[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   69.464888][   T26] kauditd_printk_skb: 7 callbacks suppressed
[   69.464899][   T26] audit: type=1800 audit(1568251362.868:29): pid=9746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   69.500375][   T26] audit: type=1800 audit(1568251362.868:30): pid=9746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   76.098078][ T9898] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   76.156917][ T9898] ==================================================================
[   76.165023][ T9898] BUG: KASAN: slab-out-of-bounds in handle_vmptrld+0x777/0x800
[   76.172630][ T9898] Read of size 4 at addr ffff888091f78000 by task syz-executor571/9898
[   76.180837][ T9898] 
[   76.183153][ T9898] CPU: 0 PID: 9898 Comm: syz-executor571 Not tainted 5.3.0-rc8+ #0
[   76.191016][ T9898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.202199][ T9898] Call Trace:
[   76.206439][ T9898]  dump_stack+0x172/0x1f0
[   76.210747][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.215606][ T9898]  print_address_description.cold+0xd4/0x306
[   76.221650][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.226650][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.231480][ T9898]  __kasan_report.cold+0x1b/0x36
[   76.236419][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.241382][ T9898]  kasan_report+0x12/0x17
[   76.245848][ T9898]  __asan_report_load_n_noabort+0xf/0x20
[   76.251544][ T9898]  handle_vmptrld+0x777/0x800
[   76.256367][ T9898]  ? vmx_update_host_rsp+0x71/0xd0
[   76.261607][ T9898]  ? handle_vmon+0x3c0/0x3c0
[   76.266294][ T9898]  ? handle_vmon+0x3c0/0x3c0
[   76.270869][ T9898]  vmx_handle_exit+0x299/0x15e0
[   76.275720][ T9898]  vcpu_enter_guest+0x1087/0x5e90
[   76.280752][ T9898]  ? handle_emulation_failure+0x4e0/0x4e0
[   76.286728][ T9898]  ? lock_acquire+0x190/0x410
[   76.291383][ T9898]  ? kvm_check_async_pf_completion+0x2d8/0x440
[   76.297523][ T9898]  kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   76.303045][ T9898]  ? kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   76.308841][ T9898]  kvm_vcpu_ioctl+0x4dc/0xfd0
[   76.313517][ T9898]  ? kvm_write_guest_cached+0x40/0x40
[   76.318880][ T9898]  ? tomoyo_path_number_perm+0x263/0x520
[   76.324607][ T9898]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   76.330409][ T9898]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   76.336136][ T9898]  ? __set_current_blocked+0xd6/0x110
[   76.341495][ T9898]  ? kvm_write_guest_cached+0x40/0x40
[   76.347056][ T9898]  do_vfs_ioctl+0xdb6/0x13e0
[   76.351740][ T9898]  ? ioctl_preallocate+0x210/0x210
[   76.356829][ T9898]  ? do_signal+0x4f8/0x1700
[   76.361587][ T9898]  ? setup_sigcontext+0x7d0/0x7d0
[   76.366602][ T9898]  ? __bad_area_nosemaphore+0xb3/0x420
[   76.372081][ T9898]  ? tomoyo_file_ioctl+0x23/0x30
[   76.377108][ T9898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.383329][ T9898]  ? security_file_ioctl+0x8d/0xc0
[   76.388950][ T9898]  ksys_ioctl+0xab/0xd0
[   76.393093][ T9898]  __x64_sys_ioctl+0x73/0xb0
[   76.397674][ T9898]  do_syscall_64+0xfd/0x6a0
[   76.402160][ T9898]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.408042][ T9898] RIP: 0033:0x447269
[   76.414458][ T9898] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.434782][ T9898] RSP: 002b:00007ffe14398788 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.443367][ T9898] RAX: ffffffffffffffda RBX: 00007ffe14398790 RCX: 0000000000447269
