[   39.613687] audit: type=1800 audit(1546437388.637:25): pid=7809 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   39.648804] audit: type=1800 audit(1546437388.637:26): pid=7809 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.674580] audit: type=1800 audit(1546437388.647:27): pid=7809 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   51.526853] Bluetooth: hci1: Frame reassembly failed (-84)
[   51.533470] Bluetooth: hci0: Frame reassembly failed (-84)
[   51.543343] Bluetooth: hci4: Frame reassembly failed (-84)
[   51.554918] Bluetooth: hci2: Frame reassembly failed (-84)
[   51.564748] Bluetooth: hci5: Frame reassembly failed (-84)
[   51.565747] Bluetooth: hci0: sending frame failed (-49)
[   51.576906] Bluetooth: hci3: Frame reassembly failed (-84)
[   51.582878] Bluetooth: hci1: sending frame failed (-49)
[   53.621407] Bluetooth: hci3: command 0x1003 tx timeout
[   53.621414] Bluetooth: hci2: command 0x1003 tx timeout
[   53.621853] Bluetooth: hci0: command 0x1003 tx timeout
[   53.626932] Bluetooth: hci2: sending frame failed (-49)
[   53.632770] Bluetooth: hci0: sending frame failed (-49)
[   53.637580] Bluetooth: hci3: sending frame failed (-49)
[   53.653755] Bluetooth: hci5: command 0x1003 tx timeout
[   53.659241] Bluetooth: hci5: sending frame failed (-49)
[   53.664733] Bluetooth: hci4: command 0x1003 tx timeout
[   53.670210] Bluetooth: hci1: command 0x1003 tx timeout
[   53.670245] Bluetooth: hci4: sending frame failed (-49)
[   53.677190] Bluetooth: hci1: sending frame failed (-49)
[   55.700743] Bluetooth: hci4: command 0x1001 tx timeout
[   55.700750] Bluetooth: hci1: command 0x1001 tx timeout
[   55.700782] Bluetooth: hci5: command 0x1001 tx timeout
[   55.706181] Bluetooth: hci0: command 0x1001 tx timeout
[   55.711588] Bluetooth: hci1: sending frame failed (-49)
[   55.716821] Bluetooth: hci4: sending frame failed (-49)
[   55.722437] Bluetooth: hci5: sending frame failed (-49)
[   55.727847] Bluetooth: hci0: sending frame failed (-49)
[   55.733150] Bluetooth: hci3: command 0x1001 tx timeout
[   55.749190] Bluetooth: hci2: command 0x1001 tx timeout
[   55.749246] Bluetooth: hci3: sending frame failed (-49)
[   55.754725] Bluetooth: hci2: sending frame failed (-49)
[   57.780816] Bluetooth: hci2: command 0x1009 tx timeout
[   57.780823] Bluetooth: hci3: command 0x1009 tx timeout
[   57.780872] Bluetooth: hci0: command 0x1009 tx timeout
[   57.786256] Bluetooth: hci5: command 0x1009 tx timeout
[   57.791943] Bluetooth: hci4: command 0x1009 tx timeout
[   57.796884] Bluetooth: hci1: command 0x1009 tx timeout
executing program
executing program
executing program
[   62.123224] Bluetooth: hci0: Frame reassembly failed (-84)
[   62.129767] BUG: unable to handle kernel paging request at ffffffffffffffd6
[   62.136869] #PF error: [normal kernel read fault]
[   62.141709] PGD 9874067 P4D 9874067 PUD 9876067 PMD 0 
[   62.142859] kobject: 'hci1' (00000000912e8427): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   62.146993] Oops: 0000 [#1] PREEMPT SMP KASAN
[   62.147008] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 4.20.0-next-20190102 #2
executing program
executing program
executing program
[   62.147016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.147039] Workqueue: events_unbound flush_to_ldisc
[   62.159754] kobject: 'hci2' (00000000dbb71fdc): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   62.161237] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   62.161252] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   62.161259] RSP: 0018:ffff8880a94676c0 EFLAGS: 00010246
