[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 64.089747][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 64.089758][ T26] audit: type=1800 audit(1568225505.197:29): pid=9673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 64.116146][ T26] audit: type=1800 audit(1568225505.207:30): pid=9673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 74.576135][ T9825] IPVS: ftp: loaded support on port[0] = 21 [ 74.599244][ T9825] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.655488][ T9825] ================================================================== [ 74.663571][ T9825] BUG: KASAN: slab-out-of-bounds in handle_vmptrld+0x777/0x800 [ 74.671407][ T9825] Read of size 4 at addr ffff8880a9159000 by task syz-executor913/9825 [ 74.679627][ T9825] [ 74.681945][ T9825] CPU: 1 PID: 9825 Comm: syz-executor913 Not tainted 5.3.0-rc8+ #0 [ 74.689820][ T9825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.700139][ T9825] Call Trace: [ 74.703504][ T9825] dump_stack+0x172/0x1f0 [ 74.707989][ T9825] ? handle_vmptrld+0x777/0x800 [ 74.713025][ T9825] print_address_description.cold+0xd4/0x306 [ 74.719012][ T9825] ? handle_vmptrld+0x777/0x800 [ 74.724050][ T9825] ? handle_vmptrld+0x777/0x800 [ 74.728913][ T9825] __kasan_report.cold+0x1b/0x36 [ 74.733835][ T9825] ? handle_vmptrld+0x777/0x800 [ 74.739578][ T9825] kasan_report+0x12/0x17 [ 74.744000][ T9825] __asan_report_load_n_noabort+0xf/0x20 [ 74.749633][ T9825] handle_vmptrld+0x777/0x800 [ 74.754322][ T9825] ? vmx_update_host_rsp+0x71/0xd0 [ 74.759423][ T9825] ? handle_vmon+0x3c0/0x3c0 [ 74.763997][ T9825] ? handle_vmon+0x3c0/0x3c0 [ 74.768567][ T9825] vmx_handle_exit+0x299/0x15e0 [ 74.773415][ T9825] vcpu_enter_guest+0x1087/0x5e90 [ 74.778436][ T9825] ? handle_emulation_failure+0x4e0/0x4e0 [ 74.784153][ T9825] ? lock_acquire+0x190/0x410 [ 74.788805][ T9825] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 74.794945][ T9825] kvm_arch_vcpu_ioctl_run+0x464/0x1750 [ 74.800561][ T9825] ? kvm_arch_vcpu_ioctl_run+0x464/0x1750 [ 74.806258][ T9825] kvm_vcpu_ioctl+0x4dc/0xfd0 [ 74.810921][ T9825] ? kvm_write_guest_cached+0x40/0x40 [ 74.816268][ T9825] ? tomoyo_path_number_perm+0x263/0x520 [ 74.821879][ T9825] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 74.827671][ T9825] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 74.833366][ T9825] ? __set_current_blocked+0xd6/0x110 [ 74.838720][ T9825] ? kvm_write_guest_cached+0x40/0x40 [ 74.844068][ T9825] do_vfs_ioctl+0xdb6/0x13e0 [ 74.848644][ T9825] ? ioctl_preallocate+0x210/0x210 [ 74.853731][ T9825] ? do_signal+0x4f8/0x1700 [ 74.858218][ T9825] ? setup_sigcontext+0x7d0/0x7d0 [ 74.863220][ T9825] ? __bad_area_nosemaphore+0xb3/0x420 [ 74.868655][ T9825] ? tomoyo_file_ioctl+0x23/0x30 [ 74.873579][ T9825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.879800][ T9825] ? security_file_ioctl+0x8d/0xc0 [ 74.884893][ T9825] ksys_ioctl+0xab/0xd0 [ 74.889034][ T9825] __x64_sys_ioctl+0x73/0xb0 [ 74.893602][ T9825] do_syscall_64+0xfd/0x6a0 [ 74.898192][ T9825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.904065][ T9825] RIP: 0033:0x447899 [ 74.907943][ T9825] Code: 24 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.927520][ T9825] RSP: 002b:00007fff272f5f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.935905][ T9825] RAX: ffffffffffffffda RBX: 00007fff272f5f60 