Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   37.699358] audit: type=1800 audit(1571580314.522:33): pid=7261 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   37.723369] audit: type=1800 audit(1571580314.532:34): pid=7261 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   40.814882] audit: type=1400 audit(1571580317.642:35): avc:  denied  { map } for  pid=7436 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
executing program
[   47.271028] audit: type=1400 audit(1571580324.102:36): avc:  denied  { map } for  pid=7448 comm="syz-executor383" path="/root/syz-executor383459212" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[   52.283957] ------------[ cut here ]------------
[   52.289702] ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x80
[   52.299701] WARNING: CPU: 0 PID: 7451 at lib/debugobjects.c:325 debug_print_object+0x168/0x250
[   52.308436] Kernel panic - not syncing: panic_on_warn set ...
[   52.308436] 
[   52.315787] CPU: 0 PID: 7451 Comm: syz-executor383 Not tainted 4.19.80 #0
[   52.322691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.332025] Call Trace:
[   52.334602]  dump_stack+0x172/0x1f0
[   52.338214]  panic+0x26a/0x50e
[   52.341393]  ? __warn_printk+0xf3/0xf3
[   52.345269]  ? debug_print_object+0x168/0x250
[   52.349745]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.355264]  ? __warn.cold+0x5/0x53
[   52.358874]  ? __warn+0xe8/0x1d0
[   52.362244]  ? debug_print_object+0x168/0x250
[   52.366735]  __warn.cold+0x20/0x53
[   52.370257]  ? trace_hardirqs_off+0x62/0x220
[   52.374647]  ? debug_print_object+0x168/0x250
[   52.379139]  report_bug+0x263/0x2b0
[   52.382761]  do_error_trap+0x204/0x360
[   52.386648]  ? math_error+0x340/0x340
[   52.390437]  ? wake_up_klogd+0x99/0xd0
[   52.394377]  ? vprintk_emit+0x1ab/0x690
[   52.399815]  ? error_entry+0x7c/0xe0
[   52.403518]  ? trace_hardirqs_off_caller+0x65/0x220
[   52.408521]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.413349]  do_invalid_op+0x1b/0x20
[   52.417045]  invalid_op+0x14/0x20
[   52.420489] RIP: 0010:debug_print_object+0x168/0x250
[   52.425581] Code: dd 60 4b 82 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 60 4b 82 87 48 c7 c7 a0 40 82 87 e8 16 27 1a fe <0f> 0b 83 05 fb f4 18 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3
[   52.444471] RSP: 0018:ffff88809714f8d8 EFLAGS: 00010086
[   52.449861] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   52.457114] RDX: 0000000000000000 RSI: ffffffff81553f06 RDI: ffffed1012e29f0d
[   52.464381] RBP: ffff88809714f918 R08: ffff888087674380 R09: ffffed1015d03ee3
[   52.471647] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: 0000000000000001
[   52.478898] R13: ffffffff887aaac0 R14: ffffffff815ab490 R15: ffff8880a6598368
[   52.486156]  ? __internal_add_timer+0x1f0/0x1f0
[   52.490810]  ? vprintk_func+0x86/0x189
[   52.494700]  ? debug_print_object+0x168/0x250
[   52.499180]  debug_check_no_obj_freed+0x29f/0x464
[   52.504025]  kfree+0xbd/0x220
[   52.507114]  rfcomm_dlc_free+0x20/0x30
[   52.510984]  rfcomm_dev_ioctl+0x181f/0x1b60
[   52.515393]  ? __local_bh_enable_ip+0x15a/0x270
[   52.520061]  ? lock_sock_nested+0xe2/0x120
[   52.524276]  ? __local_bh_enable_ip+0x15a/0x270
[   52.528928]  ? rfcomm_dev_state_change+0x150/0x150
[   52.533841]  ? __local_bh_enable_ip+0x15a/0x270
[   52.538511]  rfcomm_sock_ioctl+0x90/0xb0
[   52.542556]  sock_do_ioctl+0xd8/0x2f0
[   52.546342]  ? compat_ifr_data_ioctl+0x160/0x160
