[ 35.671961][ T26] audit: type=1800 audit(1556471537.746:28): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.574032][ T26] audit: type=1800 audit(1556471538.726:29): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.603034][ T26] audit: type=1800 audit(1556471538.726:30): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts. syzkaller login: [ 45.355230][ T7633] IPVS: ftp: loaded support on port[0] = 21 [ 45.356793][ T7634] IPVS: ftp: loaded support on port[0] = 21 [ 45.372865][ T7635] IPVS: ftp: loaded support on port[0] = 21 [ 45.374474][ T7632] IPVS: ftp: loaded support on port[0] = 21 [ 45.387491][ T7637] IPVS: ftp: loaded support on port[0] = 21 [ 45.387678][ T7636] IPVS: ftp: loaded support on port[0] = 21 [ 45.610034][ T7634] chnl_net:caif_netlink_parms(): no params data found [ 45.676087][ T7633] chnl_net:caif_netlink_parms(): no params data found [ 45.737108][ T7636] chnl_net:caif_netlink_parms(): no params data found [ 45.756200][ T7632] chnl_net:caif_netlink_parms(): no params data found [ 45.794075][ T7635] chnl_net:caif_netlink_parms(): no params data found [ 45.803764][ T7637] chnl_net:caif_netlink_parms(): no params data found [ 45.845826][ T7632] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.854218][ T7632] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.862157][ T7632] device bridge_slave_0 entered promiscuous mode [ 45.869972][ T7633] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.877593][ T7633] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.885392][ T7633] device bridge_slave_0 entered promiscuous mode [ 45.895870][ T7633] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.902995][ T7633] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.910956][ T7633] device bridge_slave_1 entered promiscuous mode [ 45.925839][ T7634] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.933341][ T7634] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.942032][ T7634] device bridge_slave_0 entered promiscuous mode [ 45.952255][ T7632] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.959417][ T7632] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.967268][ T7632] device bridge_slave_1 entered promiscuous mode [ 45.995994][ T7634] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.003221][ T7634] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.011278][ T7634] device bridge_slave_1 entered promiscuous mode [ 46.055908][ T7633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.064550][ T7636] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.072284][ T7636] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.079882][ T7636] device bridge_slave_0 entered promiscuous mode [ 46.096980][ T7632] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.111504][ T7633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.125366][ T7636] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.132516][ T7636] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.140338][ T7636] device bridge_slave_1 entered promiscuous mode [ 46.164802][ T7632] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.185365][ T7634] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.194739][ T7635] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.203183][ T7635] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.211211][ T7635] device bridge_slave_0 entered promiscuous mode [ 46.219806][ T7636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.231032][ T7636] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.243475][ T7637] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.251404][ T7637] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.259160][ T7637] device bridge_slave_0 entered promiscuous mode [ 46.271953][ T7634] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.284171][ T7635] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.292539][ T7635] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.300333][ T7635] device bridge_slave_1 entered promiscuous mode [ 46.322586][ T7637] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.329757][ T7637] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.337940][ T7637] device bridge_slave_1 entered promiscuous mode [ 46.352017][ T7633] team0: Port device team_slave_0 added [ 46.368714][ T7632] team0: Port device team_slave_0 added [ 46.375577][ T7636] team0: Port device team_slave_0 added [ 46.382918][ T7634] team0: Port device team_slave_0 added [ 46.393134][ T7633] team0: Port device team_slave_1 added [ 46.399826][ T7637] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.416619][ T7632] team0: Port device team_slave_1 added [ 46.423814][ T7636] team0: Port device team_slave_1 added [ 46.430655][ T7634] team0: Port device team_slave_1 added [ 46.438166][ T7637] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.452493][ T7635] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.462710][ T7635] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.522062][ T7632] device hsr_slave_0 entered promiscuous mode [ 46.570821][ T7632] device hsr_slave_1 entered promiscuous mode [ 46.618928][ T7637] team0: Port device team_slave_0 added [ 46.656401][ T7637] team0: Port device team_slave_1 added [ 46.722824][ T7636] device hsr_slave_0 entered promiscuous mode [ 46.790933][ T7636] device hsr_slave_1 entered promiscuous mode [ 46.872044][ T7633] device hsr_slave_0 entered promiscuous mode [ 46.910709][ T7633] device hsr_slave_1 entered promiscuous mode [ 46.981892][ T7635] team0: Port device team_slave_0 added [ 47.031950][ T7634] device hsr_slave_0 entered promiscuous mode [ 47.080546][ T7634] device hsr_slave_1 entered promiscuous mode [ 47.130991][ T7635] team0: Port device team_slave_1 added [ 47.182823][ T7637] device hsr_slave_0 entered promiscuous mode [ 47.220718][ T7637] device hsr_slave_1 entered promiscuous mode [ 47.345093][ T7635] device hsr_slave_0 entered promiscuous mode [ 47.390603][ T7635] device hsr_slave_1 entered promiscuous mode [ 47.432191][ T7632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.475314][ T7632] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.493159][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.502751][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.534389][ T7634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.544891][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.558952][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.567805][ T7640] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.575113][ T7640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.584313][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.593497][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.601989][ T7640] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.609028][ T7640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.616725][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.626718][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.649960][ T7636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.665560][ T7634] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.675491][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.684767][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.693826][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.702458][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.710084][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.718999][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.726962][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.735600][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.756806][ T7633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.778491][ T7632] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.789885][ T7632] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.808217][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.816259][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.824166][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.835452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.844389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.853341][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.864296][ T7636] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.884284][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.894876][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.903888][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.913384][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.920580][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.928378][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.937653][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.946070][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.953336][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.961833][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.970512][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.980049][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.987247][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.996057][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.004499][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.016135][ T7637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.035468][ T7635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.057998][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.067601][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.077712][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.084962][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.093405][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.102002][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.110503][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.118941][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.128083][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.137076][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.145768][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.154559][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.162948][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.171262][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.179592][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.201292][ T7632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.208437][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.221364][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.229641][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.238865][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.247740][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.255847][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.263871][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.272220][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.280797][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.289017][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.297732][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.315187][ T7635] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.325258][ T7636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.338431][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.352673][ T7633] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.360918][ T7634] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.368926][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.376820][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.384944][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.394177][ T7638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program [ 48.424616][ T7637] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.442335][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.451264][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.459686][ T7646] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.466783][ T7646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.479925][ T7649] input: syz1 as /devices/virtual/input/input5 [ 48.493546][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.517518][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.526193][ T7646] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.534101][ T7646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.543639][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.553471][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.562302][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.571506][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.579999][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.588792][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.597399][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.606162][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.614842][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.623314][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.632077][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.639826][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.647834][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.656730][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.665352][ T7646] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.672573][ T7646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.680593][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.689060][ T7646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.697694][ T7646] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.704803][ T7646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.714778][ T7635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 48.732845][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.743650][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.754010][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.762645][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.778206][ T7636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.785078][ T7651] input: syz1 as /devices/virtual/input/input6 [ 48.820171][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.829532][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.839025][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.846173][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.854487][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.863172][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.871724][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.878769][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.886443][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.895058][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.903614][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.912165][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.921057][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready executing program [ 48.929510][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.939233][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.947223][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.962788][ T7634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.970127][ T7653] input: syz1 as /devices/virtual/input/input7 executing program [ 49.007462][ T7635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.017374][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.033969][ T7655] input: syz1 as /devices/virtual/input/input8 [ 49.047580][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.057577][ T7655] ------------[ cut here ]------------ [ 49.063400][ T7655] refcount_t: increment on 0; use-after-free. [ 49.069737][ T7655] WARNING: CPU: 0 PID: 7655 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70 [ 49.078823][ T7655] Kernel panic - not syncing: panic_on_warn set ... [ 49.085498][ T7655] CPU: 0 PID: 7655 Comm: syz-executor153 Not tainted 5.1.0-rc6+ #88 [ 49.093451][ T7655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.103489][ T7655] Call Trace: [ 49.106770][ T7655] dump_stack+0x172/0x1f0 [ 49.111100][ T7655] ? refcount_inc_not_zero_checked+0x1b0/0x200 [ 49.117238][ T7655] panic+0x2cb/0x65c [ 49.121123][ T7655] ? __warn_printk+0xf3/0xf3 [ 49.125701][ T7655] ? refcount_inc_checked+0x61/0x70 [ 49.130881][ T7655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.137106][ T7655] ? __warn.cold+0x5/0x45 [ 49.141418][ T7655] ? __warn+0xe8/0x1d0 [ 49.145474][ T7655] ? refcount_inc_checked+0x61/0x70 [ 49.150654][ T7655] __warn.cold+0x20/0x45 [ 49.154879][ T7655] ? refcount_inc_checked+0x61/0x70 [ 49.160063][ T7655] report_bug+0x263/0x2b0 [ 49.164381][ T7655] do_error_trap+0x11b/0x200 [ 49.168956][ T7655] do_invalid_op+0x37/0x50 [ 49.173366][ T7655] ? refcount_inc_checked+0x61/0x70 [ 49.178556][ T7655] invalid_op+0x14/0x20 [ 49.182694][ T7655] RIP: 0010:refcount_inc_checked+0x61/0x70 [ 49.188486][ T7655] Code: 1d 98 2b 2a 06 31 ff 89 de e8 5b 2d 40 fe 84 db 75 dd e8 12 2c 40 fe 48 c7 c7 e0 79 a1 87 c6 05 78 2b 2a 06 01 e8 fd d9 12 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 [ 49.208071][ T7655] RSP: 0018:ffff8880884f78a8 EFLAGS: 00010286 [ 49.214144][ T7655] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 49.222100][ T7655] RDX: 0000000000000000 RSI: ffffffff815afcb6 RDI: ffffed101109ef07 [ 49.230124][ T7655] RBP: ffff8880884f78b8 R08: ffff8880a87dc580 R09: ffffed1015d03ef1 [ 49.238167][ T7655] R10: ffffed1015d03ef0 R11: ffff8880ae81f787 R12: ffff8880a7ed2a78 [ 49.246122][ T7655] R13: 0000000000000000 R14: ffff8880a3940040 R15: ffff8880a176b9a8 [ 49.254192][ T7655] ? vprintk_func+0x86/0x189 [ 49.258786][ T7655] ? refcount_inc_checked+0x61/0x70 [ 49.263967][ T7655] kobject_get+0x66/0xc0 [ 49.268194][ T7655] cdev_get+0x60/0xb0 [ 49.272169][ T7655] chrdev_open+0xb0/0x6b0 [ 49.276503][ T7655] ? cdev_put.part.0+0x50/0x50 [ 49.281262][ T7655] ? security_file_open+0x8d/0x300 [ 49.286809][ T7655] do_dentry_open+0x4e2/0x1250 [ 49.291564][ T7655] ? kasan_check_read+0x11/0x20 [ 49.296663][ T7655] ? cdev_put.part.0+0x50/0x50 [ 49.301415][ T7655] ? chown_common+0x5c0/0x5c0 [ 49.306093][ T7655] ? inode_permission+0xb4/0x570 [ 49.311021][ T7655] vfs_open+0xa0/0xd0 [ 49.315002][ T7655] path_openat+0x10e9/0x46e0 [ 49.319581][ T7655] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 49.325390][ T7655] ? kasan_slab_alloc+0xf/0x20 [ 49.330157][ T7655] ? kmem_cache_alloc+0x11a/0x6f0 [ 49.335164][ T7655] ? getname_flags+0xd6/0x5b0 [ 49.339819][ T7655] ? getname+0x1a/0x20 [ 49.343882][ T7655] ? do_sys_open+0x2c9/0x5d0 [ 49.348473][ T7655] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 49.353924][ T7655] ? __alloc_fd+0x44d/0x560 [ 49.358500][ T7655] do_filp_open+0x1a1/0x280 [ 49.363006][ T7655] ? may_open_dev+0x100/0x100 [ 49.368195][ T7655] ? kasan_check_read+0x11/0x20 [ 49.373045][ T7655] ? do_raw_spin_unlock+0x57/0x270 [ 49.378142][ T7655] ? _raw_spin_unlock+0x2d/0x50 [ 49.382974][ T7655] ? __alloc_fd+0x44d/0x560 [ 49.387469][ T7655] do_sys_open+0x3fe/0x5d0 [ 49.391870][ T7655] ? filp_open+0x80/0x80 [ 49.396099][ T7655] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.401550][ T7655] ? do_fast_syscall_32+0xd1/0xc98 [ 49.406644][ T7655] ? entry_SYSENTER_compat+0x70/0x7f [ 49.411916][ T7655] ? do_fast_syscall_32+0xd1/0xc98 [ 49.417017][ T7655] __ia32_compat_sys_open+0x79/0xb0 [ 49.422207][ T7655] do_fast_syscall_32+0x281/0xc98 [ 49.427228][ T7655] entry_SYSENTER_compat+0x70/0x7f [ 49.432319][ T7655] RIP: 0023:0xf7f8e869 [ 49.436370][ T7655] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 49.455971][ T7655] RSP: 002b:000000000820f8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 49.464474][ T7655] RAX: ffffffffffffffda RBX: 000000000820f91c RCX: 0000000000000000 [ 49.472428][ T7655] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000020000012 [ 49.480383][ T7655] RBP: 000000000820fd6c R08: 0000000000000000 R09: 0000000000000000 [ 49.488346][ T7655] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 49.496317][ T7655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.505839][ T7655] Kernel Offset: disabled [ 49.510286][ T7655] Rebooting in 86400 seconds..