[ 45.487488] audit: type=1800 audit(1546498059.915:30): pid=8282 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 49.340682] kauditd_printk_skb: 4 callbacks suppressed [ 49.340698] audit: type=1400 audit(1546498063.805:35): avc: denied { map } for pid=8457 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. executing program [ 74.275932] audit: type=1400 audit(1546498088.745:36): avc: denied { map } for pid=8469 comm="syz-executor845" path="/root/syz-executor845164787" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 74.308422] Bluetooth: hci0: Frame reassembly failed (-84) [ 76.385746] Bluetooth: hci0: command 0x1003 tx timeout [ 76.391464] Bluetooth: hci0: sending frame failed (-49) [ 78.465054] Bluetooth: hci0: command 0x1001 tx timeout [ 78.470702] Bluetooth: hci0: sending frame failed (-49) [ 80.545050] Bluetooth: hci0: command 0x1009 tx timeout executing program [ 84.556531] Bluetooth: hci0: Frame reassembly failed (-84) [ 84.558440] BUG: unable to handle kernel paging request at ffffffffffffffd6 [ 84.569348] #PF error: [normal kernel read fault] [ 84.574182] PGD 9871067 P4D 9871067 PUD 9873067 PMD 0 [ 84.579473] Oops: 0000 [#1] PREEMPT SMP KASAN [ 84.583948] CPU: 0 PID: 2495 Comm: kworker/u4:3 Not tainted 4.20.0+ #6 [ 84.590587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.599929] Workqueue: events_unbound flush_to_ldisc [ 84.605016] RIP: 0010:h4_recv_buf+0x1ea/0xda0 [ 84.609497] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f [ 84.628495] RSP: 0018:ffff8880a2c8f6c0 EFLAGS: 00010246 [ 84.633858] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6 [ 84.641109] RDX: dffffc0000000000 RSI: ffffffff85893842 RDI: 0000000000000005 [ 84.648372] RBP: ffff8880a2c8f748 R08: ffff8880a2c7a080 R09: 0000000000000003 [ 84.655618] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c [ 84.662872] R13: ffff88809ab44300 R14: ffff888098a23220 R15: 0000000000000006 [ 84.670138] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 84.678338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.684213] CR2: ffffffffffffffd6 CR3: 00000000908f5000 CR4: 00000000001406f0 [ 84.691460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.698838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.706085] Call Trace: [ 84.708656] ? __lock_is_held+0xb6/0x140 [ 84.712710] h4_recv+0xe4/0x200 [ 84.715972] hci_uart_tty_receive+0x22b/0x530 [ 84.720448] ? hci_uart_write_work+0x710/0x710 [ 84.725014] tty_ldisc_receive_buf+0x164/0x1c0 [ 84.729578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.735100] tty_port_default_receive_buf+0x114/0x190 [ 84.740285] ? do_raw_spin_unlock+0xa0/0x330 [ 84.744758] ? tty_port_lower_dtr_rts+0x90/0x90 [ 84.749415] ? process_one_work+0xbf1/0x1ce0 [ 84.753805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.759323] flush_to_ldisc+0x3b2/0x590 [ 84.763283] ? tty_insert_flip_string_flags+0x1b0/0x1b0 [ 84.768648] ? __lock_is_held+0xb6/0x140 [ 84.772696] process_one_work+0xd0c/0x1ce0 [ 84.776926] ? __switch_to_asm+0x34/0x70 [ 84.780969] ? __switch_to_asm+0x40/0x70 [ 84.785021] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 84.789672] ? __schedule+0x89f/0x1e90 [ 84.793541] ? pci_mmcfg_check_reserved+0x170/0x170 [ 84.798539] ? worker_thread+0x3b7/0x14a0 [ 84.802666] ? find_held_lock+0x35/0x120 [ 84.806717] ? lock_acquire+0x1db/0x570 [ 84.810668] ? worker_thread+0x3cd/0x14a0 [ 84.814796] ? kasan_check_read+0x11/0x20 [ 84.818923] ? do_raw_spin_lock+0x156/0x360 [ 84.823220] ? lock_release+0xc40/0xc40 [ 84.827177] ? rwlock_bug.part.0+0x90/0x90 [ 84.831393] ? trace_hardirqs_on_caller+0x310/0x310 [ 84.836398] worker_thread+0x143/0x14a0 [ 84.840359] ? process_one_work+0x1ce0/0x1ce0 [ 84.844833] ? __kthread_parkme+0xc3/0x1b0 [ 84.849053] ? lock_acquire+0x1db/0x570 [ 84.853008] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 84.858092] ? lockdep_hardirqs_on+0x415/0x5d0 [ 84.862654] ? trace_hardirqs_on+0xbd/0x310 [ 84.866954] ? __kthread_parkme+0xc3/0x1b0 [ 84.871171] ? trace_hardirqs_off_caller+0x300/0x300 [ 84.876253] ? do_raw_spin_trylock+0x270/0x270 [ 84.880814] ? schedule+0x108/0x350 [ 84.884435] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 84.889523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.895043] ? __kthread_parkme+0xfb/0x1b0 [ 84.899261] kthread+0x357/0x430 [ 84.902611] ? process_one_work+0x1ce0/0x1ce0 [ 84.907089] ? kthread_stop+0x920/0x920 [ 84.911048] ret_from_fork+0x3a/0x50 [ 84.914742] Modules linked in: [ 84.917911] CR2: ffffffffffffffd6 [ 84.921344] ---[ end trace 1634737d46a55fd8 ]--- [ 84.926083] RIP: 0010:h4_recv_buf+0x1ea/0xda0 [ 84.930560] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f [ 84.949446] RSP: 0018:ffff8880a2c8f6c0 EFLAGS: 00010246 [ 84.954790] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6 [ 84.962038] RDX: dffffc0000000000 RSI: ffffffff85893842 RDI: 0000000000000005 [ 84.969399] RBP: ffff8880a2c8f748 R08: ffff8880a2c7a080 R09: 0000000000000003 [ 84.976651] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c [ 84.983900] R13: ffff88809ab44300 R14: ffff888098a23220 R15: 0000000000000006 [ 84.991148] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 84.999353] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.005213] CR2: ffffffffffffffd6 CR3: 00000000908f5000 CR4: 00000000001406f0 [ 85.012466] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.019713] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.026970] Kernel panic - not syncing: Fatal exception [ 85.033331] Kernel Offset: disabled [ 85.036956] Rebooting in 86400 seconds..