[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context mai[ 40.886554][ T25] audit: type=1800 audit(1555246682.722:33): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 ntaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.372810][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 44.372823][ T25] audit: type=1400 audit(1555246686.212:35): avc: denied { map } for pid=7965 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 50.963860][ T25] audit: type=1400 audit(1555246692.802:36): avc: denied { map } for pid=7977 comm="syz-executor466" path="/root/syz-executor466727407" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.001701][ T7993] input: syz0 as /devices/virtual/input/input7 [ 51.007361][ T7988] input: syz0 as /devices/virtual/input/input6 [ 51.021449][ T7990] input: syz0 as /devices/virtual/input/input9 [ 51.039368][ T7997] input: syz0 as /devices/virtual/input/input10 [ 51.056283][ T7994] input: syz0 as /devices/virtual/input/input8 [ 51.072576][ T7987] input: syz0 as /devices/virtual/input/input5 executing program executing program [ 51.143625][ T8011] input: syz0 as /devices/virtual/input/input11 executing program executing program [ 51.184776][ T8014] input: syz0 as /devices/virtual/input/input12 executing program [ 51.225900][ T8020] input: syz0 as /devices/virtual/input/input13 [ 51.234446][ T8019] input: syz0 as /devices/virtual/input/input14 [ 51.265925][ T8025] input: syz0 as /devices/virtual/input/input15 executing program executing program [ 51.317676][ T8030] input: syz0 as /devices/virtual/input/input16 executing program executing program [ 51.369509][ T8036] input: syz0 as /devices/virtual/input/input17 [ 51.395846][ T8040] input: syz0 as /devices/virtual/input/input18 executing program [ 51.441618][ T8044] input: syz0 as /devices/virtual/input/input19 executing program [ 51.484268][ T8048] input: syz0 as /devices/virtual/input/input20 executing program executing program [ 51.528748][ T8052] input: syz0 as /devices/virtual/input/input21 [ 51.563984][ T8056] input: syz0 as /devices/virtual/input/input22 executing program executing program [ 51.602311][ T8060] input: syz0 as /devices/virtual/input/input23 [ 51.634726][ T8066] input: syz0 as /devices/virtual/input/input24 executing program [ 51.674281][ T8072] input: syz0 as /devices/virtual/input/input25 executing program [ 51.728304][ T8079] input: syz0 as /devices/virtual/input/input26 executing program [ 51.770577][ T8082] input: syz0 as /devices/virtual/input/input27 [ 51.809258][ T8086] input: syz0 as /devices/virtual/input/input28 [ 51.815970][ T8087] ------------[ cut here ]------------ [ 51.821769][ T8087] refcount_t: increment on 0; use-after-free. [ 51.828102][ T8087] WARNING: CPU: 1 PID: 8087 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70 [ 51.837195][ T8087] Kernel panic - not syncing: panic_on_warn set ... [ 51.843764][ T8087] CPU: 1 PID: 8087 Comm: syz-executor466 Not tainted 5.1.0-rc4+ #67 [ 51.851744][ T8087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.861775][ T8087] Call Trace: [ 51.865051][ T8087] dump_stack+0x172/0x1f0 [ 51.869368][ T8087] ? refcount_inc_not_zero_checked+0x1e0/0x200 [ 51.875510][ T8087] panic+0x2cb/0x65c [ 51.879386][ T8087] ? __warn_printk+0xf3/0xf3 [ 51.884047][ T8087] ? refcount_inc_checked+0x61/0x70 [ 51.889229][ T8087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.895450][ T8087] ? __warn.cold+0x5/0x45 [ 51.899758][ T8087] ? __warn+0xe8/0x1d0 [ 51.903809][ T8087] ? refcount_inc_checked+0x61/0x70 [ 51.908999][ T8087] __warn.cold+0x20/0x45 [ 51.913226][ T8087] ? refcount_inc_checked+0x61/0x70 [ 51.918403][ T8087] report_bug+0x263/0x2b0 [ 51.922712][ T8087] do_error_trap+0x11b/0x200 [ 51.927286][ T8087] do_invalid_op+0x37/0x50 [ 51.931683][ T8087] ? refcount_inc_checked+0x61/0x70 [ 51.936861][ T8087] invalid_op+0x14/0x20 [ 51.940999][ T8087] RIP: 0010:refcount_inc_checked+0x61/0x70 [ 51.946790][ T8087] Code: 1d 86 4c 2a 06 31 ff 89 de e8 8b 55 40 fe 84 db 75 dd e8 42 54 40 fe 48 c7 c7 00 72 a1 87 c6 05 66 4c 2a 06 01 e8 2d 02 13 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 [ 51.966371][ T8087] RSP: 0018:ffff88808e8678b8 EFLAGS: 00010282 [ 51.972414][ T8087] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 51.980368][ T8087] RDX: 0000000000000000 RSI: ffffffff815afcb6 RDI: ffffed1011d0cf09 [ 51.988329][ T8087] RBP: ffff88808e8678c8 R08: ffff8880836cc600 R09: ffffed1015d25011 [ 51.996280][ T8087] R10: ffffed1015d25010 R11: ffff8880ae928087 R12: ffff8880927056f8 [ 52.004230][ T8087] R13: 0000000000000000 R14: ffff8880a8890500 R15: ffff8880958229d8 [ 52.012197][ T8087] ? vprintk_func+0x86/0x189 [ 52.016782][ T8087] ? refcount_inc_checked+0x61/0x70 [ 52.021962][ T8087] kobject_get+0x66/0xc0 [ 52.026205][ T8087] cdev_get+0x60/0xb0 [ 52.030177][ T8087] chrdev_open+0xb0/0x6b0 [ 52.034604][ T8087] ? cdev_put.part.0+0x50/0x50 [ 52.039363][ T8087] ? security_file_open+0x8d/0x300 [ 52.044457][ T8087] do_dentry_open+0x4e2/0x1250 [ 52.049207][ T8087] ? kasan_check_read+0x11/0x20 [ 52.054037][ T8087] ? cdev_put.part.0+0x50/0x50 [ 52.058784][ T8087] ? chown_common+0x5c0/0x5c0 [ 52.063439][ T8087] ? inode_permission+0xb4/0x570 [ 52.068361][ T8087] vfs_open+0xa0/0xd0 [ 52.072324][ T8087] path_openat+0x10e9/0x46e0 [ 52.076893][ T8087] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 52.082817][ T8087] ? kasan_slab_alloc+0xf/0x20 [ 52.087562][ T8087] ? kmem_cache_alloc+0x11a/0x6f0 [ 52.092564][ T8087] ? getname_flags+0xd6/0x5b0 [ 52.097217][ T8087] ? getname+0x1a/0x20 [ 52.101264][ T8087] ? do_sys_open+0x2c9/0x5d0 [ 52.105846][ T8087] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 52.111206][ T8087] ? __alloc_fd+0x44d/0x560 [ 52.115689][ T8087] do_filp_open+0x1a1/0x280 [ 52.120170][ T8087] ? may_open_dev+0x100/0x100 [ 52.124833][ T8087] ? kasan_check_read+0x11/0x20 [ 52.129664][ T8087] ? do_raw_spin_unlock+0x57/0x270 [ 52.134756][ T8087] ? _raw_spin_unlock+0x2d/0x50 [ 52.139588][ T8087] ? __alloc_fd+0x44d/0x560 [ 52.144079][ T8087] do_sys_open+0x3fe/0x5d0 [ 52.148483][ T8087] ? filp_open+0x80/0x80 [ 52.152724][ T8087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.158169][ T8087] ? do_syscall_64+0x26/0x610 [ 52.162824][ T8087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.168870][ T8087] ? do_syscall_64+0x26/0x610 [ 52.173529][ T8087] __x64_sys_open+0x7e/0xc0 [ 52.178015][ T8087] do_syscall_64+0x103/0x610 [ 52.182586][ T8087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.188486][ T8087] RIP: 0033:0x405811 [ 52.192365][ T8087] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 18 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 52.211946][ T8087] RSP: 002b:00007f5bdfccb960 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 52.220348][ T8087] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000405811 [ 52.228299][ T8087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f5bdfccb970 [ 52.236258][ T8087] RBP: 6666666666666667 R08: 000000000000000f R09: 00007f5bdfccc700 [ 52.244216][ T8087] R10: 00007f5bdfccc9d0 R11: 0000000000000293 R12: 00000000006dbc3c [ 52.252177][ T8087] R13: 0000000000000040 R14: 000000000000ffff R15: ffff0000307a7973 [ 52.261479][ T8087] Kernel Offset: disabled [ 52.265955][ T8087] Rebooting in 86400 seconds..