RCX: 0000000000447899 [ 74.943856][ T9825] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 74.951803][ T9825] RBP: 00000000004a8cb0 R08: 0000000020003800 R09: 0000000040000000 [ 74.959762][ T9825] R10: 00007fff272f4380 R11: 0000000000000246 R12: 0000000000404920 [ 74.967709][ T9825] R13: 00000000004049b0 R14: 0000000000000000 R15: 0000000000000000 [ 74.975660][ T9825] [ 74.977966][ T9825] Allocated by task 9825: [ 74.982274][ T9825] save_stack+0x23/0x90 [ 74.986403][ T9825] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 74.992008][ T9825] kasan_kmalloc+0x9/0x10 [ 74.996321][ T9825] __kmalloc+0x163/0x770 [ 75.000538][ T9825] hcd_buffer_alloc+0x1c6/0x260 [ 75.005369][ T9825] usb_alloc_coherent+0x62/0x90 [ 75.010207][ T9825] usbdev_mmap+0x1ce/0x790 [ 75.014596][ T9825] mmap_region+0xc35/0x1760 [ 75.019072][ T9825] do_mmap+0x82e/0x1090 [ 75.023215][ T9825] vm_mmap_pgoff+0x1c5/0x230 [ 75.027778][ T9825] ksys_mmap_pgoff+0x4aa/0x630 [ 75.032528][ T9825] __x64_sys_mmap+0xe9/0x1b0 [ 75.037096][ T9825] do_syscall_64+0xfd/0x6a0 [ 75.041576][ T9825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.047441][ T9825] [ 75.049744][ T9825] Freed by task 9335: [ 75.053700][ T9825] save_stack+0x23/0x90 [ 75.057833][ T9825] __kasan_slab_free+0x102/0x150 [ 75.062743][ T9825] kasan_slab_free+0xe/0x10 [ 75.067218][ T9825] kfree+0x10a/0x2c0 [ 75.071098][ T9825] tomoyo_init_log+0x15ba/0x2070 [ 75.076022][ T9825] tomoyo_supervisor+0x33f/0xef0 [ 75.080933][ T9825] tomoyo_env_perm+0x18e/0x210 [ 75.086201][ T9825] tomoyo_find_next_domain+0x1354/0x1f6c [ 75.091817][ T9825] tomoyo_bprm_check_security+0x124/0x1b0 [ 75.097531][ T9825] security_bprm_check+0x63/0xb0 [ 75.102456][ T9825] search_binary_handler+0x71/0x570 [ 75.107629][ T9825] __do_execve_file.isra.0+0x1333/0x2340 [ 75.113265][ T9825] __x64_sys_execve+0x8f/0xc0 [ 75.117931][ T9825] do_syscall_64+0xfd/0x6a0 [ 75.122408][ T9825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.128272][ T9825] [ 75.130577][ T9825] The buggy address belongs to the object at ffff8880a9159cc0 [ 75.130577][ T9825] which belongs to the cache kmalloc-8k of size 8192 [ 75.144677][ T9825] The buggy address is located 3264 bytes to the left of [ 75.144677][ T9825] 8192-byte region [ffff8880a9159cc0, ffff8880a915bcc0) [ 75.158537][ T9825] The buggy address belongs to the page: [ 75.164165][ T9825] page:ffffea0002a45600 refcount:2 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 75.175095][ T9825] flags: 0x1fffc0000010200(slab|head) [ 75.180447][ T9825] raw: 01fffc0000010200 ffffea0002a3ee08 ffffea000249b308 ffff8880aa4021c0 [ 75.189024][ T9825] raw: 0000000000000000 ffff8880a9159cc0 0000000200000001 0000000000000000 [ 75.197581][ T9825] page dumped because: kasan: bad access detected [ 75.203978][ T9825] [ 75.206282][ T9825] Memory state around the buggy address: [ 75.211888][ T9825] ffff8880a9158f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.219929][ T9825] ffff8880a9158f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.227971][ T9825] >ffff8880a9159000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.236006][ T9825] ^ [ 75.240051][ T9825] ffff8880a9159080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.248101][ T9825] ffff8880a9159100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.256159][ T9825] ================================================================== [ 