[   48.257717] audit: type=1800 audit(1546856000.041:30): pid=8157 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   56.885668] kauditd_printk_skb: 5 callbacks suppressed
[   56.885684] audit: type=1400 audit(1546856008.711:36): avc:  denied  { map } for  pid=8365 comm="syz-executor431" path="/root/syz-executor431611296" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   56.943056] ==================================================================
[   56.950494] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0xb33e/0xc22e
[   56.957665] Read of size 1 at addr ffff88809fcab1c0 by task kworker/u5:0/1171
[   56.964917] 
[   56.966533] CPU: 1 PID: 1171 Comm: kworker/u5:0 Not tainted 4.20.0+ #13
[   56.973299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.982665] Workqueue: hci0 hci_rx_work
[   56.986635] Call Trace:
[   56.989205]  dump_stack+0x1db/0x2d0
[   56.992820]  ? dump_stack_print_info.cold+0x20/0x20
[   56.997827]  ? hci_event_packet+0xb33e/0xc22e
[   57.002328]  print_address_description.cold+0x7c/0x20d
[   57.007589]  ? hci_event_packet+0xb33e/0xc22e
[   57.012117]  ? hci_event_packet+0xb33e/0xc22e
[   57.016612]  kasan_report.cold+0x1b/0x40
[   57.020658]  ? hci_event_packet+0xb33e/0xc22e
[   57.025142]  __asan_report_load1_noabort+0x14/0x20
[   57.030057]  hci_event_packet+0xb33e/0xc22e
[   57.034373]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   57.039204]  ? up_write+0x1c0/0x230
[   57.042823]  ? unwind_next_frame+0x3b/0x50
[   57.047066]  ? graph_lock+0x280/0x280
[   57.050869]  ? save_stack_trace+0x1a/0x20
[   57.055038]  ? save_trace+0xe0/0x290
[   57.058750]  ? add_lock_to_list.isra.0+0x450/0x450
[   57.063680]  ? kasan_check_read+0x11/0x20
[   57.067814]  ? __lock_acquire+0x2514/0x4a30
[   57.072142]  ? lockdep_hardirqs_on+0x415/0x5d0
[   57.076753]  ? print_usage_bug+0xd0/0xd0
[   57.080827]  ? skb_dequeue+0x12e/0x180
[   57.084723]  ? mark_held_locks+0xb1/0x100
[   57.088876]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.093991]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.099086]  ? trace_hardirqs_on+0xbd/0x310
[   57.103391]  ? kasan_check_read+0x11/0x20
[   57.107523]  ? skb_dequeue+0x12e/0x180
[   57.111396]  ? trace_hardirqs_off_caller+0x300/0x300
[   57.116492]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.122032]  ? hci_send_to_monitor+0x306/0x470
[   57.126610]  ? hci_sock_release+0x3c0/0x3c0
[   57.130957]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   57.136068]  hci_rx_work+0x578/0xcd0
[   57.139767]  ? hci_rx_work+0x578/0xcd0
[   57.143657]  ? find_held_lock+0x35/0x120
[   57.147708]  ? add_lock_to_list.isra.0+0x450/0x450
[   57.152628]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.158168]  ? hci_alloc_dev+0x21a0/0x21a0
[   57.162391]  ? __lock_is_held+0xb6/0x140
[   57.166448]  process_one_work+0xd0c/0x1ce0
[   57.170669]  ? __wake_up_common_lock+0x1db/0x390
[   57.175416]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   57.180072]  ? trace_hardirqs_off+0xb8/0x310
[   57.184470]  ? kasan_check_read+0x11/0x20
[   57.188610]  ? do_raw_spin_unlock+0xa0/0x330
[   57.193012]  ? do_raw_spin_trylock+0x270/0x270
