[ 40.899774][ T27] audit: type=1800 audit(1556471644.187:25): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 40.921084][ T27] audit: type=1800 audit(1556471644.187:26): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 40.949991][ T27] audit: type=1800 audit(1556471644.187:27): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 40.977804][ T27] audit: type=1800 audit(1556471644.187:28): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. syzkaller login: [ 59.941014][ T7857] IPVS: ftp: loaded support on port[0] = 21 [ 59.943405][ T7854] IPVS: ftp: loaded support on port[0] = 21 [ 59.955184][ T7859] IPVS: ftp: loaded support on port[0] = 21 [ 59.958947][ T7855] IPVS: ftp: loaded support on port[0] = 21 [ 59.965523][ T7856] IPVS: ftp: loaded support on port[0] = 21 [ 59.970234][ T7858] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program [ 60.199110][ T7863] input: syz1 as /devices/virtual/input/input6 [ 60.207752][ T7861] input: syz1 as /devices/virtual/input/input5 [ 60.235473][ T7869] input: syz1 as /devices/virtual/input/input7 executing program executing program [ 60.257238][ T7868] input: syz1 as /devices/virtual/input/input8 [ 60.267013][ T7872] input: syz1 as /devices/virtual/input/input9 [ 60.284388][ T7877] input: syz1 as /devices/virtual/input/input10 executing program executing program [ 60.336351][ T7883] input: syz1 as /devices/virtual/input/input11 [ 60.360881][ T7892] input: syz1 as /devices/virtual/input/input12 executing program executing program [ 60.398090][ T7896] input: syz1 as /devices/virtual/input/input13 [ 60.428348][ T7900] input: syz1 as /devices/virtual/input/input14 executing program executing program [ 60.453657][ T7904] input: syz1 as /devices/virtual/input/input15 [ 60.466529][ T7906] input: syz1 as /devices/virtual/input/input16 executing program [ 60.498740][ T7911] input: syz1 as /devices/virtual/input/input17 executing program executing program [ 60.556601][ T7917] input: syz1 as /devices/virtual/input/input18 [ 60.582305][ T7920] input: syz1 as /devices/virtual/input/input19 executing program executing program [ 60.624950][ T7924] input: syz1 as /devices/virtual/input/input20 [ 60.648311][ T7928] input: syz1 as /devices/virtual/input/input21 executing program [ 60.676100][ T7932] input: syz1 as /devices/virtual/input/input22 executing program [ 60.732467][ T7937] input: syz1 as /devices/virtual/input/input23 executing program executing program [ 60.773119][ T7940] input: syz1 as /devices/virtual/input/input24 [ 60.797844][ T7944] input: syz1 as /devices/virtual/input/input25 executing program [ 60.833848][ T7948] input: syz1 as /devices/virtual/input/input26 [ 60.878485][ T7952] input: syz1 as /devices/virtual/input/input27 [ 60.886349][ T7953] ------------[ cut here ]------------ [ 60.892084][ T7953] refcount_t: increment on 0; use-after-free. [ 60.892490][ T7953] WARNING: CPU: 0 PID: 7953 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70 [ 60.900053][ T7927] kobject: 'event5' (00000000a9715f67): kobject_cleanup, parent (null) [ 60.907410][ T7953] Kernel panic - not syncing: panic_on_warn set ... [ 60.907427][ T7953] CPU: 0 PID: 7953 Comm: syz-executor934 Not tainted 5.1.0-rc6+ #90 [ 60.907435][ T7953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.907451][ T7953] Call Trace: [ 60.907487][ T7953] dump_stack+0x172/0x1f0 [ 60.907510][ T7953] ? refcount_inc_not_zero_checked+0x1b0/0x200 [ 60.907533][ T7953] panic+0x2cb/0x65c [ 60.958988][ T7953] ? __warn_printk+0xf3/0xf3 [ 60.963610][ T7953] ? refcount_inc_checked+0x61/0x70 [ 60.968840][ T7953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.975102][ T7953] ? __warn.cold+0x5/0x45 [ 60.979451][ T7953] ? __warn+0xe8/0x1d0 [ 60.983534][ T7953] ? refcount_inc_checked+0x61/0x70 [ 60.988741][ T7953] __warn.cold+0x20/0x45 [ 60.993000][ T7953] ? refcount_inc_checked+0x61/0x70 [ 60.998208][ T7953] report_bug+0x263/0x2b0 [ 61.002546][ T7953] do_error_trap+0x11b/0x200 [ 61.007141][ T7953] do_invalid_op+0x37/0x50 [ 61.011555][ T7953] ? refcount_inc_checked+0x61/0x70 [ 61.016757][ T7953] invalid_op+0x14/0x20 [ 61.020915][ T7953] RIP: 0010:refcount_inc_checked+0x61/0x70 [ 61.026721][ T7953] Code: 1d 98 2b 2a 06 31 ff 89 de e8 5b 2d 40 fe 84 db 75 dd e8 12 2c 40 fe 48 c7 c7 e0 79 a1 87 c6 05 78 2b 2a 06 01 e8 fd d9 12 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 [ 61.046336][ T7953] RSP: 0018:ffff88808e5578b8 EFLAGS: 00010282 [ 61.052420][ T7953] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 61.060401][ T7953] RDX: 0000000000000000 RSI: ffffffff815afcb6 RDI: ffffed1011caaf09 [ 61.068386][ T7953] RBP: ffff88808e5578c8 R08: ffff88808f15c180 R09: ffff88808f15ca20 [ 61.076376][ T7953] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a8cf31f8 [ 61.084363][ T7953] R13: 0000000000000000 R14: ffff88809e9f5300 R15: ffff888090c1a4c0 [ 61.092373][ T7953] ? vprintk_func+0x86/0x189 [ 61.096986][ T7953] ? refcount_inc_checked+0x61/0x70 [ 61.102211][ T7953] kobject_get+0x66/0xc0 [ 61.106479][ T7953] cdev_get+0x60/0xb0 [ 61.110475][ T7953] chrdev_open+0xb0/0x6b0 [ 61.114815][ T7953] ? cdev_put.part.0+0x50/0x50 [ 61.119607][ T7953] ? security_file_open+0x8d/0x300 [ 61.124734][ T7953] do_dentry_open+0x4e2/0x1250 [ 61.129514][ T7953] ? kasan_check_read+0x11/0x20 [ 61.134376][ T7953] ? cdev_put.part.0+0x50/0x50 [ 61.139157][ T7953] ? chown_common+0x5c0/0x5c0 [ 61.143846][ T7953] ? inode_permission+0xb4/0x570 [ 61.148807][ T7953] vfs_open+0xa0/0xd0 [ 61.152808][ T7953] path_openat+0x10e9/0x46e0 [ 61.157417][ T7953] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 61.163239][ T7953] ? kasan_slab_alloc+0xf/0x20 [ 61.168028][ T7953] ? kmem_cache_alloc+0x11a/0x6f0 [ 61.173069][ T7953] ? getname_flags+0xd6/0x5b0 [ 61.177750][ T7953] ? getname+0x1a/0x20 [ 61.181826][ T7953] ? do_sys_open+0x2c9/0x5d0 [ 61.186432][ T7953] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 61.191833][ T7953] ? __alloc_fd+0x44d/0x560 [ 61.196367][ T7953] do_filp_open+0x1a1/0x280 [ 61.200897][ T7953] ? may_open_dev+0x100/0x100 [ 61.205591][ T7953] ? kasan_check_read+0x11/0x20 [ 61.210449][ T7953] ? do_raw_spin_unlock+0x57/0x270 [ 61.215570][ T7953] ? _raw_spin_unlock+0x2d/0x50 [ 61.220429][ T7953] ? __alloc_fd+0x44d/0x560 [ 61.224954][ T7953] do_sys_open+0x3fe/0x5d0 [ 61.229379][ T7953] ? filp_open+0x80/0x80 [ 61.233637][ T7953] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.239124][ T7953] ? do_syscall_64+0x26/0x610 [ 61.243810][ T7953] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.250182][ T7953] ? do_syscall_64+0x26/0x610 [ 61.254878][ T7953] __x64_sys_open+0x7e/0xc0 [ 61.259392][ T7953] do_syscall_64+0x103/0x610 [ 61.264001][ T7953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.275720][ T7953] RIP: 0033:0x4068c1 [ 61.279614][ T7953] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 18 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 61.299228][ T7953] RSP: 002b:00007ff6710d7960 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 61.307680][ T7953] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004068c1 [ 61.315657][ T7953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ff6710d7970 [ 61.323628][ T7953] RBP: 6666666666666667 R08: 000000000000000f R09: 00007ff6710d8700 [ 61.331603][ T7953] R10: 00007ff6710d89d0 R11: 0000000000000293 R12: 00000000006f003c [ 61.339588][ T7953] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000317a7973 [ 61.348766][ T7953] Kernel Offset: disabled [ 61.353184][ T7953] Rebooting in 86400 seconds..