75.265019][ T9825] Kernel panic - not syncing: panic_on_warn set ... [ 75.271618][ T9825] CPU: 0 PID: 9825 Comm: syz-executor913 Tainted: G B 5.3.0-rc8+ #0 [ 75.280969][ T9825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.291003][ T9825] Call Trace: [ 75.294286][ T9825] dump_stack+0x172/0x1f0 [ 75.298600][ T9825] panic+0x2dc/0x755 [ 75.302476][ T9825] ? add_taint.cold+0x16/0x16 [ 75.307128][ T9825] ? handle_vmptrld+0x777/0x800 [ 75.311952][ T9825] ? preempt_schedule+0x4b/0x60 [ 75.316779][ T9825] ? ___preempt_schedule+0x16/0x20 [ 75.321871][ T9825] ? trace_hardirqs_on+0x5e/0x240 [ 75.326939][ T9825] ? handle_vmptrld+0x777/0x800 [ 75.331773][ T9825] end_report+0x47/0x4f [ 75.335935][ T9825] ? handle_vmptrld+0x777/0x800 [ 75.340763][ T9825] __kasan_report.cold+0xe/0x36 [ 75.345593][ T9825] ? handle_vmptrld+0x777/0x800 [ 75.350417][ T9825] kasan_report+0x12/0x17 [ 75.354739][ T9825] __asan_report_load_n_noabort+0xf/0x20 [ 75.360343][ T9825] handle_vmptrld+0x777/0x800 [ 75.364992][ T9825] ? vmx_update_host_rsp+0x71/0xd0 [ 75.370076][ T9825] ? handle_vmon+0x3c0/0x3c0 [ 75.374644][ T9825] ? handle_vmon+0x3c0/0x3c0 [ 75.379219][ T9825] vmx_handle_exit+0x299/0x15e0 [ 75.384044][ T9825] vcpu_enter_guest+0x1087/0x5e90 [ 75.389328][ T9825] ? handle_emulation_failure+0x4e0/0x4e0 [ 75.395117][ T9825] ? lock_acquire+0x190/0x410 [ 75.399867][ T9825] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 75.406020][ T9825] kvm_arch_vcpu_ioctl_run+0x464/0x1750 [ 75.411551][ T9825] ? kvm_arch_vcpu_ioctl_run+0x464/0x1750 [ 75.417257][ T9825] kvm_vcpu_ioctl+0x4dc/0xfd0 [ 75.421912][ T9825] ? kvm_write_guest_cached+0x40/0x40 [ 75.427260][ T9825] ? tomoyo_path_number_perm+0x263/0x520 [ 75.432871][ T9825] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 75.438668][ T9825] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 75.444363][ T9825] ? __set_current_blocked+0xd6/0x110 [ 75.449719][ T9825] ? kvm_write_guest_cached+0x40/0x40 [ 75.455065][ T9825] do_vfs_ioctl+0xdb6/0x13e0 [ 75.459630][ T9825] ? ioctl_preallocate+0x210/0x210 [ 75.464717][ T9825] ? do_signal+0x4f8/0x1700 [ 75.469197][ T9825] ? setup_sigcontext+0x7d0/0x7d0 [ 75.474198][ T9825] ? __bad_area_nosemaphore+0xb3/0x420 [ 75.479639][ T9825] ? tomoyo_file_ioctl+0x23/0x30 [ 75.484559][ T9825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.490777][ T9825] ? security_file_ioctl+0x8d/0xc0 [ 75.495874][ T9825] ksys_ioctl+0xab/0xd0 [ 75.500003][ T9825] __x64_sys_ioctl+0x73/0xb0 [ 75.504916][ T9825] do_syscall_64+0xfd/0x6a0 [ 75.509397][ T9825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.515283][ T9825] RIP: 0033:0x447899 [ 75.519163][ T9825] Code: 24 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 75.538739][ T9825] RSP: 002b:00007fff272f5f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.547212][ T9825] RAX: ffffffffffffffda RBX: 00007fff272f5f60 RCX: 0000000000447899 [ 75.555157][ T9825] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 75.563110][ T9825] RBP: 00000000004a8cb0 R08: 0000000020003800 R09: 0000000040000000 [ 75.571068][ T9825] R10: 00007fff272f4380 R11: 0000000000000246 R12: 0000000000404920 [ 75.579540][ T9825] R13: 00000000004049b0 R14: 0000000000000000 R15: 0000000000000000 [ 75.588837][ T9825] Kernel Offset: disabled [ 75.593182][ T9825] Rebooting in 86400 seconds..