[   57.197596]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.203120]  ? get_work_pool_id+0x1a0/0x1a0
[   57.207453]  ? trace_hardirqs_on_caller+0x310/0x310
[   57.212472]  worker_thread+0x143/0x14a0
[   57.216446]  ? process_one_work+0x1ce0/0x1ce0
[   57.220929]  ? __kthread_parkme+0xc3/0x1b0
[   57.225159]  ? lock_acquire+0x1db/0x570
[   57.229126]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.234233]  ? lockdep_hardirqs_on+0x415/0x5d0
[   57.238805]  ? trace_hardirqs_on+0xbd/0x310
[   57.243127]  ? __kthread_parkme+0xc3/0x1b0
[   57.247347]  ? trace_hardirqs_off_caller+0x300/0x300
[   57.252461]  ? do_raw_spin_trylock+0x270/0x270
[   57.257032]  ? schedule+0x108/0x350
[   57.260643]  ? do_raw_spin_trylock+0x270/0x270
[   57.265214]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   57.270309]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   57.275831]  ? __kthread_parkme+0xfb/0x1b0
[   57.280058]  kthread+0x357/0x430
[   57.283416]  ? process_one_work+0x1ce0/0x1ce0
[   57.287912]  ? kthread_stop+0x920/0x920
[   57.291881]  ret_from_fork+0x3a/0x50
[   57.295585] 
[   57.297196] Allocated by task 8369:
[   57.300804]  save_stack+0x45/0xd0
[   57.304257]  kasan_kmalloc+0xcf/0xe0
[   57.307956]  __kmalloc_node_track_caller+0x4e/0x70
[   57.312877]  __kmalloc_reserve.isra.0+0x40/0xe0
[   57.317532]  __alloc_skb+0x12d/0x730
[   57.321231]  vhci_write+0xc4/0x470
[   57.324769]  __vfs_write+0x764/0xb40
[   57.328467]  vfs_write+0x20c/0x580
[   57.332006]  ksys_write+0x105/0x260
[   57.335615]  __x64_sys_write+0x73/0xb0
[   57.339491]  do_syscall_64+0x1a3/0x800
[   57.343365]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   57.348549] 
[   57.350157] Freed by task 0:
[   57.353151] (stack is not available)
[   57.356843] 
[   57.358461] The buggy address belongs to the object at ffff88809fcaadc0
[   57.358461]  which belongs to the cache kmalloc-1k of size 1024
[   57.371119] The buggy address is located 0 bytes to the right of
[   57.371119]  1024-byte region [ffff88809fcaadc0, ffff88809fcab1c0)
[   57.383403] The buggy address belongs to the page:
[   57.388320] page:ffffea00027f2a80 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0
[   57.398282] flags: 0x1fffc0000010200(slab|head)
[   57.403544] raw: 01fffc0000010200 ffffea0001d08488 ffffea0002812908 ffff88812c3f0ac0
[   57.411410] raw: 0000000000000000 ffff88809fcaa040 0000000100000007 0000000000000000
[   57.419268] page dumped because: kasan: bad access detected
[   57.424952] 
[   57.426567] Memory state around the buggy address:
[   57.431475]  ffff88809fcab080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.438821]  ffff88809fcab100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.446163] >ffff88809fcab180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   57.453506]                                            ^
[   57.458937]  ffff88809fcab200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.466276]  ffff88809fcab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.473619] ==================================================================
[   57.481002] Disabling lock debugging due to kernel taint
[   57.486921] Kernel panic - not syncing: panic_on_warn set ...
