 seconds..