[   62.161269] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   62.161278] RDX: dffffc0000000000 RSI: ffffffff8589f412 RDI: 0000000000000005
[   62.161290] RBP: ffff8880a9467748 R08: ffff8880a94581c0 R09: 0000000000000003
[   62.169084] kobject: 'hci2' (00000000dbb71fdc): kobject_uevent_env
[   62.178168] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c
[   62.178181] R13: ffff8880a574f300 R14: ffff888091316da0 R15: 0000000000000006
[   62.178193] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   62.178202] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.178209] CR2: ffffffffffffffd6 CR3: 000000009de33000 CR4: 00000000001406f0
[   62.178221] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   62.178228] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   62.178232] Call Trace:
[   62.178249]  ? __lock_is_held+0xb6/0x140
[   62.178266]  h4_recv+0xe4/0x200
[   62.178280]  hci_uart_tty_receive+0x22b/0x530
[   62.178294]  ? hci_uart_write_work+0x710/0x710
[   62.178312]  tty_ldisc_receive_buf+0x164/0x1c0
[   62.178327]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   62.185244] kobject: 'hci1' (00000000912e8427): kobject_uevent_env
[   62.193127]  tty_port_default_receive_buf+0x114/0x190
[   62.193143]  ? do_raw_spin_unlock+0xa0/0x330
[   62.193158]  ? tty_port_lower_dtr_rts+0x90/0x90
[   62.193178]  ? process_one_work+0xbf1/0x1ce0
[   62.193193]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   62.193209]  flush_to_ldisc+0x3b2/0x590
[   62.193228]  ? tty_insert_flip_string_flags+0x1b0/0x1b0
[   62.193238]  ? __lock_is_held+0xb6/0x140
[   62.193259]  process_one_work+0xd0c/0x1ce0
[   62.193274]  ? __bpf_trace_sched_wake_idle_without_ipi+0x10/0x10
[   62.193289]  ? __switch_to_asm+0x34/0x70
[   62.193309]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   62.193324]  ? __schedule+0x89f/0x1e60
[   62.202529] kobject: 'hci2' (00000000dbb71fdc): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2'
[   62.216711]  ? pci_mmcfg_check_reserved+0x170/0x170
[   62.216729]  ? worker_thread+0x3b7/0x14a0
[   62.216742]  ? find_held_lock+0x35/0x120
[   62.216756]  ? lock_acquire+0x1db/0x570
[   62.216769]  ? worker_thread+0x3cd/0x14a0
[   62.216787]  ? kasan_check_write+0x14/0x20
[   62.222553] kobject: 'hci1' (00000000912e8427): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1'
[   62.229406]  ? do_raw_spin_lock+0x156/0x360
[   62.229419]  ? lock_release+0xc40/0xc40
[   62.229433]  ? rwlock_bug.part.0+0x90/0x90
[   62.229449]  ? trace_hardirqs_on_caller+0x310/0x310
[   62.238862] kobject: 'rfkill12' (00000000769d5df7): kobject_add_internal: parent: 'hci1', set: 'devices'
[   62.243989]  worker_thread+0x143/0x14a0
[   62.244013]  ? process_one_work+0x1ce0/0x1ce0
[   62.244025]  ? __kthread_parkme+0xc3/0x1b0
[   62.244037]  ? lock_acquire+0x1db/0x570
[   62.244048]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   62.244079]  ? lockdep_hardirqs_on+0x415/0x5d0
[   62.252688] kobject: 'rfkill12' (00000000769d5df7): kobject_uevent_env
[   62.257650]  ? trace_hardirqs_on+0xbd/0x310
[   62.257664]  ? __kthread_parkme+0xc3/0x1b0
[   62.257677]  ? trace_hardirqs_off_caller+0x300/0x300
[   62.257694]  ? do_raw_spin_trylock+0x270/0x270
[   62.265424] kobject: 'rfkill12' (00000000769d5df7): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill12'
[   62.273167]  ? schedule+0x108/0x350