[   57.492822] CPU: 1 PID: 1171 Comm: kworker/u5:0 Tainted: G    B             4.20.0+ #13
[   57.500962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.510315] Workqueue: hci0 hci_rx_work
[   57.514270] Call Trace:
[   57.516842]  dump_stack+0x1db/0x2d0
[   57.520454]  ? dump_stack_print_info.cold+0x20/0x20
[   57.525473]  panic+0x2cb/0x65c
[   57.528663]  ? add_taint.cold+0x16/0x16
[   57.532621]  ? hci_event_packet+0xb33e/0xc22e
[   57.537116]  ? preempt_schedule+0x4b/0x60
[   57.541249]  ? ___preempt_schedule+0x16/0x18
[   57.545642]  ? trace_hardirqs_on+0xb4/0x310
[   57.549965]  ? hci_event_packet+0xb33e/0xc22e
[   57.554455]  end_report+0x47/0x4f
[   57.557906]  ? hci_event_packet+0xb33e/0xc22e
[   57.562431]  kasan_report.cold+0xe/0x40
[   57.566393]  ? hci_event_packet+0xb33e/0xc22e
[   57.570893]  __asan_report_load1_noabort+0x14/0x20
[   57.575833]  hci_event_packet+0xb33e/0xc22e
[   57.580161]  ? hci_cmd_complete_evt+0xbe60/0xbe60
[   57.585010]  ? up_write+0x1c0/0x230
[   57.588630]  ? unwind_next_frame+0x3b/0x50
[   57.592909]  ? graph_lock+0x280/0x280
[   57.596693]  ? save_stack_trace+0x1a/0x20
[   57.600822]  ? save_trace+0xe0/0x290
[   57.604520]  ? add_lock_to_list.isra.0+0x450/0x450
[   57.609450]  ? kasan_check_read+0x11/0x20
[   57.613581]  ? __lock_acquire+0x2514/0x4a30
[   57.617900]  ? lockdep_hardirqs_on+0x415/0x5d0
[   57.622495]  ? print_usage_bug+0xd0/0xd0
[   57.626558]  ? skb_dequeue+0x12e/0x180
[   57.630460]  ? mark_held_locks+0xb1/0x100
[   57.634614]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.639699]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.644786]  ? trace_hardirqs_on+0xbd/0x310
[   57.649099]  ? kasan_check_read+0x11/0x20
[   57.653231]  ? skb_dequeue+0x12e/0x180
[   57.657778]  ? trace_hardirqs_off_caller+0x300/0x300
[   57.662865]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.668390]  ? hci_send_to_monitor+0x306/0x470
[   57.672989]  ? hci_sock_release+0x3c0/0x3c0
[   57.677311]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   57.682401]  hci_rx_work+0x578/0xcd0
[   57.686102]  ? hci_rx_work+0x578/0xcd0
[   57.690011]  ? find_held_lock+0x35/0x120
[   57.694060]  ? add_lock_to_list.isra.0+0x450/0x450
[   57.698983]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.704525]  ? hci_alloc_dev+0x21a0/0x21a0
[   57.708745]  ? __lock_is_held+0xb6/0x140
[   57.712796]  process_one_work+0xd0c/0x1ce0
[   57.717025]  ? __wake_up_common_lock+0x1db/0x390
[   57.721768]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   57.726422]  ? trace_hardirqs_off+0xb8/0x310
[   57.730816]  ? kasan_check_read+0x11/0x20
[   57.734983]  ? do_raw_spin_unlock+0xa0/0x330
[   57.739404]  ? do_raw_spin_trylock+0x270/0x270
[   57.744007]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.749543]  ? get_work_pool_id+0x1a0/0x1a0
[   57.753846]  ? trace_hardirqs_on_caller+0x310/0x310
[   57.758848]  worker_thread+0x143/0x14a0
[   57.762810]  ? process_one_work+0x1ce0/0x1ce0
[   57.767321]  ? __kthread_parkme+0xc3/0x1b0
[   57.771542]  ? lock_acquire+0x1db/0x570
[   57.775501]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   57.780588]  ? lockdep_hardirqs_on+0x415/0x5d0
[   57.785174]  ? trace_hardirqs_on+0xbd/0x310
[   57.789479]  ? __kthread_parkme+0xc3/0x1b0
[   57.793700]  ? trace_hardirqs_off_caller+0x300/0x300
[   57.798799]  ? do_raw_spin_trylock+0x270/0x270
[   57.803364]  ? schedule+0x108/0x350
[   57.806973]  ? do_raw_spin_trylock+0x270/0x270
[   57.811567]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   57.816653]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   57.822174]  ? __kthread_parkme+0xfb/0x1b0
[   57.826402]  kthread+0x357/0x430
[   57.829764]  ? process_one_work+0x1ce0/0x1ce0
[   57.834245]  ? kthread_stop+0x920/0x920
[   57.838225]  ret_from_fork+0x3a/0x50
[   57.842854] Kernel Offset: disabled
[   57.846481] Rebooting in 86400 seconds..