[   38.187177] audit: type=1800 audit(1548884616.981:26): pid=7655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.220652] audit: type=1800 audit(1548884616.981:27): pid=7655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   38.243355] audit: type=1800 audit(1548884616.981:28): pid=7655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.013010] audit: type=1800 audit(1548884617.821:29): pid=7655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   55.405560] Bluetooth: hci1: Frame reassembly failed (-84)
[   55.415303] Bluetooth: hci5: Frame reassembly failed (-84)
[   55.418902] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.430085] Bluetooth: hci3: Frame reassembly failed (-84)
[   55.439131] Bluetooth: hci4: Frame reassembly failed (-84)
[   55.439687] Bluetooth: hci2: Frame reassembly failed (-84)
executing program
executing program
[   55.463307] Bluetooth: hci1: sending frame failed (-49)
[   55.472495] Bluetooth: hci5: sending frame failed (-49)
[   55.479197] Bluetooth: hci3: sending frame failed (-49)
[   55.484895] Bluetooth: hci2: sending frame failed (-49)
[   55.492303] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.501268] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.514597] Bluetooth: hci4: Frame reassembly failed (-84)
[   57.483905] Bluetooth: hci2: command 0x1003 tx timeout
[   57.483911] Bluetooth: hci5: command 0x1003 tx timeout
[   57.494774] Bluetooth: hci5: sending frame failed (-49)
[   57.500413] Bluetooth: hci1: command 0x1003 tx timeout
[   57.500449] Bluetooth: hci2: sending frame failed (-49)
[   57.511212] Bluetooth: hci1: sending frame failed (-49)
[   57.563209] Bluetooth: hci3: command 0x1003 tx timeout
[   57.563215] Bluetooth: hci4: command 0x1003 tx timeout
[   57.563244] Bluetooth: hci0: command 0x1003 tx timeout
[   57.568724] Bluetooth: hci4: sending frame failed (-49)
[   57.573912] Bluetooth: hci3: sending frame failed (-49)
[   57.574500] Bluetooth: hci0: sending frame failed (-49)
[   59.563179] Bluetooth: hci5: command 0x1001 tx timeout
[   59.563189] Bluetooth: hci1: command 0x1001 tx timeout
[   59.568593] Bluetooth: hci5: sending frame failed (-49)
[   59.574383] Bluetooth: hci1: sending frame failed (-49)
[   59.584856] Bluetooth: hci2: command 0x1001 tx timeout
[   59.590194] Bluetooth: hci2: sending frame failed (-49)
[   59.643150] Bluetooth: hci0: command 0x1001 tx timeout
[   59.643164] Bluetooth: hci4: command 0x1001 tx timeout
[   59.648746] Bluetooth: hci3: command 0x1001 tx timeout
[   59.654106] Bluetooth: hci0: sending frame failed (-49)
[   59.659537] Bluetooth: hci3: sending frame failed (-49)
[   59.665042] Bluetooth: hci4: sending frame failed (-49)
[   61.643228] Bluetooth: hci5: command 0x1009 tx timeout
[   61.643243] Bluetooth: hci2: command 0x1009 tx timeout
[   61.653873] Bluetooth: hci1: command 0x1009 tx timeout
[   61.723234] Bluetooth: hci4: command 0x1009 tx timeout
[   61.723240] Bluetooth: hci3: command 0x1009 tx timeout
[   61.734616] Bluetooth: hci0: command 0x1009 tx timeout
executing program
executing program
executing program
executing program
[   65.904454] Bluetooth: hci1: Frame reassembly failed (-84)
[   65.907184] BUG: unable to handle kernel paging request at ffffffffffffffd6
[   65.910371] kobject: 'rfkill14' (000000003dc03dd0): kobject_add_internal: parent: 'hci0', set: 'devices'
[   65.917383] #PF error: [normal kernel read fault]
[   65.917389] PGD 9874067 P4D 9874067 PUD 9876067 PMD 0 
[   65.917409] Oops: 0000 [#1] PREEMPT SMP KASAN
[   65.917422] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.0.0-rc4+ #52
[   65.917428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.917443] Workqueue: events_unbound flush_to_ldisc
[   65.929909] kobject: 'hci2' (0000000084bb6c10): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   65.931879] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   65.931889] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   65.931899] RSP: 0018:ffff8880a95af6c0 EFLAGS: 00010246
[   65.938683] kobject: 'hci3' (00000000c10e4b20): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   65.941717] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   65.941725] RDX: dffffc0000000000 RSI: ffffffff858a4252 RDI: 0000000000000005
[   65.941732] RBP: ffff8880a95af748 R08: ffff8880a95a0580 R09: 0000000000000007
[   65.941742] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c
[   65.949835] kobject: 'hci2' (0000000084bb6c10): kobject_uevent_env
[   65.957895] R13: ffff88809410c800 R14: ffff88808d176de0 R15: 0000000000000006
[   65.957906] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   65.957914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   65.957922] CR2: ffffffffffffffd6 CR3: 0000000093109000 CR4: 00000000001406f0
[   65.957932] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   65.963180] kobject: 'hci3' (00000000c10e4b20): kobject_uevent_env
[   65.972691] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   65.972696] Call Trace:
[   65.972712]  ? __lock_is_held+0xb6/0x140
executing program
[   65.972731]  ll_recv+0xe4/0x200
[   65.977445] kobject: 'rfkill14' (000000003dc03dd0): kobject_uevent_env
