Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. [ 994.016513] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 994.150298] audit: type=1400 audit(1565383639.595:36): avc: denied { map } for pid=7197 comm="syz-executor805" path="/root/syz-executor805744646" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 994.221364] Bluetooth: hci1 sending frame failed (-49) [ 996.240856] Bluetooth: hci2 command 0x1003 tx timeout [ 996.240861] Bluetooth: hci5 command 0x1003 tx timeout [ 996.241053] Bluetooth: hci1 command 0x1003 tx timeout [ 996.246383] Bluetooth: hci4 command 0x1003 tx timeout [ 996.251636] Bluetooth: hci2 sending frame failed (-49) [ 996.257358] Bluetooth: hci3 command 0x1003 tx timeout [ 996.262075] Bluetooth: hci5 sending frame failed (-49) [ 996.267444] Bluetooth: hci4 sending frame failed (-49) [ 996.272989] Bluetooth: hci1 sending frame failed (-49) [ 996.278177] Bluetooth: hci3 sending frame failed (-49) [ 996.283993] Bluetooth: hci0 command 0x1003 tx timeout [ 996.299844] Bluetooth: hci0 sending frame failed (-49) [ 998.320113] Bluetooth: hci0 command 0x1001 tx timeout [ 998.320131] Bluetooth: hci1 command 0x1001 tx timeout [ 998.325844] Bluetooth: hci0 sending frame failed (-49) [ 998.331670] Bluetooth: hci1 sending frame failed (-49) [ 998.336698] Bluetooth: hci3 command 0x1001 tx timeout [ 998.342547] Bluetooth: hci5 command 0x1001 tx timeout [ 998.347486] Bluetooth: hci4 command 0x1001 tx timeout [ 998.352860] Bluetooth: hci3 sending frame failed (-49) [ 998.358287] Bluetooth: hci4 sending frame failed (-49) [ 998.363910] Bluetooth: hci5 sending frame failed (-49) [ 998.374574] Bluetooth: hci2 command 0x1001 tx timeout [ 998.379878] Bluetooth: hci2 sending frame failed (-49) [ 1000.400165] Bluetooth: hci2 command 0x1009 tx timeout [ 1000.400170] Bluetooth: hci5 command 0x1009 tx timeout [ 1000.400196] Bluetooth: hci3 command 0x1009 tx timeout [ 1000.405427] Bluetooth: hci4 command 0x1009 tx timeout [ 1000.411294] Bluetooth: hci1 command 0x1009 tx timeout [ 1000.416382] Bluetooth: hci0 command 0x1009 tx timeout executing program executing program [ 1004.651481] refcount_t: underflow; use-after-free. [ 1004.656770] ------------[ cut here ]------------ [ 1004.661875] WARNING: CPU: 1 PID: 7205 at lib/refcount.c:187 refcount_sub_and_test.cold+0x18/0x22 [ 1004.671087] Kernel panic - not syncing: panic_on_warn set ... [ 1004.671087] [ 1004.678563] CPU: 1 PID: 7205 Comm: syz-executor805 Not tainted 4.14.138 #34 [ 1004.685935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.695430] Call Trace: [ 1004.698081] dump_stack+0x138/0x19c [ 1004.702122] panic+0x1f2/0x426 [ 1004.705428] ? add_taint.cold+0x16/0x16 [ 1004.709406] ? refcount_sub_and_test.cold+0x18/0x22 [ 1004.714650] ? refcount_sub_and_test.cold+0x18/0x22 [ 1004.719973] __warn.cold+0x2f/0x36 [ 1004.723677] ? ist_end_non_atomic+0x10/0x10 [ 1004.728034] ? refcount_sub_and_test.cold+0x18/0x22 [ 1004.733042] report_bug+0x216/0x254 [ 1004.736664] do_error_trap+0x1bb/0x310 [ 1004.740680] ? math_error+0x360/0x360 [ 1004.744557] ? vprintk_emit+0x171/0x600 [ 1004.748615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1004.753636] do_invalid_op+0x1b/0x20 [ 1004.757415] invalid_op+0x1b/0x40 [ 1004.760879] RIP: 0010:refcount_sub_and_test.cold+0x18/0x22 [ 1004.766575] RSP: 0018:ffff888095587940 EFLAGS: 00010282 [ 1004.772187] RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000 [ 1004.779444] RDX: 0000000000000000 RSI: ffffffff869d2b40 RDI: ffffed1012ab0f1e [ 1004.786710] RBP: ffff888095587968 R08: 0000000000000026 R09: ffff88807c4c2ef0 [ 1004.794007] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821a9b19b8 [ 1004.801272] R13: 0000000000000001 R14: 00000000ffffffff R15: ffff8880a1321d08 [ 1004.808745] ? lock_downgrade+0x6e0/0x6e0 [ 1004.812942] refcount_dec_and_test+0x1b/0x20 [ 1004.817343] kobject_put+0x60/0x80 [ 1004.820975] kobj_kset_leave+0x17f/0x220 [ 1004.825187] kobject_del.part.0+0x79/0xf0 [ 1004.829327] kobject_del+0x20/0x30 [ 1004.832958] cleanup_glue_dir.part.0+0xd2/0x100 [ 1004.837634] device_del+0x78a/0xaa0 [ 1004.841262] ? __device_links_no_driver+0x220/0x220 [ 1004.846358] hci_unregister_dev+0x298/0x7d0 [ 1004.850742] hci_uart_tty_close+0x1dd/0x230 [ 1004.855159] ? hci_uart_close+0x50/0x50 [ 1004.859492] tty_ldisc_close.isra.0+0x99/0xd0 [ 1004.864005] tty_ldisc_kill+0x4b/0xc0 [ 1004.867797] tty_ldisc_release+0xb6/0x230 [ 1004.872001] tty_release_struct+0x1b/0x50 [ 1004.876139] tty_release+0xaa3/0xd60 [ 1004.879848] ? put_tty_driver+0x20/0x20 [ 1004.883901] __fput+0x275/0x7a0 [ 1004.887351] ____fput+0x16/0x20 [ 1004.890673] task_work_run+0x114/0x190 [ 1004.894563] do_exit+0x7df/0x2c10 [ 1004.898017] ? mm_update_next_owner+0x5d0/0x5d0 [ 1004.902686] ? up_read+0x1a/0x40 [ 1004.906114] ? __do_page_fault+0x358/0xb80 [ 1004.910349] do_group_exit+0x111/0x330 [ 1004.914236] SyS_exit_group+0x1d/0x20 [ 1004.918021] ? do_group_exit+0x330/0x330 [ 1004.922233] do_syscall_64+0x1e8/0x640 [ 1004.927561] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1004.932659] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1004.937840] RIP: 0033:0x43ff28 [ 1004.941013] RSP: 002b:00007ffcba9ef208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1004.948745] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff28 [ 1004.956041] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 1004.963460] RBP: 00000000004bf750 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 1004.970900] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 1004.978161] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 1004.986773] Kernel Offset: disabled [ 1004.990482] Rebooting in 86400 seconds..