[   62.273206]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   62.273219]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   62.273230]  ? __kthread_parkme+0xfb/0x1b0
[   62.273245]  kthread+0x357/0x430
[   62.273260]  ? process_one_work+0x1ce0/0x1ce0
[   62.284116] kobject: 'rfkill13' (000000007e0d6b87): kobject_add_internal: parent: 'hci2', set: 'devices'
[   62.286391]  ? kthread_stop+0x920/0x920
[   62.294012] Bluetooth: hci1: Frame reassembly failed (-84)
[   62.300915]  ret_from_fork+0x3a/0x50
[   62.300929] Modules linked in:
[   62.300940] CR2: ffffffffffffffd6
[   62.300954] ---[ end trace 9ff4a05b58704db1 ]---
[   62.300972] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   62.300987] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   62.303684] BUG: unable to handle kernel paging request at ffffffffffffffd6
[   62.307602] RSP: 0018:ffff8880a94676c0 EFLAGS: 00010246
[   62.310861] #PF error: [normal kernel read fault]
[   62.315340] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   62.319896] PGD 9874067 P4D 9874067 PUD 9876067 PMD 0 
[   62.324461] RDX: dffffc0000000000 RSI: ffffffff8589f412 RDI: 0000000000000005
[   62.329979] Oops: 0000 [#2] PREEMPT SMP KASAN
[   62.336278] RBP: ffff8880a9467748 R08: ffff8880a94581c0 R09: 0000000000000003
[   62.341454] CPU: 1 PID: 8006 Comm: syz-executor943 Tainted: G      D           4.20.0-next-20190102 #2
[   62.345836] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c
[   62.350508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.354908] R13: ffff8880a574f300 R14: ffff888091316da0 R15: 0000000000000006
[   62.360435] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   62.364385] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   62.369732] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   62.373774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.378004] RSP: 0018:ffff88808a81f8f0 EFLAGS: 00010246
[   62.384130] CR2: ffffffffffffffd6 CR3: 000000009de33000 CR4: 00000000001406f0
[   62.388190] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   62.392840] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   62.396710] RDX: dffffc0000000000 RSI: ffffffff8589f412 RDI: 0000000000000005
[   62.406310] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   62.411305] RBP: ffff88808a81f978 R08: ffff888090c40500 R09: 0000000000000003
[   62.415429] Kernel panic - not syncing: Fatal exception
[   62.419480] R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000001c
[   62.795198] R13: ffff88808db51300 R14: ffff88808a81fa68 R15: 0000000000000001
[   62.802484] FS:  0000000002479880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   62.810715] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.816594] CR2: ffffffffffffffd6 CR3: 00000000876be000 CR4: 00000000001406e0
[   62.823859] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   62.831123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   62.838382] Call Trace:
[   62.840972]  ? lock_release+0xc40/0xc40
[   62.844950]  h4_recv+0xe4/0x200
[   62.848231]  hci_uart_tty_receive+0x22b/0x530
[   62.852816]  tty_ioctl+0x9a0/0x16c0
[   62.856441]  ? tty_register_device+0x40/0x40
[   62.860849]  ? _raw_spin_unlock_irq+0x5e/0x90
[   62.865346]  ? finish_task_switch+0x1e9/0xac0
[   62.869836]  ? finish_task_switch+0x1a8/0xac0
[   62.874327]  ? __switch_to_asm+0x34/0x70
[   62.878383]  ? __switch_to_asm+0x40/0x70
[   62.882438]  ? __switch_to_asm+0x34/0x70