[   52.551079]  ? __lock_acquire+0x6ee/0x49c0
[   52.555311]  ? rcu_read_lock_sched_held+0x110/0x130
[   52.560324]  ? kmem_cache_alloc+0x32a/0x700
[   52.564632]  sock_ioctl+0x325/0x610
[   52.568240]  ? dlci_ioctl_set+0x40/0x40
[   52.572195]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.577719]  ? __might_sleep+0x95/0x190
[   52.581676]  ? find_held_lock+0x35/0x130
[   52.585736]  ? dlci_ioctl_set+0x40/0x40
[   52.589696]  do_vfs_ioctl+0xd5f/0x1380
[   52.593569]  ? selinux_file_ioctl+0x46f/0x5e0
[   52.598047]  ? selinux_file_ioctl+0x125/0x5e0
[   52.602544]  ? ioctl_preallocate+0x210/0x210
[   52.606933]  ? selinux_file_mprotect+0x620/0x620
[   52.611677]  ? __sanitizer_cov_trace_cmp1+0xb/0x20
[   52.616587]  ? __fd_install+0x200/0x640
[   52.620557]  ? fd_install+0x4d/0x60
[   52.624184]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.629706]  ? security_file_ioctl+0x8d/0xc0
[   52.634095]  ksys_ioctl+0xab/0xd0
[   52.637531]  __x64_sys_ioctl+0x73/0xb0
[   52.641403]  do_syscall_64+0xfd/0x620
[   52.645192]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.650374] RIP: 0033:0x441229
[   52.653551] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.672699] RSP: 002b:00007ffcc310d278 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   52.680392] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
[   52.687661] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[   52.694928] RBP: 000000000000cc18 R08: 00000000004002c8 R09: 00000000004002c8
[   52.702193] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050
[   52.709453] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000
[   52.716725] 
[   52.716728] ======================================================
[   52.716731] WARNING: possible circular locking dependency detected
[   52.716733] 4.19.80 #0 Not tainted
[   52.716737] ------------------------------------------------------
[   52.716740] syz-executor383/7451 is trying to acquire lock:
[   52.716742] 00000000fef20598 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   52.716750] 
[   52.716753] but task is already holding lock:
[   52.716755] 00000000f3038f17 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[   52.716763] 
[   52.716766] which lock already depends on the new lock.
[   52.716767] 
[   52.716769] 
[   52.716772] the existing dependency chain (in reverse order) is:
[   52.716773] 
[   52.716774] -> #3 (&obj_hash[i].lock){-.-.}:
[   52.716783]        _raw_spin_lock_irqsave+0x95/0xcd
[   52.716785]        __debug_object_init+0xc6/0xc30
[   52.716788]        debug_object_init+0x16/0x20
[   52.716790]        hrtimer_init+0x2a/0x300
[   52.716792]        init_dl_task_timer+0x1b/0x50
[   52.716795]        __sched_fork+0x22a/0x4b0
[   52.716797]        init_idle+0x75/0x800
[   52.716799]        sched_init+0x952/0x9f0
[   52.716801]        start_kernel+0x402/0x8c5
[   52.716804]        x86_64_start_reservations+0x29/0x2b
[   52.716806]        x86_64_start_kernel+0x77/0x7b
[   52.716809]        secondary_startup_64+0xa4/0xb0
[   52.716810] 
[   52.716811] -> #2 (&rq->lock){-.-.}:
[   52.716819]        _raw_spin_lock+0x2f/0x40
[   52.716822]        task_fork_fair+0x6a/0x520
[   52.716824]        sched_fork+0x3af/0x900
[   52.716826]        copy_process.part.0+0x1859/0x7a30
[   52.716829]        _do_fork+0x257/0xfd0
[   52.716831]        kernel_thread+0x34/0x40
[   52.716833]        rest_init+0x24/0x222
[   52.716835]        start_kernel+0x88c/0x8c5
