[   40.492971] audit: type=1800 audit(1549520552.922:32): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   46.198405] kauditd_printk_skb: 2 callbacks suppressed
[   46.198418] audit: type=1400 audit(1549520558.702:35): avc:  denied  { map } for  pid=7886 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
executing program
[   53.004388] audit: type=1400 audit(1549520565.502:36): avc:  denied  { map } for  pid=7898 comm="syz-executor665" path="/root/syz-executor665126012" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   53.038610] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.084826] Bluetooth: hci0: command 0x1003 tx timeout
[   55.090548] Bluetooth: hci0: sending frame failed (-49)
[   57.164314] Bluetooth: hci0: command 0x1001 tx timeout
[   57.170087] Bluetooth: hci0: sending frame failed (-49)
[   59.244536] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[   63.333349] Bluetooth: hci0: Frame reassembly failed (-84)
[   63.337877] BUG: unable to handle kernel paging request at ffffffffffffffd6
[   63.346470] #PF error: [normal kernel read fault]
[   63.351286] PGD 8874067 P4D 8874067 PUD 8876067 PMD 0 
[   63.356569] Oops: 0000 [#1] PREEMPT SMP KASAN
[   63.361043] CPU: 0 PID: 3050 Comm: kworker/u4:4 Not tainted 5.0.0-rc5 #60
[   63.367942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.377463] Workqueue: events_unbound flush_to_ldisc
[   63.382554] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   63.387034] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   63.406004] RSP: 0018:ffff88809e307b10 EFLAGS: 00010246
[   63.411356] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   63.418681] RDX: dffffc0000000000 RSI: ffffffff84ecf372 RDI: 0000000000000005
[   63.425940] RBP: ffff88809e307b98 R08: ffff88809e33a180 R09: 0000000000000003
[   63.433191] R10: ffffed1015d05bcf R11: ffff8880ae82de7b R12: 000000000000001c
[   63.440440] R13: ffff8880a8101ac0 R14: ffff88809760f6e0 R15: 0000000000000006
[   63.447692] FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   63.455896] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.461757] CR2: ffffffffffffffd6 CR3: 0000000092727000 CR4: 00000000001406f0
[   63.469009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.476586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.483841] Call Trace:
[   63.486414]  ? __lock_is_held+0xb6/0x140
[   63.490458]  ? check_preemption_disabled+0x48/0x290
[   63.495456]  h4_recv+0xe4/0x200
[   63.498716]  hci_uart_tty_receive+0x22b/0x530
[   63.503187]  ? hci_uart_write_work+0x710/0x710
[   63.507752]  tty_ldisc_receive_buf+0x164/0x1c0
[   63.512315]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.517985]  tty_port_default_receive_buf+0x7d/0xb0
[   63.522991]  flush_to_ldisc+0x228/0x390
[   63.527215]  process_one_work+0x98e/0x1790
[   63.531431]  ? pwq_dec_nr_in_flight+0x320/0x320
[   63.536076]  ? lock_acquire+0x16f/0x3f0
[   63.540041]  worker_thread+0x98/0xe40
[   63.543825]  ? trace_hardirqs_on+0x67/0x230
[   63.548131]  kthread+0x357/0x430
[   63.551482]  ? process_one_work+0x1790/0x1790
[   63.556070]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[   63.561913]  ret_from_fork+0x3a/0x50
[   63.565612] Modules linked in:
[   63.568788] CR2: ffffffffffffffd6
[   63.572226] ---[ end trace 84b27a2f0bb855da ]---
[   63.576974] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[   63.581451] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[   63.600493] RSP: 0018:ffff88809e307b10 EFLAGS: 00010246
[   63.605837] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[   63.613096] RDX: dffffc0000000000 RSI: ffffffff84ecf372 RDI: 0000000000000005
[   63.620580] RBP: ffff88809e307b98 R08: ffff88809e33a180 R09: 0000000000000003
[   63.627831] R10: ffffed1015d05bcf R11: ffff8880ae82de7b R12: 000000000000001c
[   63.635079] R13: ffff8880a8101ac0 R14: ffff88809760f6e0 R15: 0000000000000006
[   63.642344] FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   63.650558] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.656432] CR2: ffffffffffffffd6 CR3: 0000000092727000 CR4: 00000000001406f0
[   63.663685] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.670932] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.678376] Kernel panic - not syncing: Fatal exception
[   63.685015] Kernel Offset: disabled
[   63.688778] Rebooting in 86400 seconds..