[   62.886499]  ? __switch_to_asm+0x40/0x70
[   62.890572]  ? __bpf_trace_sched_wake_idle_without_ipi+0x10/0x10
[   62.896716]  ? __switch_to_asm+0x34/0x70
[   62.900775]  ? __switch_to_asm+0x40/0x70
[   62.904831]  ? __switch_to_asm+0x34/0x70
[   62.908886]  ? __switch_to_asm+0x34/0x70
[   62.912945]  ? __switch_to_asm+0x34/0x70
[   62.917000]  ? __switch_to_asm+0x40/0x70
[   62.921058]  ? __switch_to_asm+0x34/0x70
[   62.925111]  ? __switch_to_asm+0x40/0x70
[   62.929188]  ? __switch_to_asm+0x34/0x70
[   62.933248]  ? __switch_to_asm+0x40/0x70
[   62.937306]  ? __schedule+0x89f/0x1e60
[   62.941197]  ? pci_mmcfg_check_reserved+0x170/0x170
[   62.946214]  ? handle_mm_fault+0x116/0xc80
[   62.950446]  ? tty_register_device+0x40/0x40
[   62.954850]  do_vfs_ioctl+0x107b/0x17d0
[   62.958823]  ? __do_page_fault+0x5da/0xd60
[   62.963073]  ? rcu_read_unlock_special+0x380/0x380
[   62.968034]  ? mem_cgroup_css_online+0x3c0/0x3c0
[   62.972800]  ? ioctl_preallocate+0x2f0/0x2f0
[   62.977204]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   62.982739]  ? __fget_light+0x2db/0x420
[   62.986713]  ? trace_hardirqs_off+0xb8/0x310
[   62.991118]  ? fget_raw+0x20/0x20
[   62.994562]  ? trace_hardirqs_on_caller+0x310/0x310
[   62.999579]  ? up_read_non_owner+0x100/0x100
[   63.003989]  ? security_file_ioctl+0x93/0xc0
[   63.008392]  ksys_ioctl+0xab/0xd0
[   63.011844]  __x64_sys_ioctl+0x73/0xb0
[   63.015733]  do_syscall_64+0x1a3/0x800
[   63.019623]  ? syscall_return_slowpath+0x5f0/0x5f0
[   63.024563]  ? lockdep_sys_exit+0x49/0x5c
[   63.028721]  ? prepare_exit_to_usermode+0x232/0x3b0
[   63.033751]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   63.038595]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.043794] RIP: 0033:0x440e89
[   63.046988] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   63.065883] RSP: 002b:00007ffe8a5f5ea8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   63.073585] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440e89
[   63.080846] RDX: 00000000200000c0 RSI: 0000000000005412 RDI: 0000000000000003
[   63.088107] RBP: 0000000000000000 R08: 00000009004002c8 R09: 00000009004002c8
[   63.095370] R10: 00000009004002c8 R11: 0000000000000217 R12: 000000000000c91b
[   63.102631] R13: 0000000000401db0 R14: 0000000000000000 R15: 0000000000000000
[   63.109901] Modules linked in:
[   63.113088] CR2: ffffffffffffffd6
[   63.116540] ---[ end trace 9ff4a05b58704db2 ]---
[   63.121295] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   63.125785] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   63.144683] RSP: 0018:ffff8880a94676c0 EFLAGS: 00010246
[   63.150043] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   63.157320] RDX: dffffc0000000000 RSI: ffffffff8589f412 RDI: 0000000000000005
[   63.164601] RBP: ffff8880a9467748 R08: ffff8880a94581c0 R09: 0000000000000003
[   63.171862] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 000000000000001c
[   63.179124] R13: ffff8880a574f300 R14: ffff888091316da0 R15: 0000000000000006
[   63.186387] FS:  0000000002479880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   63.194634] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.200508] CR2: ffffffffffffffd6 CR3: 00000000876be000 CR4: 00000000001406e0
[   63.207797] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.215059] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.624571] Shutting down cpus with NMI
[   63.629527] Kernel Offset: disabled
[   63.633147] Rebooting in 86400 seconds..