[   23.721255] audit: type=1800 audit(1545590218.722:21): pid=5776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   23.763019] audit: type=1800 audit(1545590218.722:22): pid=5776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   24.630777] sshd (5843) used greatest stack depth: 15000 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.233265] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   53.251189] ==================================================================
[   53.258715] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160
[   53.265270] Write of size 832 at addr ffff8881c33ffbc0 by task syz-executor257/5933
[   53.273036] 
[   53.274649] CPU: 0 PID: 5933 Comm: syz-executor257 Not tainted 4.20.0-rc6-next-20181217+ #172
[   53.283280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.292614] Call Trace:
[   53.295201]  dump_stack+0x244/0x39d
[   53.298898]  ? dump_stack_print_info.cold.1+0x20/0x20
[   53.304073]  ? printk+0xa7/0xcf
[   53.307334]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   53.312084]  print_address_description.cold.4+0x9/0x1ff
[   53.317568]  ? fpstate_init+0x50/0x160
[   53.321444]  kasan_report.cold.5+0x1b/0x39
[   53.325662]  ? fpstate_init+0x50/0x160
[   53.329547]  ? fpstate_init+0x50/0x160
[   53.333428]  check_memory_region+0x13e/0x1b0
[   53.337827]  memset+0x23/0x40
[   53.340914]  fpstate_init+0x50/0x160
[   53.344702]  kvm_arch_vcpu_init+0x3e9/0x870
[   53.349009]  kvm_vcpu_init+0x2fa/0x420
[   53.352886]  ? vcpu_stat_get+0x300/0x300
[   53.356934]  ? kmem_cache_alloc+0x33f/0x730
[   53.361246]  vmx_create_vcpu+0x1b7/0x2695
[   53.365385]  ? lock_downgrade+0x900/0x900
[   53.369521]  ? vmx_exec_control+0x210/0x210
[   53.373826]  ? trace_hardirqs_on+0x310/0x310
[   53.378217]  ? kasan_check_write+0x14/0x20
[   53.382431]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   53.387342]  ? wait_for_completion+0x8a0/0x8a0
[   53.391909]  kvm_arch_vcpu_create+0xe5/0x220
[   53.396298]  ? kvm_arch_vcpu_free+0x90/0x90
[   53.400599]  ? kasan_check_read+0x11/0x20
[   53.404738]  kvm_vm_ioctl+0x526/0x2030
[   53.408610]  ? kvm_unregister_device_ops+0x70/0x70
[   53.413524]  ? get_unused_fd_flags+0x1a0/0x1a0
[   53.418083]  ? kfree+0x11e/0x230
[   53.421425]  ? kfree+0x11e/0x230
[   53.424779]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   53.429342]  ? trace_hardirqs_on+0xbd/0x310
[   53.433644]  ? kvm_uevent_notify_change.part.32+0x300/0x450
[   53.439349]  ? trace_hardirqs_off_caller+0x310/0x310
[   53.444438]  ? __kasan_slab_free+0x119/0x150
[   53.448830]  ? kvm_uevent_notify_change.part.32+0x300/0x450
[   53.454527]  ? fd_install+0x4d/0x60
[   53.458134]  ? kvm_dev_ioctl+0x18a/0x1ae0
[   53.462257]  ? is_bpf_text_address+0xac/0x170
[   53.466744]  ? kvm_debugfs_release+0x90/0x90
[   53.471130]  ? kasan_check_read+0x11/0x20
[   53.475261]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   53.480517]  ? rcu_read_unlock_special+0x370/0x370
[   53.485424]  ? rcu_softirq_qs+0x20/0x20
[   53.489386]  ? unwind_dump+0x190/0x190
[   53.493256]  ? is_bpf_text_address+0xd3/0x170
[   53.497750]  ? kernel_text_address+0x79/0xf0
[   53.502143]  ? __kernel_text_address+0xd/0x40
[   53.506626]  ? unwind_get_return_address+0x61/0xa0
[   53.511554]  ? __save_stack_trace+0x8d/0xf0
[   53.515865]  ? save_stack+0xa9/0xd0
[   53.519470]  ? save_stack+0x43/0xd0
[   53.523085]  ? __kasan_slab_free+0x102/0x150
[   53.527478]  ? kasan_slab_free+0xe/0x10
[   53.531435]  ? putname+0xf2/0x130
[   53.534869]  ? do_sys_open+0x54d/0x780
[   53.538801]  ? __x64_sys_openat+0x9d/0x100
[   53.543022]  ? do_syscall_64+0x1b9/0x820
[   53.547062]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.552409]  ? trace_hardirqs_off+0xb8/0x310
[   53.556800]  ? kasan_check_read+0x11/0x20
[   53.560927]  ? do_raw_spin_unlock+0xa7/0x330
[   53.565314]  ? trace_hardirqs_on+0x310/0x310
[   53.569729]  ? trace_hardirqs_off+0xb8/0x310
