[   37.165417][   T26] audit: type=1800 audit(1552744569.110:25): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   37.194156][   T26] audit: type=1800 audit(1552744569.110:26): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   37.232282][   T26] audit: type=1800 audit(1552744569.110:27): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   37.253844][   T26] audit: type=1800 audit(1552744569.110:28): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   67.954809][ T8277] kasan: CONFIG_KASAN_INLINE enabled
executing program
[   67.987453][ T8277] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   67.998774][ T8282] kobject: 'rfkill366' (00000000f52ea596): kobject_uevent_env
[   67.998793][ T8277] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   68.007529][ T8281] kobject: 'rfkill365' (000000003939aa91): kobject_uevent_env
[   68.013288][ T8277] CPU: 0 PID: 8277 Comm: syz-executor068 Not tainted 5.0.0-next-20190306 #4
[   68.013295][ T8277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.013315][ T8277] RIP: 0010:kernfs_add_one+0x343/0x4d0
[   68.013333][ T8277] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83
[   68.026471][ T8283] kobject: 'hci3' (0000000007b9f67c): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   68.029480][ T8277] RSP: 0018:ffff8880a96f7820 EFLAGS: 00010202
[   68.029493][ T8277] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff870e84d8
[   68.029500][ T8277] RDX: 0000000000000001 RSI: ffffffff81d5dbdb RDI: 0000000000000008
[   68.029517][ T8277] RBP: ffff8880a96f7860 R08: 1ffffffff1151e2c R09: fffffbfff1151e2d
[   68.041880][ T8284] kobject: 'hci4' (00000000073374bd): kobject_uevent_env
[   68.045043][ T8277] R10: fffffbfff1151e2c R11: ffffffff88a8f167 R12: ffff88809577f7e0
[   68.045051][ T8277] R13: ffff88809577f7e0 R14: 0000000000000000 R15: 0000000000000000
[   68.045061][ T8277] FS:  000000000130b880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   68.045068][ T8277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.045075][ T8277] CR2: 00007ffd964e0a54 CR3: 00000000a877c000 CR4: 00000000001406f0
[   68.045085][ T8277] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.045102][ T8277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.066277][ T8282] kobject: 'rfkill366' (00000000f52ea596): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill366'
[   68.075211][ T8277] Call Trace:
[   68.075239][ T8277]  kernfs_create_dir_ns+0xff/0x160
[   68.075253][ T8277]  sysfs_create_dir_ns+0x131/0x2a0
[   68.075264][ T8277]  ? sysfs_create_mount_point+0xa0/0xa0
[   68.075282][ T8277]  ? class_dir_child_ns_type+0xd/0x60
[   68.075304][ T8277]  kobject_add_internal.cold+0xe5/0x5d4
[   68.096906][ T8282] kobject: 'rfkill366' (00000000f52ea596): kobject_uevent_env
[   68.097315][ T8277]  kobject_add+0x150/0x1c0
[   68.105801][ T8281] kobject: 'rfkill365' (000000003939aa91): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill365'
[   68.112663][ T8277]  ? kset_create_and_add+0x1a0/0x1a0
[   68.112679][ T8277]  ? kasan_check_read+0x11/0x20
[   68.112694][ T8277]  ? mutex_unlock+0xd/0x10
[   68.112716][ T8277]  ? device_add+0x30f/0x18a0
[   68.124524][ T8283] kobject: 'hci3' (0000000007b9f67c): kobject_uevent_env
[   68.129141][ T8277]  device_add+0x3d5/0x18a0
[   68.129162][ T8277]  ? device_initialize+0x440/0x440
[   68.129184][ T8277]  ? get_device_parent.isra.0+0x570/0x570
[   68.148288][ T8282] kobject: 'rfkill366' (00000000f52ea596): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill366'
executing program
executing program
[   68.152705][ T8277]  hci_register_dev+0x2e8/0x860
[   68.152736][ T8277]  __vhci_create_device+0x2d0/0x5a0
[   68.168124][ T8284] kobject: 'hci4' (00000000073374bd): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4'
[   68.168809][ T8277]  vhci_write+0x2d0/0x470
[   68.183733][ T8281] kobject: 'rfkill365' (000000003939aa91): kobject_cleanup, parent           (null)
[   68.183909][ T8277]  new_sync_write+0x4c7/0x760