[   52.716838]        x86_64_start_reservations+0x29/0x2b
[   52.716840]        x86_64_start_kernel+0x77/0x7b
[   52.716843]        secondary_startup_64+0xa4/0xb0
[   52.716844] 
[   52.716845] -> #1 (&p->pi_lock){-.-.}:
[   52.716853]        _raw_spin_lock_irqsave+0x95/0xcd
[   52.716856]        try_to_wake_up+0x94/0xf50
[   52.716858]        wake_up_process+0x10/0x20
[   52.716860]        __up.isra.0+0x136/0x1a0
[   52.716862]        up+0x9c/0xe0
[   52.716865]        __up_console_sem+0xb7/0x1c0
[   52.716867]        console_unlock+0x6c7/0x10b0
[   52.716869]        do_con_write.part.0+0xeec/0x1eb0
[   52.716872]        con_write+0x46/0xd0
[   52.716874]        n_tty_write+0x3f9/0x10f0
[   52.716876]        tty_write+0x458/0x7a0
[   52.716878]        __vfs_write+0x114/0x810
[   52.716880]        vfs_write+0x20c/0x560
[   52.716883]        ksys_write+0x14f/0x2d0
[   52.716885]        __x64_sys_write+0x73/0xb0
[   52.716887]        do_syscall_64+0xfd/0x620
[   52.716890]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.716891] 
[   52.716892] -> #0 ((console_sem).lock){-...}:
[   52.716901]        lock_acquire+0x16f/0x3f0
[   52.716903]        _raw_spin_lock_irqsave+0x95/0xcd
[   52.716905]        down_trylock+0x13/0x70
[   52.716908]        __down_trylock_console_sem+0xa8/0x210
[   52.716911]        console_trylock+0x15/0xa0
[   52.716913]        vprintk_emit+0x21d/0x690
[   52.716915]        vprintk_default+0x28/0x30
[   52.716917]        vprintk_func+0x7e/0x189
[   52.716920]        printk+0xba/0xed
[   52.716922]        __warn_printk+0x9b/0xf3
[   52.716924]        debug_print_object+0x168/0x250
[   52.716927]        debug_check_no_obj_freed+0x29f/0x464
[   52.716929]        kfree+0xbd/0x220
[   52.716931]        rfcomm_dlc_free+0x20/0x30
[   52.716934]        rfcomm_dev_ioctl+0x181f/0x1b60
[   52.716936]        rfcomm_sock_ioctl+0x90/0xb0
[   52.716939]        sock_do_ioctl+0xd8/0x2f0
[   52.716941]        sock_ioctl+0x325/0x610
[   52.716943]        do_vfs_ioctl+0xd5f/0x1380
[   52.716945]        ksys_ioctl+0xab/0xd0
[   52.716948]        __x64_sys_ioctl+0x73/0xb0
[   52.716950]        do_syscall_64+0xfd/0x620
[   52.716953]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.716954] 
[   52.716957] other info that might help us debug this:
[   52.716958] 
[   52.716960] Chain exists of:
[   52.716961]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[   52.716971] 
[   52.716974]  Possible unsafe locking scenario:
[   52.716975] 
[   52.716977]        CPU0                    CPU1
[   52.716980]        ----                    ----
[   52.716981]   lock(&obj_hash[i].lock);
[   52.716987]                                lock(&rq->lock);
[   52.716996]                                lock(&obj_hash[i].lock);
[   52.717004]   lock((console_sem).lock);
[   52.717012] 
[   52.717015]  *** DEADLOCK ***
[   52.717018] 
[   52.717022] 3 locks held by syz-executor383/7451:
[   52.717024]  #0: 00000000e4974c19 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}, at: rfcomm_sock_ioctl+0x82/0xb0
[   52.717041]  #1: 000000000ac8fc0c (rfcomm_ioctl_mutex){+.+.}, at: rfcomm_dev_ioctl+0x4f0/0x1b60
[   52.717051]  #2: 00000000f3038f17 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[   52.717061] 
[   52.717063] stack backtrace:
[   52.717066] CPU: 0 PID: 7451 Comm: syz-executor383 Not tainted 4.19.80 #0
[   52.717071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.717072] Call Trace:
[   52.717075]  dump_stack+0x172/0x1f0