[   53.574122]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.579644]  ? kvm_unregister_device_ops+0x70/0x70
[   53.584557]  do_vfs_ioctl+0x1de/0x1790
[   53.588436]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   53.593956]  ? ioctl_preallocate+0x300/0x300
[   53.598346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.603863]  ? __fget_light+0x2e9/0x430
[   53.607815]  ? fget_raw+0x20/0x20
[   53.611255]  ? putname+0xf2/0x130
[   53.614693]  ? rcu_read_lock_sched_held+0x14f/0x180
[   53.619692]  ? kmem_cache_free+0x24f/0x290
[   53.623903]  ? putname+0xf7/0x130
[   53.627336]  ? do_syscall_64+0x9a/0x820
[   53.631301]  ? do_syscall_64+0x9a/0x820
[   53.635266]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   53.639847]  ? security_file_ioctl+0x94/0xc0
[   53.644239]  ksys_ioctl+0xa9/0xd0
[   53.647688]  __x64_sys_ioctl+0x73/0xb0
[   53.651558]  do_syscall_64+0x1b9/0x820
[   53.655426]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.660833]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.665744]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.670565]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.675559]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.680551]  ? prepare_exit_to_usermode+0x291/0x3b0
[   53.685549]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.690496]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.695672] RIP: 0033:0x440039
[   53.698850] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.717878] RSP: 002b:00007ffe8fba9398 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   53.725572] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440039
[   53.732989] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[   53.740244] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   53.747495] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018c0
[   53.754746] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   53.762003] 
[   53.763611] Allocated by task 5933:
[   53.767223]  save_stack+0x43/0xd0
[   53.770749]  kasan_kmalloc+0xcb/0xd0
[   53.774450]  kasan_slab_alloc+0x12/0x20
[   53.778535]  kmem_cache_alloc+0x130/0x730
[   53.782668]  vmx_create_vcpu+0x110/0x2695
[   53.786797]  kvm_arch_vcpu_create+0xe5/0x220
[   53.791184]  kvm_vm_ioctl+0x526/0x2030
[   53.795049]  do_vfs_ioctl+0x1de/0x1790
[   53.798911]  ksys_ioctl+0xa9/0xd0
[   53.802338]  __x64_sys_ioctl+0x73/0xb0
[   53.806202]  do_syscall_64+0x1b9/0x820
[   53.810066]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.815513] 
[   53.817129] Freed by task 0:
[   53.820121] (stack is not available)
[   53.823805] 
[   53.825413] The buggy address belongs to the object at ffff8881c33ffb80
[   53.825413]  which belongs to the cache x86_fpu of size 832
[   53.837827] The buggy address is located 64 bytes inside of
[   53.837827]  832-byte region [ffff8881c33ffb80, ffff8881c33ffec0)
[   53.849596] The buggy address belongs to the page:
[   53.854506] page:ffffea00070cffc0 count:1 mapcount:0 mapping:ffff8881d52601c0 index:0x0
[   53.862632] flags: 0x2fffc0000000200(slab)
[   53.866850] raw: 02fffc0000000200 ffff8881d487b148 ffff8881d487b148 ffff8881d52601c0
[   53.874720] raw: 0000000000000000 ffff8881c33ff040 0000000100000004 0000000000000000
[   53.882579] page dumped because: kasan: bad access detected
[   53.888263] 
[   53.889872] Memory state around the buggy address:
[   53.894831]  ffff8881c33ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.902196]  ffff8881c33ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.909632] >ffff8881c33ffe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   53.917009]                                            ^
[   53.922446]  ffff8881c33fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.929797]  ffff8881c33fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.937146] ==================================================================
[   53.944484] Disabling lock debugging due to kernel taint
[   53.950452] Kernel panic - not syncing: panic_on_warn set ...
