Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.967247] audit: type=1800 audit(1555521410.686:33): pid=7398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.374600] kauditd_printk_skb: 1 callbacks suppressed [ 46.374614] audit: type=1400 audit(1555521415.096:35): avc: denied { map } for pid=7571 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 53.235882] audit: type=1400 audit(1555521421.956:36): avc: denied { map } for pid=7579 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.444116] audit: type=1400 audit(1555521442.166:37): avc: denied { map } for pid=7586 comm="syz-executor189" path="/root/syz-executor189142111" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.595503] kobject_add_internal failed for hci1 (error: -2 parent: bluetooth) executing program executing program executing program executing program executing program executing program executing program [ 73.636228] Bluetooth: Can't register HCI device executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 74.068920] kasan: CONFIG_KASAN_INLINE enabled executing program executing program executing program executing program executing program executing program [ 74.094606] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 74.135237] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 74.137081] kobject: 'hci6' (0000000012fdc9a4): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 74.141532] CPU: 1 PID: 7697 Comm: syz-executor189 Not tainted 4.19.35 #3 [ 74.141539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.141560] RIP: 0010:kernfs_add_one+0x343/0x4d0 [ 74.141576] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83 [ 74.152493] kobject: 'hci6' (0000000012fdc9a4): kobject_uevent_env [ 74.158270] RSP: 0018:ffff8880781d7858 EFLAGS: 00010202 [ 74.158281] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86edb778 [ 74.158288] RDX: 0000000000000001 RSI: ffffffff81cce98b RDI: 0000000000000008 [ 74.158294] RBP: ffff8880781d7898 R08: 1ffffffff1110598 R09: fffffbfff1110599 [ 74.158307] R10: fffffbfff1110598 R11: ffffffff88882cc7 R12: ffff8880a0e1d700 [ 74.168120] kobject: 'hci6' (0000000012fdc9a4): fill_kobj_path: path = '/devices/virtual/bluetooth/hci6' [ 74.172416] R13: ffff8880a0e1d700 R14: 0000000000000000 R15: 0000000000000000 [ 74.172432] FS: 0000000002497880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 74.172439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.172446] CR2: 00000000004bf748 CR3: 0000000093661000 CR4: 00000000001406e0 [ 74.172455] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.172461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.172474] Call Trace: [ 74.196104] kobject: 'rfkill110' (00000000eca5cec2): kobject_uevent_env [ 74.197825] kernfs_create_dir_ns+0xff/0x160 [ 74.197842] sysfs_create_dir_ns+0x131/0x290 [ 74.204990] kobject: 'rfkill108' (00000000f02b169c): kobject_uevent_env [ 74.210498] ? sysfs_create_mount_point+0xa0/0xa0 [ 74.210518] ? class_dir_child_ns_type+0xd/0x60 [ 74.227480] kobject: 'rfkill110' (00000000eca5cec2): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill110' [ 74.232360] kobject_add_internal.cold+0xe5/0x5d4 [ 74.232374] kobject_add+0x150/0x1c0 [ 74.232385] ? kset_create_and_add+0x1a0/0x1a0 [ 74.232406] ? kasan_check_read+0x11/0x20 [ 74.250446] kobject: 'rfkill107' (00000000ccba8e60): kobject_cleanup, parent (null) [ 74.257530] ? mutex_unlock+0xd/0x10 [ 74.257546] ? device_add+0x306/0x1770 [ 74.257558] device_add+0x3cc/0x1770 [ 74.257574] ? device_initialize+0x440/0x440 [ 74.263545] kobject: 'rfkill109' (000000003517892c): kobject_cleanup, parent (null) [ 74.270812] ? get_device_parent.isra.0+0x570/0x570 [ 74.270829] ? start_creating+0x163/0x1e0 [ 74.278355] kobject: 'rfkill111' (000000004198e47e): kobject_add_internal: parent: 'hci6', set: 'devices' [ 74.285347] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 74.285369] hci_register_dev+0x304/0x880 [ 74.285386] __vhci_create_device+0x2d0/0x5a0 [ 74.291695] kobject: 'rfkill110' (00000000eca5cec2): kobject_uevent_env [ 74.294743] vhci_write+0x2d6/0x470 [ 74.294760] __vfs_write+0x58e/0x820 [ 74.294776] ? kernel_read+0x120/0x120 [ 74.299462] kobject: 'rfkill111' (000000004198e47e): kobject_uevent_env [ 74.303590] ? __inode_security_revalidate+0xda/0x120 [ 74.303612] ? selinux_file_permission+0x92/0x550 [ 74.303628] ? security_file_permission+0x8f/0x230 [ 74.303643] ? rw_verify_area+0x118/0x360 [ 74.314925] kobject: 'rfkill108' (00000000f02b169c): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4/rfkill108' [ 74.315244] vfs_write+0x20c/0x560 [ 74.315263] ksys_write+0xea/0x1f0 [ 74.324208] kobject: 'rfkill110' (00000000eca5cec2): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill110' [ 74.331626] ? __ia32_sys_read+0xb0/0xb0 [ 