[   52.717077]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   52.717080]  __lock_acquire+0x2e19/0x49c0
[   52.717082]  ? mark_held_locks+0x100/0x100
[   52.717084]  ? kvm_clock_read+0x18/0x30
[   52.717087]  ? kvm_sched_clock_read+0x9/0x20
[   52.717089]  lock_acquire+0x16f/0x3f0
[   52.717091]  ? down_trylock+0x13/0x70
[   52.717094]  _raw_spin_lock_irqsave+0x95/0xcd
[   52.717096]  ? down_trylock+0x13/0x70
[   52.717098]  ? vprintk_emit+0x21d/0x690
[   52.717100]  down_trylock+0x13/0x70
[   52.717103]  ? vprintk_emit+0x21d/0x690
[   52.717105]  __down_trylock_console_sem+0xa8/0x210
[   52.717107]  console_trylock+0x15/0xa0
[   52.717110]  vprintk_emit+0x21d/0x690
[   52.717112]  ? __internal_add_timer+0x1f0/0x1f0
[   52.717115]  vprintk_default+0x28/0x30
[   52.717117]  vprintk_func+0x7e/0x189
[   52.717119]  printk+0xba/0xed
[   52.717121]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   52.717124]  ? __warn_printk+0x8f/0xf3
[   52.717126]  ? rfcomm_session_add+0x300/0x300
[   52.717128]  __warn_printk+0x9b/0xf3
[   52.717130]  ? add_taint.cold+0x16/0x16
[   52.717133]  ? skb_dequeue+0x12e/0x180
[   52.717135]  ? rfcomm_session_add+0x300/0x300
[   52.717138]  debug_print_object+0x168/0x250
[   52.717140]  debug_check_no_obj_freed+0x29f/0x464
[   52.717142]  kfree+0xbd/0x220
[   52.717145]  rfcomm_dlc_free+0x20/0x30
[   52.717147]  rfcomm_dev_ioctl+0x181f/0x1b60
[   52.717150]  ? __local_bh_enable_ip+0x15a/0x270
[   52.717152]  ? lock_sock_nested+0xe2/0x120
[   52.717154]  ? __local_bh_enable_ip+0x15a/0x270
[   52.717157]  ? rfcomm_dev_state_change+0x150/0x150
[   52.717160]  ? __local_bh_enable_ip+0x15a/0x270
[   52.717162]  rfcomm_sock_ioctl+0x90/0xb0
[   52.717164]  sock_do_ioctl+0xd8/0x2f0
[   52.717167]  ? compat_ifr_data_ioctl+0x160/0x160
[   52.717169]  ? __lock_acquire+0x6ee/0x49c0
[   52.717172]  ? rcu_read_lock_sched_held+0x110/0x130
[   52.717174]  ? kmem_cache_alloc+0x32a/0x700
[   52.717176]  sock_ioctl+0x325/0x610
[   52.717179]  ? dlci_ioctl_set+0x40/0x40
[   52.717182]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.717184]  ? __might_sleep+0x95/0x190
[   52.717186]  ? find_held_lock+0x35/0x130
[   52.717189]  ? dlci_ioctl_set+0x40/0x40
[   52.717191]  do_vfs_ioctl+0xd5f/0x1380
[   52.717193]  ? selinux_file_ioctl+0x46f/0x5e0
[   52.717196]  ? selinux_file_ioctl+0x125/0x5e0
[   52.717198]  ? ioctl_preallocate+0x210/0x210
[   52.717201]  ? selinux_file_mprotect+0x620/0x620
[   52.717204]  ? __sanitizer_cov_trace_cmp1+0xb/0x20
[   52.717206]  ? __fd_install+0x200/0x640
[   52.717208]  ? fd_install+0x4d/0x60
[   52.717211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.717213]  ? security_file_ioctl+0x8d/0xc0
[   52.717216]  ksys_ioctl+0xab/0xd0
[   52.717218]  __x64_sys_ioctl+0x73/0xb0
[   52.717220]  do_syscall_64+0xfd/0x620
[   52.717223]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.717225] RIP: 0033:0x441229
[   52.717233] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.717236] RSP: 002b:00007ffcc310d278 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   52.717242] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
[   52.717245] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[   52.717249] RBP: 000000000000cc18 R08: 00000000004002c8 R09: 00000000004002c8
[   52.717252] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050
[   52.717256] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000
[   52.718533] Kernel Offset: disabled
[   53.550128] Rebooting in 86400 seconds..