[ 31.977769] audit: type=1800 audit(1546398767.267:27): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 32.004893] audit: type=1800 audit(1546398767.267:28): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.606425] audit: type=1800 audit(1546398767.937:29): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 32.626286] audit: type=1800 audit(1546398767.937:30): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.105' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.803519] Bluetooth: hci0: Frame reassembly failed (-84) [ 45.869468] Bluetooth: hci0: command 0x1003 tx timeout [ 45.875255] Bluetooth: hci0: sending frame failed (-49) [ 47.948845] Bluetooth: hci0: command 0x1001 tx timeout [ 47.954471] Bluetooth: hci0: sending frame failed (-49) [ 50.028908] Bluetooth: hci0: command 0x1009 tx timeout executing program [ 54.438381] Bluetooth: hci0: Frame reassembly failed (-84) [ 54.442555] BUG: unable to handle kernel paging request at ffffffffffffffd6 [ 54.451185] #PF error: [normal kernel read fault] [ 54.456019] PGD 9871067 P4D 9871067 PUD 9873067 PMD 0 [ 54.461339] Oops: 0000 [#1] PREEMPT SMP KASAN [ 54.466172] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.20.0+ #4 [ 54.472562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.482179] Workqueue: events_unbound flush_to_ldisc [ 54.487267] RIP: 0010:h4_recv_buf+0x1ea/0xda0 [ 54.492166] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f [ 54.511333] RSP: 0018:ffff8880a945f6c0 EFLAGS: 00010246 [ 54.516833] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6 [ 54.524347] RDX: dffffc0000000000 RSI: ffffffff85883972 RDI: 0000000000000005 [ 54.531921] RBP: ffff8880a945f748 R08: ffff8880a944e1c0 R09: 0000000000000003 [ 54.539167] R10: ffffed1015ce5b8f R11: ffff8880ae72dc7b R12: 000000000000001c [ 54.546413] R13: ffff88808c9fea40 R14: ffff8880829e76e0 R15: 0000000000000006 [ 54.553787] FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 54.561995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.567971] CR2: ffffffffffffffd6 CR3: 0000000098164000 CR4: 00000000001406e0 [ 54.575364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.582839] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.590300] Call Trace: [ 54.592939] ? __lock_is_held+0xb6/0x140 [ 54.597124] h4_recv+0xe4/0x200 [ 54.600389] hci_uart_tty_receive+0x22b/0x530 [ 54.605009] ? hci_uart_write_work+0x710/0x710 [ 54.609799] tty_ldisc_receive_buf+0x164/0x1c0 [ 54.614500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.620019] tty_port_default_receive_buf+0x114/0x190 [ 54.625360] ? do_raw_spin_unlock+0xa0/0x330 [ 54.629999] ? tty_port_lower_dtr_rts+0x90/0x90 [ 54.634790] ? process_one_work+0xbf1/0x1ce0 [ 54.639328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.645116] flush_to_ldisc+0x3b2/0x590 [ 54.649078] ? tty_insert_flip_string_flags+0x1b0/0x1b0 [ 54.654670] ? __lock_is_held+0xb6/0x140 [ 54.658861] process_one_work+0xd0c/0x1ce0 [ 54.663293] ? __switch_to_asm+0x34/0x70 [ 54.667330] ? __switch_to_asm+0x40/0x70 [ 54.671420] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 54.676072] ? __schedule+0x89f/0x1e90 [ 54.679945] ? pci_mmcfg_check_reserved+0x170/0x170 [ 54.685069] ? worker_thread+0x3b7/0x14a0 [ 54.689192] ? find_held_lock+0x35/0x120 [ 54.693230] ? lock_acquire+0x1db/0x570 [ 54.697216] ? worker_thread+0x3cd/0x14a0 [ 54.701507] ? kasan_check_read+0x11/0x20 [ 54.705783] ? do_raw_spin_lock+0x156/0x360 [ 54.710243] ? lock_release+0xc40/0xc40 [ 54.714391] ? rwlock_bug.part.0+0x90/0x90 [ 54.719151] ? trace_hardirqs_on_caller+0x310/0x310 [ 54.724154] worker_thread+0x143/0x14a0 [ 54.728109] ? process_one_work+0x1ce0/0x1ce0 [ 54.732580] ? __kthread_parkme+0xc3/0x1b0 [ 54.736795] ? lock_acquire+0x1db/0x570 [ 54.741047] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.746264] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.750994] ? trace_hardirqs_on+0xbd/0x310 [ 54.755417] ? __kthread_parkme+0xc3/0x1b0 [ 54.759628] ? trace_hardirqs_off_caller+0x300/0x300 [ 54.764964] ? do_raw_spin_trylock+0x270/0x270 [ 54.769527] ? schedule+0x108/0x350 [ 54.773132] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 54.778214] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.783728] ? __kthread_parkme+0xfb/0x1b0 [ 54.787955] kthread+0x357/0x430 [ 54.791551] ? process_one_work+0x1ce0/0x1ce0 [ 54.796387] ? kthread_stop+0x920/0x920 [ 54.800346] ret_from_fork+0x3a/0x50 [ 54.804035] Modules linked in: [ 54.807203] CR2: ffffffffffffffd6 [ 54.810819] ---[ end trace 6acbbb9f58ccf0f7 ]--- [ 54.815964] RIP: 0010:h4_recv_buf+0x1ea/0xda0 [ 54.820699] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f [ 54.840072] RSP: 0018:ffff8880a945f6c0 EFLAGS: 00010246 [ 54.845541] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6 [ 54.852944] RDX: dffffc0000000000 RSI: ffffffff85883972 RDI: 0000000000000005 [ 54.860198] RBP: ffff8880a945f748 R08: ffff8880a944e1c0 R09: 0000000000000003 [ 54.867664] R10: ffffed1015ce5b8f R11: ffff8880ae72dc7b R12: 000000000000001c [ 54.874922] R13: ffff88808c9fea40 R14: ffff8880829e76e0 R15: 0000000000000006 [ 54.882172] FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 54.890377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.896241] CR2: ffffffffffffffd6 CR3: 0000000098164000 CR4: 00000000001406e0 [ 54.903678] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.911335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.918724] Kernel panic - not syncing: Fatal exception [ 54.925204] Kernel Offset: disabled [ 54.928964] Rebooting in 86400 seconds..