[   68.190288][ T8283] kobject: 'hci3' (0000000007b9f67c): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3'
[   68.194138][ T8277]  ? default_llseek+0x2e0/0x2e0
[   68.194157][ T8277]  ? common_file_perm+0x238/0x720
[   68.194178][ T8277]  ? apparmor_file_permission+0x25/0x30
[   68.207710][ T8281] kobject: 'rfkill365' (000000003939aa91): calling ktype release
[   68.210630][ T8277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   68.210647][ T8277]  ? security_file_permission+0x94/0x380
[   68.210669][ T8277]  __vfs_write+0xe4/0x110
[   68.219471][ T8282] kobject: 'rfkill366' (00000000f52ea596): kobject_cleanup, parent           (null)
[   68.222541][ T8277]  vfs_write+0x20c/0x580
[   68.222562][ T8277]  ksys_write+0xea/0x1f0
[   68.240904][ T8283] kobject: 'rfkill367' (000000006f5a3797): kobject_add_internal: parent: 'hci3', set: 'devices'
[   68.244344][ T8277]  ? __ia32_sys_read+0xb0/0xb0
[   68.244361][ T8277]  ? do_syscall_64+0x26/0x610
[   68.244383][ T8277]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.258599][ T8281] kobject: 'rfkill365': free name
[   68.260496][ T8277]  ? do_syscall_64+0x26/0x610
[   68.260519][ T8277]  __x64_sys_write+0x73/0xb0
[   68.270996][ T8283] kobject: 'rfkill367' (000000006f5a3797): kobject_uevent_env
[   68.275748][ T8277]  do_syscall_64+0x103/0x610
[   68.275764][ T8277]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.275774][ T8277] RIP: 0033:0x441279
[   68.275794][ T8277] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   68.291956][ T8282] kobject: 'rfkill366' (00000000f52ea596): calling ktype release
[   68.292613][ T8277] RSP: 002b:00007ffd964e0a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   68.292627][ T8277] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441279
[   68.292634][ T8277] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000003
[   68.292650][ T8277] RBP: 0000000000010926 R08: 00000000004002c8 R09: 00000000004002c8
[   68.301340][ T8281] kobject: 'hci1' (000000002edc96b5): kobject_uevent_env
[   68.308150][ T8277] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401ff0
executing program
[   68.308158][ T8277] R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000
[   68.308170][ T8277] Modules linked in:
[   68.314954][ T8285] kobject: 'hci5' (000000001bb2a7b4): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   68.329779][ T8282] kobject: 'rfkill366': free name
[   68.337584][ T8283] kobject: 'rfkill367' (000000006f5a3797): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3/rfkill367'
[   68.354984][ T8282] kobject: 'hci2' (00000000b37dbfe2): kobject_uevent_env
[   68.360988][ T8285] kobject: 'hci5' (000000001bb2a7b4): kobject_uevent_env
executing program
[   68.382785][ T8281] kobject: 'hci1' (000000002edc96b5): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1'
[   68.387269][ T8283] kobject: 'rfkill367' (000000006f5a3797): kobject_uevent_env
[   68.390753][ T8284] kobject: 'rfkill368' (0000000022f773fd): kobject_add_internal: parent: 'hci4', set: 'devices'
[   68.395358][ T8283] kobject: 'rfkill367' (000000006f5a3797): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3/rfkill367'
[   68.411845][ T8282] kobject: 'hci2' (00000000b37dbfe2): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2'
[   68.415473][ T8285] kobject: 'hci5' (000000001bb2a7b4): fill_kobj_path: path = '/devices/virtual/bluetooth/hci5'
[   68.423483][ T8281] kobject: 'hci1' (000000002edc96b5): kobject_cleanup, parent           (null)
[   68.426612][ T8277] ---[ end trace d51ff91b1db3fa5d ]---
[   68.435230][ T8282] kobject: 'hci2' (00000000b37dbfe2): kobject_cleanup, parent           (null)
[   68.436399][ T8277] RIP: 0010:kernfs_add_one+0x343/0x4d0
[   68.445421][ T8281] kobject: 'hci1' (000000002edc96b5): calling ktype release
[   68.448745][ T8277] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83
[   68.456919][ T8284] kobject: 'rfkill368' (0000000022f773fd): kobject_uevent_env
[   68.458557][ T8277] RSP: 0018:ffff8880a96f7820 EFLAGS: 00010202