74.331651] ? do_syscall_64+0x26/0x610 [ 74.337341] kobject: 'rfkill111' (000000004198e47e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci6/rfkill111' [ 74.340602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.340621] ? do_syscall_64+0x26/0x610 [ 74.348444] kobject: 'rfkill107' (00000000ccba8e60): calling ktype release [ 74.349334] __x64_sys_write+0x73/0xb0 [ 74.349353] do_syscall_64+0x103/0x610 [ 74.362406] kobject: 'rfkill109' (000000003517892c): calling ktype release [ 74.362643] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.375363] kobject: 'rfkill109': free name [ 74.375629] RIP: 0033:0x441269 [ 74.385720] kobject: 'rfkill108' (00000000f02b169c): kobject_cleanup, parent (null) [ 74.389315] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.389322] RSP: 002b:00007ffc110e5d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 74.396052] kobject: 'rfkill111' (000000004198e47e): kobject_uevent_env [ 74.403458] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441269 [ 74.403465] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000003 [ 74.403471] RBP: 0000000000012122 R08: 00000000004002c8 R09: 00000000004002c8 [ 74.403478] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401fe0 [ 74.403485] R13: 0000000000402070 R14: 0000000000000000 R15: 0000000000000000 [ 74.403497] Modules linked in: [ 74.405148] ---[ end trace 488d26e4fa9129d1 ]--- [ 74.415220] kobject: 'rfkill108' (00000000f02b169c): calling ktype release [ 74.418022] RIP: 0010:kernfs_add_one+0x343/0x4d0 [ 74.426989] kobject: 'rfkill107': free name [ 74.428444] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83 [ 74.436900] kobject: 'rfkill110' (00000000eca5cec2): kobject_cleanup, parent (null) [ 74.442974] RSP: 0018:ffff8880781d7858 EFLAGS: 00010202 [ 74.461644] kobject: 'hci3' (000000001bb452c2): kobject_uevent_env [ 74.475169] kobject: 'hci5' (0000000058552633): kobject_uevent_env [ 74.475807] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86edb778 [ 74.487250] kobject: 'rfkill111' (000000004198e47e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci6/rfkill111' [ 74.490398] RDX: 0000000000000001 RSI: ffffffff81cce98b RDI: 0000000000000008 [ 74.494259] kobject: 'hci3' (000000001bb452c2): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3' [ 74.504975] RBP: ffff8880781d7898 R08: 1ffffffff1110598 R09: fffffbfff1110599 [ 74.516316] kobject: 'rfkill108': free name [ 74.524092] R10: fffffbfff1110598 R11: ffffffff88882cc7 R12: ffff8880a0e1d700 [ 74.534778] kobject: 'rfkill111' (000000004198e47e): kobject_cleanup, parent (null) executing program [ 74.541137] R13: ffff8880a0e1d700 R14: 0000000000000000 R15: 0000000000000000 [ 74.554017] kobject: 'hci3' (000000001bb452c2): kobject_cleanup, parent (null) [ 74.556090] kobject: 'hci5' (0000000058552633): fill_kobj_path: path = '/devices/virtual/bluetooth/hci5' [ 74.563055] kobject: 'hci4' (000000008405ca39): kobject_uevent_env [ 74.565595] kobject: 'rfkill110' (00000000eca5cec2): calling ktype release [ 74.570953] kobject: 'hci3' (000000001bb452c2): calling ktype release [ 74.577827] kobject: 'hci5' (0000000058552633): kobject_cleanup, parent (null) [ 74.599578] kobject: 'hci4' (000000008405ca39): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4' [ 74.604974] FS: 0000000002497880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 74.616547] kobject: 'rfkill111' (000000004198e47e): calling ktype release [ 74.619402] kobject: 'rfkill110': free name [ 74.632307] kobject: 'hci4' (000000008405ca39): kobject_cleanup, parent (null) [ 74.634192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.653476] kobject: 'rfkill111': free name [ 74.658463] kobject: 'hci2' (0000000042c5c87a): kobject_uevent_env [ 74.670583] kobject: 'hci4' (000000008405ca39): calling ktype release [ 74.674549] CR2: 00000000004bf748 CR3: 0000000093661000 CR4: 00000000001406e0 [ 74.694437] kobject: 'hci5' (0000000058552633): calling ktype release [ 74.702399] kobject: 'hci2' (0000000042c5c87a): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2' [ 74.720494] kobject: 'hci6' (0000000012fdc9a4): kobject_uevent_env [ 74.727958] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.747364] kobject: 'hci5': free name [ 74.756654] kobject: 'hci3': free name [ 74.764831] kobject: 'hci2' (0000000042c5c87a): kobject_cleanup, parent (null) [ 74.768264] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.788592] kobject: 'hci4': free name [ 74.793908] kobject: 'hci2' (00000000bfa2af33): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 74.803477] kobject: 'hci2' (0000000042c5c87a): calling ktype release [ 74.809536] Kernel panic - not syncing: Fatal exception [ 74.834291] kobject: 'hci2': free name [ 74.838438] Kernel Offset: disabled [ 74.996175] Rebooting in 86400 seconds..