[   65.996305]  hci_uart_tty_receive+0x22b/0x530
[   65.996314]  ? hci_uart_write_work+0x710/0x710
[   65.996325]  tty_ldisc_receive_buf+0x164/0x1c0
[   65.996334]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.996347]  tty_port_default_receive_buf+0x114/0x190
[   66.001799] kobject: 'hci2' (0000000084bb6c10): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2'
[   66.011414]  ? do_raw_spin_unlock+0xa0/0x330
[   66.011428]  ? tty_port_lower_dtr_rts+0x90/0x90
[   66.011441]  ? process_one_work+0xbf1/0x1ce0
[   66.011452]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.011466]  flush_to_ldisc+0x3b2/0x590
[   66.018792] kobject: 'hci3' (00000000c10e4b20): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3'
[   66.025977]  ? tty_insert_flip_string_flags+0x1b0/0x1b0
[   66.025988]  ? __lock_is_held+0xb6/0x140
[   66.026008]  process_one_work+0xd0c/0x1ce0
[   66.033534] kobject: 'rfkill14' (000000003dc03dd0): fill_kobj_path: path = '/devices/virtual/bluetooth/hci0/rfkill14'
[   66.040529]  ? preempt_notifier_register+0x200/0x200
[   66.040543]  ? __switch_to_asm+0x34/0x70
[   66.040562]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   66.047151] kobject: 'rfkill15' (00000000982ddbde): kobject_add_internal: parent: 'hci2', set: 'devices'
[   66.054110]  ? __schedule+0x89f/0x1e60
[   66.054126]  ? pci_mmcfg_check_reserved+0x170/0x170
[   66.054139]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.054153]  ? worker_thread+0x3b7/0x14a0
[   66.062444] Bluetooth: hci0: Frame reassembly failed (-84)
[   66.068222]  ? find_held_lock+0x35/0x120
[   66.068237]  ? lock_acquire+0x1db/0x570
[   66.068252]  ? worker_thread+0x3cd/0x14a0
[   66.075769] kobject: 'rfkill15' (00000000982ddbde): kobject_uevent_env
[   66.082763]  ? kasan_check_read+0x11/0x20
[   66.082775]  ? do_raw_spin_lock+0x156/0x360
[   66.082787]  ? lock_release+0xc40/0xc40
[   66.089269] kobject: 'rfkill15' (00000000982ddbde): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill15'
[   66.096340]  ? rwlock_bug.part.0+0x90/0x90
[   66.096353]  ? trace_hardirqs_on_caller+0x310/0x310
[   66.096374]  worker_thread+0x143/0x14a0
[   66.099130] kobject: 'rfkill16' (0000000071d2dd6a): kobject_add_internal: parent: 'hci3', set: 'devices'
[   66.102983]  ? process_one_work+0x1ce0/0x1ce0
[   66.102996]  ? __kthread_parkme+0xc3/0x1b0
[   66.106347] Bluetooth: hci2: Frame reassembly failed (-84)
[   66.112902]  ? lock_acquire+0x1db/0x570
[   66.112916]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   66.112929]  ? lockdep_hardirqs_on+0x415/0x5d0
[   66.117664] kobject: 'rfkill16' (0000000071d2dd6a): kobject_uevent_env
[   66.121965]  ? trace_hardirqs_on+0xbd/0x310
[   66.121976]  ? __kthread_parkme+0xc3/0x1b0
[   66.121990]  ? trace_hardirqs_off_caller+0x300/0x300
[   66.126621] kobject: 'rfkill16' (0000000071d2dd6a): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3/rfkill16'
[   66.132074]  ? do_raw_spin_trylock+0x270/0x270
[   66.132087]  ? schedule+0x108/0x350
[   66.137567] Bluetooth: hci3: Frame reassembly failed (-84)
[   66.146860]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   66.146873]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.146887]  ? __kthread_parkme+0xfb/0x1b0
[   66.154282] kobject: 'hci4' (00000000bb49426b): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   66.155930]  kthread+0x357/0x430
[   66.155948]  ? process_one_work+0x1ce0/0x1ce0
[   66.160500] kobject: 'hci4' (00000000bb49426b): kobject_uevent_env
[   66.165848]  ? kthread_stop+0x920/0x920
[   66.165864]  ret_from_fork+0x3a/0x50
[   66.165876] Modules linked in:
[   66.169882] kobject: 'hci4' (00000000bb49426b): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4'
[   66.179422] CR2: ffffffffffffffd6
[   66.179436] ---[ end trace 7e9094748c68067b ]---
[   66.179451] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   66.179465] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   66.185010] kobject: 'rfkill17' (000000008af46689): kobject_add_internal: parent: 'hci4', set: 'devices'
[   66.188847] RSP: 0018:ffff8880a95af6c0 EFLAGS: 00010246
[   66.188859] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   66.188865] RDX: dffffc0000000000 RSI: ffffffff858a4252 RDI: 0000000000000005
[   66.188875] RBP: ffff8880a95af748 R08: ffff8880a95a0580 R09: 0000000000000007
[   66.193347] kobject: 'rfkill17' (000000008af46689): kobject_uevent_env
[   66.203811] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c
[   66.203819] R13: ffff88809410c800 R14: ffff88808d176de0 R15: 0000000000000006
[   66.203831] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   66.203838] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   66.203848] CR2: ffffffffffffffd6 CR3: 0000000093109000 CR4: 00000000001406f0
[   66.208988] kobject: 'rfkill17' (000000008af46689): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4/rfkill17'
[   66.212965] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   66.212973] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   66.212983] Kernel panic - not syncing: Fatal exception
[   66.217862] Bluetooth: hci4: Frame reassembly failed (-84)
[   66.228317] Kernel Offset: disabled
[   66.599395] Rebooting in 86400 seconds..