[   68.479639][ T8281] kobject: 'hci1': free name
[   68.486144][ T8277] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff870e84d8
[   68.502111][ T8282] kobject: 'hci2' (00000000b37dbfe2): calling ktype release
[   68.502859][ T8277] RDX: 0000000000000001 RSI: ffffffff81d5dbdb RDI: 0000000000000008
[   68.527544][ T8282] kobject: 'hci2': free name
[   68.534515][ T8277] RBP: ffff8880a96f7860 R08: 1ffffffff1151e2c R09: fffffbfff1151e2d
[   68.549070][ T8286] kobject: 'hci1' (0000000079546311): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   68.556833][ T8277] R10: fffffbfff1151e2c R11: ffffffff88a8f167 R12: ffff88809577f7e0
[   68.565719][ T8284] kobject: 'rfkill368' (0000000022f773fd): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4/rfkill368'
[   68.573618][ T8277] R13: ffff88809577f7e0 R14: 0000000000000000 R15: 0000000000000000
[   68.587937][ T8286] kobject: 'hci1' (0000000079546311): kobject_uevent_env
[   68.598021][ T8277] FS:  000000000130b880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   68.623709][ T8287] kobject: 'hci2' (00000000aedf5aa3): kobject_add_internal: parent: 'bluetooth', set: 'devices'
[   68.641385][ T8277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.668249][ T8286] kobject: 'hci1' (0000000079546311): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1'
[   68.671096][ T8285] kobject: 'rfkill369' (000000008697ba9e): kobject_add_internal: parent: 'hci5', set: 'devices'
[   68.709063][ T8287] kobject: 'hci2' (00000000aedf5aa3): kobject_uevent_env
[   68.718128][ T8285] kobject: 'rfkill369' (000000008697ba9e): kobject_uevent_env
[   68.727194][ T8284] kobject: 'rfkill368' (0000000022f773fd): kobject_uevent_env
[   68.731634][ T8285] kobject: 'rfkill369' (000000008697ba9e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci5/rfkill369'
[   68.750644][ T8284] kobject: 'rfkill368' (0000000022f773fd): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4/rfkill368'
[   68.753803][ T8283] kobject: 'rfkill367' (000000006f5a3797): kobject_cleanup, parent           (null)
[   68.775840][ T8287] kobject: 'hci2' (00000000aedf5aa3): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2'
[   68.784793][ T8286] kobject: 'rfkill370' (000000007a9c2243): kobject_add_internal: parent: 'hci1', set: 'devices'
[   68.793584][ T8285] kobject: 'rfkill369' (000000008697ba9e): kobject_uevent_env
[   68.805459][ T8286] kobject: 'rfkill370' (000000007a9c2243): kobject_uevent_env
[   68.818625][ T8277] CR2: 00007ffd964e0a54 CR3: 00000000a877c000 CR4: 00000000001406f0
[   68.820378][ T8283] kobject: 'rfkill367' (000000006f5a3797): calling ktype release
[   68.842747][ T8277] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.846575][ T8286] kobject: 'rfkill370' (000000007a9c2243): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill370'
[   68.857070][ T8285] kobject: 'rfkill369' (000000008697ba9e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci5/rfkill369'
[   68.867711][ T8284] kobject: 'rfkill368' (0000000022f773fd): kobject_cleanup, parent           (null)
[   68.892322][ T8285] kobject: 'rfkill369' (000000008697ba9e): kobject_cleanup, parent           (null)
[   68.901509][ T8287] kobject: 'rfkill371' (0000000095a8aa36): kobject_add_internal: parent: 'hci2', set: 'devices'
[   68.917170][ T8283] kobject: 'rfkill367': free name
[   68.922613][ T8286] kobject: 'rfkill370' (000000007a9c2243): kobject_uevent_env
[   68.935070][ T8277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.943951][ T8287] kobject: 'rfkill371' (0000000095a8aa36): kobject_uevent_env
[   68.977912][ T8283] kobject: 'hci3' (0000000007b9f67c): kobject_uevent_env
[   68.982662][ T8286] kobject: 'rfkill370' (000000007a9c2243): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill370'
[   68.997173][ T8277] Kernel panic - not syncing: Fatal exception
[   69.007067][ T8284] kobject: 'rfkill368' (0000000022f773fd): calling ktype release
[   69.015842][ T8277] Kernel Offset: disabled
[   69.100090][ T8277] Rebooting in 86400 seconds..