[   76.451355][ T9898] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   76.459533][ T9898] RBP: 0000000000000000 R08: 0000000020003800 R09: 0000000000400e80
[   76.467827][ T9898] R10: 00007ffe14396bd0 R11: 0000000000000246 R12: 0000000000404730
[   76.475991][ T9898] R13: 00000000004047c0 R14: 0000000000000000 R15: 0000000000000000
[   76.484837][ T9898] 
[   76.487300][ T9898] Allocated by task 9898:
[   76.491615][ T9898]  save_stack+0x23/0x90
[   76.495756][ T9898]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   76.501548][ T9898]  kasan_kmalloc+0x9/0x10
[   76.505862][ T9898]  __kmalloc+0x163/0x770
[   76.510087][ T9898]  hcd_buffer_alloc+0x1c6/0x260
[   76.514910][ T9898]  usb_alloc_coherent+0x62/0x90
[   76.519755][ T9898]  usbdev_mmap+0x1ce/0x790
[   76.524156][ T9898]  mmap_region+0xc35/0x1760
[   76.528641][ T9898]  do_mmap+0x82e/0x1090
[   76.532871][ T9898]  vm_mmap_pgoff+0x1c5/0x230
[   76.537433][ T9898]  ksys_mmap_pgoff+0x4aa/0x630
[   76.542169][ T9898]  __x64_sys_mmap+0xe9/0x1b0
[   76.546741][ T9898]  do_syscall_64+0xfd/0x6a0
[   76.551221][ T9898]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.557091][ T9898] 
[   76.559394][ T9898] Freed by task 9422:
[   76.563362][ T9898]  save_stack+0x23/0x90
[   76.568108][ T9898]  __kasan_slab_free+0x102/0x150
[   76.573142][ T9898]  kasan_slab_free+0xe/0x10
[   76.577624][ T9898]  kfree+0x10a/0x2c0
[   76.581517][ T9898]  tomoyo_init_log+0x15ba/0x2070
[   76.586926][ T9898]  tomoyo_supervisor+0x33f/0xef0
[   76.591861][ T9898]  tomoyo_env_perm+0x18e/0x210
[   76.596772][ T9898]  tomoyo_find_next_domain+0x1354/0x1f6c
[   76.602401][ T9898]  tomoyo_bprm_check_security+0x124/0x1b0
[   76.608196][ T9898]  security_bprm_check+0x63/0xb0
[   76.613115][ T9898]  search_binary_handler+0x71/0x570
[   76.618318][ T9898]  __do_execve_file.isra.0+0x1333/0x2340
[   76.624279][ T9898]  __x64_sys_execve+0x8f/0xc0
[   76.629201][ T9898]  do_syscall_64+0xfd/0x6a0
[   76.633690][ T9898]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.639582][ T9898] 
[   76.641902][ T9898] The buggy address belongs to the object at ffff888091f78b80
[   76.641902][ T9898]  which belongs to the cache kmalloc-8k of size 8192
[   76.655944][ T9898] The buggy address is located 2944 bytes to the left of
[   76.655944][ T9898]  8192-byte region [ffff888091f78b80, ffff888091f7ab80)
[   76.669896][ T9898] The buggy address belongs to the page:
[   76.675509][ T9898] page:ffffea000247de00 refcount:2 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[   76.686521][ T9898] flags: 0x1fffc0000010200(slab|head)
[   76.691958][ T9898] raw: 01fffc0000010200 ffffea0002277008 ffffea0002339008 ffff8880aa4021c0
[   76.701427][ T9898] raw: 0000000000000000 ffff888091f78b80 0000000200000001 0000000000000000
[   76.709999][ T9898] page dumped because: kasan: bad access detected
[   76.716384][ T9898] 
[   76.718691][ T9898] Memory state around the buggy address:
[   76.724307][ T9898]  ffff888091f77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.732446][ T9898]  ffff888091f77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.740499][ T9898] >ffff888091f78000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.749226][ T9898]                    ^
[   76.753540][ T9898]  ffff888091f78080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.761727][ T9898]  ffff888091f78100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.769884][ T9898] ==================================================================
[   76.778463][ T9898] Kernel panic - not syncing: panic_on_warn set ...