[   53.956324] CPU: 0 PID: 5933 Comm: syz-executor257 Tainted: G    B             4.20.0-rc6-next-20181217+ #172
[   53.966483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.975815] Call Trace:
[   53.978384]  dump_stack+0x244/0x39d
[   53.981989]  ? dump_stack_print_info.cold.1+0x20/0x20
[   53.987176]  ? fpstate_init+0x30/0x160
[   53.991041]  panic+0x2ad/0x632
[   53.994242]  ? add_taint.cold.5+0x16/0x16
[   53.998394]  ? preempt_schedule+0x4d/0x60
[   54.002535]  ? ___preempt_schedule+0x16/0x18
[   54.006922]  ? trace_hardirqs_on+0xb4/0x310
[   54.011382]  ? fpstate_init+0x50/0x160
[   54.015249]  end_report+0x47/0x4f
[   54.018678]  kasan_report.cold.5+0xe/0x39
[   54.022926]  ? fpstate_init+0x50/0x160
[   54.026797]  ? fpstate_init+0x50/0x160
[   54.030788]  check_memory_region+0x13e/0x1b0
[   54.035173]  memset+0x23/0x40
[   54.038388]  fpstate_init+0x50/0x160
[   54.042090]  kvm_arch_vcpu_init+0x3e9/0x870
[   54.046470]  kvm_vcpu_init+0x2fa/0x420
[   54.050356]  ? vcpu_stat_get+0x300/0x300
[   54.054397]  ? kmem_cache_alloc+0x33f/0x730
[   54.058723]  vmx_create_vcpu+0x1b7/0x2695
[   54.062847]  ? lock_downgrade+0x900/0x900
[   54.066984]  ? vmx_exec_control+0x210/0x210
[   54.071294]  ? trace_hardirqs_on+0x310/0x310
[   54.075686]  ? kasan_check_write+0x14/0x20
[   54.079900]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   54.084824]  ? wait_for_completion+0x8a0/0x8a0
[   54.089395]  kvm_arch_vcpu_create+0xe5/0x220
[   54.093850]  ? kvm_arch_vcpu_free+0x90/0x90
[   54.098201]  ? kasan_check_read+0x11/0x20
[   54.102336]  kvm_vm_ioctl+0x526/0x2030
[   54.106204]  ? kvm_unregister_device_ops+0x70/0x70
[   54.111112]  ? get_unused_fd_flags+0x1a0/0x1a0
[   54.115667]  ? kfree+0x11e/0x230
[   54.119014]  ? kfree+0x11e/0x230
[   54.122366]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   54.126938]  ? trace_hardirqs_on+0xbd/0x310
[   54.131302]  ? kvm_uevent_notify_change.part.32+0x300/0x450
[   54.137009]  ? trace_hardirqs_off_caller+0x310/0x310
[   54.142089]  ? __kasan_slab_free+0x119/0x150
[   54.146490]  ? kvm_uevent_notify_change.part.32+0x300/0x450
[   54.152177]  ? fd_install+0x4d/0x60
[   54.155797]  ? kvm_dev_ioctl+0x18a/0x1ae0
[   54.160068]  ? is_bpf_text_address+0xac/0x170
[   54.164550]  ? kvm_debugfs_release+0x90/0x90
[   54.168946]  ? kasan_check_read+0x11/0x20
[   54.173078]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   54.178347]  ? rcu_read_unlock_special+0x370/0x370
[   54.183265]  ? rcu_softirq_qs+0x20/0x20
[   54.187263]  ? unwind_dump+0x190/0x190
[   54.191301]  ? is_bpf_text_address+0xd3/0x170
[   54.195786]  ? kernel_text_address+0x79/0xf0
[   54.200316]  ? __kernel_text_address+0xd/0x40
[   54.204920]  ? unwind_get_return_address+0x61/0xa0
[   54.209828]  ? __save_stack_trace+0x8d/0xf0
[   54.214136]  ? save_stack+0xa9/0xd0
[   54.217748]  ? save_stack+0x43/0xd0
[   54.221528]  ? __kasan_slab_free+0x102/0x150
[   54.225990]  ? kasan_slab_free+0xe/0x10
[   54.230077]  ? putname+0xf2/0x130
[   54.233511]  ? do_sys_open+0x54d/0x780
[   54.237469]  ? __x64_sys_openat+0x9d/0x100
[   54.241690]  ? do_syscall_64+0x1b9/0x820
[   54.245732]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.251077]  ? trace_hardirqs_off+0xb8/0x310
[   54.255484]  ? kasan_check_read+0x11/0x20
[   54.259610]  ? do_raw_spin_unlock+0xa7/0x330
[   54.263996]  ? trace_hardirqs_on+0x310/0x310
[   54.268384]  ? trace_hardirqs_off+0xb8/0x310
[   54.272774]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.278287]  ? kvm_unregister_device_ops+0x70/0x70
[   54.283195]  do_vfs_ioctl+0x1de/0x1790
[   54.287063]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   54.292585]  ? ioctl_preallocate+0x300/0x300
[   54.296979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.302494]  ? __fget_light+0x2e9/0x430
[   54.306570]  ? fget_raw+0x20/0x20
[   54.310002]  ? putname+0xf2/0x130
[   54.313437]  ? rcu_read_lock_sched_held+0x14f/0x180
[   54.318429]  ? kmem_cache_free+0x24f/0x290
[   54.322638]  ? putname+0xf7/0x130
[   54.326066]  ? do_syscall_64+0x9a/0x820
[   54.330066]  ? do_syscall_64+0x9a/0x820
[   54.334026]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   54.338891]  ? security_file_ioctl+0x94/0xc0
[   54.343528]  ksys_ioctl+0xa9/0xd0
[   54.346964]  __x64_sys_ioctl+0x73/0xb0
[   54.350834]  do_syscall_64+0x1b9/0x820
[   54.354710]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   54.360058]  ? syscall_return_slowpath+0x5e0/0x5e0
[   54.365027]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.369860]  ? trace_hardirqs_on_caller+0x310/0x310
[   54.374862]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   54.379881]  ? prepare_exit_to_usermode+0x291/0x3b0
[   54.384875]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.389825]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.395188] RIP: 0033:0x440039
[   54.398364] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.417578] RSP: 002b:00007ffe8fba9398 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   54.425410] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440039
[   54.432712] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[   54.439970] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   54.447354] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018c0
[   54.454620] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   54.462949] Kernel Offset: disabled
[   54.466570] Rebooting in 86400 seconds..