[   76.785837][ T9898] CPU: 0 PID: 9898 Comm: syz-executor571 Tainted: G    B             5.3.0-rc8+ #0
[   76.795179][ T9898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.805218][ T9898] Call Trace:
[   76.808602][ T9898]  dump_stack+0x172/0x1f0
[   76.814403][ T9898]  panic+0x2dc/0x755
[   76.818454][ T9898]  ? add_taint.cold+0x16/0x16
[   76.823365][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.828199][ T9898]  ? preempt_schedule+0x4b/0x60
[   76.833047][ T9898]  ? ___preempt_schedule+0x16/0x20
[   76.838154][ T9898]  ? trace_hardirqs_on+0x5e/0x240
[   76.843159][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.847993][ T9898]  end_report+0x47/0x4f
[   76.852136][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.856965][ T9898]  __kasan_report.cold+0xe/0x36
[   76.861795][ T9898]  ? handle_vmptrld+0x777/0x800
[   76.866622][ T9898]  kasan_report+0x12/0x17
[   76.870928][ T9898]  __asan_report_load_n_noabort+0xf/0x20
[   76.876536][ T9898]  handle_vmptrld+0x777/0x800
[   76.881207][ T9898]  ? vmx_update_host_rsp+0x71/0xd0
[   76.886298][ T9898]  ? handle_vmon+0x3c0/0x3c0
[   76.890888][ T9898]  ? handle_vmon+0x3c0/0x3c0
[   76.895456][ T9898]  vmx_handle_exit+0x299/0x15e0
[   76.901347][ T9898]  vcpu_enter_guest+0x1087/0x5e90
[   76.906536][ T9898]  ? handle_emulation_failure+0x4e0/0x4e0
[   76.912259][ T9898]  ? lock_acquire+0x190/0x410
[   76.916924][ T9898]  ? kvm_check_async_pf_completion+0x2d8/0x440
[   76.923088][ T9898]  kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   76.928995][ T9898]  ? kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   76.936038][ T9898]  kvm_vcpu_ioctl+0x4dc/0xfd0
[   76.940697][ T9898]  ? kvm_write_guest_cached+0x40/0x40
[   76.946053][ T9898]  ? tomoyo_path_number_perm+0x263/0x520
[   76.951762][ T9898]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   76.958061][ T9898]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   76.965160][ T9898]  ? __set_current_blocked+0xd6/0x110
[   76.970515][ T9898]  ? kvm_write_guest_cached+0x40/0x40
[   76.975887][ T9898]  do_vfs_ioctl+0xdb6/0x13e0
[   76.980712][ T9898]  ? ioctl_preallocate+0x210/0x210
[   76.985806][ T9898]  ? do_signal+0x4f8/0x1700
[   76.990392][ T9898]  ? setup_sigcontext+0x7d0/0x7d0
[   76.995768][ T9898]  ? __bad_area_nosemaphore+0xb3/0x420
[   77.001480][ T9898]  ? tomoyo_file_ioctl+0x23/0x30
[   77.006438][ T9898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.013761][ T9898]  ? security_file_ioctl+0x8d/0xc0
[   77.018876][ T9898]  ksys_ioctl+0xab/0xd0
[   77.023886][ T9898]  __x64_sys_ioctl+0x73/0xb0
[   77.028692][ T9898]  do_syscall_64+0xfd/0x6a0
[   77.033210][ T9898]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.039101][ T9898] RIP: 0033:0x447269
[   77.042977][ T9898] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.062569][ T9898] RSP: 002b:00007ffe14398788 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.070958][ T9898] RAX: ffffffffffffffda RBX: 00007ffe14398790 RCX: 0000000000447269
[   77.078905][ T9898] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   77.086853][ T9898] RBP: 0000000000000000 R08: 0000000020003800 R09: 0000000000400e80
[   77.094818][ T9898] R10: 00007ffe14396bd0 R11: 0000000000000246 R12: 0000000000404730
[   77.102766][ T9898] R13: 00000000004047c0 R14: 0000000000000000 R15: 0000000000000000
[   77.112225][ T9898] Kernel Offset: disabled
[   77.116559][ T9898] Rebooting in 86400 seconds..